Blog

Enhanced Due Diligence: Ensuring KYC and Regulatory Scrutiny

James Efron
September 16, 2019
7 minutes read
2564

Enhanced Due Diligence: The adoption of innovative solutions in businesses today, should not have the sole purpose of making profits. A broader vision is required that could abstractly look into the secondary dependencies that can impact a business. These dependencies vary from the third-party services and businesses to associated regulations and compliance requirements. Instead of limiting the focus on business revenue generation, knowledge of local regulations and guidelines should also be ensured.

Customer identification and verification become a crucial step for businesses to meet the Know Your Customer (KYC) guidelines. While partnering with third parties and businesses, especially the financial institutions and banking industry who has a lot to deal with multiple other industries should ultimately comply with the need of knowing them fully. This serves as the primary step to curb the risks of harsh penalties and local regulatory fines.

A recent study shows that In the EU, regulatory fines can reach up to €20 million. This could be estimated to be 4% of the business annual revenue. Per violation, it costs about $1,000,000 in countries like Australia and Brazil. KYC compliance is the step that can deter the risks of such huge monetary loss. The banks when open new accounts for users need to conduct the Customer Due Diligence (CDD) process. This process ensures the identity of the user under certain KYC parametres. It includes the Anti-money Laundering (AML) background checks, terrorist financing, and checks for Politically Exposed People (PEPs) to ensure that any forbidden entity does not dare to be the part of the legitimate business.

Enhanced Due Diligence (EDD) is an advanced concept of CDD, the security perspectives and guidelines that are CDD do not cover are wrapped up by EDD. It ensures a high-level security potential that could impact the business directly or indirectly. The hidden security challenges, identity assurance, risk assessments, and evaluation are part of EDD. The high-risk privacy and security concerns are eliminated with EDD compliance at an organizational level. The monitoring and screening of entities and transactions reduce the chances of online fraud and payment scams. Also, introduce soundness and reliability in the business.

The intersection of Enhanced Due Diligence and KYC

EDD and KYC both fulfill the purpose of customer authentication. EDD policies intersect with KYC ensuring the rigorous onboarding process for the end-users. The data should be collected, examined and processed with responsibility and detailed auditing should be performed to keep track of the activities been performed in the system. Controlled data access should be done in order to limit the number of users accessing sensitive user data. In this way, there will be fewer chances of integrity interruption within the data. EDD requirements also assure KYC risks associated with each verification process, with individual risks calculation and assurance before further processing. Also, Identities should be verified against money laundering and counterterrorism checks that make sure the honest traffic on board.

Under the hood of local regulatory compliances, EDD ensures the data privacy and protection rights associated with the user. User data privacy rights include the intentions for which data are collected, analyzed and processed. The time span to which data will be saved in the database and the tasks in which data will be used is also answered. The organizations that fail to comply with these laws are subjected to heavy lawsuits.

Regulatory Penalties Around the World

The comparison of data protection regulations around the globe is done, among which it is discovered that about 65% of countries have made amendments into their policies or have adopted the GDPR requirements when it was announced. Penalties can be demonstrated on the basis of local regulatory compliance by the countries and how they see it. This alignment of lawsuits can extend in case of non-compliance accordingly. The fines are not only applicable to the ones who undergo some cyberattack or data breach but it doles out to each individual business who does not comply with local regulators. Below are some of the countries and companies who are recently fined:

Germany: first fine Germany faced back in July 2018. A German social media network named Knuddles got hacked which compromised the information of more than 330,000 users which includes 808,000 email addresses and relevant passwords. The reason, this information got hacked was that Knuddles has stored the user information in plain text which is entirely against the GDPR law. The company this breach in September and blocked all the affected user accounts and informed those users. Due to this data breach, Knuddles was subjected to a small fine of €20,000, which was under debate by many people. Although local regulators find it totally proportional to the loss the company has made due to data breach. After this, the company put strong security measures to protect their system from similar and further incidents of a data breach.

Poland: Poland’s DPA subjected to a fine of €220,000 on April 1, 2019. A digital marketing agency, Bisnode failed to dole up with the requirements of GDPR. Bisnode scraps the data and process it, but without notifying the data subjects, which leads them to a heavy fine. As it is the GDPR law, that without the permission of subjects, user data cannot be used. Additionally, Bisnode was supposed to mail 6 million people in the next three months which cost them an extra €8 million. If this company has notified its end-users previously could avoid this heavy risk.

Google: In January 2019, Google subjected to a heavy fine of €50 million. The violation of the requirements of GDPR was taken in notice when data subjects complaint about the inappropriate method of Google for asking consent from them. The lack of transparency is one of the key points of GDPR which was not fulfilled. According to GDPR, consent should be freely given, must be informed, must be granular and should involve affirmative action. But, Google failed to comply with all these specifications as the boxes for consent were pre-ticked which is not considered as valid consent.

How Enhanced Due Diligence help avoid Penalties?

One of the major challenges with EDD is to know how much information is required from a customer to verify the identity. Electronic checks are implemented by financial institutions that automate the tasks of verifying identities against money laundering and terrorist financing. These tasks are audited automatically which keeps the track of entities entering and leaving the system while screening them against multiple checks. Their activities are constantly monitored to avoid the chances of malicious actors being part of the system.

Online Identity Verification

Verify the onboarding customers using a bunch of necessary information which includes personal information i.e. name, date of birth, address, age, etc. (varies with the niche of businesses accordingly). This can reduce the risks of online fraud that take place every now and then with multiple faces.

Avoid Financial Crime

With EDD, dirty money can be prevented which includes the money from PEPs, terrorists, and money launderers. The necessary security precautions are covered by EDD due to which soundness and transparency in the system are ensured that deters the risks of financial crimes.

Clear Compliance Details

The compliance details of the company should be obvious. It is not necessary that a data breach explicitly shows how secure your software is, but the key step is complying with local regulators and privacy programs. In the business’ policies, all the compliant documentation should clearly mention the laws that are required by your specific business niche.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
59 Arrested in Vietnam Crackdown on Illegal Crypto Gambling Group
The intersection of Enhanced Due Diligence and KYC
Regulatory Penalties Around the World
How Enhanced Due Diligence help avoid Penalties?
Law enforcement bodies arrested 59 Vietnamese in illicit gambling schemes and were suspected of $3.8 billion crypto theft.

Vietnam’s law enforcement authorities have arrested 59 people, suspected to be involved in an illegal gambling ring in Ho Chi Minh City, that stole $3.8 billion in bogus bets. According to Vietnam’s investigation bodies, comprising of Vietnam’s Cybersecurity, High-Tech Crime Prevention and Control Department, the Criminal Police Department, and the Ho Chi Minh City Police Department, four Vietnam’s citizen named Huỳnh Long Bạch, Huỳnh Long Nhu, Phạm Thị Mai Ngân, and Nguyễn Đắc Quý were masterminds in this robbery.

The legit gambling was tricked into signing up for the cryptocurrency wallets on international platforms like Remitano to deposit ETH, USDT, or TRON in the wallets. Afterward, gamblers using the wallets place bets on Nagaclubs.com and Swiftonline.live. These were the connecting sites to the actual platform Evolution Gaming, a subsidiary of Evolution AB in Sweden. The alleged suspects admitted that they got commission from the platform for onboarding Vietnamese gamblers. In this regard, Evolution has denied that their digital tables could be used in countries where gambling is illegal.

According to the police investigation, fraudsters crashed the websites during the time of increased activities to loot gamblers’ digital wallets. Gamblers were enticed into the bogus schemes as criminals portrayed themselves as legit entities over social media platforms. Additionally, criminals offered insurance and promising refund that attracted mass audience.

However, law enforcement authorities have been doing efforts to counter illegitimate gambling activities in Vietnam. The government has legalized betting in six brick-and-mortar casino for locals and foreigner but online gambling and private table remains illegal.

This case is an eye-opener for the regulatory bodies. Money laundering using cryptocurrency is a rising concern in Vietnam. Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance are crucial when trying to trace down the flow of illicit money transactions.

Suggested Read: Vietnam’s Ministry Concerned About the Risks Attached to Crypto Trading

Enhanced Due Diligence: Ensuring KYC and Regulatory Scrutiny

The intersection of Enhanced Due Diligence and KYC

Regulatory Penalties Around the World

How Enhanced Due Diligence help avoid Penalties?

Online Identity Verification

Avoid Financial Crime

Clear Compliance Details

1. Emergence of Banking-as-a-Service

2. Decentralized Finance (Defi)

3. Open Banking

4. Data and the Customer Experience

5. The Rise of Cross-Border E-Commerce

6. Strengthening FinTech Regulations

7. NFC Verification Systems

8. Digital and Neo Banking

9. Innovation in WealthTech

10. Hybrid Address Verification Solution

Final thoughts

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.