Duration 2 days – 14 hrs
Overview
This course teaches teams how to design, implement, and operate electronic KYC (eKYC) for digital onboarding in the Philippines—covering identity proofing, authentication, customer identification/verification standards, lifecycle management (ongoing KYC), and fraud controls. It includes practical guidance on using PhilSys-enabled e-KYC as an acceptable digital ID system (subject to proper authentication and compliance with applicable onboarding guidelines) and reinforces that institutions retain ultimate responsibility for customer ID&V even when relying on third parties/digital ID providers.
Objectives
- Explain the eKYC operating model: identity proofing → authentication → decisioning → account opening → ongoing monitoring.
- Design risk-based CDD via eKYC that is equivalent in standard to face-to-face onboarding (with appropriate risk management and audit trail).
- Apply risk-based reliance on digital ID systems (including PhilSys-enabled eKYC) and identify what “proper authentication” means in practice.
- Implement anti-fraud controls aligned to modern digital threats (ATO, bots, device/IP risks, velocity checks, behavioral anomalies).
- Build controls for consent, data privacy, data sharing, and evidence retention (audit-ready documentation).
- Define lifecycle management: ongoing KYC, periodic/event-driven reviews, exception handling, and quality assurance.
Audience
- Digital onboarding / KYC operations / account opening teams
- Compliance / AML / MLRO support teams
- Fraud / risk / investigations / QA
- Product owners / process owners for digital channels
- IT / InfoSec / IAM / app security / data teams
- Vendor management / procurement (for eKYC provider onboarding)
Pre- requisites
- AML/KYC fundamentals (or completion of AML/CTF Fundamentals course)
- Basic familiarity with your onboarding journey and customer data fields (helpful, not required)
Course Content
Day 1 — eKYC foundations + PhilSys-enabled onboarding
Module 1: eKYC regulatory & control expectations
- Risk-based CDD and when to refuse/terminate if CDD cannot be completed
- “Equivalent to face-to-face” standards and audit trail expectations
Module 2: Digital identity concepts for eKYC
- Identity proofing vs authentication (what each proves)
- Assurance levels, sources of truth, and “reliable independent source” concepts
- Where PhilSys-enabled eKYC fits (high level)
Module 3: PhilSys-enabled eKYC in practice
- Using PhilSys credentials (physical/digital) and authentication factors (biometric/demographic)
- Handling PhilID data safely (what to capture/avoid)
- Relying-party responsibilities and user consent/data protection expectations
Workshop A: Map your onboarding flow and identify “identity proofing” and “authentication” steps.
Module 4: eKYC journey design
- Step-up verification (risk-based): low-risk vs high-risk onboarding paths
- Document capture + selfie + liveness concepts
- Decisioning: pass/fail/manual review + escalation triggers
- Controls to manage partial verification (limits/monitoring pre-verification)
Day 2 — Anti-fraud controls + lifecycle management + audit readiness
Module 5: Fraud threats in digital onboarding
- Synthetic identity, identity theft, mule accounts
- Account takeover (ATO), bots, automation, emulator/rooted/jailbroken devices
Module 6: Anti-fraud control stack
- Device fingerprinting, geolocation monitoring, blacklist screening
- Velocity checks/thresholds, behavioral anomalies, session controls
- Post-change protections (e.g., transaction pause/limits after key account changes)
Workshop B: Build a “minimum fraud rule set” for onboarding + first 7 days of account activity (by risk tier).
Module 7: Lifecycle management
- Ongoing monitoring signals (profile mismatch, abnormal behavior)
- Periodic review vs event-driven refresh (change in customer info, risk triggers)
- Handling failed re-verification / stale profiles
Module 8: Evidence, documentation, and QA
- What to retain: audit trail, screenshots/logs, decision rationale, approvals
- Third-party reliance: what you must be able to obtain “without delay” (copies/access to identity evidence) and why the institution remains ultimately accountable
- QA scorecard: completeness, consistency, rationale, control adherence
