All posts tagged compliance

Paper vs Digital Client Onboarding (KYC)

In a world where everything has gone digital, and according to a statement made by the highly successful entrepreneur and investor, Marc Andreessen –

Software is eating the world

Why do people want to fill out a form with a pen?

Over the past 6-12 months I have onboarded/opened accounts with the following products/services:

  • Credit Card
  • Personal Bank Account
  • Business Bank Account
  • 2 Insurance Products
  • Securities Brokerage Account

Most of them with large companies (I won’t name names here) with almost infinite resources to spend on a good client onboarding experience. Keeping in mind, this was their first interaction with a (potentially) new client! Out of the 5, only 1 was simple, smooth and almost friction free.

So what was good about it?

  1. No requirement for me to figure out which form I need and download a PDF – Check ☑️
  2. It worked on mobile and laptop – Check ☑️
  3. I could save an application during the process, come back later and complete – Check ☑️
  4. It was easy to get support in real time if any questions required – Check ☑️
  5. There were relevant status updates during the process – Check ☑️
  6. Provision of a handy welcome pack to get me started – Check ☑️

The key thing here is, if you start with a PDF or paper form, the rest doesn’t really matter because it probably won’t happen. If you lock data into a paper form, it either won’t get actioned or won’t get transitioned properly to a database. And if it does, it will be too late to make a difference. So why do so many companies still want to do things this way and are we as consumers still “ok” with it? And what is it?

More secure? More authentic? Or even nostalgic???

Or is it just easier to unload a lot of information via a pen rather than a keyboard? The end users completing these forms can be across different generations so it’s hard to nail down a good stat on whether someone prefers digital to analogue. Trust me, I’ve searched.

From the people we have spoken with during meetings and product demos, we always asked the direct question:

Would you prefer to complete this form with a pen or a keyboard?

The answer we get most often is “it depends”. However, if you ask the companies who are currently using some form of digital client onboarding to collect customer information, their overwhelming preference is digital. Why?

Single source of truth

Reduce risk (KYC/AML)

Streamlining and automation

Simplified reporting and compliance

Data accuracy (and associated analytics benefits)

With these proven benefits in mind, what has stopped the majority of companies going digital before now? We see 4 major hurdles to switching to digital client onboarding vs pen and PDF:

  1. Cost

This was always going to be a factor. Digital transformation is not always easy. Maybe they have tried to build something in the past and ended up with something that was costly and might not have done the job?

Maybe they bought some whiz-bang solution but the implementation was poor and they struggled to see the value. Or, maybe they have a system that ‘works’ now, so why spend money?

A lot of companies now understand they must move with the times and go digital. However, when they explore the options in the market they’ll often reach these conclusions:

  • There are high upfront license implementation costs
  • High annual maintenance/ongoing costs
  • Expensive change requests for customisation
  • Training programs and specialist requirements
  1. Time to Value

From the time it takes to get buy-in from executives/senior management to actually seeing results, one might think it’s never going to happen and those costs mentioned above can stack up. Long integration times with vendors, internal IT push back, aligning the business with the technology, internal procurement processes etc. These factors can all slow things down.

Some vendors are trying to reduce this time and the concerns around it by offering more of a ‘turn-key’ solution. But can one size fit all? In terms of KYC/AML, the same regulations apply to everyone within a particular region. For example, if you’re onboarding clients in Hong Kong (regulated by the SFC or HKMA) you will need to abide by the same regulations as your competitors. The process can vary from company to company but the variations should not be so  large as to require an entire bespoke solution for every company. Cross jurisdictional onboarding is another matter, but often each country has it’s own team to handle local matters, or can advise on cross jurisdictional issues to tie it all together.

  1. Integration

Most companies have already invested in technology in various areas of their business. Most of the core systems that keep their businesses alive are digital. But how do we integrate and take advantage of data we already have?

Thanks to advances in modern software and the proliferation of API’s (Application Programming Interfaces) that let applications talk to each other securely, the integration times have dropped significantly. What can happen though, is the integration times can get slowed down (affecting Time to Value) because various business units want to control the applications and data they use every day. The hand off between middle office and back office functions is not always clear cut and they may be at different stages in application deployment lifecycles. “Let’s wait until we upgrade before we integrate”. There goes another 3 months.

  1. Digital signatures/Biometrics

This technology has been around for a long time and is proven. But for most of the regulators, they’re not there yet. If regulators accepted digital signatures or biometric identity verification, client onboarding would be half the pain point that is it.

For a lot of the financial services products, if you want to onboard completely remotely you need to jump through many hoops and often need a lawyer, bank manager or a JP to verify a copy of your identity documents. Otherwise you need to find the time to physically meet with the company to complete the process, depending on which regulator the company you deal with falls under. For some products face-to-face is very worthwhile (building relationships and trust) for others, you just want to buy the service and move on.

We’ve heard the argument “If we can only do 90% digitally, then need to print and sign a document anyway, doesn’t it defeat the point of the digital process?”. .. well kind of….. If you can digitise and automate 90% of a current slow, clunky process, then you’re 90% of the way there for when the regulators catch up to the technology. There’s a good chance your competitors are thinking this too.


Add humans, not software

As financial services companies grow and the regulatory pressure stacks up, compliance/operations teams have grown. The knee-jerk reaction to alleviate pressure on business units being swamped by increasing workloads is to add staff, not technology. This does not scale. It all amounts to a larger set of moving parts that become harder to manage. You’re kind of reverse streamlining and scattering things around.

At least 40% of all businesses will die in the next 10 years… if they don’t figure out how to change their entire company to accommodate new technologies. — John Chambers, Cisco

Every boardroom across the world has discussed ‘going digital’ at some point and some have charged ahead, some have dabbled/dipped into technology and others just keep talking about it. The ones that charge ahead and get it right, win. The others, may be in a position of watching them win. Goldman Sachs recognised some time ago that they are a tech company and this thinking has seen them become even more successful, and they now compete with Google and Facebook for tech talent.

In this article, I’m only talking about a small part of your business going digital, but it could be the most important part, as it’s where the customer first touches your company. With the proven benefits of going digital and the reasons for NOT going digital clearly reducing, the shift has begun and ultimately, we will all reap the benefits. Both as consumers and as companies.

We don’t fully address it in this article, but one of the biggest benefits of going digital is the data. Once you have enough clean, quality data, you can extract value from it through analytics. It’s difficult to get clean, quality data from paper and PDFs. Analytics is absolutely within reach of even SME businesses today with advances in technology and a highly competitive marketplace.

If you want our next update on what you can do with all this data, connect below. Or follow us on Twitter or Facebook.

Fill out my online form

How are User Experience (UX) and Compliance related?

This is Part 1 of our series of articles in “Digital Client Onboarding for Financial Services: Move Fast, Ask Less”.

So, what does User eXperience (UX) have to do with compliance? Well, when we break it down to the nitty gritty, your new client will more than likely have their first interaction with you while researching your company or the service(s) it provides via your website. After they have surveyed your website, clicked some links and maybe built some trust, they then make the decision to contact you. This is when they will inevitably end up at a web form.

This is a web form. A nice one.

Web forms have a lot to do with UX and UX is part of client onboarding and that is closely related to Know Your Customer (KYC). The KYC process is all to do with regulatory compliance. With web forms being the most common way to perform digital client onboarding, you guessed it, the initial user experience with your company has a lot to do with compliance. But get it wrong and you might not have to worry about KYC & AML/CTF or any of that, you might not even get the client.

You have to start with the customer experience and work backwards to the technology – Steve Jobs.

I’m sure not long ago it would have seemed odd to mention ‘UX’ and ‘regulatory compliance’ in the same sentence, but times have moved on, fast. Every company, from the biggest on the planet to the smallest garage upstart is trying to enhance their digital experiences and the way they connect with their customers.

The world’s biggest retail banks are now feeling the pressure from mobile-first startups that create apps with fantastic user experiences to try and draw customers to their platform. See Number26 and Monese as some prime examples.

Monese Banking App

So why is it so difficult to create a great, digital client onboarding experience and what’s been wrong with the approach until now?

Regulatory complexity has grown and so has the volume of data required for KYC and client onboarding

From our experience working with clients, we have come across all kinds of forms. Depending on if they are regulated and which regulatory body they are licensed with, if they have to submit CRS or FATCA reports, whether they’re onboarding an individual or a corporation, or simply down to how they handle their KYC and compliance internally. Most commonly, we work with clients that have forms with between 60 – 200 fields to complete. So, what’s a field?

This is a bad web form. Particularly if you need to enter a lot of information.

The example above has 9 fields. You can imagine having to complete a form like this with 60 – 200 fields to handover your information (plus additional supporting documents). You can’t just digitize your existing forms like for like as it presents a number of challenges. We’ve listed the 4 main ones we’ve come across:

Form Fatigue: Ever gone to complete a long form and needed to take numerous breaks from it? Not only for your sanity but also because you may not have the information or document required at the time. Or worse still, you’re half-way through a form online and it loses all your work when you try to come back to it?

Repetition: We found the client’s who were being onboarded were getting asked for the same information up to 2 and sometimes 3 times on the same form. Even when converted to digital! ‘Didn’t you just ask me that?’.

Flow or Logic Missing: Asking someone to enter information at the wrong time and out of context is a real issue. The constant need to flick between pages or endless scrolling makes for a bad user experience. ‘If you selected Yes, go to Section 5’.

The Paper Mentality: If you’re just taking your current paper form and putting it online, you’re going to run into problems. The digital experience needs to be a lot different and more familiar for someone who uses Phones, Tablets, Laptops etc. everyday. You’ll run into at least 2 out of 3 of the above issues. And more. What happen’s when you need to add more information in a particular section but there is no space?

Thinking about how a form can be organized as a conversation instead of an interrogation can go a long way toward making new customers feel welcome.
― Luke Wroblewski

As you can see, a web form actually has a lot to do with compliance and is integral to a successful digital client onboarding programme. Getting this wrong will get you bad results and a bad first impression and maybe even a lost client. This is where UX comes in and it can turn a bad experience into a delightful first interaction for your clients. As Steve says: You have to start with the customer experience and work backwards to the technology.

This is Part 1 in our series “Digital Client Onboarding: Move Fast, Ask Less”. In the next installment we’ll look at “Form Data: Can data be used to hone a better digital client onboarding experience?”. If you would like to receive our updates, please sign up here…

Subscribe for Updates

You can unsubscribe any time

Compliance in the Cloud?

There is always a trade-off

If you ask a cyber security expert to secure your enterprise environment, they may not allow anyone to login or access email remotely and would request that you use passwords such as s23r8@#$23nr2345$%^456324k2345!#3 and request that you change them to something just as confusing every 7 days. This quickly gets in the way of people doing their job. There has to be trade-off. But is this really a risk vs reward scenario or can there be a happy (and secure) medium?

We see something similar with software solutions that are hosted onsite (your IT manages it) vs cloud solutions (the vendor manages it). The latter is often referred to as SaaS (Software as a Service). Normally to get new software installed, which in turn provides a service to the business, there are a number of hurdles to get over. Those hurdles predominantly involve time and money when the outcome you want is really the service the software provides. In the argument of software onsite vs cloud services, what are you really risking?

Financial services software either makes you money, saves you money or reduces your risk. Some do all 3.

Your data, at someone else’s house

As the world of technology moves away from high upfront software and hardware costs towards subscription based services or cloud offerings, the questions heard from the market and businesses looking to make this move are:

Is all my data secure?


Is my client’s personal and/or company data secure?

These questions are valid and businesses should definitely be asking them. The reality is, SaaS or cloud providers have the exact same concerns. Their businesses depend on their client’s and the data they hold for them. They are responsible for their client’s data and need to make every effort to ensure it’s security. The cornerstone of any SaaS or cloud provider’s business is data security. If they were to be hacked and have data leaked, this could be potentially very damaging to their business, and for some companies this would put them out of business entirely.

Is cybersecurity and its effects on compliance something you discuss at management meetings?

Strap in

The move to the cloud is happening fast and it’s no longer a matter of if or when. If you look at the largest cloud provider on the planet, Amazon Web Services (AWS), you’ll see they are growing at a rapid rate. Many companies are not buying servers anymore and hosting themselves, they are leveraging the power and scale of cloud providers. Oracle and Microsoft have effectively become cloud companies and are actively promoting this.

Microsoft Office 365 Cloud now hosts all email data for insurance giant Metlife, with 64,000+ staff on their platform. Monthly active users of Office 365 commercial now number over 85 million, up more than 37% year over year. The SaaS CRM behemoth, Salesforce, now has a market cap of US$58.25B (at time of writing) and is a 100% cloud company. You cannot install their software onsite.

The original (in)famous SalesForce Logo

Salesforce now boasts such clients as Barclays, American Express, GE, Unilever and more. These companies all trust their data with a cloud software provider. Not just any data; but sensitive data such as their client lists, prospects, partners etc. All on Salesforce cloud. Even UBS has moved compliance functions to Microsoft Azure cloud and DTCC are moving to the cloud “to reduce risk and cost and improve the resiliency and security of DTCC’s systems”.

These vendors, large or small, are all too aware of the kind of scrutiny placed on cloud or SaaS providers. To do business with big companies, you need to pass through vetting processes and lengthy due diligence questionnaires. Ever seen these kind of questions below asked of your business?

Who in the organization is the owner for the Information Security program?

Does the organization encrypt data at-rest?

Does the organization multi-tenant data or processing on the same system? If so, how is confidential client data kept secure?

100% cloud is not always the only option

Before cloud or SaaS vendors make any changes to their offerings, they think of data and application security. The cost of getting this wrong far outweighs the efforts involved of getting it right. Some companies will offer a number of ways to deploy their software, including: Public Cloud, Private Cloud and onsite/Hybrid solutions.

It’s by far easier to manage a shared service/public cloud offering as they only need to manage a group of scalable servers that they have control over. If deploying their offering onsite, they need to engage with IT teams, security teams, operational infrastructure teams etc. This presents some challenges and certainly adds to the hurdles.

Decision makers are often caught in a tough position when exploring cloud or SaaS as a viable alternative to traditional infrastructure and application service methods. Fear of data leak and location is the primary concern. But does the cost savings outweigh the perceived risk?

The financial argument

From a purely financial standpoint, many decision makers are not entirely aware of the true cost of operating their environments. Expenses relating to a facility and infrastructure often are hidden in other budgets, so their view of operational cost is limited to staff, hardware purchases, maintenance agreements and software licensing. Overlooked expenses often include the impact of business damaging downtime and the cost of capital that could be more efficiently used in generating income. On the whole, the cloud or SaaS initial outlay and ongoing costs have proven to be more cost effective than going with onsite. However not everyone is ready for the cloud.

Evaluating business needs

Research shows that cost is seldom the primary driver toward cloud services. Instead, improved service levels, infrastructure agility and increased security ranks as the top three drivers. Overburdened infrastructure or small IT teams often cannot cope with the rate of change and demand, and desperately need to empower business units to provision services that add value, fast.

If the goal of a business is to move more quickly than their competition, the platforms on which they innovate and operate must keep up with these requirements. If they cannot, then irrespective of the cost of a cloud solution, they are simply not performing a business enablement role.

So where are we now?

The question of whether cloud is a viable alternative to the existing methods of deployment is not a comparison of apples to apples. An organisation needs to determine accurately what it’s objectives and goals are at a business level, understand whether they can afford to divert much-needed capital into a non-core activity such as operating IT infrastructure and then consider whether a scalable, flexible a

nd cost-efficient solution will serve their original goals more effectively. And most importantly, securely.

For many providers, time will tell and the market will drive them in the direction it sees fit. At this point, there is a definite increased interest in cloud and SaaS but some companies are reluctant the be the first movers, but don’t the first movers often get the advantage?

Want our next update? Sign up below…

Subscribe for Updates

You can unsubscribe any time

Book a Live Demo Now