Integration of identity verification in risk management

Financial institutions face constant pressure to comply with regulatory mandates designed to prevent identity fraud and money laundering while still providing excellent customer service, monitoring bottom line results and meeting business goals. In today’s complex business environment, this seems like an almost impossible task. However, these regulatory mandates also create many opportunities to increase efficiency and save money. By integrating identity verification into the overall risk management strategy, financial institutions can expect to see significant benefits from their bottom lines, customer service levels and employee productivity.

What is identity verification?

Identity verification is defined as “the process of using alleged or observed characteristics of an individual to infer who the person is.” (1)

For today’s financial institution, identity verification is a critical aspect of establishing a new relationship. Genuine identity verification means reviewing the truth of what a potential customer reveals by screening the data against multiple sources, then analyzing the facts to decide whether to initiate a new relationship. “Know your customer” has long been promoted within institutions as a sign of personal customer service; With the adoption of U.S. PATRIOT Act regulations, identity verification is now the difference between success and failure in the ever-changing financial services market.

Why is identity verification important for financial institutions?

The increased role of the country’s financial institutions in securing the home front must not be underestimated. The purpose of US PATRIOT law is national security. No one would disagree that having a better understanding of the customer doing business at an institution provides increased security for the institution, its customers and the general public.

The danger of banks is more than just monetary loss. Damage to a financial institution’s reputation created by non-compliance and the advertising of terrorist opening accounts can lead to lost trust in the institution and significant loss of customers, sales and revenue. Recovering from negative advertising is a long, difficult and costly process.

Compliance cannot be ignored because penalties for non-compliance are severe. Legislative sanctions for the U.S. PATRIOT Act and OFAC rules can range from $ 10,000 to $ 1 million per year. Violation.

How can a financial institution benefit from the US PATRIOT Act?

Protection against identity fraud

Institutions need to prevent identity fraud while balancing the need to protect customer information with a customer’s demand for fast and efficient service. Identity verification is clearly a first step in reducing the opportunities for fraud and intervention. Stopping the “bad guys” from opening a new account at an institution is the easiest and most cost-effective way to reduce a bank’s burden. This is how “knowing your customer” can help – if identity verification becomes part of the defensive measures of the overall risk strategy, it can be a significant factor in fraud prevention.

Increase operational efficiency

The United States PATRIOT Act has driven financial institutions to review corporate policies and perform long-term risk analyzes. Identification control technology helps integrate policies into normal routines by allowing frontline workers to gather necessary information very quickly and efficiently instead of manually examining identity information by calling references and checking websites.

Improving customer service

The complete benefit of integrating identity verification into an institute’s risk management strategy is a higher level of customer service.

From air travel to school enrollment to medical visits, the community is used to trading some privacy to ensure the safety of each and every country. However, customers expect their financial institutions to protect their identity information and their fiscal assets. Identity verification programs allow new accounts to be opened quickly, creating a positive experience for the consumer while demonstrating the method the institution has in place to protect its customers.

Choice of identity verification

Section 326 of U.S. PATRIOT law requires financial institutions to develop Customer Identification Programs (CIPs) that implement reasonable procedures to

  • Collect identifying information about customers who open accounts
  • Make sure customers are who they say they are
  • Keep records of the information used to verify their identity
  • Determine whether customers appear on a list of suspected terrorists or terrorist organizations (2)

There are several options available to help banks implement identity verification programs to comply with the rules, and always for the purpose of making educated and proactive decisions about clients. U.S. PATRIOT statutes allow a documentary or nondocumentary approach.

Documentary solution

Traditionally, the use of manual or documentary solutions for identity verification has been widespread in the community’s financial services. At many institutions, an employee will look at a driver’s license or passport to begin account opening procedures. Institutions rely on valid driver’s licenses and passports, but with the recent rise in counterfeiting, it is difficult to trust that the documentation is legitimate.

Non-documentary solution

Since the adoption of the United States PATRIOT Act, technology has improved in the area of ​​identity verification. Identification control technology offers a simple approach to integrating a CIP into an institute’s risk management strategy. In addition, identity control technology provides an institution with cost-effective tactics to keep up to date with ever-changing rules.

For true identity verification, it is important to screen presented data against multiple independent sources to ensure consistency. Checking a source does not provide enough information, and there is not a single database that includes everyone living in the United States. This means that an institution must confirm that the name, social security number, address and date of birth are valid and associated with each other using various data sources. If the information is incomparable in multiple sources, the institution may make an educated decision that it is truthful. By using identity control technology, organizations can have the tools, not only to verify identity, but also to screen against government lists and document transactions. Institutions can fully comply with the rules while realizing the benefits of protecting against fraud, increasing operational efficiency and improving customer service levels.


For financial institutions, the United States PATRIOT Act has created many burdens and opportunities. By embracing change and integrating identity verification into their enterprise risk policies, institutions can protect against fraud, increase efficiency and keep service levels high while remaining profitable.


  1. Committee on Approval Technologies and their Personal Impact. National Research Council, Who Goes There ?: Authentication Through the Lens of Privacy, Stephen T. Kent and Lynette I. Millett, eds., 2003, (March 10, 2004).
  2. Department of Finance. Office of Public Affairs, “Fact Sheet: Final Regulations Implementing Identity Verification Requirements for Customer Identifications Under Section 326 of United States PATRIOT Act,” April 30, 2003, (March 10, 2004).