PSD2 can help Fintechs to KYC and CDD their customers, in a similar way how OAuth helped Services verify customers early 2010s. Fintech can allow customers to sign-up to their services by providing read access to their bank account via PSD2, which in turn will allow Fintech to risk asses customer.
- If the customer has an active Barclays or RBS bank account - they passed their sanctions and embargoes list at a minimum.
- Transaction volume can help Fintech to more accurately provide risk-assessment of the customer.
- As a second-order advantage - access to the data can help Fintech to tailor it’s offering better to customers.
Risks and Mitigation
Obviously, there is risk associated with this approach:
- Running customer due diligence through PSD2 can be expensive at least in the beginning to implement necessary functionality, it doesn’t always make sense unless the current CDD / KYC process is a big blocker in the conversion process. Or as noted above - Fintech can capitalise on having more information about its customers.
- Fintech should be fairly competent at ensuring privacy and security. If personal information is leaked, the damages can be in millions. That said it’s nothing new for the Fintech, where security is a must for any mission-critical feature. My advice to further mitigate the risk is to anonymise information through tokenisation or another process, to make sure that even in case of leak no identifiable personal information is leaked.
- We are relying on KYC processes of other banks, which could be faulty at times, we shouldn’t use PSD2 powered KYC exclusively, but use it to ease up customers Onboarding, and let them get in on the first tier. Fintech. should still require more in-depth Onboarding once transaction volume exceeds 5,000 or more.
Done right, this approach can make the Onboarding process easy and fast. Customers can effectively sign up in few clicks with PSD2 check, and supply documents later once the volume of the transaction exceed something in low to mid 4 digits.