The implementation of remote identification and the ability to become a new customer without physically visiting a branch revolutionized banking services.
In Europe this process remained mostly hybrid and involved only online ordering of a card, but with a mandatory visit to a branch to sign documents upon card receipt. At the same time in Ukraine banks immediately began to focus on implementing fully remote
digital onboarding scenarios, using signature with finger in phone screen, EDS or Diia.Signature. Thus, since 2020, about 10 million Ukrainians have gained experience in issuing cards through mobile applications/web interfaces without physical interaction
with a branch. Significant competition in this segment leads to the fact that customers tend to change banks frequently or use the products of several banks simultaneously, choosing the best offer for themselves in terms of tariffs and user-friendly interface.
According to statistics, one adult Ukrainian has an average of 4 active cards.
Over the past few years, banks have invested and continue to invest heavily in building effective online onboarding processes, trying to make them simple, seamless and user-friendly, but as this technology is rapidly developing, new risks are constantly
emerging that need to be anticipated, identified and mitigated in a timely manner.
Which key risks can be identified:
-Fraud. Remote processes of establishing business relationships simplify the opportunities for fraudsters who steal identification data and try to open an account in the name of another person in order to obtain a credit line, use the account
for other unauthorized activities, receive prepayment for non-existent goods, etc. To minimize the risk, it is necessary to implement multi-level customer authentication tools using unique combinations of factors that are unique to the customer. It is important
that some of the checks, such as comparing a face with a photo in a document, are performed on the backend, so that the user is not aware of their presence and cannot falsify them. In addition, banks should constantly remind customers how to recognize data
breaches and fraud, as well as what to do if they suspect their account has been hacked.
Legal risk. It is associated with the fact that a person who signed an agreement with the bank completely online may at some point say that he or she did not sign it, was in a state of mental disorder, under the influence of drugs, or signed
under pressure from the other party. As a result, such a client will refuse to fulfill its obligations under the agreement and will go to court. For its part, the bank can record the geolocation from which the agreement was signed using an electronic digital
signature or record the signing process on video, which can strengthen the arguments of the financial institution if the case still has to be resolved in court.
Compliance and AML risks. Digital onboarding may complicate banks' compliance with anti-money laundering (AML) requirements and the quality of the know-your-customer (KYC) procedure, as the scenario of opening an account through an app may attract
customers with dubious reputations who develop money laundering schemes using accounts of different banks. To mitigate such risks, customer reputation checks, sanctions or other negative actions should be built into the process, and AML policies should be
constantly updated to reflect new factors that may emerge.
Particular attention should be paid to the protection of personal data of the client (GDPR) during the procedure, as the client may provide his data on a phishing site that imitates the original one, which will lead to its leakage - therefore, it is important
to remind the client about security during the procedure and point out the details that need to be checked before starting.
Loss of potential customers.When the onboarding process is far from ideal (many items to fill out, duplicate questions, unclear wording, lack of tips, technical errors), the user may not complete the process and choose another bank after a negative
experience. Even a customer who has successfully completed the procedure may face problems with further use of the application, lack of support from the bank, and feel disappointed. To address such situations, it is necessary to develop a Customer journey
and model different situations of the process, despite the absence of a personal manager - to establish points of contact with the client throughout the entire journey for support and assistance if necessary
Thus, the digital onboarding process is very dynamic and new risks can appear suddenly and at any stage. Only through constant monitoring, risk mapping, and risk assessment can the security of both the bank and the user who establishes business relations
with it remotely be guaranteed