Is Identity Broken?

Identity is broken, or many will have you believe so, in reality it sort of works allowing hundreds of millions of consumers and businesses around the world to activate and access services around the world. Clearly more needs to be done, and the industry is burgeoning with new solutions, approaches, strategies and movements to try and solve the conundrum or conundrums. That is really the key message here, for too long the perception is that identity is as a single thing a credential or a token, well I have some news for you it isn’t. As the digital world evolves, identity should increasingly be considered as a multitude of factors which are linked to an individual or entity, and how that end state of the identity is constructed and subsequently used has to be contextual, based on the use-case, value, time-constraints and so on.

That’s where Orchestration technology comes into play, lets therefore peel back Orchestration further and explain  Orchestration technology, how it solves complex challenges in respect of AML, KYC, KYC and Fraud Management and what are the key ingredients needed to make it work.

Perhaps a good starting point is looking into what Gartner has to say about Orchestration. According to Gartner in its *Market Guide for Identity Proofing and Affirmation “by 2023, 75% of organizations will be using a single vendor with strong identity orchestration capabilities and connections to many other third parties for identity proofing and affirmation, which is an increase from fewer than 15% today.”

So the market for such technology is certainly on the upward spiral, with the potential that it becomes more mainstream over the coming years. Naturally we have seen a growth in new entrants into this product area, but it’s important to consider some of the market challenges an Orchestration platform should be able to address:

• The innovation in KYC/B, Fraud and AML data is constantly evolving – having a comprehensive data access layer ‘oven ready’ is crucial on the buy side, otherwise they could easily integrate themselves. New vendors are constantly coming into the market, for the end client being able to review, select, engage, integrate and test new vendors becomes costly and time consuming

• Regulations change – the 3rd thing in life that is certain after death and taxes is ever-changing regulations affecting financial services firms, gaming operators, merchants and other actors in the eco-system

• Orchestration strategies – How best to orchestrate an identity or fraud management journey comes only with years of expertise in living and breathing fraud management as a practitioner as well as a strong understanding of the data landscape and how it all fuses together. Furthermore the ability to conduct A/B testing, failover and champion-challenger tests are all key factors to provide a client a credible solution that can solve tangible business challenges.

• Data Standardisation – Vendors will all return data in disparate formats, headers and structures and with varying response times. In some cases data returned may only provide partial insight which might less effective, but when combined with other data items it could provide further significance that may allow a potential ‘reject’ to becomes an ‘accept’.

• Vendor Management – manging and supporting multiple vendors is a challenge for the orchestration platform and as new vendors come in to the market, the work required to research, assess, engage, connect, deploy and roll-out new APIs is time-consuming and costly, as is the ongoing version management and support

• Future proofing – based on the factors above, a number of scenarios could result in changes in orchestration strategies and as such minimising the downstream tech impact on the client is key, the legwork needs to be done within the orchestration layer in order to be truly compelling no-code platform.

• Scalability – ensuring that the platform can scale to handle increased payload and the platform can support a client with growth strategies whether based on new product or market launches

Application of Orchestration Technology

Furthermore, Orchestration can be pivotal in solving many key challenges in Identity and Risk Management one such example is with KYC/Identity Verification –

• In the digital world, your digital attributes are key to your identity and its subsequent layers of access with a given institution.
• Traditionally KYC checks in the digital world relied on calling end-point vendors with a focus on ticking boxes to keep regulators happy. In the data-breach driven world we operate in, attention needs to be given to ensuring you are enabling that service for the correct individual who has applied for the service.
• This is where an anti-impersonation layer comes into play utilising market-leading products to profile devices, location, emails, mobile, behaviour and so on to ensure the prospect of this being someone else is highly unlikely.
• So when the verification check is subsequently made (along with the all-important AML checks) you can be sure the identity verification threshold is high quality and you are pretty confident it’s the genuine user.
• As we have seen the world move to identity proofing through document capture with Selfie/Video checks which play a strong role in the identity journey, however in an Orchestration layer the client can dictate at which point they would like to or need to impose that additional friction when the data-driven approach described above may require further levels of confidence.

As the industry increasingly looks towards solutions such as self-sovereign identity the above example of enabling Digital Identity through Orchestration then managing contextualisation of how the identity can be asserted based on the use-case, relying party, transactional value and so on, are all core features that bring the proposition further to life in a way that erodes concerns over trust and data privacy.

Another area that is really compelling for Orchestration is with Business Verification or KYB. As the digital world (driven by the pandemic) has driven SME’s and large corporates to embrace Fintech, but the compliance processes that underpin entitlement are equally important. Here is a potential orchestration strategy to consider:

• As above anti-impersonation layers are key, Business checks can potentially be expensive so kicking out rubbish and blatant fraud early is key to the Orchestration strategy here.
• Then the dynamics of geo-locating the business, the actual applicant and the relationship between the two
• Business checks can be waterfalled to ensure existence ahead of deeper verification, to initially determine Business Existence, Lines of Business, SIC codes etc to determine if you really want to take this business on ahead the deeper level of KYB.
• Once into KYB, there is a myriad of data items to navigate through to determine which of those play a role in decisioning whether to accept, reject or review. With the increasing focus in Identifying Beneficial Owners, understanding complex corporate structure as well as financial viability there are numerous routes for the Orchestration journey to go down
• And even more crucial area is the complexity of identifying and verifying Beneficial Owners and Directors in as seamless a way as possible, and then ensuring both Business and Officers linked to it do not feature on any global watch lists for Peps, Sanctions etc.

In Summary, an Orchestration platform is best summarised in the recommendations by Gartner in the same report referenced earlier :

Recommendations - Build an identity-proofing strategy on a foundational orchestration layer:

• Leverage a vendor that has built connections to multiple other vendors and data sources and offers flexible workflow capabilities.
• Optimize your identity-proofing process by using this orchestration layer to test and evaluate different workflows, comparing different vendors and data sources to achieve your identity-proofing objectives.
• Support the scalability of your business by using the orchestration solution to connect to vendors and data sources that facilitate expansion into new regions.

Riten Gohil is a Partner & Co-Founder at Sphonic a London-based RegTech business, he has been a practitioner in the field of fraud, identity and financial crime from his time working at the likes of the DWP Organised Fraud team, Flutter.com, Minutepay.fr, Serious Fraud Office, EY Forensics, APACS (UK Finance) and Visa.  

*Gartner, Market Guide for Identity Proofing and Affirmation, September 2020. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose