Author:
Lombe Chibesakunda
A unified KYC is a database linking information on each unique individual within that country’s ecosystem. KYC (Know Your Customer Compliance) is one of the most important essential requirements for financial institutions when determining the validity of transactions. In Zambia the requirement forces institutions to report all transactions above a certain threshold and often requires account holders to provide sufficient information to prevent identity fraud, money laundering and track perpetrators of such crimes. This process is considered flawed with significant gaps in information preventing effective enforcement of the laws. While companies abide by regulation mandating information collection, the data is often inconsistent or inaccessible to the relevant authorities; this is often due to the data being physically stored, with each company having silos of unique information about each consumer.
The objective of a unified KYC is to digitise and unify this data to allow the relevant authorities to discover patterns of fraudulent activity and identify the perpetrators of this behaviour. Recently with an up take in cyber-crimes in Zambia, the trend among the attacks on the industry implies the orchestrators of such attacks are taking advantage of the lack of information sharing in the industry to commit fraudulent transactions. The first successfully executed unified KYC system was established in Estonia in 1992 and is largely attributed with halting cyber-crime. To date 98% of Estonians have a ‘National ID Card’ which has been used for digital signatures nearly 1 billion times.
Benefits of Unified KYC
Despite consistencies in the KYC requirements between various companies and sectors, information is largely considered difficult to determine. This perpetually leaves our industries exposed to similar attacks across different networks. It is estimated the economy is losing a substantial amount of money to fraudulent transactions. Therefore, the first potential benefit of this system is security. A unified digital identity provides more accountability and traceability for perpetrators of serious crimes. Biometric systems, for example, verify the identity of the transactor unequivocally before commencing using face scanning software. Hypothetically a unified KYC could also enable fintechs to have access to more enhanced data on clients before entering the market. This in turn would allow for more ‘open banking’, a popular notion that users should be able to access their bank accounts from various providers. Such initiatives will likely have a positive impact on financial inclusion and make the market more attractive.
Issues to be Faced in Implementation
Currently there is a potential issue of server localisation. Due to some specific provisions in the Data Protection Act (2021) and the Cyber Crimes Act (2020) there is increasing pressure on banks to localise the servers on which they store client data. The purpose of this is to increase government access to user data in case of safety issues. It will also allow for more cooperation, specifically the establishments of a unified database. When implemented in Kenya, the majority of banks were not immediately able to fulfill this requirement without additional investment. Due to the international ownership of several key stakeholders, such an investment demanded at least 1 year to be approved and allowing local banks to fall behind microfinances and FinTech’s like Mpesa.
In South Africa the banks were able to prevent the unification of centralised databases. This has kept KYC largely within their control and institutions enhanced their offerings to include more expansive data collection to fill this gap. However, a bank led transition has so far only worked in countries where the majority of adults have bank accounts. According to the latest data from the Bank of Zambia, only 15% of the country has access to a formal bank account. By comparison, the MNO’s have captured 90% of the market withheld by a limit stated by the Bank of Zambia restricting holdings to K20,000 per account. In Namibia the regulator faced similar issues and resorted to forcing the banks to comply with the AML/CFT/CPF regulations (referring to the FIA’s Anti Money Laundering Service rules). In Rwanda the regulator completed the same actions and in Nigeria the Central Bank forced the implementation of a three-tiered system. This does not come without significant costs however, according to a KPMG report 71% of Nigerian banks stated KYC is the most significant cost on their business. It is estimated each bank spends between N50 – N400 million in investment, despite this FinTech’s such as OPay have surpassed the largest Nigerian banks in market value.
Challenges within the Zambian Market?
The Indian application of the national unified provides both a promising and cautionary tale when implementing a unified KYC. In 2009 there was no notable method of national identity in the country but following the introduction to India’s Aadhaar system more than 1.2 billion citizens have digital registration which tracks all payments, health data and accounts across the country. In Ghana, since the introduction of the national identity system (the Ghana Card) more than 70% of child births are now registered (in Zambia less than 10% of the population has birth certificates by comparison). With a digital identity more users are able to access financing and be able to be served at hospitals with more precise medical records. Rwanda is deemed to have the most complex identity registry in Africa, using a biometric system.
The implementation of the system helped reduce the average clearing time at the Kivu border with Congo (45,000 people passing per day) from 4-5 hours to 30 seconds. This system has been attributed with vastly reduced the cost of accessing credit scoring information and has reduced the interest rates charged to fully KYC’ed consumers in the country. The challenges the Indian government had in implementing the Aadhar system were largely due to large financial institutions which refused to allow the system access to customer accounts. This issue is similar to that faced in Nigeria, Namibia and Rwanda. In order to have successfully implemented such a system they needed the Aadhaar Act to be ratified to force cooperation.
In 2019 it was deemed by the Indian supreme court that such a system could not demand that each user attach their bank account but the system itself was legal and was beneficial to the Indian people. Despite the substantial benefits the people of India gained from the introduction of a digitized national identity system, there are still glaring issues which serve as a stark warning in the case of a rushed implementation. It has been reported that you can purchase an individual’s identity for less than $100, with large databases a golden opportunity for hackers. As part of the case against the Government, it was proved that once on the database the government was unable to verify millions of individuals’ fraudulent information.
Conclusion
There is no easy path to the conversation of digitised KYC but there is also no avoiding it. The majority of medium income developing countries are either in the process or have completed citizen digitization and we therefore risk falling behind. However, this does not mean there is only one specific approach, each country faces challenges when implementing these systems based on the structure of the financial institutions. It will be important to understand the readiness of the biggest players in the economy with consideration of the benefits to the general population.
