Zero Product Origination

Rebuilding CommSec's Onboarding

Role: Lead UI/UX Designer at CommSec
Timeline: 2024–Ongoing (Strategic multi-year initiative)
Team: Cross-functional with technology, compliance, and product
Tools: Figma, Figjam, Adobe Analytics, Tabelau
Type: Strategic
Scope: Validated prototype; documented for delivery (not yet shipped).

About the Project

CommSec, the brokerage arm of Commonwealth Bank of Australia (CBA), leads the Australian online trading market with over 2.6 million clients. Its platforms enable trading in Australian and international markets. As Lead UI/UX Designer, I am spearheading an evidence-based redesign of the onboarding process to address regulatory compliance, reduce user friction, and align with CBA Group standards. This strategic project, which takes years to fully implement and is not yet completed, aims to deliver a KYC-first flow that slashes steps from 15 to as few as 1 for verified users, lowers drop-offs, and reduces long-term maintenance costs—ultimately driving faster conversions and policy alignment.

Problem & Challenges

CommSec's origination model (onboarding) hadn't been updated since 2015, missing advances in technology, user expectations, and regulations. This led to non-compliance with AML Chapter 79, which requires identity verification before product origination. Users could start product setup before KYC, exposing the company to risks.

Key issues included:

  • High User Effort: Verified CBA customers faced 14–17 steps in CommSec web vs. 4–6 in the CBA app for the same products, causing frustration and drop-offs.
  • Dual IDs Confusion: Customers had two separate 8-digit IDs for CBA and CommSec, leading to password resets and abandonment—analytics showed this correlated with high complaints and low success rates.
  • Misfit Optimisation: ~80% of new product onboardings came from existing CBA/CommSec users, yet the flow prioritised net-new customers.
  • Monolithic Structure: Customer, Product, and Entity onboarding were entangled in one API/session, inflating change costs and slowing updates.
  • UX Debt: Unclear terms, repeated steps, no progress saving, dated logins, inconsistent errors, and accessibility gaps added friction.
  • Resource Strain: CommSec couldn't match CBA's evolving KYC roadmap due to limited resources, creating costly duplication and compliance risks.

Challenges amplified the fact that the complexity of the system made small innovations effort-intensive, and any change risked impacting all flows.

Current Monolithic Non-Domain Origination Flow
How Dual User IDs Cause Drop-Offs

Simplified origination journey: reveals compliance gaps – exposure to AML Chapter 79 risk, Non-Domain Origination, and CBA Group KYC criteria and roadmap. 

Dual user IDs failure correlates with high customer complaint rates and lower success rates.

Problem Statement:

How might we optimise onboarding to comply with group policies, improve development efficiency, and boost conversions?

The opportunity?

Enable on-demand investments with seamless, compliant experiences.

Research & Discovery

I started with data-driven discovery to validate problems and uncover user needs. Sources included Adobe Analytics for drop-off rates, Tableau for acquisition statistics, and customer service complaints, customer interviews, surveys, stakeholder interviews, and UX heuristic reviews.

Key activities:

  • Thorough Mapping: Mapped point-to-point user interactions across all arigination flows using Adobe Analytics to identify drop-offs, triangulated with customer complaints, interviews, and acquisition data.
  • User Pain Points:
    • IDs Mismatch: Customers struggled with similar 8-digit ID formats that they recieve from CBA and CommSec when they signup with CommSec, leading to failed logins and high abandonment.
    • Excessive Steps: New product sign-ups required 14+ steps from CommSec; CBA app users acquire similar product with only 6 steps, highlighting inefficiency.
    • Confusing Language: Heuristics and surveys showed unfamiliar product terms (e.g., CDIA, Settlement account) caused hesitation—new users dropped off when jargon wasn't explained.
    • Domain Entanglement: Tech analysis showed mixed domains in one session made maintenance brittle; changes to one area risked breaking others.
    • Stakeholder Input: Interviews with compliance and dev teams confirmed resource gaps in mirroring CBA's KYC evolutions.
  • Journey Mapping: Created as-is maps showing compliance gaps, like AML exposure from product-first flows.

This evidenced that ~80% of users were pre-verified, so we prioritised majority paths while addressing minority needs.

(Current State Consolidated) Equity ETG and NTG-2

Point-to-point user interactions across all arigination flows Using Adobe Analytics data.

Origination Incoming Traffic V2

~80% of new product onboardings came from existing CBA/CommSec users.

Ideation & Design Process

With insights in hand, I facilitated ideation workshops using FigJam for sketching and brainstorming, with all stakeholders including product, risk, and CommSec technology teams. We also explored alternatives like full ID unification (scoped out initially) and tested flow reorderings.

Iteration highlights:

  • Wireframing & Prototyping: Started with low-fi sketches of KYC-gated flows, iterating to hi-fi in Figma. Tested 3 variants for step collapse, deferring non-essentials.
  • Collaboration: Worked with tech to design domain splits—Customer/Product/Entity as modular tracks with clear APIs. Delegated new-user KYC to CBA via tokens for automatic alignment.
  • Feedback Loops: Ran usability tests with 8 users; refined error messages (e.g., consistent patterns) and copy (plain language for terms). Ensured WCAG compliance through audits, adding resumable checkpoints.
  • Key Decisions (framed as Need/Constraint/Decision/Outcome):
    • KYC First:
      • Need: Safe starts.
      • Constraint: Anti Money Loundery mandates.
      • Decision: Reorder to gate products.
      • Outcome: Reduced risks, clearer user model.
    • Delegate KYC:
      • Need: No restarts for known users.
      • Constraint: Costly duplication
      • Decision: Hand off to CBA
      • Outcome: Shorter paths for ~80%
    • Step Collapse:
      • Need: Minimal effort.
      • Constraint: Legacy couplings.
      • Decision: Fast-path deferrals.
      • Outcome: Steps from 14–15 to 1–2.
    • Fix Dual IDs:
      • Need: Quick recovery.
      • Constraint: Scope limits.
      • Decision: Strategic merger.
      • Outcome: Fewer resets.
    • Domain Ownership:
      • Need: Unbreakable progress.
      • Constraint: Mixed logic.
      • Decision: Modular split.
      • Outcome: Faster iterations.

Prototypes evolved based on test feedback, focusing on high-impact screens for accessibility and error handling.

Domain
One Step Product Acquisition Model-8

Solution & Implementation

The redesigned flow verifies identity upfront, aligning with AML regulations. We split the monolith into three domains—Customer, Product, Entity—with seamless handoffs. New customers are delegated to CBA's services, consuming verified identities via tokens.

For existing CBA users (~80% majority), we introduced a fast-path: One-step product acquisition via bundling, reducing steps dramatically. Top drop-offs were tackled by merging IDs, using plain-language terms, consistent errors, WCAG-compliant screens, and resumable progress.

Implementation includes step-level telemetry for ongoing metrics. The new journey in the CommSec app starts with login, moves to IDV if needed (via CBA), then profile setup, product bundling, agreements—facilitating on-demand investments.

CommSec’s Future of Origination

Overview of the new customer's journey within the CommSec app, facilitating customer onboarding by CBA and the product bundling model.

Impact & Results

Projected impacts include:

  • Compliance risks eliminated by gating products behind verified identity.

  • Steps for ID-verified users reduced to one, enabling one-step acquisitions—completion rates projected up 10-20% (based on prototypes).

  • Projected support request reduction, by 5%

  • Projected CommSec customers drop-offs at sign-in down 35% via ID merging.

  • Maintenance costs lowered 40% through domain separation and Group service reuse.

  • Change velocity increased: Scoped modules to allow 2x faster updates without regressions.

Business value: Higher conversions, lower support tickets, and automatic policy alignment.

Reflections & Learnings

This project reinforced designing for compliance invisibly—making it the critical path without burdening users. Prioritising the majority (leveraging Group KYC) yields quick wins. Untangling domains turns a risky rewrite into incremental successes.

Other Projects

Tap, Trade, & TrackCommSec

Transfer SharesCommSec

AI Stock ScreenerCommSec

Modern AgencyDDB Group Australia

Empowering EmployeesTelstra

Gold-Quote-54 1

It is what we think we know already that often prevents us from learning.

–– Claude Bernard ––