eKYC / Digital Onboarding (PhilSys-enabled e-KYC, Digital ID, Anti-Fraud Controls)

Duration 2 days – 14 hrs

Overview

This course teaches teams how to design, implement, and operate electronic KYC (eKYC) for digital onboarding in the Philippines—covering identity proofing, authentication, customer identification/verification standards, lifecycle management (ongoing KYC), and fraud controls. It includes practical guidance on using PhilSys-enabled e-KYC as an acceptable digital ID system (subject to proper authentication and compliance with applicable onboarding guidelines) and reinforces that institutions retain ultimate responsibility for customer ID&V even when relying on third parties/digital ID providers.

Objectives

• Explain the eKYC operating model: identity proofing → authentication → decisioning → account opening → ongoing monitoring.
• Design risk-based CDD via eKYC that is equivalent in standard to face-to-face onboarding (with appropriate risk management and audit trail).
• Apply risk-based reliance on digital ID systems (including PhilSys-enabled eKYC) and identify what “proper authentication” means in practice.
• Implement anti-fraud controls aligned to modern digital threats (ATO, bots, device/IP risks, velocity checks, behavioral anomalies).
• Build controls for consent, data privacy, data sharing, and evidence retention (audit-ready documentation).
• Define lifecycle management: ongoing KYC, periodic/event-driven reviews, exception handling, and quality assurance.

Audience

• Digital onboarding / KYC operations / account opening teams
• Compliance / AML / MLRO support teams
• Fraud / risk / investigations / QA
• Product owners / process owners for digital channels
• IT / InfoSec / IAM / app security / data teams
• Vendor management / procurement (for eKYC provider onboarding)

Pre- requisites 

• AML/KYC fundamentals (or completion of AML/CTF Fundamentals course)

• Basic familiarity with your onboarding journey and customer data fields (helpful, not required)

Course Content

Day 1 — eKYC foundations + PhilSys-enabled onboarding

Module 1: eKYC regulatory & control expectations 

• Risk-based CDD and when to refuse/terminate if CDD cannot be completed
• “Equivalent to face-to-face” standards and audit trail expectations 

Module 2: Digital identity concepts for eKYC 

• Identity proofing vs authentication (what each proves)
• Assurance levels, sources of truth, and “reliable independent source” concepts
• Where PhilSys-enabled eKYC fits (high level) 

Module 3: PhilSys-enabled eKYC in practice 

• Using PhilSys credentials (physical/digital) and authentication factors (biometric/demographic)
• Handling PhilID data safely (what to capture/avoid)
• Relying-party responsibilities and user consent/data protection expectations 

Workshop A: Map your onboarding flow and identify “identity proofing” and “authentication” steps.

Module 4: eKYC journey design 

• Step-up verification (risk-based): low-risk vs high-risk onboarding paths
• Document capture + selfie + liveness concepts
• Decisioning: pass/fail/manual review + escalation triggers
• Controls to manage partial verification (limits/monitoring pre-verification) 

Day 2 — Anti-fraud controls + lifecycle management + audit readiness

Module 5: Fraud threats in digital onboarding 

• Synthetic identity, identity theft, mule accounts
• Account takeover (ATO), bots, automation, emulator/rooted/jailbroken devices

Module 6: Anti-fraud control stack 

• Device fingerprinting, geolocation monitoring, blacklist screening
• Velocity checks/thresholds, behavioral anomalies, session controls
• Post-change protections (e.g., transaction pause/limits after key account changes) 

Workshop B: Build a “minimum fraud rule set” for onboarding + first 7 days of account activity (by risk tier).

Module 7: Lifecycle management 

• Ongoing monitoring signals (profile mismatch, abnormal behavior)
• Periodic review vs event-driven refresh (change in customer info, risk triggers)
• Handling failed re-verification / stale profiles

Module 8: Evidence, documentation, and QA 

• What to retain: audit trail, screenshots/logs, decision rationale, approvals
• Third-party reliance: what you must be able to obtain “without delay” (copies/access to identity evidence) and why the institution remains ultimately accountable 
• QA scorecard: completeness, consistency, rationale, control adherence