Blog

KYC/AML Compliance in light of FinTRAC

Ashley Williams
April 16, 2018
3 minutes read
1968

Witnessing the updated AML/CTF regime; the guidelines by FinTRAC regarding ID verification have been imminent.

The new amendments in the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (2015) now outline complete classification of methods and related requirements for reporting entities with reference to KYC/AML compliance. While these guidelines may restrict areas of business or halt transactions in progress; the new concept makes things clearer, systematic and reduces the impact of financial crime and anonymity.

The transition period which was first described as June 30 2016 to June 30 2017, was extended to January 2018. Once this period is over; all entities are required to assess verification processes according to the methods mentioned within. Now that the guideline has been enacted, all the intermediaries are bound to ensure that their user on-boarding is done with Due Diligence and as part of the system devised by FinTRAC Authorities. The crime prevention space has readily changed as a result of the new set of rules. With every day there are new technologies being offered in the market for ID verification purposes. The nature of data being processes by these mediums increases liability. To ensure User data is protected and not accessed by third party platforms, or on server which are unsecured; there is definitely the need to establish standards of working.

FinTRAC under the PCTFR, has outlined its main objectives as;

Collecting, analyzing and disclosing information to assess and prevent financial crimes.
Restricting the unauthorized use of information.
Increase public awareness regarding AML Compliance and Due Diligence.
To ensure efficient record keeping of information stored.

For intermediaries; FinTRAC has clearly mentioned acceptable “Methods to Identify Individuals”

Single Process Method:

The single process method is two-fold. The verification is carried out with the help of either a Government ID card or User’s credit file.

Dual Process Method:

The dual process is a hybrid of twice checks where multiple resources are vetted in order to establish an identity/presence of a person. The verification is carried out by the scrutiny of two mutually exclusive pieces of documents which are Acceptable Documents to ensure AML compliance.

Acceptable Documents:

FinTRAC has announced a list of ID Cards, Documents or such material which is deemed acceptable for KYC and AML processes. The complete details mentioned in the guidelines can be found here. Due to increasing number of membership cards and multiple authorized sources; acceptable kind of documents have been restricted to ensure maximum transparency.

Record-keeping:

FinTRAC’s major goal is to make sure that responsible parties have a proper mechanism and system in place which can record/hold the information provided by the User as well the output generated as a result of the verification process. For this purpose a record or log of every verification process step and documents submitted for KYC or AML compliance is mandatory.

With the help of newly released guidelines by FinTRAC, Canada based businesses can now run a smoother and quicker on-boarding process.

To learn more about Shufti Pro’s FinTRAC compliance contact sales@shuftipro.com to access our product report.

Recommended For You:

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Legal Challenges Against TikTok for Breaching Child Privacy Policy
FinTRAC under the PCTFR, has outlined its main objectives as;
TikTok, the most trending social media application in the present times is facing legal actions for violating the UK’s child protection policies. They have been sued by a 12-year old girl from the UK. The girl, whose identity remains anonymous, has been given Anee Longfeild’s support, who is England’s commissioner for child protection. According to the commissioner, the app violates the UK and EU laws.

The girl has been granted anonymity by the court to avoid cyberbullying by the influencers or users of the app. BBC reports that it is hoped the case will be taken to the court which will result in improved data privacy policies of the minor by the app. The case will require the deleting of the application’s data of the minors.

TikTok collects data for the purpose of advertisement. However, the majority of the user base of the app is of teenagers. According to a report by The New York Times, one-third of the TikTok users are 14-year-old minors. This is not the first time the app has been penalized for violating data protection policy. In 2019, FTC fined $5.7 million for violating the privacy laws of the USA regarding minor protection. After this lawsuit, the app was forced to take down the videos of children under the age of 13. A separate section was created for the use of minors only.

TikTok has been under strict scrutiny by the US and a ban has been proposed by the presidential body which is yet to materialize. TikTok’s privacy policy states that they only ask for limited information like name, username, password, and birthday. However, the rest of the data can be collected from the device including the IP address, country-level location, ID, and app activity etc.

The app’s privacy policy has changed in January 2020 which states in detail how the user data will be shared. Enza Iannopollo, privacy analyst at Forrester said, “When you have a child accessing a digital tool, there are unique concerns for the data to be actually stored and tracked, different regions might define children’s age differently. Some countries will say 16, others will say 13.”

She also added that whatever the age of the child is, parental or guardian consent must be required to use the application.

Recent Posts

Blog
Multi-Tier Security - Another Line of Defense Against Bank Account Scammers
FinTRAC under the PCTFR, has outlined its main objectives as;
The banking sector has been witnessing a significant rise in criminal activities is a major concern of security authorities these days. The latest reports revealed that banks have been violating KYC and AML regulations and there were skyrocketing penalties in 2020. Protecting banks and customers is necessary and identity verification is one of the best ways of doing so. However, conventional methods like manual document verification do not suffice for the needs. There must be more robust and automated systems like digital identity verification and video KYC that can enhance the efficiency of the process.

A single line of defence does not work when it comes to technologically advanced fraudsters. There must be layers of security to filter them no matter how hard they try to surpass ID checks. Hence, multi-tier security is what the banking sector needs. Multiple layers of security checks and identity verification methodologies will make it impossible for fraudsters to enter banks.

What is Multi-Tier Security?

Multi-tier security refers to multiple layers of identity verification to enhance security in organisations. Fraudsters are developing sophisticated ways of fulfilling their malicious intent and a single layer of security cannot help companies. Therefore, there must be multiple layers of ID verification that can prevent fraudsters from entering the business.
A Summary of Bank Scams and Frauds

Over time, many different types of frauds and scams have struck the banking industry. Due to advanced technology, not only banks are streamlining their processes, but criminals have also figured out techniques to execute their plans. Many new breeds of scams have surprised organisations, especially banks. Let’s take a look at some of the fraudulent activities.

Account Takeover Fraud

Account takeover (ATO) refers to the fraud in which criminals get illegal access to bank accounts and use them for illicit activities like money laundering and chargebacks. As technology advances, fraudsters have also become sophisticated in committing account takeover fraud. There was a 43 per cent increase in account takeover fraud during the global lockdown in 2020. The numbers are expected to increase this year as well due to rapid digitisation.

New Account Fraud

A new breed of frauds struck the world a few years ago by the name new account fraud. With time, the rate of this fraud has increased and defeated all other kinds of scams. For a new account fraud, fraudsters use stolen, forged, or synthetic identities to open a new bank account, get a new credit/debit card, or loan money from the bank. According to Javelin Strategy, 3.2 million customers were affected by this fraud alone in 2018.

Identity Theft

Identity theft has been a threat to businesses for a very long time. The numbers are continuously increasing and banks are the primary target. Unfortunately, identity theft has taken various forms as well, including child identity theft, medical identity theft, and social identity theft. This enables criminals in making purchases, opening new bank accounts, and enjoying numerous other benefits with false names.

Data Breach

Data breach is a social engineering technique that fraudsters use to acquire customer information. The stolen data is later used for bank account scams, identity theft, and numerous other illegal activities. The identities stolen from a data breach are also used for new account fraud. Around 8,000 data breaches were reported in 2019. In the first half of 2020, 540 data breaches were reported only in the United States according to Statista.

Biometric Authentication – The Additional Security Layer

Biometric authentication is the additional layer of security that not only enhances the level of security, but it is also a rigid measure that fraudsters cannot dodge. Fooling biometrics is not a piece of cake for criminals because biometric authentication requires the live presence of the individual for identity verification. Voice, face, palm, iris, pupil, and retina are some of the biometric traits of an individual that are required for biometric verification.

Biometric verification employs various artificial intelligence models and the following techniques are used for authentication:

3D depth analysis

Micro-expression analysis

Skin texture analysis

Liveness detection

All these techniques ensure the live presence of individuals and any spoof attacks or deepfakes can be identified within seconds.

How will Multi-Tier Security Help Your Bank?

Digital identity verification is a multi-tier security measure that your bank needs. This system has multiple methods of verifying identities that prevent fraudsters from entering the business. Here is how the process of multi-tier security works:

First, the individual has to register on your bank’s website for the identity verification process

Along with the registration details, government-issued ID documents are also submitted

Then, the information submitted is verified with the government-issued ID document

Once the documents are verified, biometric authentication comes in action and face verification checks are performed

Customers have to submit their selfie or video during verification which is matched with the image on the ID document

Lastly, consent verification checks are also performed in which the customer has to submit a handwritten or typed consent note

Conclusion

All in all, verifying identities with the manual method is not an adequate option in the digital world. Digital identity verification is an automated process of verifying identities with layers of security to increase the efficacy of the process. One of the strongest layers in this method is biometric authentication that ensures the live presence of the customer for verification. Fraudsters cannot bypass these checks through any of their techniques. Due to the robustness of this technique, bank account scammers fear from the additional layers of security to verify identities and transactions. Identity theft, account takeover fraud, new account fraud, and data breaches are some of the criminal activities that have increased over time. Now, banks need a multi-tier security system to ensure the security of the customers as well as the organisation.

Get in touch with our experts and learn more about the digital ID verification system and biometric authentication.

Talk to us

KYC/AML Compliance in light of FinTRAC