- Author: Francesca Columbu
- Date: 29/01/2024
- Reading time: 4 min
Since last October, banks and brokerage firms have been able to independently design their own remote onboarding processes. With the Provision of 13 June 2023, in fact, the Bank of Italy repealed its own provisions on video-identification, opening up the possibility of verifying the identity of new customers also by means of unattended, or fully automated, remote identification.
With the repeal of Annex 3 of the Adequate Verification provisions issued on 30 July 2019, the Bank of Italy takes a first step towards aligning with the EBA's supervisory guidelines on remote client onboarding solutions.
One of the most relevant novelties concerns remote identification methods: with the publication of the guidelines issued in November 2022, which apply as of 2 October 2023, the EBA officially opens up to fully automated procedures.
According to the EBA's new guidelines, Obligated Persons can design their own remote onboarding processes completely independently, provided they ensure
- documented assessment of risk factors and the appropriateness of the solutions adopted;
- constant staff training on remote onboarding and related risks;
- ongoing supervision of the proper implementation of the system, which should be reviewed periodically and modified when necessary;
- integrability of the solution into the institution's broader system of internal controls.
As specified in the document, the continuous monitoring of the remote onboarding system 'also applies where fully automated remote customer onboarding solutions are used that rely heavily on automated algorithms, with limited or no human intervention'.
Another important new development concerns the outsourcing of the KYC process, which requires all financial institutions to identify and verify the identity of every customer: banks and financial institutions can now resort to outsourcing, using the specific skills of specialised companies.
Outsourcing can be regulated independently, provided that 'the necessary steps are taken to ensure that the processes and procedures implemented by the third party for customer due diligence for the purpose of remote customer onboarding, as well as the information and data collected in this context, are sufficient and consistent with the requirements set out in these guidelines'.
Apart from the indications given in the guidelines, the Know Your Customer process can be entrusted to solutions and technologies that are rather new to the banking sector, starting with APIs: an opportunity that promises to optimise costs and resources without sacrificing the security required by banking supervision.
Openapi's Video Identification API allows users' identities to be verified remotely quickly and efficiently, ensuring a level of security consistent with EBA guidelines.
All video identification modes, in fact, involve the automatic verification of documents on CRIMNET and the execution of the steps codified by the Bank of Italy in the provision on Adequate Customer Verification to combat money laundering and terrorist financing.
It is possible to choose between different types of video identification via API, with an operator or fully automated:
- Automatic Video Identification: allows the new customer to complete the video identification procedure independently. The user has to upload their documents, take a photo and make a short video: the material has to pass the OCR system checks and is subject to human verification;
- Selfie Video Identification: the user must perform the same steps, but the verification of the material entered into the system is entrusted to back office operators and takes place in asynchronous mode;
- Live Video Identification with Operator: the entire procedure takes place live with a human operator verifying the user's identity. The live identification service is available from Monday to Saturday, from 9.00 am to 6.00 pm.
As stated in the EBA guidelines, when choosing the provider of such a crucial service it is recommended to assess, among other things, 'the technological suitability and data governance at the external service provider'. Openapi has obtained ISO 25012:201 certification for Data Quality and, more recently, also ISO 9001:2015 for the creation, implementation and management of a Quality Management System.