KYC isn’t evil. It’s literally the operational piece that says stuff like “If someone named Vladimir Putin tries to open a bank account with you, you should know if he’s THAT putin or not, especially as it may get your business in serious trouble related to gov sanctions etc”. The government, quite literally, sends auditors to Banks and Credit Unions every 2-3 years to make sure you do this sort of due diligence.
The issue with KYC is that it’s farmed out to third parties that focus on scale and cutting costs. It’s in the same general space as something like Credit Scores – Banks/Credit Unions don’t maintain their own credit scores for people so much, as they just buy that score information from Equifax / Transunion etc.
Really, what I imagine people should be pushing for instead of this piecemeal whining, is something closer to what Estonia has for its citizens. A highly integrated government-based portal that allows citizens to do things like Register a New Small business in 15 minutes, and to see which organisations have access to their gov ID info. From what I understand, citizens basically get given PINs as part of their gov IDs, which they can disclose to banks/businesses, who can subsequently access basic required read-only details about that person via the gov portal. So your bank needs to know who you are? No problem, you let them know your pin when you setup the account – and the banks system is then able to pull just the basic info from your gov account to meet the banks operational needs / regulatory obligations whether you’re there in person or not. And as a citizen, if you want to check your privacy disclosures to third parties, you just log in to the gov site, and see a list of which businesses have access to your data – and I imagine you’d get the option to cancel their access if you wanted to (so when you close an account at a business, you pop in to the gov site and also clip their ongoing access). From what I gather, that sites a one stop shop for all gov stuff, so it’s also where you go for tax stuff, drivers lics, the works. Makes it a LOT simpler for citizens, as you don’t need to sort out what esoteric stupid sub site / domain you need to visit to see if you qualify for a rebate or whatever – so it seems like a big improvement from a user experience side.
ALL THAT SAID, that shift would put more onus on the consumer in some ways, as they’d need to log in to a gov site etc – like it’s bad enough trying to explain MFA to old people, imagine trying to make this shift! You’d also need a government that was willing to actually do stuff for the people – I think Estonia only went that way, as an attempt to shield themselves from massive attacks from Russia. They want their gov fully functioning in the cloud, including elections etc, so that even if they end up like Ukraine, they can still “function” remotely. Consumers are a big issue for anything security related too, as practically no one changes banks / FIs based on security – it’s almost entirely rate oriented for mortgage holders. Tell a consumer they can get a 0.2% better rate by going with the bank that doesn’t fuss security, they’ll take it. Try and market your bank/FI as being more security conscious, it won’t generally draw in new members based on that alone.
Like, again using Canada as an example, we’ve had a year of the US antagonizing us and threatening economic ruin / annexation. Lots of Canadians are keen not to buy American products as a result. Almost all of Canadas banks/CUs use US partners/outsourcing within their stack: places like Vancity Credit Union, for example, are using Intellect Design’s product for their online banking, which is a partner owned by an India parent company (with little/no presence in Canada), which hosts its stuff on Microsoft’s cloud. Most Credit Unions in the country are likely going to go the same way in the next couple years – even though it’s a huge security risk, and highly likely that both India and the USA will gain access to all your data, let alone sketchy third party’s like India’s fraud centers. There are a couple Credit Unions in Canada that actually maintain stuff (almost entirely) in Canada. But that’s not enough to entice people to use those organisations, so they’re all dying out / merging as a result of a lack of members (and regulatory overreach / decrees).
KYC isn’t evil. It’s literally the operational piece that says stuff like “If someone named Vladimir Putin tries to open a bank account with you, you should know if he’s THAT putin or not, especially as it may get your business in serious trouble related to gov sanctions etc”. The government, quite literally, sends auditors to Banks and Credit Unions every 2-3 years to make sure you do this sort of due diligence.
The issue with KYC is that it’s farmed out to third parties that focus on scale and cutting costs. It’s in the same general space as something like Credit Scores – Banks/Credit Unions don’t maintain their own credit scores for people so much, as they just buy that score information from Equifax / Transunion etc.
Really, what I imagine people should be pushing for instead of this piecemeal whining, is something closer to what Estonia has for its citizens. A highly integrated government-based portal that allows citizens to do things like Register a New Small business in 15 minutes, and to see which organisations have access to their gov ID info. From what I understand, citizens basically get given PINs as part of their gov IDs, which they can disclose to banks/businesses, who can subsequently access basic required read-only details about that person via the gov portal. So your bank needs to know who you are? No problem, you let them know your pin when you setup the account – and the banks system is then able to pull just the basic info from your gov account to meet the banks operational needs / regulatory obligations whether you’re there in person or not. And as a citizen, if you want to check your privacy disclosures to third parties, you just log in to the gov site, and see a list of which businesses have access to your data – and I imagine you’d get the option to cancel their access if you wanted to (so when you close an account at a business, you pop in to the gov site and also clip their ongoing access). From what I gather, that sites a one stop shop for all gov stuff, so it’s also where you go for tax stuff, drivers lics, the works. Makes it a LOT simpler for citizens, as you don’t need to sort out what esoteric stupid sub site / domain you need to visit to see if you qualify for a rebate or whatever – so it seems like a big improvement from a user experience side.
ALL THAT SAID, that shift would put more onus on the consumer in some ways, as they’d need to log in to a gov site etc – like it’s bad enough trying to explain MFA to old people, imagine trying to make this shift! You’d also need a government that was willing to actually do stuff for the people – I think Estonia only went that way, as an attempt to shield themselves from massive attacks from Russia. They want their gov fully functioning in the cloud, including elections etc, so that even if they end up like Ukraine, they can still “function” remotely. Consumers are a big issue for anything security related too, as practically no one changes banks / FIs based on security – it’s almost entirely rate oriented for mortgage holders. Tell a consumer they can get a 0.2% better rate by going with the bank that doesn’t fuss security, they’ll take it. Try and market your bank/FI as being more security conscious, it won’t generally draw in new members based on that alone.
Like, again using Canada as an example, we’ve had a year of the US antagonizing us and threatening economic ruin / annexation. Lots of Canadians are keen not to buy American products as a result. Almost all of Canadas banks/CUs use US partners/outsourcing within their stack: places like Vancity Credit Union, for example, are using Intellect Design’s product for their online banking, which is a partner owned by an India parent company (with little/no presence in Canada), which hosts its stuff on Microsoft’s cloud. Most Credit Unions in the country are likely going to go the same way in the next couple years – even though it’s a huge security risk, and highly likely that both India and the USA will gain access to all your data, let alone sketchy third party’s like India’s fraud centers. There are a couple Credit Unions in Canada that actually maintain stuff (almost entirely) in Canada. But that’s not enough to entice people to use those organisations, so they’re all dying out / merging as a result of a lack of members (and regulatory overreach / decrees).