Know Your Customer (KYC) refers to a set of financial services industry standards and guidelines designed to protect both the client and the service provider from fraud. Under KYC a detailed customer profile is built and maintained, and all transactions are monitored and evaluated based on an accurate understanding of the customer, their risk profile, and all applicable laws. KYC starts with accurate identity verification, and from there is used to keep the customer safe by detecting and preventing attempts to defraud them, and to protect financial institutions by detecting suspicious activity and preventing them from being used as a part of any criminal operations, in compliance with Anti-Money Laundering (AML) regulations.
The key to successfully following KYC guidelines and maintaining AML compliance is to have as complete an understanding of the customer as is possible. This includes building and maintaining detailed personal records and transactional histories, and then operationalizing that data. As a fiduciary, bound by law and ethics to do right by the customer, KYC is helpful for calculating risk and providing appropriate advice and guidance in consultation with a client. This is helpful should an unscrupulous insider or outside malefactor attempt to take advantage of the customer.
There may also be times when customers and organizations, operating outside of legal and ethical boundaries, attempt to take advantage of legitimate financial tools and processes to commit financial crimes. Perpetrators are often very clever at hiding their intentions and activities from detection. They may have other organizations or insiders working on their behalf to help them, and some may attempt to take advantage of unsuspecting victims, stealing their wealth or using them as a means of carrying out their fraudulent schemes. And most have sophisticated ways of hiding the clues that could help uncover their intentions, or trigger preventative measures.
There is a great deal of data that could be put to work to protect the customer, but that data is out of reach because of laws designed to protect consumer privacy. Such data could be mined and used to verify a customer’s identity faster and more accurately than with traditional approaches, but because the risk of operationalizing private financial information is high, it is often sidelined in favor of security considerations.
That is where Cape Privacy can help.
Personally identifiable information (PII) and facial images used for identification are some of the most sensitive—and protected—forms of data, and there are many state, federal, international, and industry standards and regulations intended to protect it. From the moment PII and other forms of account data are collected, responsible organizations encrypt and store the information to keep it safe. But that puts the data beyond the reach of traditional approaches to data modeling, since those require that data be decrypted before they can be used to generate AI predictions, business intelligence, and other valuable insights.
That risk-averse approach to data collection also means that, whether it is kept on-premises or is stored in the cloud (where about half of all data is right now, and where more and more data is expected to be as cloud storage services grow in popularity), more than two-thirds of it goes unused—and with it, that data’s transformative potential.
But with Cape Privacy’s unique combination of secure multi-party computation (MPC) and secret sharing techniques, that transformative potential is within reach. For example, if the image of an ID card, such as a driver’s license, is required for identity verification, that image must be encrypted to protect it. Using traditional approaches to identity verification, that encrypted data can’t then be used for verification or predictive models without first decrypting it.
With Cape Privacy, however, data remains encrypted throughout its entire lifecycle, including in support of KYC efforts, even where optical character recognition (OCR) is used in conjunction with encrypted images. Now data can be encrypted at the point of capture, moved to a service like Snowflake’s data cloud, and then be used, still encrypted, to positively identify a customer, or to generate powerful AI predictions for detecting and preventing fraud.
Every aspect of the process is secure, with no single point of security failure, keeping that data safe from operator error or threat actor interception. The client applies advanced encryption standards (AES) to the data (images, data, or text) where, uploaded into Snowflake, it can be used with Cape Privacy’s secure multiparty computation to create whatever predictive models the organization chooses.
What does that mean for Know Your Customer? That previously unusable data can now be operationalized to create predictive models for more accurately verifying the customer’s identity and understanding their transaction patterns, protecting them as they engage with their financial tools and institutions, merchants, and others. A more precise understanding of the customer means more accurate detection and prevention of the schemes of bad actors, even when attacks and fraudulent activities take place across jurisdictions that are less concerned with interdiction.
With Cape Privacy, financial services firms can put their high-value, sensitive financial data assets to work for timelier and more accurate KYC compliance, protecting both the client and the financial services provider by unleashing the full potential of customer data, even while remaining fully encrypted. To learn more about Cape Privacy and our platform, visit our website. Or contact Cape Privacy for more information.