5 lessons learned from building a KYC system
For those uninitiated in the alphabet soup of terminology that fintech serves for lunch daily: KYC refers to the process of Knowing Your Customer.
To quote our fintech dictionary, KYC is:
A standard banking risk assessment practice to prevent identity theft, money laundering, fraud, and terrorism by verifying customer identities and understanding their transaction habits. KYC is a mandatory requirement of legal compliance in the financial sector.
In short, KYC systems vet your customers to protect your business from legal recourse. They can appear as simple as having your customer provide their personal information to create an account. However, user data collection is only the first step of the process. Traditionally, data sanitation and other automated and manual data reviews follow.
At Moov, we’ve recently built our KYC system, which completely automates our KYC experience in as little as five seconds. As firm believers in radical transparency, we hope to share some insight on lessons we learned in the process of building our system and give some advice on how to make a better KYC experience in your next application.
Lesson 1: Build ways to segment your customers
Let’s break KYC down into two categories: Know Your Customer (KYC) and Know Your Business (KYB). If your user is an individual making choices on their behalf, the information collected is significantly different from if your user is representing a business.
Building in the ability for a user to designate their “identity” allows your application to adjust to these sorts of problems nimbly. You can streamline your onboarding process to display the pertinent user information that your application will need to collect, track, and review in your due diligence period to “Know Your Customer.”
Lesson 2: Map out the required legal identifiers in your country of operation
Once you can map out the types of users you are interacting with, you can own the due diligence to know what data is pertinent in your country of operation. For example, within the United States, most identification processes for a business revolve around their Employer Identification Number (EIN). The government published an in-depth explanation of the US requirements.
While this process might seem overwhelming and intimidating, once you have a clear list of the personal information required by your customers, it’s as easy as asking for them to provide it on enrollment. If getting the list of necessary data grows exhausting, the next tip will give a simple shortcut to the whole process.
Lesson 3: Make use of Identity Verification Platforms
At Moov, we absolutely could not have built such a quick and immediate feedback process for our KYC onboarding without the power of Identity Verification Platforms. While we need the ability to perform due diligence on our customers and for our customers, we have no desire to spin up an entire division dedicated to completing this task. You can easily search for “Identity Verification Platforms” in your country of operation to find companies that will perform the necessary background checks to confirm your users’ identities.
In our case, we have partnerships with Middesk and Socure, which both empower our Business KYB and Individual KYC due diligence. While Moov collects the data required to perform the needed due diligence, we utilize our Identity Verification Partners to perform the actual checks.
This setup empowers us to remain diligent about our customers’ validity while keeping our drive and focusing on what matters most: moving money. It also has the benefit of allowing these partners to provide us with a list of all needed information to perform accurate checks, alleviating the extra workload from creating a whole system from scratch.
While we wholeheartedly recommend our particular Identity Verification Partners, we recognize that they may not meet your organization’s needs. Some tips we recommend when searching for a platform are:
- Make sure the platform supports the countries of operation that you need to work in
- Review the API response time of the platforms (1s, 5s, 500s, etc.)
- Find out if the vendor supports asynchronous responses
- Look at all of the modules the vendor provides (as many platforms break down their services into different modules)
If you are unsure of where to start, we recommend starting with Middesk and Socure, but also recommend taking a look at Trulioo, Veriff, Au10tix, and Sumsub.
Lesson 4: Power asynchronous feedback loops with event-driven systems
The Moov Platform is powered by Confluent’s Kafka. We leverage event-driven programming in order to build non-blocking API interactions. In this manner, we allow users to make a request and process the data once the request finishes via events.
KYC is particularly notorious for taking hours, if not days, to complete a single request—which is what makes our five-second process so exceptional. A significant part of this is picking incredible partners, but event-driven programming also makes it possible. Rather than being dependent on instant responses from our partners, we build in webhooks and event queues to make requests and quickly propagate responses as soon as they come. Our customers receive feedback on their KYC requests almost instantaneously, and it’s all powered through events.
Lesson 5: Automate as much as you can, but build in manual interventions
At Moov, we automate as much of our system as possible.
We fully believe that money can only move at its top speed when all unnecessary components are removed from the system.
This is why we build open source tools like Watchman that offers download, parse, and search functions over numerous trade sanction lists from the United States, agencies, and nonprofits for complying with regional laws. Or achgateway, which we use to interact with the Automated Clearing House (ACH) directly instead of through a third-party vendor.
Regardless of how automated your system is, there’s always a need to have some level of human interaction when hiccups arise. Some KYC scenarios might happen where automated eyes cannot immediately define a problem. We’ve found it incredibly powerful to have an automated way for the system to determine that a particular user requires human intervention to make a decision.
Our goal is always to have that five-second turnaround as often as possible; however, there are always edge cases that our system didn’t catch in our first iteration. By resolving those unique cases quickly and seamlessly, we enhance our system piece by piece while still offering a revolutionary customer service experience.
Summary
We take pride in our KYC system here at Moov. We genuinely believe it to be a best-in-class experience for our users. In sharing the lessons we learned along the way, we hope to continue supporting builders and empowering better payments experiences. We also encourage you to share your experiences in building a KYC system or any fintech project with our community of builders.