On November 14, 2019, Government issued Decree No. 87/2019/ND-CP amending Decree No. 166/2013/ND-CP detailing implementation of Anti-money Laundering regulations, including allowing eKYC, which will enable a transformation to digital banking. With Article 8.2.(a) of this Decree, for the first time, financial and non-financial institutions (also known as accounting subjects according to Law on Anti-Money Laundering of Vietnam) can choose to offer either or both face-to-face or eKYC onboarding. Previously, only face-to-face onboarding was allowed.
The current banking on-boarding process requires customers to take their personal identification documents to bank branches to verify and authenticate their identity. With eKYC, customers do not have to be physically at the bank branches to receive the same (or even better) on-boarding service as face-to-face in the bank. eKYC aims to enhance customer’s experience and improve financial inclusion by allowing customers easy access to create bank accounts, thereby allowing more people to have access to digital banking services.
In spite of these benefits, some banking leaders signaled reluctance to adopt eKYC as they are not confident in applying eKYC due to uncertainty in security and risk management capability of the eKYC process. Working with established eKYC experts and learning from the best practices adopted by banks on other markets can position Vietnamese banks to seize the opportunity provided by eKYC to improve customer satisfaction and win new business.
Firstly, Customer Acceptance Policy
For anti-money laundering purpose, all banks in Vietnam already have in place a Customer Acceptance Policy to determine the basis upon which the Bank accepts applicants as customers and allow them to open bank accounts with the bank. When eKYC is implemented, this policy must be updated and enforced more strictly in all customer registration processes of banks to ensure that the quality of eKYC is not lower than the traditional KYC.
Secondly, Customer Due Diligence
eKYC process must be able to verify the personal information sent by customers. This is difficult to ascertain if there are no standards upon which eKYC processes can be measured against. Mr. Cao Van Binh - Deputy general manager of Credit Information Center (CIC) said that Vietnam now does not have standards for eKYC but banks can cooperate with CIC to generate an industry standard.
CIC has access to all credit information of Vietnamese residents and banks have information on their customers, allowing banks and CIC to potentially collaborate and share information to generate a database which can be used as a reference when determining eKYC standards while waiting for the related legal provisions to be formulated. Leader of the State Bank of Vietnam (SBV) admits that the lack of a common standard is an issue facing eKYC.
The largest population database in Vietnam is currently managed by the Ministry of Public Security (MPS) and banks have no access to this data. Recently, the Government realized the necessity of sharing data and assigned MPS to complete the construction of residential data centers and digitize this data source in 2020 with the aim of sharing such data with banks. "SBV hopes that banks will be able to connect to access data and develop digital banking services at the time," said the leader of SBV.
Next, it is necessary to have Customer Due Diligence processes in place to verify that personal information provided by applicants is real to ensure that only users with sound financial background are allowed to be on-boarded as customers, and to prevent applicants with a history of financial crime or money laundering or have high financial risk from becoming customers.
Verify the right customers and spot the fake one
The eKYC system is required to have biometric authentication. Facial recognition is currently the most popular method for user authentication. Users are required to take photos in real time to avoid tampering with biometric authentication. Facial recognition works by storing and comparing real-time selfies of users with the image stored in the data warehouse which the system uses to analyze the data collected to authenticate the right customers.
Last but not least, security of customer information and bank data
eKYC is mandated to have an Information Security Management System (ISMS) that satisfies the requirements of ISO/IEC 27002:2013 (Code of Practice for Information Security Controls), ensuring security risk management according to ISO/IEC 27005.
Although eKYC can provide benefits for customers, changing the banking habits of customers is still a big challenge and takes a lot of time, money and effort. Because these directly affect their finances, customers who make high-value transactions on a regular basis understandably doubt the security capability of eKYC and digital banking. For high-risk transactions, most users are willing to spend more effort and time as they believe face-to-face authentication and transactions to be more secure instead of using their phone. In an interview with the Bangkok Post newspaper, Ms. Yada Saengthong (a senior-ranking employee of a company in Thailand) said: "The technology would offer consumers more convenience because they can open new deposit accounts and apply for loans by themselves through their mobile phones, but I prefer waiting for others to use it to ensure that it's safe enough."
eKYC holds a key position in the digital banking transformation, is a foundation service and an indispensable step in this digital era. Preparation to optimize the process is needed for banks to lead on this trend and ride on the wave of digitization to win new customers and monetize existing customers.
1. Law on prevetation of money laudering No. 07/2012/QH13 dated on June 18, 2012
2. Customer due diligence for banks issued by Basel Committee on Banking Supervision
3. Implementation guide for electronic know your customer (“eKYC”) solution