These stem from a requirement to know you as a person in some verifiable way. These are legal and regulatory requirements but the laws and requirements are there to ensure finserv can meaningfully contain criminal activity - fraud, theft, money laundering, black market, terrorism financing, etc. It turns out by far the most effective measure is simply knowing who the principals are in any transaction.
Some companies have much lower thresholds for their KYC, but end up being facilitators of crime and draw scrutiny over time by both their more regulated partners and their governments.
I’d note that the US is relatively lax in these requirements compared to Singapore, Canada, Japan, and increasingly the EU. In many jurisdictions you need to prove liveliness, do photo verification, sometimes video interviews with an agent showing your documents.
> know you as a person in some verifiable way .. the laws and requirements are there to ensure .. knowing who the principals are in any transaction.
Except that person you’re responding to explains succinctly how this is security theater that accomplishes little and ultimately is just a thinly veiled tactic for harassing users / coercive data collection. And the person above that is commenting that unnecessary data collection is just an incentive for hackers.
Comments like this just feel like apologism for bad policies, at best. Does anyone really think that people need to be scrutinized because most money laundering is small transactions from individuals, or, is it still huge transactions from huge customers that banks want to protect?
Let me make it even more clear. I registered from [South American country]. Called from a US Voip. Told them I was in [US State]. They called my bluff. I clarified exactly what I was doing and they immediately approved the line. Took less than a minute.
I’m not sure I claimed simple phone number collection requirements is necessarily good policy or that it’s effective. I did not that other regimes have more draconian but more effective measure. I was explaining the provenance for such requirements - and that the base motivation is KYC. Being in the industry for a long time from small fintech to massive institutions I’ve never seen any place that’s intentionally harassing or being coercive - in fact the pressure is towards minimization of requirements and easing of onboarding / KYC as much as they can get away with. However this also turns into a farcical underinvestment in UX because management often believes by ignoring the function and turning the thumb screws on their KYC functions they can somehow make it better rather than worse - worse to the extent of appearing harassing and coercive, or worse to the extent of exposing legit users to fraud and hacking.
The issue though boils down to governments don’t want the financial infrastructure in their jurisdiction to allow unfettered crime. I’ve never seen a single government (granted I’ve never seen what happens in extremely oppressive regimes as we don’t generally do business there due to sanctions controls) who actively collects KYC outside of large transactions, the regulations exist to ensure a minimum baseline of KYC so the companies themselves can comply and reduce their own losses and instability as someone is often kiss liable in fraud and in money laundering or sanctions evasion some institution is subject to fines for facilitation.
But to be frank I think very little of what’s done is materially successful against most competent criminals and the consequences of being caught is usually just being blocked until they find a way around. To that end it’s a bit of not security theatre but compliance theatre. On the other hand it does act as a high pass filter as most fraud and financial crime is NOT competent. By and large retail finserv is a minimization effort not a prevention effort.
The regulations that are effective at prevention are usually so restrictive and so difficult to implement that they’re absurd for both the finserv to implement and for the participants to get through the hurdles.
I don’t know there’s any perfect solutions, and what exists is generally dumb, but the intentions are at the core well intended. It’s foolish tho to look at something as complex as financial infrastructure and wave it away as harassment and coercion rather than well intentioned incompetence.
Phone number is not an identity document, and you can rent a number cheaply on a black market. Also, there should be no verification for small amounts of money. We can use cash anonymously, why we cannot transfer money anonymously?
> In many jurisdictions you need to prove liveliness, do photo verification, sometimes video interviews with an agent showing your documents.
When vtuber-esque deepfakes become trivial for the average person, I wonder what the next stage in this cat-and-mouse becomes. DNA-verficiation-USB-dongles?
Or what if I live in a rural area and have very few local branch banks available?
I actually had an issue with this and ended up sending a notarized letter by snail mail, since I didn't feel like making a special 1hr each way trip during business hours to the closest branch.
If a country does not strive to make good use of all its land and attempt to better the lives of its people why are there wars? Clearly they're fine with their top 3 cities. /s
Seriously, you see this in any country of any size. Remote may just mean 300km/186mi off coast. Politicians go where the votes are of course, but this just means disregarding rural areas is a self fulfilling prophecy. The more you do it, the more remote they become.
You can, at the same time, verify a person's identity upon opening the account, as you mentioned with documents, and use a TOTP MFA instead of SIM-based authentication. If regulators require SIM-based authn, then it's just bad policy, which should come to no one's surprise when it comes to government regulation. Finally, KYC is for the IRS. The illusion of safety makes a good selling point, though.
US regulators don't normally specify down to 'require SIM-based authn'. Instead they give vague directives that companies have to determine their own implementation for meeting. And the implementation needs to be blessed by corporate AND insurance company lawyers, which too often ends up meaning those lawyers dictate the implementation.
Some companies have much lower thresholds for their KYC, but end up being facilitators of crime and draw scrutiny over time by both their more regulated partners and their governments.
I’d note that the US is relatively lax in these requirements compared to Singapore, Canada, Japan, and increasingly the EU. In many jurisdictions you need to prove liveliness, do photo verification, sometimes video interviews with an agent showing your documents.