Compliance meets digital

Share this post

The term ‘digital banking’ is generally used to describe online and mobile banking services that use automation and are web-based. Institutions can deliver financial products to consumers and provide transactions completely digitally – no in-person branch visits needed. Consumers of course can access their financial data through desktop, mobile, and ATM services.

With financial institutions having to close down physical operations during the pandemic, customers and providers alike that hadn’t made the switch to online and mobile – digital naysayers – had no option but to do so quickly.

Look in the crystal ball

With a robust digital strategy now a must-have, institutions are updating platforms and operating efficiencies to not only handle increased demand, but also remain competitive. Otherwise customers will find an alternative. Online banking is truly the new norm and is the most dominant way to open an account, do money transfers, manage balances and more.

And digital banking innovations are popping up everywhere:

  • Peer-to-peer payments allow people to send or request money from others while only using a phone application.
  • AI and machine learning have been used to offer loans to consumers with little to no credit history, based on an assessment of the consumer’s credit-eligibility using their smartphone data.
  • Applications have been developed to help track a consumer’s overall spending so they can compare and improve their budgeting.
  • There are even robotic advisors that give consumers financial advice based on a quiz to determine their financial status and overall goals.

Compliance concerns

While the ability to use the internet to create deposit accounts, as well as apply for credit via a smartphone, offers convenience to customers, it does come with compliance issues that financial institutions must tackle. Due diligence is needed to correctly review the digital software and technology that powers their offerings.

Financial institutions also have a challenge to root out money laundering from nefarious actors due to the increased compliance risk associated with digital onboarding. This begins with the BSA/AML (Bank Secrecy Act/Anti-Money Laundering), Office of Foreign Control (OFAC), and Know Your Customer (KYC) compliance coupled with the beneficial ownership collection requirements for business accounts.

Some things to think about

To meet regulatory requirements, financial institutions should consider the following to mitigate risk around online account onboarding and digital banking:

1) Financial institutions should maintain an efficient CIP (Customer Identification Program) which demands the institution verify every customer’s identity by collating their name, identification number (like a tax and driver’s license number), as well their physical address.

2) For business accounts, it is recommended that articles of incorporation or partnership agreements are registered within the jurisdiction of the state. This can pose a challenge if the customer isn’t available for face-to-face interaction with the banker.

3) A lack of details from the individual might be perfectly legitimate, but it could also mean that the information provided is inaccurate or fraudulent – obtained via identity theft schemes like mobile banking trojans, phishing attacks, fake banking applications or malware deployed by fraudsters. Financial institutions can help mitigate risks by demanding customers provide, at a minimum, their identification number, physical address and name before opening an account.

4) Ensure information collected can be verified against a secure database. Controls to recognize fraudulent information can be established by performing backend reviews of the method in which the information was entered when an attempt to login to a digital banking application occurs. For instance, the IP address used to create the account can be matched to the location of the customer’s physical address.

5) The CDD or Customer Due Diligence Rule demands that financial institutions have to maintain the right risk-based procedures to conduct continuous customer due diligence which will include understanding the purpose and nature of customer relationships. This can help create a customer profile as well as to conduct ongoing monitoring to detect suspicious transactions. This can prompt institutions to not only collect but maintain information on that account, the associated individual’s occupation, the source of funds, transaction activity and also, for commercial accounts, the type of business.

6) Choosing to digitally onboard accounts increases the risk of correctly rating the risk of a consumer or business account holder. However, such risk can be mitigated using an efficient monitoring system. For instance, an anti-money laundering system or AML can detect unusual cash activity.

7) Verifications with the Office of Foreign Asset Control will also be required before accounts and transactions from specific entities, individuals and countries listed on the OFAC list can be blocked. For instance, if a transfer is conducted from offshore and is being routed via a US bank to another offshore account, it has to be blocked if an OFAC-designated entity is party to the transaction. Digital banking online can raise the risk that some transactions will not be screened against OFAC. This is perhaps because financial institutions are not able to conduct real-time verifications prior to the completion of OFAC verification.

8) For commercial accounts, institutions have to collect appropriate ownership information about the legal entity. Such information will include the owner’s name, address, date of birth, photo identification and identification number. Over the course of the onboarding process, it is important that beneficial owners give the required information before transactions can be allowed or conducted. Procedures should be established in order to verify the provided information. It is also imperative to ensure that the customer has a certificate of accuracy regarding the information provided before any transaction can be performed.

In summary

The digital banking market was valued at about $3.95 billion in 2019 and is projected to reach almost $11 billion by 2027. With the trend towards digital over traditional face-to-face showing no signs of stopping, be sure to think through all compliance and regulatory implications and don’t get caught out, your reputation depends on it.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?