Top 5 Technologies Disrupting the Healthcare Sector

Within the next five years, experts are anticipating major technological disruption in the 808 billion-dollar healthcare industry. Ever since the HITECH Act of 2009 came into effect, medical records have become available online, patient identity verification has become a common notion, and remote medical assistance has become a reality. With traditional healthcare systems becoming a thing of the past, here are the top five disruptors set to change the medical infrastructure in the years to come.

1. Internet of Things

From making diagnoses to prescribing drugs, medical data must be recorded. To streamline the collection and analysis of healthcare records, the Internet of Things (IoT) is playing a key role. 

In layman terms, the IoT concept refers to the network of “things” (devices) connected over the internet for the purpose of connecting and transferring data. In the healthcare space, IoT devices are utilized for enhancing decision-making through accurate data collection and exchange in real-time. This allows practitioners to stay in touch with patients even after they are discharged from a hospital. Continuous monitoring of blood glucose levels and transferring data from an ambulance to the hospital are some examples of situations where IoT devices are used. Due to the increasing institutional interest in this technology, the IoT industry is expected to become a USD 561 billion market by 2022. 

2. AI-powered Identity Verification Solutions

A major concern for industries worldwide is data security, and the healthcare sector is no exception. The HITECH Act, enforced in 2009, encouraged medical professionals to adopt electronic health records and improved privacy and security protections to secure healthcare data. However, the information available online makes it easier for identity thieves to target confidential details, causing a major challenge for both the providers and the patients. 

Patient identity verification solutions combine the capabilities of Artificial  Intelligence (AI) and biometric technology to create a fool-proof method of securing online data. These solutions require patients to submit their government-issued ID documents along with a corroborating selfie to have their identity verified in real-time. As a result, minors accessing prescription drugs and fraudsters using fake identities are detected within minutes. Another key benefit of this software is that patient ID verification solutions are adopted to streamline KYC compliance in healthcare. 

Suggested Read: Know Your Patient: Anti-Fraud Pill for Healthcare Industry

3. Augmented Reality

One of the latest innovations in the healthcare sector is Augmented Reality (AR). It involves the use of specific sensors, cameras, and displays, enabling the healthcare provider to interact and visualize the 3-D representation of the patient’s body. By interacting with the patient’s environment more realistically, complicated surgeries, CT scans, MRI scans, and other procedures become easy to assess. 

A real-world application of AR technology is vein visualization. A hand-held AR device enables the practitioner to detect the exact location of the patient’s vein, increasing the first-attempt accuracy during blood tests. As more practical use-cases of this technology are being introduced in the healthcare sector, the global market size of AR in healthcare is projected to reach USD 4,237 million by 2026, up from USD 609 million in 2018. 

4. Robotics

Robotics is among the fastest growing technology in the healthcare sector. From surgical equipment to disinfectants, the industry is employing robotics in every field. Precise diagnosis, accuracy, automated systems, and streamlined daily tasks are some of the benefits of robotics in the healthcare sector. Companies are striving harder every day to provide the healthcare sector with robotics so the industry can grow at a faster pace. 

Luvozo created a robotic concierge named Sam and tested first in a leading senior living community in Washington. The robot combines cutting-edge technology and human touch for check-ins and non-medical care for patients. Henceforth, cost is reduced while patient satisfaction increases. 

5. Blockchain

The US is expected to invest 20% of its GDP on healthcare sector in the future. Blockchain is a database technology that uses encryption and other security measures for storing data and link it in a way that enhances usability and security. Blockchain-based system empowers patients to have full control of their data.

BurstIQ is a an application that allows easy management of massive amount of patient data. The blockchain technology enables secure sharing of data according to the HIPAA rules.  

Key Takeaways

In a nutshell, technology has disrupted every industry across the globe. When it comes to the healthcare sector, the top five technologies disrupting operations include artificial intelligence, augmented reality, blockchain, robotics, and Internet of Things (IoT). In the next few years, industry experts are expecting a fully automated health sector. Ever since the HITECH Act of 2009 came into effect, medical records have become available online, patient identity verification has become a common notion, and remote medical assistance has become a reality. 


DHSC’s Counter-fraud Strategy to Combat Healthcare Fraud

Healthcare remains one of the most lucrative industries for criminals with nearly $272 billion lost in medical identity theft each year. The numbers are staggering with the presence of laws like HIPAA – Health Information Portability and Accountability Act – that have a maximum of $50,000 per violation. Although regulatory authorities have enforced stringent obligations on health service providers to protect medical records of patients, there remain certain loopholes with the increased adoption of technology. 

In this regard, the Department of Health and Social Care (DHSC) of the UK has introduced its counter-fraud strategy to combat emerging healthcare hassle and provider better patient care. This blog highlights the current-day context of healthcare fraud and discusses DHSC’s anti-fraud framework to counter such instances. 

Healthcare Fraud Schemes 2021

While COVID-19 created social, global and economic challenges like disrupted economy and unequal vaccine distribution, it opened new doors for bad actors as well. With time, the world grew smarter by developing countermeasures for the pandemic, but fraudsters out there who are banking on digitization are still getting the better of the healthcare industry. Some of these fraudulent incidents happened in 2021 are stated below.

$109 Million – Durable Medical Equipments

In May 2021, two defendants, Jessica Jones and Elizabeth Putulin pleaded guilty to Medicare fraud in the US district court. In a partnership with Juan Camilo Perz, they bagged a hefty $109 million by filing false insurance claims for durable medical equipment (DME). Perz conspired with both women to receive kickbacks through the US Medicare program, accounting for a HIPAA violation. 

$100 Million – Home Care Services Fraud

February this year, two fraudsters in Massachusetts were allegedly involved in receiving illegitimate kickbacks through a business providing home care services. Turns out both were part of a healthcare fraud scheme since one being the co-owner was operating a shell company. On the other hand, the second culprit was a nurse who was seemingly employed there. By defrauding Medicare and MassHealth and getting referrals through kickback payments, they made $100 million in black money. 

$5.4 Million – Plot for Mental Health Services

In March, a multi-million healthcare fraud takedown occurred comprising thirteen people charged with medical identity theft. The district court disclosed information about the guilty in two separate indictments unveiling links with mental health service providers. In a statement, the authorities mentioned that the criminals made medical health practitioners submit falsely-generated claims through their employers, resulting in $5.4 million in total.  

Counter-fraud Framework by the DHSC

The findings by the NHS Counter Fraud Authority (NHSCFA) shows that an estimated £1.21 billion are lost as a result of financial crime originating from stolen medical records, digital fraud, bribery and embezzlement. Healthcare fraud is not limited to medical transactions but also extends to national health initiatives provided by the NHS accounting for numerous false insurance claims. 

The Department of Health and Social Care (DHSC) of the UK in March 2021 proposed a strategy to identify and tackle the increasing medical theft cases. The counter-fraud framework aims at reducing fraudulent activities in the National Health System (NHS) so that funds intended for patient care, health care facilities, medical personnel and equipment does not end up in the wrong hands. 

DHSC’s Principles to Combat Fraud

NHS in its counter-fraud strategy suggests 5 key principles to ensure healthcare fraud is effectively dealt with, which are stated below:

  • Healthcare authorities should make sure they have a centrally managed system that is based on clear accountability guidelines. In this regard, NHS bodies, the counter fraud board and the Director general Finance at NHS all are accountable for the actions. 
  • A collaborative approach must be developed for information sharing between organisations. To make sure proper implementation of these standards, senior management must identify the possible risks, and create a functional mechanism to streamline processes.
  • Acknowledge that combating financial fraud is equally the responsibility of all staff members regardless of their role in the organisation. Consistent guidance and a proper assurance framework are also important to combat healthcare fraud. Personnel must have a clear understanding of reporting requirements and counter-fraud measures. 
  • Consider previous use cases for developing in-house fraud prevention strategies that will help in identifying various types of frauds such as prescription fraud, medical identity theft, false health insurance claims etc.  
  • Recognising different types of financial crime conducted through healthcare institutions, health service programmes, and other third-party intermediaries, and developing strategies to counter them. 

KYP – A Viable Approach to Address Healthcare Hassles

Know Your Patient (KYP) is a service through which hospitals, health insurance providers, and public health facilities can make sure patients are legitimate and trustworthy. This solution powered by artificial intelligence models takes into account government-issued user ID documents to perform a foolproof verification using document and face verification checks. 

Healthcare service providers can incorporate a state-of-the-art KYP solution that can help them develop fraud prevention programs. These measures enable health providers to stay compliant with guidelines outlined by the DHSC in their counter-fraud framework, keep fraudsters at bay and avoid medical identity theft at scale. 

Want to get more information on how to protect your patient’s identity? 

Third-party Due Diligence – Red Flags, Regulations and 5 Ways to Enhance It

The majority of businesses depend upon a third-party in one way or the other. Contractors, suppliers, intermediaries, vendors and several other third-parties have become effective means of business expansion and building networks. As convenient as it sounds, there are several risks associated with the idea. According to a Deloitte survey, 87% of organisations have faced some disruption due to vendors which has motivated them to employ third-party due diligence before onboarding suppliers. 

Considering the increase in fraudulent activities, regulatory authorities are emphasizing the need for robust third-party due diligence protocols to keep perpetrators at bay, making business operations smoother. Here’s a brief of why companies need third-party due diligence and how the system can be improved. 

When Do Businesses Need Third-party Due Diligence?

There are several red flags that help enterprises identify third-parties as high-risk. Here are the top ten red flags that all regulatory bodies have identified. 

  • The third party belongs to a high-risk jurisdiction 
  • Poor business reputation 
  • Has been in the headlines for corruption or money laundering 
  • Has dissolved contracts with other companies for illegal activities
  • Associated with a government body 
  • Requests for offshore payments
  • Meetings with a government official 
  • A government authority is the major shareholder 
  • Lack of compliance and code of conduct
  • Rumours say that there is an undisclosed shareholder 

Suggested: High-Risk Transactions – How Can Enhanced Due Diligence (EDD) Help? 

Compliance Requirements for Third-party Due Diligence

Given the high level of risk your company might face because of a third party, financial watchdogs across the globe have proposed a framework for third-party due diligence. 

FATF’s Recommendation 17 

With reference to Article 10 and 11, Article 17 of the Financial Action Task Force (FATF) makes it mandatory for financial institutions to evaluate third-parties before doing any business with them. As per the Recommendation, a financial institution that depends upon a third party must obtain all information described in Article 10 of the 40 recommendations of the watchdog. Moreover, the financial institution must conduct all possible identification procedures to prove authenticity/legitimacy of the entity. Lastly, the FI must ensure whether the intermediary is complying with all the regulations or not.  


FinCEN’s Final Rule

The Final Rule from FinCEN amends the Bank Secrecy Act (BSA) and prevents criminals from accomplishing their illicit goals through financial institutions. The Rule clarifies due diligence requirements for third-parties and FIs. Here are the four primary requirements as stated in the law:

  1. Identification and verification of the client’s identity
  2. Verification of beneficial owners is compulsory 
  3. Development of customer risk profiles based on the nature of the business relationship 
  4. Identification and reporting of suspicious activities through ongoing customer due diligence 

FINTRAC’s Section 32 

The Canadian regulatory body FINTRAC, emphasizes businesses to conduct third-party due diligence:

  • If a large cash transaction is reported (above $10,000)
  • If a large virtual currency transaction is conducted (this is subject to the 24-hour rule)
  • If a casino disbursement has to be reported 
  • For an account opening application

Top 5 Ways to Enhance Third-party Due Diligence 

Perpetrators are always searching for loopholes in due diligence procedures so they can enter the business ecosystem. However, with these five tips, you can have a top-notch vendor due diligence system that can help you run a risk-free business. 

1. Understand the Laws First 

Understanding the laws is an integral part of developing a due diligence process for third-party screening. Your due diligence protocols must effectively comply with all the state’s and global regulations. Taking a look at the regulations will help you structure the perfect solution, onboard legitimate vendors, effectively complying with the laws, and preventing fraud. 

2. Classify the Risks

Every third-party you onboard will not come with the same risk. Compliance risk, transactional risk, reputational risk, strategic risk, and operational risk are the most common types of risks that come with vendors. Classify the risk to better understand the due diligence protocols and conduct identity verification based on the associated risk.

3. Define the Perfect Process

Have you evaluated the due diligence process yet? The process of your due diligence system lets you onboard legitimate third-parties effortlessly. How about an AI-driven screening solution that has a frictionless process and can verify all your suppliers, vendors and other third parties in less than a minute against 1700+ global watchlists? You just have to integrate the API and relax. The rest is on us. 

4. Verify Third-party on the Business Relationship 

A well-defined and automated screening process is the heart of the onboarding process. However, to ensure efficiency of the system, you must define your relationship with the third-party. Is it a supplier you want to screen? How long has it been since the intermediary was onboarded? 

5. Audit the Due Diligence Process

Never forget to audit the process and its outcomes. The verification results are crucial for a business. Set certain metrics to define the onboarding criteria and evaluate the accuracy of the system on these parameters for higher authenticity of the onboarding process. 

Get the Best of the Best with Shufti Pro’s Business Verification

Shufti Pro is a globally acclaimed identity verification service provider that is offering customer due diligence and identity verification solutions in 230+ countries and territories supporting more than 3000 identity document types. Considering the high level of risk third-party poses to an organisation, Shufti Pro screens intermediaries against global watchlists like PEPs, OFAC, and UN. The process takes about 30 seconds to complete, and you have a legitimate client onboard in the blink of an eye. 

Verify, screen and onboard the right business partners with Shufti Pro. Want to know more about customer due diligence? Get in touch with our experts. 

Keeping AI Bias Out of the IDV Game with Shufti Pro

Consider this: 85% of financial institutions today use some form of AI in their products. The technology is being utilized by institutions such as banks, insurance firms, and stock exchanges worldwide due to its unique ability to learn patterns and make informed decisions over time. However, the ability of AI-powered software can be affected due to demographic traits such as race, gender, socioeconomic factors, and even the quality of a smart device.

Digital identity verification solutions leverage machine learning and AI technology to verify customers online. Unfortunately, AI models are highly susceptible to bias, which can alter the end results. Shufti Pro’s identity verification solutions synergize artificial and human intelligence, making each process/verification accurate, swift, and free from built-in bias.

How Does Shufti Pro Avoid Bias in its AI Algorithms? 

Shufti Pro’s enhanced AI models are designed keeping in mind the consequences of inaccurate identity verification. In order to avoid legal repercussions and a negative brand image, companies can opt for our IDV suite. Here’s how we ensure our products are kept bias-free.

1. Collection of Representative Data

Identity verification solutions use AI training datasets to detect patterns, learn over time, and make accurate predictions. For an IDV system to be highly effective, data representative of the communities must be used. This allows the software to collect and organize data without excluding any certain group. When the model is set to work with real-world applications, the learnt data and recognized patterns are then used for coming to a conclusion. Thus, larger the data set, better the results.

Additionally, Shufti Pro verifies 3000+ ID types, ranging from passports and government-issued ID cards to driving licences, utility bills, and more. These documents are present in 150+ languages from 230+ countries and territories, enabling businesses to make informed decisions based on a large dataset. 

2. Real-world Data

Shufti Pro’s identity verification suite collects data from the real world instead of relying on purchased datasets or the data available online. This is because the quality of the images and documents captured with a camera in different lighting conditions varies from the quality of data collected in real time. 

Download Report: Enhanced AI – Augmenting Identity Verification with Artificial Intelligence

AI models that are built on faulty images with blurred or glared sections provide unreliable results and have a higher likelihood of containing bias. To make Shufti Pro’s ID verification solutions more robust, AI algorithms are based on real-world verification data instead of predefined datasets. This allows businesses to identify and take down fraudulent IDs and mitigate identity fraud. The models continue to improve with every verification, since they learn from different forms of real data.  

3. Hybrid Business Model 

Shufti Pro intelligently addresses AI bias by adopting a hybrid model approach. This means that once AI algorithms are fed with real-world data to make precise and credible predictions, each verification result is manually cross-checked by human experts. This leaves no room for error, as continuous human audits refine AI models. 

Headquartered in the UK and with offices spread across five countries, human experts at Shufti Pro are of different nationalities, ethnicities, gender, and professional backgrounds. The diversity allows us to view issues from a different perspective to avoid targeting any specific group through AI bias.

Final Thoughts

The global scale of our operations allows us to enhance datasets, enabling businesses to verify identities with an accuracy rate of 98.67%. By using representative samples to train AI algorithms, cross-matching each verification result through human experts, accepting ID documents from 230+ countries and territories through real-world data, Shufti Pro is successfully keeping AI bias out of the IDV game. 


Fintech 2021 – A Brief Insight of Global KYC Regulations

Financial services are among the most heavily regulated sectors in the world, and the number one concern of governments as Fintech companies increase. Over the years, Fintechs have achieved remarkable growth and flexibility. They are able to launch quickly, focus on scalability and adapt fast. However, the rapid growth does not come without challenges. As technology is integrated into the finance sector, regulatory problems have magnified for organizations and determining related laws can be a big task. Let’s take a look at what these regulatory challenges are and the present state of fintechs. 

Key KYC/AML Regulations for Fintechs in 2021

In many regions, the Fintech sector was unregulated a few years back and became a fertile ground for scams and frauds. Due to the diversity of fintech offerings and its impact on various industries, regulatory authorities cannot develop a single approach to all the problems. For many areas, governments have updated the existing Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. Some have imposed FATF’s risk-based approach. However, fintechs are affected in more ways than one could think of, so industry-specific customer due diligence (CDD) approach is vital.

United States 

The US-based fintechs are not regulated by any specific regulations. However, they are subject to the federal and state level laws for registration, identity verification and background screening where necessary. The financial watchdog of the country – FinCEN – has issued AML/CFT policies for all financial institutions. The country’s fintech companies have to perform customer due diligence during onboarding and submit Suspicious Activity Reports (SARs) to the regulatory body.  

United Kingdom 

Currently, the United Kingdom does not have any specific regulatory framework for fintechs. However, any fintech that performs traditional financial services, such as banking or insurance, falls under the existing regulatory parameter set by the regulatory authorities. This means that for any fintech to operate in the UK, authorization has to be acquired from one of  the UK’s financial regulator – the FCA (Financial Conduct Authority) or PRA (Prudential Regulation Authority). 


EU’s Anti-Money Laundering Directive

The sixth anti-money laundering directive is found to have a more profound impact on different sectors of the Fintech industry. From cryptocurrencies to custodian wallet providers, AMLD has a more far-reaching influence and strengthens the regulatory controls across all sectors. 


Platforms that offer cryptocurrency exchanges like Bitcoin will face more rigid regulatory controls. All virtual currency exchanges have to register with the relevant authority, conduct necessary customer due diligence (CDD) protocols and submit suspicious activity reports (SARs). Financial intelligence units (FIUs) have to maintain records with name and address of the customer dealing in digital currency. 

Prepaid Cards 

As per the AML directive, the threshold for prepaid cards has been set between €150 to €250, with a limit of €50 for online transactions. Furthermore, cards are only allowed in the region are unless a foreign provider that meets the AML standards issues them. Payments can only be accepted if the jurisdiction is meeting AML standards. 

Beneficial Ownership 

The directive now requires all the member states to maintain publicly available and interconnected ultimate beneficial ownership (UBO) registries. National authorities will have access to these registries for trusts and bank accounts. 

High-value Goods

High-value goods have been in use for money laundering activities for a long time. The AML directive has extended the range of goods that are now subject to new reporting requirements with updated thresholds. The goods include art, precious metals, artefacts, tobacco, and oil.  

High-risk Countries 

The European Union identifies countries as high-risk that have sub-standard AML regulations. Organizations dealing in any of these countries have to perform enhanced due diligence checks to ensure legitimacy of the source of funds. According to AMLD, the EU has established legal grounds for all the states and every nation is responsible for implementing the regulations as per the directive. 

Failure to abide by the laws will result in hefty penalties, damaged reputation and probably the loss of operating licences. All sectors have been guided to design rigid policies and robust AML/CFT infrastructure and this must be an ongoing effort. 

What Can Fintechs Do for Effective Compliance? 

Considering the diversity of Fintech industry, every sector has to re-evaluate and redevelop customer due diligence protocols according to the updated regulations. If you are operating in the Fintech industry, it all comes down to the following questions:

  • Are you complying with the country’s KYC/AML laws that you are serving in? 
  • What customer due diligence protocols are you currently following? 
  • Is your screening process providing higher customer acquisition rate or your drop-off is increasing? 
  • Is the process effective in all regions of the world? 

Avoid the hassles of an in-house identity verification system and employ a globally acclaimed identity verification system that deploys thousands of AI models to verify identities in less than a minute. Moreover, the solution has helped businesses increase customer acquisition rate. 

Want to know more about this solution? Get in touch with our experts right away!

Managing Risks

Integrated Compliance Management – Mitigating the Regulatory Risks

Businesses operating in the financial sector often face organizational and compliance challenges. In the past few years, monetary crime has skyrocketed; as a result data privacy and protecting customer data has become increasingly important. Financial watchdogs are playing their role in enforcing laws on national and global levels, making the regulatory landscape much more complex. These updates are a direct response to combat the increasing cybercrime emerging as a result of the COVID-19 pandemic.

This blog discusses key concerns businesses face while managing policies and procedures for KYC/AML compliance and how to address them.

How do Firms Currently Cope With Requirements?

As a rule of thumb, financial institutions and businesses develop an in-house program to ensure compliance with Anti Money Laundering regulations. That being said, they have to take into account appropriate measures and steps to deter money laundering instances and prevent illegitimate customers from onboarding with their business. An AML compliance program basically consists of the following components.

AML Compliance Officer

A designated official is responsible for maintaining Anti Money Laundering compliance within an organization. Following are the duties which an AML compliance officer performs:

  • Conduct employee training so that they are aware of current-day practices to prevent financial crime
  • Devise strategies and frameworks to implement AML compliance policies and procedures
  • Create reports for customer activity based on the size and amount of their transactions
  • Make sure that Anti Money Laundering obligations are fully met by all departments
  • Stay up-to-date with changes to AML requirements and the global regulatory landscape

AML Controls

Corporate and financial firms that bank on technology trends perform better as compared to those that have currently employed traditional compliance frameworks. Internal AML controls play an essential role in adopting modern compliance practices to streamline Customer Due Diligence (CDD) and to utilise tools better. Here are some procedures to ensure internal control procedures: 

  • Authenticating transactions by verifying customers 
  • Screening customers against different watchlists and sanctions
  • Ongoing AML monitoring to regularly maintain risk profiles of high-risk entities 
  • Generating reports for transactions that are categorized as suspicious 
why automate

Create an Auditing Mechanism

To evaluate AML compliance standards, external and internal audits are carried out on a frequent basis. Usually, this type of assessment takes place within 12-18 months but mostly depends upon the type of organization and the nature of services it provides. If a business has to deal with customers that process sizable transactions, it might need to conduct internal audits regularly to prepare for external inspections.

The Role of Integrated Compliance Management

To perform risk assessment of potential customers, and to manage organizational and compliance needs, an integrated approach is a must-have for organizations these days. While every business has its own set of requirements, its compliance approach can also differ depending upon multiple factors like the industry it operates in, the type of regulations, the state of its AML compliance program, and the specific jurisdiction. 


Why Is There a Need for a Better Approach?

Compliance programs are normally built around due diligence practices, risk-based management, policy implementation, organizational concerns and ethics. Although all these aspects are seemingly intertwined, they are not meaningful unless compliance processes share real-time information with each other and old-school methods are replaced with intelligent solutions. Below are listed some aspects/components that enable financial institutions to develop an integrated approach towards addressing these concerns and meeting AML/CFT compliance.

Risk-based profiling of customers

For any AML program to run smoothly, compliance processes need to be designed using an intelligent approach. Reliable reporting mechanisms and using powerful analytics tools offer improved ways and means to address customer misconducts, risk factor changes, and analysing trends for enforcing compliance accordingly. What compliance officers usually do is adopt an approach to evaluate business risks and implement necessary AML controls annually. 

Given these factors, the time between two consecutive evaluations is important. An automated AML software integrated with other compliance systems can well examine real-time flags and implement actions as per the situation. Through these smart solutions and real-time insights, firms are able to foresee whether to develop a reactive and proactive compliance approach. 


Evaluating the compliance program

Compliance advisory is a significant pillar of integrated compliance management. Determining possible loopholes and examining compliance functions are significant in preventing compliance breaches that can result in costly violations. As a matter of fact, compliance officers now prefer using AML solutions that take into account remediation measures and self-execute mitigation plans. This enables companies to streamline their compliance procedures through frequent audits and evaluations. 

Organisational Framework

While meeting compliance metrics and maintaining risk profiles of customers is important, keeping a check on structural concerns is also important. Here’s what businesses need to consider to address these underlying challenges:

Incident and case management: Consistent and well-defined policies/procedures can help identify loopholes, so they can be countered by planning incident use cases. Devising policies for tracking, recording, routing, investigating, and closure can help in better case and incident management. 

Managing regulatory engagement: Financial organizations develop a plan to calculate regulatory engagement activities. These often include document management, examinations, information requests, and engagement-related records.

Wrapping Things Up

The changing regulatory landscape of the financial industry has created the need for robust solutions for AML/KYC/CFT compliance. Real-time information sharing among compliance processes can enable organisations to identify, evaluate and combat underlying risks, and develop policies that are better directed towards compliance management. This integrated approach comes with certain requirements that can be met with an intelligent AML solution that instantly generates activity reports, implements compliance control measures, and enables efficient policy and incident management. 

What to know about automated AML screening? Find out more.


Kaseya Ransomware Attack – How to Protect Your Organization from Cyber Risks

Did you know that by 2021, a ransomware attack is projected to occur every 11 seconds, costing companies approximately USD 20 billion?

A single ransomware attack can halt business operations for weeks, tarnish a company’s reputation, and pave the way for future data breaches. Such an attack can lead to identity theft, account takeovers, and other disastrous consequences. As Kaseya recovers from the massive REvil ransomware attack after 10 days of no business, some precautionary measures that can prevent such cyber risks have come into the spotlight. 

Kaseya Ransomware Attack, Explained

Kaseya, an IT automation software provider, offers services for MSPs (Managed Service Providers). VSA is among the world’s most popular software for MSPs that delivers Remote Monitoring and Management (RMM) services. On July 2, 2021, the Kaseya VSA software reported a massive ransomware attack that hit approximately 60 MSPs. 


Initially, it was thought that Kaseya itself might have been compromised in the same way as the SolarWinds malware attack in December 2020. Instead, the attackers targeted a vulnerability in Kaseya’s VSA software, infecting 1,500+ small and medium-sized companies. According to the Huntress’ blog, the Russia-based criminal gang “REvil” first bypassed authentication to Kaseya’s VSA and then deployed malicious updates. In return, the gang demanded USD 70 billion in Bitcoin. 

Could the Attack Have Been Avoided?

According to the latest update by Bloomberg, five former software engineers and developers had warned Kaseya leaders about the vulnerabilities in the systems. Examples of the vulnerabilities included outdated code, weak encryption and passwords, and a failure to meet basic cybersecurity requirements. Despite the concerns, the problems were never fully addressed, and new features were prioritized over fixing the existing issues. 

Ransomware attacks such as this endanger the long-term sustainability of companies of all types and sizes. Below are some effective anti-ransomware strategies for safeguarding your business.


Best Practices for Preventing Ransomware Attacks 

1- Set Up Firewalls

A firewall is a security system that monitors incoming and outgoing traffic based on predefined security rules. It examines the traffic for malware and other threats. Its capabilities can determine where a file is coming from, where it is headed, and other information about how it travelled. The information is then used that to ascertain whether the file contains ransomware. 

Additionally, a next-generation firewall (NGFW) can also be deployed instead of using a traditional firewall for ransomware protection. NGFWs use deep packet inspection (DPI) to examine the contents of the file itself, hunting for ransomware, and then discarding any document that has it.

2- Use Technology Against Technology 

While ransomware attacks can vary in type and intensity, all of them are deployed for one basic purpose – gaining ransom in return for stolen/blocked data. In case the ransom is not paid by the victim, the data is sold on the dark web, posted all over the internet, or used to commit other financial crimes. Money service businesses and data-sensitive companies need to restrict admin rights and limit access to servers by securing databases with AI-backed solutions. 

Identity verification solutions, for instance, are commonly used by banks to verify the identity of every individual that attempts to access an account. These solutions use thousands of AI models to authenticate customers based on their official ID cards. By combining document verification with facial recognition technology, a fool-proof system is created for preventing fraudulent access, identity theft, account takeovers, and more. 

Suggested Read: The Role of Artificial Intelligence in the Future Of Financial Fraud Detection

3- Establish a Security-focused Workplace Culture

To maintain compliance with KYC (Know Your Customer) regulations and stay protected from cyber risks, companies need to start with their staff. Provide them with more authority, educate them about regulatory compliance, and provide them with adequate training for detecting suspicious activities. Proper cybersecurity training combined with the latest fraud prevention technology can secure businesses against any form of cyberattack. Had the higher management at Kaseya taken swift action against the vulnerabilities detected by its employees, 1,500+ customers could have been saved from data compromise. 

4- Conduct Regular Audits 

Although businesses cannot completely eradicate cybersecurity threats, regular reviews and assessments can prevent billion-dollar losses stemming from cyber-attacks. In a joint statement by the FBI and CISA following the Kaseya ransomware attack, the company has been advised to conduct an audit of all admin accounts, particularly the accounts with access to remote management tools. This is a necessary step for ensuring that each account has a verified owner. Other audits highlighted by the regulators include a review of the disaster recovery plan, backup strategy, and vulnerability management processes. 

5- Enforce Multi-Factor Authentication (2FA)

Data-sensitive businesses such as financial institutions, software companies, and insurance firms must enforce two-factor authentication on every account as an added security measure and ransomware protection. Where most usernames and PIN codes can be compromised quickly by a malicious program, 2FA provides a significant increase in security for sensitive business data. The FBI backs this strategy for preventing account breaches arising from ransomware attacks by stating that every customer must implement 2FA on the accounts that are under the control of the organization. 

With 65% of businesses allowing their employees to access company applications from personal, unmanaged devices, a simple step in the form of 2FA can save you from future catastrophes. 

Suggested Read: Phishing Attacks and the Role of Two-Factor Authentication

How Can Shufti Pro Help? 

Shufti Pro’s two-factor authentication prevents malicious actors from gaining access to personal and business accounts. With an accuracy rate of 98.67%, verification results are provided within five seconds. The process is deemed as a better alternative to traditional security methods, as it avoids phishing attacks and malware activity through a strong security hold. Need more information?

Talk to our experts or avail a 7-day free trial today!


EU’s Smart ID Wallet – Paving the Way for a Seamless Digital World

A few days back, the European Union Commission published a draft for digital ID wallets for all the EU residents. As of today, only 60% of the residents can use a digital identity across member states. To ensure that every citizen has control over their data, the Commission has proposed a plan for EU digital ID wallets for every resident on June 3, 2021. According to the Vice President for a Europe Fit for the Digital Age, Margrethe Vestager

“The European digital identity will enable us to do in any Member State as we do at home without any extra cost and fewer hurdles. Be that renting a flat or opening a bank account outside of our home country. And do this in a way that is secure and transparent. So that we will decide how much information we wish to share about ourselves, with whom and for what purpose. This is a unique opportunity to take us all further into experiencing what it means to live in Europe, and to be European.” 

Digital ID Wallets – Background 

The EU Commission decided to make the European Union contactless. Also known as the 2030 Digital Compass, the proposal sets out various targets and milestones that can be achieved with European Digital ID. For instance, medical records will be available online. 

For a digital future, the Commission has built on the existing eIDAS regulation. The law has built the foundation for cross-border electronic identification, website certification and authentication in the EU. Around 60% of the residents are already benefiting from the system. 


Digital ID Wallet Framework

Member states will offer residents digital wallets that will link their national identity to proof like driving licenses and bank accounts. Europeans will have full control over their data and the liberty to share information. The Digital Identity Wallet will be available to anyone who wants to use it and anywhere to consume digital services within the EU.

Digital ID Wallets – Discussing a Use Case 

The Digital ID Wallet can be used for any of the following:

  • Opening a bank account 
  • Applying for a bank loan 
  • Filing tax returns 
  • Requesting documents like birth certificates, marriage certificates, reporting a change of address, etc. 
  • Applying to a university 
  • Requesting medical records 
  • Renting a car
  • Hotel check ins

Let’s take a look at how opening a bank account will get easier with Digital ID Wallet. 

Generally, opening a bank account has several steps. First, the end-user has to register for the account. Then, the bank requires certain identity documents for verification. Next, is the verification process that takes a while if the financial institution is following conventional procedures. In case the end-user has submitted the wrong document or missed a detail, the hassles for repeating the entire process are unbearable. 

Recommended: Video Interview KYC – Efficient & Secure Customer Onboarding

On the contrary, the Digital ID Wallet can overcome such challenges. All the documents will be saved in the individual’s wallet. The individual has to do is register for the account opening process and select the required documents. Since the documents are verified, it is not necessary for the bank to verify them during customer onboarding. The bank securely receives these documents and carries out the rest of the account opening process. 

A Sneak Peek into the Benefits of Digital ID Wallets 

For both businesses and individuals, the benefits of Digital ID Wallets are infinite. Let’s take a look at some of them: 

Businesses Citizens 
eID Customer base will expand with a reduction in costs. Building trust in cross-border transactions will be easier  Opening bank accounts in different countries will be seamless 
eSeal Streamlined procedures. Promote trust in the document origin Guarantee that concert tickets bought online are legitimate 
Web Authentication Certificate  Protect business reputation and prevent cyberattacks  Individuals will know that the website is trustworthy to share information 
eSignature Help innovate business procedures No paperwork required 

What’s Next?

The Commission will work with the EU member states along with the private sector regarding the technical aspects of the EUid parallel to the legislative process. The Commission will support European Digital ID framework implementation. Furthermore, many member states of the EU have started working on the implementation of e-government solutions, including the EU Digital ID Wallet. 

In a nutshell, the Digital ID Wallet will have all the verified documents in one place, making it easier for not just individuals but businesses as well. Apart from convenience, cost reduction and streamlined procedures are some other benefits of EU’s Digital ID Wallet. 

Eager to know more? Get in touch with the experts right away!

bank regulations blog image-01

5 Key Regulatory Updates for the Banking Sector in 2021

The pandemic disrupted operations in the banking sector and the criminal activities significantly  increased in 2020. As per our Global Identity Fraud Report 2020, fraud rate increased by 3.36% and the worst part is, perpetrators are strategically stronger than before. With the help of advanced technology, they are also utilising new and improved versions of fraudulent attempts. The banking sector has always been under threat of criminal proceedings and so, regulatory authorities across the world are imposing more rigid regulations. For banks, customer due diligence (CDD) requirements have increased in 2021. Here’s a glimpse of the banking regulatory outlook in 2021 and beyond.

Regulatory Outlook for the Banking Sector 

Regulatory bodies across the world are working on imposing enhanced regulations in 2021. Money laundering, terror financing, tax evasion, and many other financial criminal activities have significantly increased. Hence, financial watchdogs are in action to enforce stricter regulations and financial institutions will be heavily fined for non-compliance with the laws. Here are the top regulatory updates for the banking sector in 2021 and beyond. 

FATF’s Plenary – Strategic Proposals for AML/CFT 

Financial Actions Task Force (FATF) had a plenary meeting between June 21 and 25. The fourth plenary proposed strategic and country-specific initiatives for effective AML compliance. The key features of this meeting are: 

  • Digital transformation opportunities for AML compliance 
  • Guidance to prevent financing of weapons of destruction 
  • 12-month review for VASPs
  • Terrorism based on ethnicity and racism 
  • Consultation update on UBOs
  • Money laundering associated with environmental crime 

In the plenary, FATF has also discussed the state of money laundering and terror financing in both Republic of South Africa (RSA) and Japan. The meeting concluded that although South Africa has a robust AML infrastructure, the country must address money laundering concerns on the basis of risk profiles. Similarly, the global watchdog has evaluated other countries and what they must do to enhance the efficiency of AML infrastructure. 

Suggested: FATF’s June 2021 Plenary – Strategic and Country-specific Initiatives 

Bank Secrecy Act (BSA) – New Definition of AML Effectiveness

In the United States, banks can expect more clarity on regulatory expectations for AML programs. In December 2020, the Anti-Money Laundering Act of 2020 was added as an alteration to the National Defense Authorisation Act for FY 2021. As per this amendment, risk-based approach to AML and combating terror financing is reinforced. Moreover, it requires FinCEN to establish “The Priorities” for financial institutions. 

On the other hand, The AML Act of 2020 extends FinCEN’s Advance Notice of Proposed Rulemaking (ANPRM) proposals on AML effectiveness. However, banks should be prepared for the following challenges: 

  • Streamlining their AML policies according to The Priorities
  • Enhancing the outcomes for enforcing laws
  • Focusing on resources for higher-value AML activities 
  • Rethinking AML monitoring, information sharing and investigations 

The Priorities – FinCEN’s Stance Against FinCrime 

As stated earlier, the BSA guided FinCEN to issue ‘The Priorities’ to combat criminal activities like money laundering, terror financing and tax evasion. For the first time, FinCEN has issued governmentwide AML/CFT guidelines. Corruption, fraud, cybercrime, human trafficking, proliferation financing, terror financing (domestic and international), and transnational criminal organisation activity are the eight priorities that FinCEN has issued in June 2021. 

The financial watchdog said that all priorities may not be applicable to every financial institution. However, the applicable ones must be implemented as soon as possible. Otherwise, hefty penalties might hit the finance sector. 

fincen infographic

FINTRAC – Amended PCMLTFA for Banks 

FINTRAC, the regulatory body of Canada, has amended the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) which was in action as of June 2021. Some updates from FINTRAC are:

  • Ongoing monitoring requirements 
  • PEPs and HIOs screening 
  • Reports for virtual currency transaction 
  • Reporting of unsuccessful reasonable reasons of verification 
  • Fie new identity verification methods have been introduced 

AUSTRAC – Tranche 1.5 Reform 

As of June 18, 2021, new anti-money laundering reforms have been enforced in Australia. Also known as Tranche 1.5, these reforms demand higher due diligence standards to be implemented. This allows financial institutions to rely on vendors to meet KYC requirements. 

The reforms include measures to streamline banking relationships, making customer identity verification effortless. As per Tranche 1.5,

  • Ongoing KYC must be performed every two years 
  • Control, ownership and management structure of the banks must be evaluated 
  • Guidelines for reporting entities have been issued too 

Recommended: New AML Reforms ‘Tranche 1.5’ Take Effect in Australia 

To Sum Up…

Due to the COVID-19 pandemic, threats for the banking sector have significantly increased. To protect financial institutions from financial crimes like money laundering, terror financing, etc. regulatory bodies across the globe have enforced enhanced KYC and AML regulations. FATF’s plenary meeting held between June 21 and 25 has resulted in strategic and country-wise initiatives to tackle FinCrime. On the contrary, AUSTRAC, FINTRAC and FinCEN have also imposed more rigid laws for anti-money laundering and counter financing of terrorism. All in all, the banking sector has to abide by stricter regulations and non-compliance will result in hefty penalties. 

Suggested: AML Non-Compliance Penalties Soaring Sky High in the First Half of 2021 

French crypto regulation Blog Image-01

Crypto Regulations 2021 – The Updated Compliance Regime in France

Within the last two years, France’ cryptocurrency landscape has experienced significant milestones. The country’s crypto industry, which became regulated in 2019, has now become liable to implement robust Know Your Customer (KYC) procedures, on top of a few other changes. The new crypto regulations are indicative of a major disruption in the cryptocurrency market. These changes were initially introduced in the Ordinance № 2020-1544 on 9 December 2020 and have come into effect as of 9 June 2021. That being said, let’s take a look at what the updates are and how companies can maintain KYC compliance to avoid fines and penalties. 

Current Landscape of Crypto Regulation in France

The current regulations regarding the treatment of cryptocurrencies can be found in the PACTE law. The French PACTE law was introduced back in 2019 to regulate the cryptocurrency industry. Prior to the regulation of this emerging market, regulators were concerned about the use of crypto-assets to facilitate crimes, including money laundering and terrorism financing. 

July 7, 2021 infographics-01

Under the PACTE law, crypto firms are required to register with the AMF (Autorité des marchés financiers) – the French financial regulators. Additionally, any firm that needs to receive additional benefits, such as unrestricted access to financial services, has to acquire an optional licence from the AMF. With the help of this licence, crypto firms became eligible to open a deposit or payment account with French credit institutions. 

What’s the Update? 

Prior to June 2021, the four basic principles of the PACTE law were only applicable to crypto-to-fiat transactions and cryptocurrency custodians. The updated French crypto regulation extends the scope of AML (Anti-Money Laundering) and KYC compliance to crypto-to-crypto transactions and trading platforms operating in France. 

KYC requirements, in particular, have been tightened in the French cryptocurrency market. To streamline the KYC process, however, the use of third party service providers for KYC procedures has been permitted. Following is the summary of the five major updates that have been listed down in new French regulation for crypto. 

1- Anonymous Transactions Banned

Perhaps the biggest change in the French crypto regulation has been the effective ban on anonymous crypto transactions. This means that the transaction limit for KYC checks has been updated from €1000 to €0. As a result, even the smallest crypto transaction will now go through Know Your Customer procedures to mitigate the risks of financial crime. 

2- Mandatory KYC

Any crypto firm operating in France now has to implement robust Know Your Customer processes to stay compliant to the country’s cryptocurrency regulation. Under the decree published by the Finance Ministry, each crypto customer will have to go through an identity verification process, regardless of the size of their transaction. Regardless of the controversies, regarding this law, KYC checks were deemed necessary by regulatory authorities due to their ability to detect and prevent financial crimes. The rule has been expanded to include crypto-to-crypto transactions and cryptocurrency exchanges. 

Suggested Read: Latest Regulatory Updates on KYC Verification for Crypto Exchanges

3- Registration with AMF

Similar to all other cryptocurrency transactions, French crypto-to-crypto services and trading platforms are mandated to register with the Financial Markets Authority, more commonly known as AMF. To ensure compliance, the AMF will be verifying the firm’s Ultimate Beneficial Owners (UBOs) and managers. A close check will also be kept on the implementation of AML and CFT measures.

4- Third-party KYC

Following the announcement of the updated French crypto regulation, concerns were raised regarding higher costs of KYC compliance and customer onboarding. The Block reported that where customer onboarding currently costs €1, companies were worried that KYC measures will shoot this cost to €5. As a solution to this problem, the use of third party service providers has been allowed for the first time ever under the law to streamline Customer Due Diligence (CDD) and KYC for crypto. 

5- Expanded Scope of AML/KYC

Every crypto-to-crypto exchange and trading platform must devise and implement proper AML/CFT procedures to eliminate the threat of crypto-related crimes. This should include the following CDD processes:

  •  Authentication of the end-user’s ID documents 
  • Identity verification of the customers and the crypto firm owners
  • Identification of the true nature of the business
  • Ongoing monitoring of the customers and their transactions
  • Screening of customers against sanctions and criminal watch lists
  • EDD (Enhanced Due Diligence) for high-risk entities

How can Firms Comply With Updated Crypto Regulation in France?

Crypto firms in France that fail to comply with KYC and AML regulations are punishable under the law with a fine of up to €5 million. Such fines directly impact a company’s bottom line and lead to a tarnished brand image. Compliance with the updated crypto regulation is, therefore, necessary. 

Any crypto firm that aims to stay compliant, needs to devise its own set of policies and procedures for the implementation of KYC requirements. This includes processes such as identity verification, document authentication, and more – all of which can be easily implemented through third party ID verification service providers. These IDV providers ensure that companies stay compliant by utilizing AI-powered technologies. The same solutions can also be used for AML compliance to automatically screen every onboarded customer against global sanctions, criminal watch lists, and Politically Exposed Persons (PEP) lists. 

Global IDV providers such as Shufti Pro provide the added benefit of low compliance costs and rapid customer onboarding through the use of biometric technology for customer identity verification. 

Suggested Read: Avoiding Billion-dollar Fraud & Non-Compliance Costs With Shufti Pro

Final Thoughts

For the cryptocurrency industry to sustain itself despite the countless controversies regarding it, regulatory obligations are necessary. AML and KYC requirements are implemented for the crypto sector as they pose a disincentive for criminals, allowing companies to acquire a clean customer base. With the implementation of the updated crypto regulations, French crypto firms can encourage the use of digital assets in the country, paving the way for other opportunities within this emerging sector. 

Need more information on AML/CFT compliance? Get in touch with our experts.

FATF blog image 6-07-2021-01

FATF’s June 2021 Plenary – Strategic and Country-specific Initiatives

The fourth plenary meeting of the Financial Action Task Force (FATF) took place from June 20-25 this year. German President, Dr. Marcus Pleyer, headed the virtual meeting comprising 205 members from the FATF Global Network and other watchdogs including the World Bank, United Nations, and the IMF. The sole agenda of this meeting was to take into account the increasing money laundering risks amid the COVID-19 health crisis and develop an action plan to address them through digital transformation. 

FATF is an independent financial watchdog headquartered in Paris that aims at utilising effective regulatory standards to mitigate global money laundering. The recent meeting of delegates states important concerns regarding risk-based FATF standards and their implementation to take down terrorists from exploiting loopholes in the legal financial system. The blog highlights key points of the plenary which are essential for proper AML/CFT compliance. 

Strategic Proposals for Effective AML/CFT Compliance

Employing Digital Solutions

High-end Technology 

This plenary, FATF recognised the benefits of digital transformation and its role in developing cost-effective and real-time solutions for AML/CFT compliance. FATF identified that by using machine learning, data pooling and advanced analytics, organisations can develop AML compliance programs that could better identify suspicious behaviour and usual transactional patterns. The report presented in the meeting lists necessary policies, procedures and technologies to improve AML/CFT effectiveness. 

Data pooling and information sharing 

Without a doubt, the increased adoption of data analysis tools has made it possible for financial institutions to process large amounts of data effectively. This is when collaborative analytics and data pooling can help banks and monetary institutions assess, identify and take down money laundering, as highlighted in the plenary. The report published on July 1 also emphasises the need for data privacy and protection while enterprises and governments carry out their AML procedures using high-end privacy-centric technologies. 

Read More: Global Economies are joining forces with FATF against money laundering

What Strategic Actions Does the FATF Suggest Blog Infographic -01

12-month Review Implementation 

The plenary compiled a second 12-month review for introducing new changes to FATF’s standards for Virtual Asset Service Providers (VASPs). The report on revised guidelines describes 128 reporting jurisdictions out of which 58 have now implemented the new recommendations. 52 of these have regulated the operations of VASPs while 6 of them prohibited crypto providers from carrying out business activities. The majority of these countries have not yet obliged with the FATF Travel Rule and other essential requirements which call for better global efforts. 

The report presented in the meeting urged the importance of regulating cryptocurrency exchanges so that virtual assets cannot be used in criminal activities. The plenary agreed on finalising the revised guidance till October 2021 including measures for preventing ransomware-based virtual assets. 

Challenges with Recovering Assets 

When we talk about anti money laundering requirements, asset recovery is one significant aspect. This helps regulatory authorities deter criminal instances and create better opportunities for compensating victims by taking away profits on ill-obtained money. While asset recovery is an important point of the FATF’s 40 recommendations, the report by FATF shows that many countries achieved very few objectives. The document covers all key obstacles preventing governments from proper asset recovery and presents a viable solution for them. 

Jurisdiction-based Updates 

Evaluating ML/TF regulations in RSA and Japan

FATF’s plenary discussed the state of financial crime in both Republic of South Africa (RSA) and Japan considering their AML efforts and compliance with action plans. In this regard, the joint association of FATF and the Eastern and South Africa Anti-Money Laundering Group (ESAAMLG) carried out an assessment which was evaluated by FATF representatives.

The meeting decided that even though South Africa had a robust AML infrastructure, it needed to address money laundering concerns as per its risk profile. Regulatory authorities need to develop better channels for sharing financial intelligence and improve the application of risk-based frameworks. 

Moreover, the assessment carried out under the joint FATF Asia/Pacific Group on Money Laundering (AGP) was also examined which concluded that Japan has made significant progress in meeting its action plan requirements. Despite the fact that Japan showed promising results in mitigating terrorist financing risks and money laundering, it needs to better supervise preventive measures for financial organizations and non-financial businesses or professions (NFBPs). 

Jurisdiction infographic design -01

Updates to the Increased Monitoring List

The financial observer regularly updates its Jurisdictions Under Increased Monitoring list in its official meeting that is carried out three times in February, June and October each year. These countries work closely with FATF to reduce strategic deficiencies and terrorism/proliferation financing. As of June 25, 2021, the FATF after an on-site inspection decided to remove Ghana from the list of high-risk countries. On the other hand, the watchdog after a detailed review added new restrictions to the increased monitoring list including the Philippines, South Sudan, Haiti, and Malta. 

Strengthening Global AML Efforts

Given the increased demand for financial crime prevention, the plenary acknowledged the role of FATF-styled Regional Bodies (FSRBs) in combating money laundering on a global level. These independently operating units make sure that FATF-set standards are effectively implemented by member countries. To better assist FSRBs in timely delivering their Mutual Evaluation (ME) reports, despite the COVID-19 context, FATF is now providing high-priority support and additional resources.  

Need more information on AML/CFT compliance? Get in touch with our experts.


The Priorities – FinCEN Issues First Governmentwide AML/CFT Guidelines

On June 30, 2021, Financial Crimes Enforcement Network (FinCEN) issued governmentwide AML and CFT guidelines for the first time called ‘The Priorities.’ These Priorities have been issued pursuant to Section 5318(h)(4)(A) of the Bank Secrecy Act (BSA). FinCEN aims at assisting all the financial institutions (FIs) covered in the BSA in their effort to effectively comply with the anti-money laundering and counter financing of terrorism policies. However, guidelines for FIs on how to incorporate The Priorities with AML policies will be issued later. All Priorities may not be relevant for every organisation but the ones appropriate for the business must be effectively met by the entity. The regulatory body states that it consulted several stakeholders and took all the threats to the US economy under consideration to develop The Priorities. 

1- Corruption

Joe Biden issued a National Security Study Memorandum on June 03, 2021 according to which corruption leads to conflict and instability. Moreover, it results in disrupting the economic growth and it is estimated that two to five percent of the global GDP is laundered every year. 

As per The Priorities, all addressed financial institutions must consult FinCEN advisories related to corrupt foreign entities and human right abuses in different regions like South Sudan, Venezuela, Nicaragua, etc. Furthermore, all the financial institutions must reconsider their AML/CFT policies and red flags along with increasing robustness of the programs related to senior foreign political figures and PEPs. The authority has also warned FIs about the high risks that these individuals pose on an organisation and so, enhanced monitoring of these individuals is crucial. 

Suggested: 10 Red Flags to Detect Money Laundering in the Finance Sector 

2- Cybercrime

Common cybersecurity threats mentioned by FinCEN include social engineering attacks like phishing, software vulnerability like ransomware, and network attacks. The size, speed, accessibility and reach of the finance sector can make it a viable outlet for financial criminals including terrorists. The target of these perpetrators is the websites, systems and all confidential information of the covered institutions. The Treasury is specifically concerned about the illegal use of virtual assets, FinCrime and ransomware attacks. 

With respect to ransomware and COVID-19 related scams, FinCEN has issued advisories to warn addressed institutions about the predominant frauds. The authority has also issued a fact sheet that motivates covered institutions to share information about suspicious activities under BSA with one another to better identify and combat money laundering and other criminal proceeds.

fincen infographic -01

3. Fraud

Drug smuggling, human trafficking, human smuggling, corruption, and organised crime are few of the noted frauds that generate most of the illicit proceeds in the United States by the Treasury’s National Money Laundering Risk Assessments. Among these frauds, banks consumer, healthcare, tax, and securities and investment frauds are considered as the largest illicit fund generating activities in the US. Healthcare fraud alone generates $100 billion illegal proceedings annually. For this, synthetic identity, identity theft and romance scams are the most commonly used techniques. 

FinCEN has issued many advisories related to the aforementioned frauds and specifically targeted Business Email Compromise (BEC), email account compromise and COVID-related scams.  

Suggested: Top 7 COVID-19 Related Scams and Frauds to Look For in 2021 

4- Proliferation Financing

Another Priority from FinCEN is preventing ‘proliferation financing’ which refers to exploiting the country’s financial infrastructure for illicit movement of funds. These funds are either used for: 

  • Acquiring weapons of mass destruction 
  • Advancing or developing state-sponsored weapon programs including, evasion of US sanctions

Covered institutions must review their sanctions programs, especially economic and trade sanctions when they are trying to identify and report any suspicious activities (possibly associated with proliferation financing). This guideline is specifically for banks and other financial infrastructures that facilitate international transactions and these organisations must perform Know Your Customer (KYC) and Customer Due Diligence (CDD) protocols to identify perpetrators that might be engaged in such activities. 

Recommended: A complete guide to understanding KYC compliance regulations 

5- Terrorist Financing

Terrorist groups require funds to recruit and support members, conduct operations and fund logistics. To prevent financing (both domestic and international) of these groups, covered organisations are reminded of the current laws for identifying and filing Suspicious Activity Reports (SARs) on potential terror financing transactions. The addressed institutions are guided to comply with the sanctions program as part of their risk-based AML policies. The covered institutions must consider the development of state of the art AML/CFT program that can address risks with domestic terrorism. For instance, an onboarding process that incorporates Customer Due Diligence (CDD) procedures will be pivotal for identifying anyone who’s facilitating terror financing. 

6- Priorities for Criminal Activities

There are three priorities under this category; Drug Trafficking Organisation Acitivity, Human Trafficking and Smuggling, and Transnational Criminal Organisation Activity. The primary focus of all these priorities is to prevent criminal proceeds through the US finance sector. All FIs already identify and report such activities; however, these priorities guide the covered institutions to reevaluate the robustness AML/CFT policies with respect to certain criminal activities. 

Any customer profiles that come with some risk must be particularly assessed, especially accounts that might be associated with a shell company to hide the business’ true nature. Also, FIs must ensure that suspicious activities are monitored, trace the movement of money and make sure SAR filing processes are comprehensive and clear.


In a nutshell, money laundering, terror financing, corruption, and other criminal activities have significantly increased in the United States. For the first time, FinCEN along with other regulatory bodies of the country has issued governmentwide guidelines called ‘The Priorities.’ Although specific rules on how to effectively incorporate these priorities will be issued later, all addressed organisations have been guided to comply with all the laws and revise risk-based AML policies accordingly. Fraud, cybercrime, corruption, terrorist financing, human trafficking and smuggling, drug trafficking, proliferation financing, and transnational criminal organisation activity are the eight priorities that FinCEN has addressed. 

Need more information on AML/CFT procedures? Get in touch with our experts. 

online dating -01

Swipe Right on Facial Verification for Secure Online Dating

In today’s COVID-ridden world, in-person dating is deemed very risky due to the spread of the virus. Online dating has become the preferred method of getting to know a potential match. In 2020, Hinge facilitated 12% more dates than in 2019. Tinder users made 300 million swipes in a single day last March, and virtual dates on OKCupid rose by 700%. These statistics prove that the world of dating has adapted to the new norm. But while online dating is a safer option amidst COVID-19, dating platforms are not as harmless as they may seem.

Challenges of Online Dating

One in three US adults have claimed that they used online dating apps at some point in their life. Not only is online dating here to stay, but the number of American users of online dating services are estimated to rise to 53.3 million, up from 44.2 million in 2020. With more individuals shifting online to form connections, it is necessary to address the threats that reside within this sector. 

1- Dangers of Self Attestation 

A major factor that is at the epicentre of any dating app is trust, and it starts playing a key role the second a new account is being created online. When users are verified at this stage, companies rely on self-attested information. This includes asking the users to provide their full name, city, age, and other personal information, all of which can be easily manipulated by criminals. New users can provide any information they wish, as they know that there is no fact-checking procedure going on behind the scenes. 

This is precisely where online dating platforms need to step up and introduce biometric facial authentication to weed out scammers. By ensuring a high level of identity assurance through verification in real-time, an environment of trust can be encouraged. 

Suggested Read: Identity verification solutions to fight against faces of fraud

2- Abuse and Violent Attacks 

A major challenge faced by the users of online dating apps and sites is that of sexual predators and individuals with violent histories. Such attackers use fake ID information to open new accounts and pass traditional security checks. This opens the door to a vast world of vulnerable users, allowing criminals to prey on legitimate users. With robust identity verification methods in place, fraudulent ID details can be detected within seconds by matching the information provided against the user’s identity in real-time. 

3- Romance Scams 

In 2020, losses to romance scams increased to an all-time high amount worth $304 million – a 50% rise compared to 2019. Cybercriminals execute this type of fraud by impersonating someone else or forging a fake identity to gain someone’s interest. In reality, the account is merely created to solicit users for money and personal information. Once confidential information has been acquired, criminals use it to access the victim’s banking account, social media platforms, and much more. Additionally, the stolen data can also be used to transfer funds under the victim’s name, gain medical benefits, or file for insurance claims. 

To stop romance scams from skyrocketing in the future, dating platforms need to integrate biometric verification technologies to verify user identities. This will prove to be a disincentive for identity thieves and cybercriminals, making them aware that the site they are targeting is, in fact, armed. 

Download White Paper: Biometric Technologies Reshaping Identity Verification

4- Minor Protection 

Safeguarding children against the dangers of the internet is a tricky business. For instance, dating apps such as Bumble and Tinder generally allow users to set up online profiles through their Facebook accounts to keep underage users off the platform. While some may think this is a good technique to keep users below the age of 18 off the dating sites, the reality states otherwise. Tech-savvy minors of this day and age can simply create a profile on Facebook by providing a false date of birth and a valid phone number. This account is then used to set up legitimate profiles on dating sites. As a result, companies face the threat of facing hefty fines and lawsuits due to the breach of minor protection laws.

Onsite Blog Infographic July 1, 2021 [Recovered]-02

Without the use of facial biometric verification solutions, minors will continue to slip through the cracks, while predators will keep using fake identities to target vulnerable users. 

A Simple Tool to Prove You’re Real

If you have ever used Snapchat filters or been tagged in Facebook pictures, you have a first-hand experience with biometric facial recognition. In the space of cybersecurity, facial verification is deployed to verify user identities based on their facial characteristics. This can include measuring the distance between two eyes, shape of the chin, and so on. This process of ID verification reduces the likelihood of being scammed by catfishers and also allows a dating site to keep minors at bay. 

For instance, Twitter places a blue badge on verified user accounts to confirm that they are 100% legitimate. Dating sites can follow in their footsteps and confirm who a user is by matching a government-based ID document against the selfie of the user taken in real-time. Apps such as Tinder are already implementing such photo verification techniques to ensure users are actually who they claim to be. 

Use Case: How DateID Secures Online Dating 

DateID, a California-based software company, required the services of an IDV provider to fully automate date verification prior to users meeting in person. The company, which aims to secure the online dating space from catfishers, romance scammers, and violent criminals, opted for the AI-based solutions of Shufti Pro. 

Our face and document verification solution proved to be the best option for DateID. The company confirmed that following the integration of our solution, they were better able to verify user identities, onboard customers, as well as reduce false chargeback and fraud rates.

Top 5 Ways Minors Use to Dodge Age Verification Infographic [Recovered]-04 2

View Case Study: DateID increases its customer acquisition by 300% with Shufti Pro’s IDV

Final Thoughts 

While online dating has become the new buzz amidst the pandemic, the threats targeted at this sector are here to stay. Biometric facial technology has introduced selfie verification – a convenient method of verifying end-user identities simply through the use of selfies. The use of AI-based ID verification technologies has become particularly crucial as romance scams continue to rise. Lastly, these solutions also enable companies to stay compliant with minor protection laws, such as the Children’s Online Privacy Protection Act (COPPA) in the US. Need to secure your online dating platform?

Try our 7-day free trial or talk to our expert for more details!


Shufti Pro to Revamp Customer Experience with Enhanced Video KYC UX

Would you ever want to use a product that is hard to understand? A McKinsey Report revealed that state of the art UX results in an impeccable customer experience, increased satisfaction rate, higher customer lifetime value, and above all, increased business growth. The impact of a great UX on a business goes beyond short-term benefits. 

Our products have already achieved a 92% end-user satisfaction rate and we aim at increasing it to 100%. Considering the vitality of user experience, Shufti Pro has enhanced its video KYC. Now, your customers can have a better identity verification experience and you can reap more benefits in the long run. Take a look at what’s new in the product.

Recommended: Video KYC – Understanding the ‘what’ and ‘how’ [A short guide]

What’s New in Video KYC?

Here’s what we have improved in our video KYC solution. 

Seamless Customer Journey

Your customers do not need any technical know-how because our KYC experts perform most of the tasks. All the end-user had to do is answer a few questions and show the ID document to the camera. The rest is on the KYC expert and our intelligent verification engine. From logging in to delivering verification results, your customers only have to follow the simple guidelines. 


Enhanced UI and UX

Shufti Pro has updated the verification screens to make sure your customers have the perfect experience with us. Now, the end-user does not have to go through a million details to understand the product and then perform the verification. Our KYC experts will tell them what and how to proceed with the verification. 

Here’s how we have designed the process: 

1- Introduction 

The end-user gets in touch with the KYC expert on a live video call using the unique link provided in the email. Before the verification process begins, the customer has to verify the phone number through two-factor authentication. 

2- Face Verification 

The end-user is asked to show their full face to the camera. The interviewer captures the photo and authenticates the live presence. The image taken at this stage is later used for verifying the image on the ID document. 

Suggested: 5 Key Questions about Facial Recognition Answered by Experts 

3- Document and Address Verification 

Now, the end-user has to show the ID document to the camera for document and address verification. Customers get to choose the type of government-issued identity document they would like to use to get themselves verified. The front and backside of the identity document are captured and various authenticity checks are performed to verify the document. Note that all the details are extracted using AI-powered OCR. The picture captured in step 1 is used to verify the image on the identity document. 

4- Verification Results are Delivered

Once the process is complete, verification results are immediately delivered and proof of verification is stored in our back-office. Merchants can access these proofs anytime in the ‘details’ section. 

Apart from the comprehensive yet frictionless process, Shufti Pro has included multiple navigation screens that allow KYC agents to capture proof, preview country selection and ID document selection. 

Data Extraction through OCR

For more effectiveness of the video KYC process, data extraction has been automated using AI-powered OCR. This makes identity document verification seamless and delivering verification results in real-time gets convenient. Also, it increases the overall efficiency and reduces the turnaround time. 

Different Countries and Multiple Supported Documents 

Have a global clientele? Don’t worry. The KYC agent now has the option to select multiple countries for ID document verification. Once the identity document is captured during the video call, there is an option for country selection. (The end-user can accept or decline the suggestion).

On the other hand, the KYC expert can accept different ID document types for verification. There is no restriction on showing the same document for both document and address verification. 

Multiple Proofs of Verification 

Shufti Pro’s back office has all the verification proofs available at all times. For video KYC, there are multiple proofs available in the back office. All the images captured during document verification, address verification and face verification proofs are stored. Merchants can access them for future case building. 

To Sum Up…

Shufti Pro’s customer-centric approach aims at bringing more convenience for the end-users and so, we have updated the User Experience of one of our services – Video KYC. End-users do not need any technical know-how since our KYC agents perform the majority of the tasks. All the customers have to do is follow the guidelines by the system and KYC experts. Enhanced UI/UX have made customer journey more seamless. Moreover, the KYC agents no longer have to manually extract data because the system can automatically do the job through AI-driven OCR. Apart from all these advancements, multiple documents can be used for the verification too. 

Get in touch with our experts to know more details about the updates.

latest regulatory

Latest Regulatory Updates on KYC Verification for Crypto Exchanges

Even by the standards of cryptocurrency, the volatility exhibited in 2021 has been astounding. In late May 2021, a crypto crash wiped off USD 1 trillion in market value. This impacted major cryptocurrencies such as Bitcoin, which experienced a substantial 30% loss in value. 

Noted names like Elon Musk have stirred a global interest in crypto, particularly as PayPal announced the acceptance of payment in Bitcoins. With money shifting from traditional financial markets to cryptocurrency platforms, global regulatory bodies are stepping up to draw rein on the crypto markets. 

Suggested Read: FATF’s Travel Rule: A New Dawn of Regulations for Virtual Asset Services

The Unsatisfactory Track Record of Crypto KYC Compliance 

Blockchain analysis firm CypherTrace stated that by the end of 2020, approximately 56% of all cryptocurrency exchanges were not complying with global KYC regulations. 

What makes KYC verification necessary for crypto is that such processes have the ability to put a halt to ever-increasing crime rates. In 2020 alone, an estimated USD 1.9 billion worth of crypto was used to facilitate identity theft, hacks, and other financial frauds. The UK is playing an active role in controlling the burgeoning crypto market, while China has completely banned the trading of cryptocurrencies in the country. Other countries that are in the process of devising robust KYC reforms for crypto include the US, Russia, and Singapore. 

Suggested Read: Dirty Funds & Tax Evasion – Can the Crypto Sector Be Safeguarded?

Europe – KYC Verification and AMLD6 

Financial institutions in the EU have to comply with Anti-Money Laundering Directives (AMLD). Recent additions – the AMLD5 and AMLD6 – have introduced updates regarding KYC verification requirements for crypto exchanges. 

These directives include the list of processes that financial institutions, including cryptocurrency exchanges, need to follow to curb money laundering and related financial crimes. The latest update expanded the scope of AML verification to virtual currency wallets. This means that any crypto exchange that enables fiat-to-crypto transaction needs to comply with appropriate KYC and AML standards, as directed by EU’s latest regulation on Markets in Crypto Assets (MiCA).

The consequences of non-compliance have also been enhanced. Individuals and corporations that fail to comply with KYC verification requirements can receive a range of punishments – from simple “cease and desist” orders to imprisonment up to four years. 

North America – FINTRAC and FinCEN

In Canada, the scope of KYC verification has finally been extended to include cryptocurrency exchanges in its updated KYC regulation for 2021. The regulatory body of the country, FINTRAC (Financial Transactions and Reporting Analysis Center), has obligated crypto exchanges to perform KYC verification on their users and meet KYC compliance requirements in the same way as traditional financial institutions. The submission of a Virtual Currency Transaction Report (VCTR) has also been mandated when receiving an amount in virtual currency equivalent to USD 10,000 or more. 

In the south, the US Treasury Department proposed stringent KYC regulations for the crypto industry last December, asking crypto exchanges to verify the identity of the owners of crypto wallets if the transaction exceeds USD 3000. On top of this, the authority also made it compulsory for digital exchanges to submit personal information of crypto wallet owners to FinCEN (Financial Crimes Enforcement Network). This includes their name, address, and the purpose of the transaction. 

However, the controversial proposal has now been put on freeze by President Biden’s administration, much to the relief of the crypto industry. 

Asia – Varying Approaches in China, Singapore, and Thailand

One of the biggest digital economies in the world, China, holds a strict stance towards cryptocurrencies, particularly as crypto transactions fuel online financial crimes. In 2017, cryptocurrencies and ICO’s were completely barred from operating in the country, forcing numerous Chinese crypto exchanges to move abroad.

Other Asian Economies such as South Korea are not bent towards banning crypto exchanges and are instead pushing ahead with stringent KYC verification and AML regulations. Thailand has already implemented in-person client KYC verification on new cryptocurrency users. Their Know Your Client verification system relies on authenticating chip-based ID cards, making it impossible for foreigners to invest in local exchanges. 

Singapore, dubbed as the Crypto Haven, has taken a friendlier position when it comes to cryptocurrencies. KYC verification and AML screening of end-users have been mandated, along with the submission of SARs (Suspicious Activity Report) to the Monetary Authority of Singapore (MAS). 

Suggested Read: Singapore Taking New Actions Against Terror Financing and Money Laundering

benefits of kyc

Why are Crypto Exchanges Hesitant towards KYC Verification? 

The resistance to KYC for cryptocurrencies boils down to two factors. Firstly, users believe that with KYC verification processes in place, they would be losing their anonymity. And secondly, KYC verification would mean that the power would be given to a central authority, thus losing the point of a decentralized currency. However, customer’s KYC verification is crucial for eliminating the threat of surging financial crimes through cryptos. 

Use Case: How Binance is Making KYC Verification Attractive for End-users

Binance, the largest cryptocurrency platform in the world, is dedicated to meeting KYC compliance requirements. But how is the platform ensuring KYC compliance? By providing extra benefits to KYC compliant customers. Users that comply with KYC regulations are able to enjoy top tier upgrades at a much lower cost. Where unverified users can only withdraw 2 BTC daily, verified accounts can withdraw up to 100 BTC daily. 


Cryptocurrency exchanges will need to invest in innovative RegTech solutions to stay compliant with stringent KYC and AML regulations. ID verification systems, for example, are powered by thousands of AI models, making it easy for crypto platforms to verify customer identities and meet compliance targets in a single go. Going forward, it would be interesting to see how crypto platforms adapt to changing compliance regulations, particularly as the long-term survival of digital currencies currently depends on robust KYC and AML regulation and control measures. 

Want to learn more? Try out our 7-day free trial or talk to our experts!


DSAR Under GDPR and CCPA – Understanding the Key Differences

Data protection is one of the key concerns of organisations these days. For the same reason, data protection laws have increased in different parts of the world. A study reveals that only 10% of the global population had data protected until last year. The study further states that approximately 65% of the population’s data will be secured by the end of the year 2023. The Cisco Consumer Privacy Survey shows that 84% of people are concerned about data privacy in the digital world and want more control over how their data is being used. Given the rising concerns of end-users, law-making bodies have enforced certain data protection regulations that provide consumers with the right to disclose their data. Arguably the European General Data Protection Regulation (GDPR) gives Data Subject Access Request (DSAR) to the residents. Similarly, there are many other regulations for data privacy like the California Consumer Privacy Act (CCPA), PIPEDA in Canada and LGPD in Brazil. Let’s take a look at the key differences of DSAR under GDPR and CCPA. 

What is DSAR?

DSARs are not new since companies and government authorities have been using them for many years now. However, data protection and privacy regulations imposed several changes that make it convenient for consumers to request data access. A DSAR is a request from a data subject to your firm. As per regulatory requirements, you are obligated to provide all the information as soon as possible.  

Article 15 of GDPR states,

“A data subject should have the right of access to personal data which have been collected concerning him or her and to exercise that right easily and at reasonable intervals, to be aware of and verify the lawfulness of the processing.”

According to Title 1.81.5 of CCPA

(a) A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. This right may be referred to as the right to opt-out.

(b) A business that sells consumers’ personal information to third parties shall provide notice to consumers, pursuant to subdivision (a) of Section 1798.135, that this information may be sold and that consumers have the “right to opt-out” of the sale of their personal information.

(c) A business that has received direction from a consumer not to sell the consumer’s personal information or, in the case of a minor consumer’s personal information has not received consent to sell the minor consumer’s personal information shall be prohibited.


Under GDPR and CCPA, the DSAR has the following differences and similarities:


DSAR – The Key Considerations 

With DSAR, there are some common expectations. A few of them are:

  • A company will respond to the request or take action 
  • The response will include all the information 
  • Action will occur in a defined period

For companies, one of the fundamental requirements is to maintain a record that a response was provided on the request. Companies must track the date of the receipt and the date of response. 

Businesses have a certain time limit to respond to DSARs. As per GDPR, firms must get back to the request within 30 days. On the other hand, the CCPA has imposed a 45-day restriction for the responses. Other timelines include:

  • 10 business days for confirming the receipt of the request 
  • 15 business days for responding to opt-out requests 
  • 90 business days for informing vendors to not sell consumer information
  • Two years for maintaining the log of the requests 

DSAR – The Key Exceptions 

There are some exceptions to DSAR for organisations under certain circumstances. A common exception under GDPR is the disproportionate effort. Companies cannot use DSAR exceptions for not responding to the requests.

California Consumer Privacy Act (CCPA) allows organisations to delete requests. For instance, if a consumer requests a deletion before the warranty period ends, the company is allowed to do that. 

In simpler words, there are many exceptions of DSAR and they vary according to the jurisdictions, laws of the state and many other factors. 

DSAR Checklist for Organisations

Here’s how businesses can opt for responding to DSARs:

  • A system that can efficiently receive and process all the requests
  • Verification of identities of data subjects upon receiving requests 
  • Data collection and review of the processed requests
  • Remediation plans 
  • Plans for delivering the requested information 

Can businesses refuse to respond to DSAR? Yes, under certain circumstances, companies can turn down a request. Here are some of these reasons:

  • Searchable and accessible format of personal information is not maintained
  • Compliance is the purpose for processing personal information 
  • Information is not used for commercial reasons 
  • The data is used for national security or law enforcement
  • The data subject has made multiple requests for disrupting the system

Key Takeaways

Data protection and privacy are the major concerns of law enforcing bodies and organisations. Different regions of the world have imposed various regulations like GDPR in the EU, CCPA in California, LGPD in Brazil, etc. The Data Subject Access Request (DSAR) provides consumers with the right to access their data. Under CCPA and GDPR, the DSAR provides visibility and control to the data subjects. Although there are certain exceptions of DSAR under certain situations, data subjects still have the liberty to request access, deletion or closure of their personal information. 

Got questions about data protection and privacy? Our experts are always there to assist you. 

More posts