Privacy and KYC Requirements: Navigating the Labyrinth

Privacy and security are at the forefront of everyone’s minds, especially as they relate to identity information and what financial institutions and other businesses should know about their customers. To address lacking federal privacy regulations, individual states are setting their own privacy standards. Beginning with California’s Consumer Privacy Protection Act, 13 states have enacted comprehensive privacy laws. Unfortunately, the ongoing adoption of varied state privacy laws are confusing to consumers and banks. 

This Javelin Strategy & Research report examines how FIs can navigate this labyrinth, a challenging maze of consumer privacy concerns, confusing privacy laws, and regulations surrounding know-your-customer (KYC) data collection requirements. They can do this by combining real-time identity-proofing technology and transparency about what data is collected and why it is necessary to collect specific information. 

Key questions discussed in this report:

• How can banks navigate the complicated maze of privacy and KYC requirements? 
• How can banks use identity-proofing technology to minimize friction while still collecting necessary information to vet customers and mitigate financial crimes risks? 
• How does privacy and security noncompliance affect banks and small businesses?

Companies Mentioned:

DoorDash, California Attorney General’s Office