This Guidance helps automate and deliver a seamless digital user onboarding process for financial institutions that enable users to open a bank account in a matter of minutes rather than days.
Architecture Diagram
Step 1
The user begins the onboarding process with the onboarding application. The user provides various documents (including drivers license) as part of the Know Your Customer (KYC) process.
Step 2
Once the documents are uploaded, they are automatically processed using various artificial intelligence/machine learning (AI/ML) services.
Step 3
Amazon Rekognition performs user verification and compares the user’s selfie with the picture in a valid document.
Step 4
Amazon Textract extracts text information from all of the uploaded documents (Optical Character Recognition (OCR)).
Step 5
The user is requested to upload any missing documents or provided status updates using Amazon Simple Email Service (Amazon SES) or Amazon Simple Notification Service (Amazon SNS).
Step 6
Once all of the documents are uploaded, the identity of the user is verified using Department of Motor Vehicles (DMV) verification, and necessary due diligence is performed (a sanctions list and so on).
Step 7
API integration to other third-party sources of data is done at this layer: sanctions/ politically exposed person (PEP)/adverse media.
Step 8
Third-party data is consumed through AWS Data Exchange for checks against the user.
Step 9
All of the data that the user provided is stored away for long-term retention in Amazon Simple Storage Service Glacier (Amazon S3).
Step 10
The user is notified of successful account creation once the identity is verified and the due diligence performed.
Step 1
The user begins the onboarding process with the onboarding application. The user provides various documents (including drivers license) as part of the Know Your Customer (KYC) process.
Step 2
Once the documents are uploaded, they are automatically processed using various artificial intelligence/machine learning (AI/ML) services.
Step 3
Amazon Rekognition performs user verification and compares the user’s selfie with the picture in a valid document.
Step 4
Amazon Textract extracts text information from all of the uploaded documents (Optical Character Recognition (OCR)).
Step 5
The user is requested to upload any missing documents or provided status updates using Amazon Simple Email Service (Amazon SES) or Amazon Simple Notification Service (Amazon SNS).
Step 6
Once all of the documents are uploaded, the identity of the user is verified using Department of Motor Vehicles (DMV) verification, and necessary due diligence is performed (a sanctions list and so on).
Step 7
API integration to other third-party sources of data is done at this layer: sanctions/ politically exposed person (PEP)/adverse media.
Step 8
Third-party data is consumed through AWS Data Exchange for checks against the user.
Step 9
All of the data that the user provided is stored away for long-term retention in Amazon Simple Storage Service Glacier (Amazon S3).
Step 10
The user is notified of successful account creation once the identity is verified and the due diligence performed.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational ExcellenceRead the Operational Excellence whitepaper
This architecture is built using native AWS services that integrate with Amazon CloudTrail and Amazon CloudWatch for monitoring, logging, and auditing purposes. With the use of fully managed services, it becomes easy to manage the workload, as AWS takes care of the operational aspects of the services.
-
SecurityRead the Security whitepaper
With fully managed services, AWS manages the security aspects of the hosting and management of the services, while customers need only to use the services securely. Managed services also offer better integration with logging and monitoring services such as CloudWatch and CloudTrail, leading to better auditability.
-
ReliabilityRead the Reliability whitepaper
Services such as Amazon Textract and Amazon Rekognition are fully managed services, and inherently reliable, because AWS manages the scalability of the services.
-
Performance EfficiencyRead the Performance Efficiency whitepaper
The use of fully managed services makes it easy for customers to try out various patterns that meet their performance requirements.
-
Cost OptimizationRead the Cost Optimization whitepaper
The use of managed services lets the customer build a platform that scales with the growing business needs. With this option, the customer pays only for what they use, and don’t have to worry about long term investments.
-
SustainabilityRead the Sustainability whitepaper
Using native AWS services and serverless technologies (Amazon Textract, Amazon Rekognition, Amazon API Gateway, Amazon S3, Amazon DynamoDB, and so on) helps build a platform that scales with growth in business, so the customer doesn’t need to build and keep over-provisioned resources.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.