As a formal procedure associated with paperwork for many people, the Know Your Customer (KYC) framework is constantly evolving—from amendments to key regulations to the advances in fraud techniques that you have to deal with.
In this blog post, we highlight the five tendencies companies should keep an eye on when developing or refining their KYC policies. Non-regulated businesses can also find some insights worthy of their attention below.
You may also be interested in upcoming identity verification trends. Take a look at Regula’s experts' expectations for 2024.
1. New arrivals in the regulation arena
Since the KYC fundamentals are determined by regulators, it’s reasonable to start this overview of KYC trends with major legal changes that may affect related industries.
In the EU, the development of the AI Act has reached another milestone. The law, aimed at responding to the risks and problems linked to technology use, is now at the vision stage. The EU Council states and the European Parliament completed the year with a consensus on the matter. As expected, the Parliament will vote on the Act’s principles in 2025, so both businesses and AI solution providers can take their time to comply with this game-changing regulation.
Adopting a “risk-based” approach to AI systems, the AI Act will provide the technology’s do’s and don'ts in the EU. AI-powered applications will be classified according to the risk they pose to end users, with more or less regulation for the different risk levels. Also, the framework prohibits some AI-based use scenarios, such as “real-time” remote biometric identification in publicly accessible spaces for the purpose of law enforcement and social scoring. You can check out this official statement for more details on the authorities’ vision.
Also, updates to some standards from the European Telecommunications Standards Institute (ETSI) are on the way this year. In particular are regulations related to the infrastructure of qualified electronic signatures (QESs) used in the EU. Here is the list of the standards prepared for updating.
Another essential step in the development of identity verification legislation was taken by China. With the Regulations on the Administration of Deep Synthesis of Internet Information Services entered into force early in 2023, the country pioneered imposing obligations on technologies for generating text, video, audio, and 3D reconstructions. Generally, this is the first state regulation against deepfakes. One of the significant requirements imposed by the law is labeling content generated with the use of deep synthesis technologies by their providers. The document can be observed here (in Chinese only).
There are also some activities around the broader implementation of international standards covering virtual asset service providers. For instance, the Financial Action Task Force (FATF) reported that 75% of jurisdictions were only partially or not at all compliant with the FATF’s requirements last year. Travel Rule as a key measure aimed at preventing money laundering and terrorist financing in virtual financial transactions should get higher adoption, primarily among FATF member jurisdictions. This means companies in the industry should be prepared for amendments to their local laws. For instance, the European Commission intends to apply new rules under the Regulation on the Traceability of Transfers of Funds based on the FATF’s standards in December 2024.
KYC typically applies to regulated industries; thus, these industries must stay on top of any regulatory changes. However, it’s also crucial for non-regulated sectors to be fully aware, as many regulatory changes are in response to potential threats or challenges that may have a broader impact. As the legal framework is constantly changing, regulatory compliance remains one of the enduring KYC trends.
2. AI-powered identity fraud
The next point on the list of ongoing KYC challenges is that detecting identity thieves and their fraudulent tactics is becoming harder. Today, bad actors don’t walk alone: they create human fraud farms and use bots based on the latest advances in the generative AI (GenAI) realm. In Q2 2023, the number of bot attempts to take over consumer financial accounts and open fake new bank accounts increased dramatically, with a 202% and 164% surge, respectively.
The emergence of two regulations mentioned in Section 1 dedicated to keeping GenAI progress under government control proves the severity of the threat.
Fortunately, many companies seem to be aware of the problem. According to an Axiad survey, businesses are ready to adopt advanced authentication mechanisms, in particular, passwordless technology (45%) and phishing-resistant multi-factor authentication (27%).
Recent research from Regula supports this conclusion. As our survey shows, businesses plan to use blockchain-based identity verification (38%), behavioral biometrics and device fingerprinting (both 36%), and document verification of biometric documents only (33%).
The high adoption rates of innovative fraud prevention measures indicate the shifts in the KYC framework from the corporate part. The emphasis on implementing security solutions, rather than merely following formal procedures, is one of the most encouraging KYC trends.
The power and capabilities of AI are growing at an extremely rapid pace. Unfortunately, due to the democratization of this technology, bad actors are likely to be some of the earliest adopters. This means that the highest level of vigilance, as well as partnership with industry leaders like Regula, is required to keep this threat in check.
3. Digital nomad challenge
With a more diverse and multi-national global labor market evolving, businesses say they’re experiencing ongoing impacts from the growing digital nomad community on their KYC processes. About half of the companies (42%) surveyed by Regula claim an 11% to 25% increase in cases involving foreign document verification since 2021.
Most of these cases refer to KYC procedures in Banking, Travel, Healthcare, Government, and other sectors. Primarily, the need to validate a user with an ID issued abroad arises at the onboarding or purchase stage of the customer journey. You can check the following chart for more details:
As you can see, non-touristic sectors such as e-Commerce are also affected by the trend. For many of them, an increase in digital nomads among their customers may be turned into a challenge since local-oriented businesses may be on the list as well. However, this is also true for companies focusing on global customers, since they may face a surge in users from new countries which are out of their regular segment.
To take up the challenge, a significant share of organizations (34%) confirm the need to increase their identity verification spending by up to 20%. Implementing a KYC solution which is able to verify customers with non-domestic IDs en masse is the way to go.
The digital nomad movement has been shown to be an ongoing and growing KYC trend. This tendency has uncovered challenges for many companies that are not well prepared to service this growing cohort of customers. However, it has also shown tremendous opportunity and growth for those that are ready. According to our survey, the majority of companies, on average, attribute between 10% and 40% of their new revenue to digital nomads.
4. The expansion of remote verification
More companies are transferring their verification procedures online in an attempt to make this part of interacting with their customers more convenient and hassle-free. Governments around the world are contributing to this trend by updating their KYC regulations.
For instance, the Indian Department of Telecommunications phased out physical KYC verification—i.e., filling out an application form and attaching a photo, proof of identity, and address—as a mandatory step of customer onboarding for Telecoms businesses. Now, the process for individuals who want to buy a new SIM card can be digital. They just need to submit their ID photo and get the verification done.
Some countries emphasize biometric verification as a reliable means to use in KYC procedures. In Brazil, the recently issued guidelines require online gambling and sports betting services to verify the age and identity of customers using facial recognition.
Remote verification is here to stay. As one of the most significant KYC trends, it’s gradually turning into a new industry standard. Many customers have experienced the convenience of this type of approach during the pandemic, and are now no longer prepared to accept strict physical verification requirements. Now, organizations must adopt remote verification to stay competitive. However, they must also balance this with their own security and anti-fraud requirements. For most, this means employing advanced technologies like zero-trust to mobile, biometrics, and liveness checks for both the person and document presented for remote verification.
5. Ongoing KYC process
KYC policies involve conducting periodic customer evaluations that include analyzing their transaction history and business relationship to identify any suspicious activities. Typically, the number of reviews depends on the level of risk posed by a particular customer. High-risk clients are usually reviewed each year, while for medium-risk and low-risk ones, this span is longer—every three or five years, respectively.
But the traditional risk-based approach is continually changing, revealing a move from periodic manual reviews to KYC automation allowing ongoing reviews. This proactive framework is called perpetual KYC (pKYC), since all checks are conducted in real time, providing daily or even hourly updates on customer information.
The growing interest in pKYC is partly due to strict KYC regulations along with an increase in AML fines. For instance, in 2023, the list of the biggest fines was topped by cryptocurrency exchange Binance ($2.7 billion) in the US, Crown Resorts ($450 million), the largest gaming and entertainment group in Australia, and online betting and gambling company William Hill (the equivalent of about $24 million) in the UK.
pKYC is a reasonably new concept, which is developing into one of the latest KYC trends. Given the increase in penalties seen in 2023, many companies will likely consider implementing a pKYC approach very soon.
Bringing it all together
While the compliance pressure remains high, organizations, including ones from non-regulated niches, should revise and enhance their KYC procedures.
Additionally, companies should meet the expectations of customers who are used to dealing with instant and hassle-free verification procedures.
With the rise of the malicious use of GenAI, and the increase in the volume of foreign IDs that go through companies’ systems, the paper part of the process isn’t enough to tick off the security box.
Regula is here to help you embrace this new reality with advanced IDV solutions that enable you to keep your KYC flow compliant, yet customer-centric:
Regula Document Reader SDK: Remote document verification backed by an extensive ID template database of 13,000+ documents from 247 countries and territories
Regula Face SDK: Biometric verification with liveness detection for seamless and secure user authentication
Book a call to learn more about your opportunities!