How to Build a Neobank: Guide to Compliance
When it comes to starting a neobank, the compliance function is one of the most recurring aspects that you will have to contemplate and solve for, both in initial setup and in an ongoing capacity.
When onboarding customers, there are a variety of checks that must be completed in accordance with laws and regulations. The Patriot Act introduced much of the concept of KYC laws we know today as a standardized set of practices in accordance with end client onboarding for banks and other financial companies. They built upon regulations brought about by the Bank Secrecy Act of 1970, and were fast forward in the wake of 9/11 with two main requirements introduced in Title III: Customer Due Diligence (CDD) and a Customer Identification Program (CIP).
On the CIP front, the Patriot Act lays out a clear and concise set of rules that must be taken into account during client onboarding. In order to open the clients account, a bank must capture a variety of information that allows the bank to confirm that the customer is who they say they are, and verify that information to be compliant and able to open the account for a customer. Today, an end customer signing up for a neobank can collect their information and verify their identity with a variety of information including their social security number, address, date of birth, etc. But upon entering that information there is a whole network of checks and verifications that is occurring on the back end.
Since the underlying partner bank is responsible for ensuring that the client is who they say they are, they will often employ one-or-several KYC vendors to confirm a clients identity in real time. In this process they will ensure that the client does not show up on any OFAC lists or have a history of fraudulent activity, and that the client is a good-faith client and bankable. These checks among vendors are often done in real-time, searching databases with hundreds of millions of records to ensure the customer is legitimate.
In the event that a vendor comes back with a hit on a client or if the vendor is unable to verify the customer is who they say they are, the program manager’s compliance teams will be alerted so that the situation can be rectified or the account closed. This may also involve asking for additional information such as a picture ID from the client in question, or a valid proof of address (such as a bank statement issued within the last 90 days).
Consumer Due Diligence relates to the ongoing monitoring processes and policies that a company must have in place to ensure that they are tracking customer activity, monitoring for fraud/illegal activity and reporting any unusual activity to the bank (so that the bank can determine whether to fill out something called a Suspicious Activity Report, or SAR). While previously banks and neobanks may have had to have entire fraud and risk teams using manual processes to manage these programs, there are now programs in place to ensure that the ongoing due diligence is being carried out in accordance with the Patriot Act.
With these programs, any suspicious activity is flagged, logged and reported in real time in the background of the banks normal operations. These types of programs can save countless hours and time by offloading the work that it takes to stand up and continuously monitor CDD programs.
Both of these programs have been solved by new and innovative Fintech partner vendors whose APIs can be written to and called with customer information in real time. In Rize’s case, we’ve sourced the best-in-class providers of KYC and AML solutions and done the leg-work of integrating them into the Rize API stack. So when a new customer is created, Rize’s middleware solution simply pings our KYC vendors via API call during end client onboarding. With the new customer’s information, the KYC vendors do their checks across a variety of information sources and will either return a score or a pass/fail with a detailed breakdown of any hits during the diligence.
Even before the ongoing diligence you’ll have to do once the program is up and running, there is a laundry list of compliance checks that you will have to undergo in order to get the green light to push a customer live. During onboarding, everyone you work with from your bank partner to the processor will have their own documentation, application and integration requirements that you’ll have to follow and adhere to. By standardizing our compliance function across all of the vendors we operate with, Rize offers Compliance as a part of the service we provide to all of the clients that are building to our API.
At its base, the different vendor types mentioned above are from where you’ll be able to build out neobanking capabilities, however there are still a number of vendor-specific processes that you will need to follow in addition to the integration as far as initial and ongoing requirements go. Additionally, you’ll likely need to hire an entire team of operations and compliance personnel in order to ensure that you are appropriately staffed and covered from a personnel point of view.
As you can see, it takes a lot to stand up your own neobanking product. That’s where Rize has solved for many of the headaches related to assisting a brand in providing financial services products to its customers; with Rize, we’ve gone ahead and done all of the work in sourcing, evaluating and integrating with every part of the neobanking stack highlighted above into the Rize API. We’ve also been able to leverage our team’s experience and relationships in the space to get favorable economics across the banking stack which allows our clients to achieve fee compression and get best-in-class margins as they scale. With Rize, you will get to market faster, with less effort and better economics.
Are you ready to have a conversation around building a neobank, or adding financial products to your core product offering? Email us at firstname.lastname@example.org to get started.