For a few weeks in April, experts in digital identity from banks, vendors, FinTech, law firms and regulators worked in the Digital Identity Tech Spring to develop ideas about how to tackle the increasing problem of identity theft in remote customer onboarding.
The event, hosted by the Financial Crimes Enforcement Network (FinCEN) and the Federal Deposit Insurance Corporation (FDIC), aimed at producing ideas that could eventually be developed and used in the private sector, but also for regulators to have a better understanding of the latest developments in this space.
“Getting identity in financial services “right” requires collaboration between the public and private sectors. We want tech sprints to eventually build toward pilot programs and then, lead to regulatory actions,” said FinCEN Acting Director Himamauli Das.
Lisa Zeimetz, senior vice president, risk and compliance officer at First National Bank and Trust, and participant at the event, told PYMNTS that one of the keys in the Tech Sprint, as well in her job, is the need to collaborate with banks, providers and FinTechs to build new solutions and at the same time protect your customer data and respect privacy laws. Zeimetz´s team solution sought to tackle this issue, how to leverage data and share suspicious data with each other without disturbing privacy laws.
When you work with vendors, you need to conduct very robust due diligence to make sure this vendor is a good fit, Zeimetz explained. Out-of-the-box solutions are acceptable if they work with your core system, but you need to make sure that you are still protecting customers’ data.
Thanks to recent technological innovations, regulators are more open to accepting innovative solutions because they know that the bad guys can work pretty fast too, she said. This Tech Sprint is a good example of how regulators are quickly catching up. Yet, regulators are very risk-averse, and they will not accept any solution.
FinCEN’s view is that the regulatory framework also needs to approach these innovations in a way that recognizes, not only the risks that they pose, but the opportunities that they present: “How do we build a regulatory framework that creates the room to foster what’s positive about innovation, while at the same time ensuring that bad actors can’t take advantage of innovations more effectively than the good guys?” Das asked.
And the reality is that data breaches are on the rise. According to data released by FinCEN on Suspicious Activity Reports (SAR), identity theft is in the top 10, as well as other identification and verification issues related to customer due diligence and anti-money laundering. “We’ve had so many data breaches, 10 years ago up until now, and while those have slowed down the dollar amount, the impact of that crime has gone up,” Zeimetz said. And identity theft is also becoming more advanced with the new synthetic identity theft. This is when fraudsters are not pretending to be real individuals, but they are taking bits and pieces from different data breaches and creating whole new identities that aren’t real people.
But while technology and innovative solutions are essential to cover a larger number of transactions and to better identify suspicious activities, the role of the person behind the technology is still of utmost importance. “Technology is so helpful right now, but that goes into the risk management, and you need to make sure that your risk model is tuned in accurately. That´s going to take a human that´s looking at what are those different aspects of the model and the model validation component of it,” she said.