The KYC Buyers’ Guide Series: #2 Evaluating Features, Compliance and Performance

In today's digital landscape, businesses face increasing challenges in their customer onboarding and verification processes. Between regulation, rising identity fraud (thanks to AI) and users expecting a fast, frictionless process, selecting the right Know Your Customer (KYC) verification tools has never been more critical. This series will help you navigate the complex world of identity verification solutions and make informed decisions for your business. Our first instalment in this series discussed the evolution of KYC.  

In this second instalment, we will discuss several factors that you can use to inform your decision-making process.

Critical Features to Consider

Integration Capabilities

The best verification solutions offer flexible integration options that work with your existing systems. Having clear, easy access to APIs and SDKs allow for customization based on your specific business needs and help ensure smooth integration, faster rollout and happier stakeholders, both within and outside your business.

When evaluating vendors, keep the following in mind:

• Check technical documentation and internal resource capacity - poor technical documentation can increase implementation times by 40%. Poor or outdated documentation can be a red flag.
• Beware of reliance on paid professional services - if a vendor pushes services over documentation, it may indicate unnecessary complexity or hidden costs.
• Factor in internal stakeholder impact - easier integration also means less friction and stronger buy-in from internal teams.

Verification Methods Supported

Modern verification solutions should be as comprehensive and flexible as your business needs them to be, to support user preferences and regional requirements. Ideally they should include more than one of these methods:

• Government-issued eIDs
• Digital identity wallets
• Bank ID verification
• Document OCR and biometric verification

Alongside the methods, you want a vendor who can support your business over time. Take into consideration:

• Do they align with your go to market and growth plans - not just for today, but next year or the year after that? 
• • What coverage (i.e. countries) do these methods have?
• Do they align with your product roadmap? Will the verification methods you choose:
• • Enable smooth rollouts, in the timelines you need?  
  • Be frictionless for the user? E.g., if your demographic is mainly Millenials, did you know that nearly 70% of them already use - and prefer - digital wallets?

Security and Compliance Standards

Our previous blog touched on the speed and evolution of regulation. However, it’s not just regulatory requirements such as AML or DORA that businesses need to be concerned with. When selecting a new vendor, it’s vital that you have a clear view on how they adhere to and manage GDPR in Europe, or CCPA in the US, ISO Certifications, and other licensing requirements such as PSD. 

GDPR

When talking to a new vendor, check roles and responsibilities around who is the data processor and controller. Some verification methods that link to government databases, for example, will have restrictions on who can access that database. 

• If it is only the vendor with access, they may not be able to whitelabel that particular verification process as they are legally obliged to tell the user who is handling their data.

Be aware, so that you can manage your, and other stakeholders, expectations.

ISO Certifications 27001 and 9001

While it is generally a given that vendors will have ISO 27001 - aka the gold standard for information security management - it is also worth asking your vendor what other certifications they hold. 

Particularly if you are going to be utilising their KYC workflows. 

For this, the ISO 9001 should ideally be evidenced as it provides a structured Quality Management System. This ensures consistency and efficiency in KYC workflows the vendor will be supporting you in. It enforces consistent, repeatable processes - from onboarding to verification - resulting in fewer manual errors and improved accuracy. 

Additionally, ISO 9001 enhances trust with customers and regulators alike.

Licenses and Additional Security

When considering vendors who offer verification methods that require access to users’ financial account data, ask your vendor about their PSD2 Account Information Services Providers (AISPs) license. 

Through this, your vendor can provide real-time, consent-driven access to a user’s financial account data - such as balances and translation history - directly from their bank. 

This enriched access is useful because:

• It dramatically reduces friction during verification
• It means you won’t have to rely on manual document collection or self-reported evidence. 
• The automation helps reduce the risk of synthetic or stolen identities slipping through and is a perfect complement to government-issued eIDs, which again, offer another level of security.

Assessing Performance Metrics

When evaluating different solutions, consider these key performance indicators:

• Conversion rates during onboarding
• Average verification completion time
• False positive/negative rates
• User satisfaction scores
• Cost of acquisition

While it’s a known fact that the KYC ecosystem lends itself to non-standardized datasets, ask your vendor how they can help you overcome this.

• Can they - or do they already - normalize data for you?
• Can they - or do they already - offer reporting and analytics?

Conclusion and coming up next…

While there is undoubtedly more than can be discussed around these topics, this article covers what we consider to be the most valuable criteria. 

In our next instalment, we’ll be building on this, and discuss workflows and approaches you should consider, when looking for vendors to support you for the long term.

If you have any questions or would like to find out more about eIDs and what Authologic does, we’d love to hear from you.

Referenc Links:

1. That API Company