Cryptomathic & QES Launch Mobile Digital Onboarding Solution at Branch

The new digital portal streamlines banking client onboarding while addressing AML, eIDAS, and PSD2 requirements.

In an effort to facilitate digital transformation, reduce operational costs and accelerate customer onboarding, numerous banks and financial institutions consider setting up a fully digital client onboarding solution with a Qualified eSignature service at the end of the onboarding process.

This article reveals some of the first screenshots of a digital client onboarding solution, leveraging Cryptomathic’s flagship Signer and Authenticator products. Such a solution will allow new clients to be onboarded seamlessly, securely, and much more rapidly than with the existing onboarding methods.

Some organizations opt for remote onboarding and utilize the numerous service providers that emerged in the last decade. This frequently comes at the expense of corporate branding and dehumanizes the client relationship, while also incurring costs in the region of a dozen of EUR per new client, which can quickly add up to annual costs of several million for a large organization. In addition, this raises some question marks with regard to compliance.

However, the majority of customers will always opt for a physical onboarding in which the customer advisor meets with the customer in person. That said, the onboarding process needs to be transformed to increase efficiency, improve compliance demonstration, and enhance the digital banking business.

Together with a partner, Cryptomathic developed a digital onboarding portal for the financial sector, in combination with a smartphone app that:

• Allows clients to be digitally onboarded in compliance with AML and eIDAS requirements.
• Enables documents to be digitally signed with a QES in the same onboarding stream.
• Provides clients, at the end of the onboarding process, with a persistent strong login solution in compliance with PSD2 SCA requirements.

High-level workflow

The following flowchart shows the general steps as part of the onboarding process at the local branch.

Below are the screen views of each step of the onboarding process, from both the client advisor and the client.

Client advisor side	Client side
The client advisor uses the desktop app to invite the client to start the onboarding process and sends a link to the app via e-mail or SMS.
	The client receives an email with a link to install the mobile app. After installing the application, the client proceeds to the identity verification phase. He/she is invited to accept the general terms of conditions for the onboarding process.
	The client captures her ID, and the app extracts client data using OCR. The information is sent to the back end.
	The client takes a selfie.
The client advisor vets the client’s identity and the client data that are harvested by the app. By doing so, the client advisor acts as an RA agent and KYC officer.  Note that additional data can also be collected.
Now the client ID data has been validated, it can be stored in the back-end IdM solution. The back end generates a shared secret to associate the device app to the client number.
	The shared secret is immediately retrieved by the client using QR technology for onboarding.
The client advisor can therefore introduce one of the strong authentication means supported by the bank. We recommend using the same mobile app to provision an OATH-compliant PSKC seed for OCRA-based authentication.
	The first t-OTP token can be immediately generated and verified if the strong authentication app is selected.
The client advisor can carry on and prepare the contractual documents that require client approval. The portal includes a workflow engine allowing for multi-party signing & batch signing and manages the invitations to initiate the signature process.
	The documents awaiting client sign-off appear on the app.
	The document(s) are rendered in the app using Cryptomathic WYSIWYS technology for strong non-repudation. The user provides her wilful consent. When using the mobile SCA token, this can be made transparent to the end user.

At the end of the onboarding procedure, the document(s) are signed using a Qualified Electronic Signature (QES), and the contract can be executed. The client is also able to use the strong authentication (provided by the app) for future secure login to online services in compliance with PSD2 SCA requirements.

In Summary

Developed in partnership with a long-term partner, Cryptomathic is now able to offer a comprehensive digital onboarding and signing solution, including KYC, user registration, strong authentication, and signing services. The solution provides an ideal mix to comply with both the anti-money laundering and trust services legislation across the EU. The solution primarily targets European and Swiss requirements and can be easily extended to support additional jurisdictions or booking centers.

Our semi-decentralized architecture ensures full data privacy, efficiency, security, and a seamless user experience. It is an ideal mix to ensure that our clients retain control over their customers’ user experience, including personal data and documents to be signed at the highest assurance level. 

In short, the solution aims to: 

• Offer end users a smooth and seamless experience. Using custom-branded apps, the end user can be onboarded and sign documents in a matter of minutes under the supervision of a bank advisor.
• Help reduce operational costs without breaking privacy, since all client data and documents remain in the environment of the bank.
• Deliver QES and non-repudiation to your businesses, since it meets strict EU regulations on qualified electronic signatures and other regulatory constraints such as PSD2.

Contact Cryptomathic for more information on the partnership and the joint digital onboarding solution.