AML: The Changing Regulatory Landscape of Switzerland

AML in Switzerland

Switzerland needs online identity verification now.

While this technology is nothing new to Swiss regulators, Swiss banks and financial institutions have been slow to roll it out and are hurting themselves by not acting sooner.

Back in 2016 the Swiss Financial Market Supervisory Authority (FINMA) started allowing Swiss-based financial institutions to use online identity verification to fulfill Swiss Anti-Money Laundering Act due diligence requirements. Updated regulations, which take effect in January 2020, include more stringent requirements aimed at making online identity verification even more secure.

Before the introduction of online identity verification, Swiss-based banks required customers to visit a branch office, mail in copies of ID documents or submit themselves to a video interview to prove their actual identity before a banking account could be created. As you can imagine, this led to a fair amount of frustration among banks who wanted to onboard more customers and provide a much better user experience.

With video-based verification, banks have several built-in limitations:

  • Customers can only be onboarded during business hours.
  • Even though the verification process typically takes about four minutes to complete, it can often take more than 30 minutes to speak to an agent.
  • Because a physical agent is involved, the customer experience is uneven — many have positive experiences, but a significant number of users are unhappy with the agent and their professionalism.
  • Given the manual nature of video chats and the requisite staffing costs, the cost per verification is significantly higher than modern identity proofing techniques.
  • Abandonment rates are comparatively high because of hold times and customer frustration.

By being able to use modern online identity verification methods, FINMA-regulated institutions are adopting a vastly better, faster and customer-centric experience. But, in order to use online identity verification, a number of important conditions must be met. A copy or picture of a government-issued ID can now be transmitted electronically but the bank must ensure that their identity verification process does the following:

  • Captures a high-quality image of the customer’s ID document (i.e., the image can be enhanced digitally for examination)
  • Uses only official documents with MRZ (machine-readable zone) and other optical security features included within government-issued ID documents
  • Verifies that user’s selfie matches the picture in the ID document
  • Extracts the photo ID data (to be later matched with onboarding form data)
  • Ensures liveness of person submitting the ID document

Under the updated identity verification requirements, the identity of the applicant should be ascertained with the identification document itself. In particular, no fewer than three randomly selected optical security features contained in the identification document (e.g. holographic-kinematic features, pressure-elements with visual spill-effects, personalized materials, etc.) must be verified. Information encrypted in such features (and decrypted in the MRZ) must match the visual data apparent on the identification document.

While some financial institutions may explore taking a do-it-yourself approach to online identity verification, it may not be prudent or practical. FINMA requires organizations to compare the identification document with a reference ID template to ensure that all of the security features (e.g., character type/size, holograms and layouts) exist on the ID image. Understanding the unique features of different ID types — driver’s licenses, passports and ID cards — is not a trivial task to absorb in-house.

It’s because of these efficiencies that many leading digital banks, including Monzo, Metro Bank and TSB Bank, have trusted their online identity verification processes to Jumio. These banks must not only concern themselves with KYC and AML compliance, but also focus on fraud detection and streamlining the user experience (in order to convert more online visitors into customers).

That’s why partnering with an established online identity verification provider can help Swiss banks and fintechs meet FINMA’s compliance mandates (and benefit other parts of the onboarding process).

Here’s how.

High-Quality Image Capture: Jumio’s identity verification workflow can be embedded within the bank’s mobile app or webcam experience. This experience ensures that the best possible image is captured. The camera quality of today’s smartphone is quite good, and our SDK auto-captures the image of the ID document when it’s placed within a rectangular outline on the screen. Even with lower-quality cameras (like many webcams), Jumio provides course-correction codes to our banking customers that can be used to enable the user to retake the photo if the initial picture of the ID is blurry, contains too much glare or is just out of focus.

Security Features: Jumio supports over 3,000 ID documents from around the globe including driver’s licenses, passports and ID cards. Jumio checks the existing ID document against established government-issued ID templates. Through the use of AI, machine learning and computer vision, we examine the positions and font of the data compared to the document. We will invert the image to look for tampering of the data and identify the security features of the document — this could include stitching on a passport, embossed or engraved features on an ID, security print or micro print. We also check for the existence of any holograms and run a MRZ check on data within the document.

Selfie Matching: A key strength is our face-matching algorithms (backed by human review) which compares the picture in the selfie with the picture on the ID document. This is a critical part of the identity proofing process since ID documents can be lost, stolen or purchased off the dark web.

Data Extraction: Jumio leverages a combination of AI and optical character recognition (OCR) to optimize the data extraction steps. This is also a vital part of online identity verification because OCR was not designed to read data under less than ideal circumstances. When your users are taking a picture of their ID documents, most OCR engines are challenged. Environmental factors such as image blur, glare and user error need to be factored into the identity verification process to ensure that all relevant identity data can be properly extracted.

Liveness Detection: FINMA has required that the identity verification process ensure that the online user is physically present while they’re creating their online account. Why? Unfortunately,

cybercriminals are using spoofing attacks to acquire someone else’s privileges or access rights. They do this by using a photo, video or a different substitute for an authorized person’s face. Jumio defends against these types of attacks by requiring the user to position their face within an onscreen oval (either on their smartphone, computer or tablet). Two images are then captured — one at 12 inches away, another 7-8 inches away. During this liveness check, the camera’s view of the 3D face changes and perspective distortion and micro-movements are observed, exposing most spoofs instantly — all in under two seconds. This detects the difference between “likeness” and “liveness” to prevent masks, dolls, videos or photos from fooling the system.

By enabling Swiss banks to leverage state-of-the-art identity verification technologies, FINMA is helping Swiss banks and financial institutions to more effectively compete in their market as well as around the globe (where eKYC is now a more accepted means of identity verification). What they will soon discover is how these modern methods will dramatically improve their conversion rates and help them cement better relationships with their new customers from Day 1.

Learn how Jumio can help you comply with FINMA regulations here.


Get the latest updates from the Identity and Beyond blog, delivered to your inbox.

    Yes, I would like to receive periodic updates from the Jumio blog as well as marketing communications regarding Jumio products, services, and events. I can unsubscribe at any time.

    Jumio values your privacy. To learn more, visit our Privacy Statement.