Why CDD is significant for both Know Your Customer and Know your Business verification?

Customer Due Diligence: From KYC to KYB

Why CDD is significant for both Know Your Customer and Know your Business verification?

Banking is a profitable sector but is risky at the same time. Frauds, as well as compliance risks, are often complicated and intricate. The banks and financial institutes are spending a high amount of capital on KYC compliance, which surpassed $100 billion in the year 2019. Even with this much investment, global banks have been fined $321 billion since the global crisis in 2008. Further complicating these risks is the fact that financial crimes such as money laundering, terrorist financing, and cyber frauds are increasing.

On the other hand, regulatory authorities are striving hard to enforce measures that could lead to the eradication of financial crimes. One of the first regulations that were enacted amidst the Vietnam war back in the 1970s was BSA. US regulatory authorities issued the Bank Secrecy Act of 1970 (BSA).

The purpose of this law was to counter money laundering activities emerging from illicit drug trafficking. Under this provision, banks are obliged to report any customer activity that seems suspicious such as transaction above $10,000 to the Federal Financial Crimes Enforcement Network (FinCEN).

The regulations aimed to make it difficult for the drug cartels, terrorists, and other lucrative criminal enterprises to launder money by making their transactions more visible to law enforcement agencies.

Introduction of Customer Due Diligence as Know Your Customer (KYC) regulations

 

The Banking Act of 1970, laid the foundation for the Anti Money laundering (AML) regulations later in US patriot Act, 2001, after the tragic incident of 9/11. Customer due diligence (CDD) was declared necessary for the financial sector. The term coined for performing CDD is Know Your Customer or KYC.

The KYC regulations were fortified to restrain the flow of money to the terrorists. It requires financial institutes to verify the customer to ensure that they are, who they claim to be. These regulations led to the adoption of various approaches to comply with CDD and KYC laws. Since the US regulatory changes affect the landscapes of the global financial sectors, these regulatory changes were accepted by the banking sector worldwide.

Financial Sectors adopted several ID verification controls to respond to these regulations. These ID verification controls include:

  • Maintaining a thorough Customer Identification Program (CIP).
  • Verifying customers against the list released by Law enforcement agencies.
  • Predicting, customer’s behavior and criminal risks associated with a particular entity, based on the statistical data.
  • Ongoing screening of the transactional activities of suspected customers.

It continues to be the main line of defense for the financial sector against financial crimes, with minor amendments. For a simple person, this law appears comprehensive. However, in June 2016, a loophole was identified in KYC compliance regulations. 

The banks weren’t required to verify the identity of stakeholders and beneficiaries of the businesses they provide services. It was after Panama Papers Scandal the world realized that apparently, legitimate businesses could hide the identities of bad actors and perform illegal activities on their behalf. The regulatory authorities identified the risk and issued a fix as Know Your Business (KYB).

Tying up Loose Ends with KYC Verification

 

This fix made by regulatory authorities in the KYC checks includes the Customer Due Diligence for the financial institutes. Under the new provision, Financial institutes are now required to perform stringent verification checks. KYB regulations are aimed to identify the shell companies that are involved in money laundering and other illicit financial crimes. 

Firms are required to verify the person who owns the business legally as well as, the identity of stakeholders owning a minimum of 25% share in the business. European Commission also introduced the same legislation in its 4th AML Directive (4AMLD). This process of business verification was improved, with new regulatory changes in AMLD5 and AMLD6, which are aimed to make due diligence transparent.

However, KYB compliance is not easy to achieve as it seems. The major problem in KYB verification is the identification of shareholders in the businesses. Most of the time, no record of these entities is available and to make things worse, the disclosure requirements in each jurisdiction varies. This sometimes makes it impossible to identify the stakeholders in the business. It is a recipe for disaster, for the firms who want to stay in compliance.

Turning towards Technology for Solution 

 

Emerging from the ashes of the global financial crisis in 2008, the new regulatory technologies are helping to ease the burden of compliance by reducing the operational costs as well as mitigating the risks for financial crimes. At the crux of these technologies, is the use of new technologies such as Identity verification and KYC identification, to help financial institutes to monitor, comply and regulate. The RegTech solutions are already assisting financial institutes to meet KYC and AML regulations.

Businesses need to stay one step ahead of the fraudsters. With a comprehensive approach to global risk mitigation, businesses could easily prevent fraudulent activities and stay in compliance with regulatory authorities. 

RegTech industry is rendering efficient AI-based solutions for Business verification solutions that can eliminate the inefficiencies and risks involved in onboarding new customers. For instance, automation of official document checking process and verification against the government issued registries. 

The future of RegTech is expected to see great adoption in the financial sector in the future. Owing to the changes in regulatory compliance, performing KYC and KYB verification parallelly will enhance the customer due diligence process and businesses to stay compliant.

FATF Guideline Key Features

RegTech – FATF Guidance for Digital Identity Verification

Regulatory authorities have recognized the benefits of technology and its use for seamless regulatory compliance and scrutiny. Digital identity verification referred to as “digital ID systems” in the FATF guidelines, is a futuristic approach towards fraud prevention. FATF recently issued a guideline for digital ID systems, their use cases, the risks involved and the benefits of such solutions. 

FATF took this initiative back in 2017. It showed its positive attitude towards technological solutions for regulatory compliance that are aligned with the regulations of FATF. Since then FATF has been working on developing guidelines for such fintech and RegTech solutions, that will further make this industry fraud-free. As the guideline highlighted that risk prevails in the fintech industry as well and it can be mitigated through regulatory compliance. The FATF guideline on the digital ID systems is still under scrutiny and it requested suggestions for public stakeholders to leave no loophole for financial criminals. 

FATF Guideline Key Features

The following are the key features of FATF guidance on digital ID systems. It is expected that the final draft of guidance will be very much different from the current draft. 

 

  • Stakeholders of the Digital ID guidance

 

FATF developed guidelines to assist in regulatory compliance, supervision, examination, and cybersecurity authorities by government organizations involved in policymaking. Also, the private sector that delivers digital ID systems will have a lot to gain from the guidance. 

Last but not least, the businesses and organizations that use outsourced digital ID systems will also benefit from this guidance, as it will help them to choose the best Digital ID verification solution. 

 

  • Limitations of the guidance

 

The guidance draft issued by FATF doesn’t cover any information regarding some Customer Due Diligence (CDD) practices. The guidance doesn’t cover the CDD through digital ID for legal person verification, Ultimate Beneficiary Owner (UBO) screening, and nature of a business relationship. 

There is no doubt that digital ID verification can serve these above-mentioned purposes as well but for the time being FATF didn’t cover these in this guidance. 

 

  • Main components and participants of the digital Identity systems

 

The guidance mentioned three main components and participants that it seeks to be available in digital identity systems used by the entities. It includes the process of identity screening through digital ID systems, the ongoing screening and the technical aspects of the digital identity systems. 

  • Identity proofing and enrollment is the first component and it involves the collection and verification of customer data. A picture is shown on the 13th page of the guidance draft and it shows the process of collection of data from the official identity document (like ID card) and then screening of the information to verify the identity of a customer. The component one also includes the verification of a person through biometrics like face verification and liveness detection to ensure that the original person is providing the identity evidence.

 

  • Identification and identity lifecycle management is the second component and it includes the information regarding the stakeholders that need to be verified. The system should be designed to verify the identity of new customers and to verify the identity of already existing customers. It also mentioned that the digital identity system can be used every time a customer logs in to his/her account online or for every face to face interaction with the customers. Such verification should be performed on all the transactions and events mentioned in the FATF regulations regarding identity verification.  

 

  • Portability of identity proof is the third component that allows the end-users to develop portable identities that will be issued for future verification. 

 

 

  • References 

 

The guidance referred to NIFT Digital ID Guidelines and EU’s EIDAS Regulations and explained how Digital ID systems help in the effective implementation of CFT and AML regulations. 

 

 

  • Technical standards

 

The Digital ID systems that follow the guidelines of following international standard organizations are good to go as per the guideline:

  • various jurisdictions or supra-national jurisdictions (e.g. eIDAS Regulation by the European Union)
  • International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), Faster Identity Online (FIDO) Alliance, and the OpenID Foundation (OIDF), and
  • International Telecommunications Union (ITU) and GSMA (for industry-specific). 

To wrap up, businesses are required to comply with KYC, AML and CDD recommendations of FATF in every corner of the world. Now FATF is making things easier for them by developing a guideline for digital ID systems. Just follow this guideline for choosing the best identity verification solution for your business.

esa aml compliance

AML Compliance in EU Member States and Risks of Businesses

Making regulations is just the first step, the true game starts when it comes to implementation, the European Supervisory Authorities report gave this clear message. 

European Union regulatory authorities are always in a wake to improve Anti Money Laundering (AML) and Counter Financial Terrorism (CFT) regulations. Currently, the fourth AML directive is in action in the member states of the EU. Europen Union Supervisory Authorities (ESAs) recently gave a joint opinion based on the AML and CFT data collected from the member countries and expressed their concerns regarding the CFT and AML compliance in the reporting entities. 

The member countries are required to give this joint opinion on money laundering and terrorist financing risks in the EU financial sector every two years based on Article 6(5) of (EU) 2015/849 (the 4th AML directive). The ESAs (EBA, EIOPA, ESMA) report showed concerns regarding monitoring transactions and suspicious transaction reporting, cryptocurrencies, Brexit, and the risks associated with operations of businesses that handle a large number of financial transactions. 

Major Concerns of ESAs

The ESAs expressed some major concerns regarding the risks lurking in the financial infrastructure of EU countries. The detailed report contained the data proof of how credit institutions are exposed to more risk as compared to previous years. 

Inconsistent implementation of 4th AML directive

 

The uniform implementation of the 4th AML directive is a challenge as the legislations in a country are influenced by several stakeholders. The report of Joint Supervisory Authorities (JSA) highlighted that political and regulatory entities in the countries influence the implementation of the EU AML and CFT regulations. The countries often don’t understand the regulations properly and there is a lack of uniformity in the regulations across the EU so it leaves a loophole for the companies that plan to do illegal business. For example, if one country is rigid in AML and CFT compliance then the businesses or the criminals move to other countries with relatively lenient regulatory compliance requirements. So, it affects the effectiveness of AML and CFT regulations. 

Brexit

 

The United Kingdom is all set to leave the European Union in some time. The report of the ESAs identified that the firms working in the EU will be affected by this change in the EU landscape. The firms listed in the UK will have to update their operations as per the new UK regulations. Also, the firms outside the UK will have to get themselves registered with the UK as per the new regulations. 

This huge change in the infrastructure will affect the regulatory landscape of the EU. Most probably it will make loopholes for financial criminals. The UK was used by the shell companies in the past, and now this sudden shift in regulations will definitely take some time, so, the criminals are most likely to gain over this delay. 

Nicola Gratteri a public prosecutor in Calabria predicted that Brexit might aid the Italian mafia in pooling in their illegal money to the UK. Shell companies will be the safe haven of criminals to legitimize their cash proceeds from drug dealing, human trafficking, etc. 

Regtech and Fintech

 

Technology is a freeware that is used equally for fraud and fraud prevention. The advent of Fintech and Regtech definitely improved the operations in the financial sector but it also increased the risk. Lack of regulations and minor regulatory compliance in this sector is the source of risk. Fintech and Regtech are widely adopted by people and are very dear to legitimate users due to the ease created due to these solutions. 

Lack of legal and regulatory understanding among the Fintech and Regtech businesses is a point of concern. The businesses that don’t practice are more likely to fall prey to identity thieves and criminals. The in-depth understanding of regulations and regulatory compliance by Regtech solutions is vital to deliver quality risk prevention, so the businesses should be careful while choosing one such solution. 

Cryptocurrencies

 

Cryptocurrencies are major concerns of the JSAs. Although the AMLD5 and AMLD6 are drafted to address this risk. Lack of regulatory awareness and commitment in the cryptocurrency ecosystem are some major concerns expressed in the report. The EU is also planning to increase the scope of “virtual currencies” to “virtual assets” as per the FATF regulations. This is because there is a lack of awareness among the businesses offering the cryptocurrency services. 

Internal control

 

The internal controls of businesses are found to be lacking in their internal controls. Some major issues were found are Customer Due Diligence (CDD), lack or suspicious transaction reporting, lack of transaction monitoring, etc. 

Lack of effective compliance 

 

The businesses in the EU countries are found to be lacking in AML and CFT compliance, the report stated that sanctions screening is not enough. The businesses have to keep an eye on the transactions of their customers as well. Complete reliance on CDD is the loophole in the internal controls of firms. 

Also, businesses are required to practice compliance in a smart manner. In case they completely disown the customers based on the high risk associated with them, it will increase the chances of money laundering in the EU. 

Credit Institutions

 

The report highlighted that some credit institutions are exposed to major risks due to their business operations. Financial transactions as the key part of their operation so the risk of being exploited by money launderer sand terrorist financiers is high. The businesses are required to practice proactive fraud prevention and CDD. 

To wrap up, the businesses in the EU and outside the EU will be affected by the increased pressure on AML and CFT compliance among the member countries. The businesses from non-member countries will also be affected by this. The EU has also recommended the reporting entities to practice the EU regulations outside the region (Non-EEA states). The Brexit is also expected to happen in the near future so it will also affect the operations, regulatory compliance of the global businesses. Proactive fraud prevention, thorough regulatory compliance, and timely decisions will help businesses in achieving high returns in the future.

The Bank Secrecy Act

Know Your Business-Pillar of Strength To AML Regulations

Moving in the world of technology, where every industry is going digital, there has been very less transparency among the businesses. Collaborating with businesses and entities online leaves room for some suspicious activities – means you will have no idea about the identity of the person on the other end. For example, the business you are onboarding may be a shell company or funding the terrorist.

Know your business (KYB) – these three words always seem to pop up everywhere in the industrial sectors, especially in financial institutions. KYB has successfully evolved from Know your customer (KYC) process and has eventually become an important part of today’s regulatory firms. It plays a vital role in low-friction regtech platforms to serve all types of customers without getting involved in illegal activities and entities.

The Bank Secrecy Act (BSA) of 1979:

Back in 1970, when the Vietnam war was on the full swing, a deadly confrontation erupted regarding drug trafficking. As a result, the administration laid a strong foundation against the War of Drug. The Bank Secrecy Act of 1979 (BSA) was introduced as a part of this policy agenda to deter illegal fundings. The BSA requires all U.S. financial institutions to report certain types of customer activities to the regulatory firm – FinCEN, the federal Financial Crimes Enforcement Network. For instance, financial firms need to report about the transactions totaling $10,000 or above.

The intentions of these regulations were to hinder the cartels, drug smugglers and other productive criminal enterprises from moving money through the US. The BSA makes the transactions more visible to the federal law enforcement hence starving the actors from their profits.

From KYC to KYB

The BSA is itself a foundation for the anti-money laundering (AML) regulations also known as Know your customer (KYC) compliance. It was enumerated in the 2001 USA Patriot Act as a result of the 9/11 incident and came into effect in 2003 – adopted by a joint resolution of federal financial agencies. These regulations intend to curb the flow of money to terrorist factions and other money laundering crimes. To meet these regulations, the institutes are required to maintain a record of personally verifiable information of every customer.

It won’t be an understatement to say KYC was built upon the BSA, which enforces the financial firms to ensure the identity of their customers that they are who they claim to be. However, the BSA rules were somehow vague that were covered by KYC regulations with the introduction of the Customer Identification Program (CIP) and Customer Due Diligence (CDD).

While KYC compliance ensures the identity of the customers and keeps an eye on the risk factors associated with them, but unfortunately there is still a major loophole unsolved. That is the financial institutes weren’t required to identify or verify the stakeholders and beneficiaries of the businesses and entities they are serving. This means that legitimate firms could unknowingly shelter bad entities or shell companies while performing illegal and high-value transactions on their behalf. Doing so makes the financial firms equally responsible for the illicit transactions taking place right under their nose. 

This issue came into light through the scandal of Panama papers back in 2016 and as a result, KYB services were introduced for business verification.

Dive Deep into KYB

 

The officially titled “Customer Due Diligence Requirements for Financial Institutions” is what we consider as know your business checks or KYB. It can be taken as an extensive form of knowing your customer since it doesn’t only verify the name of the person to whom the business is registered. It also enforces the institutions to verify the identities of the chief executives and any other person who owns 25 percent or more of the business. 

KYB compliance covers an entire industry of consultants who facilitate various firms to ensure that their business customers are properly investigated and none of them are involved in illegal activities. Every financial institution, merchant acquirer or payment companies who deal with money transfers and transactions, is enforced to perform KYB check of the businesses with whom it does business.

The checks for KYB solutions include the verification of company registration, business license, identification of a business, and other executives of the business. The KYB compliance requirements may vary from address and date of birth to driving license, passports and bank statements. Moreover, these checks are also performed against sanction lists, PEPs, Adverse media, and disqualified directors. 

These authentication checks are carried out by the KYB solution providers depending on the nature of the business, transaction value, suspicious reports, and more importantly the country legislations.

The Role of 5th AML Directive

 

The regulatory regimes around the world are continuously changing with every passing day. Last year, two major regulatory directives were updated, the 2nd Payment Services Directive (PSD2) and the Fifth Anti-Money Laundering Directive (AMLD5). The PSD2 requires financial institutions to make certain data available to other institutions through the use of APIs (Application Programming Interfaces). Whereas, AMLD5 compels the financial businesses to keep tight reins on the personal information online.

The businesses from financial institutes to merchants, everyone is facing regulatory pressure to meet stringent verification requirements. To do so they deliberately need to adjust the processes to conduct due diligence. The 5th AML directive along with PSD2 and GDPR regulates organizations to verify the businesses – the KYB compliance.

AMLD5, in particular, holds liability for the EU states to collect all the legal documentation regarding the company in a central registry. Moreover, it is mandatory that this central registry must be available and accessible to all the obliged entities that are required to perform business verification. 

Enhanced Due Diligence

 

After the Panama Paper Scandal, verifying the business entities and the mainstream business structure is an integral part of AML compliance requirements, compelling enhanced due diligence (EDD). It obliges securing additional information about the business client, for instance, the nature of the business relationship, source of funds, transaction history and the enhanced monitoring of the business relationship.

KYB in Europe

 

In Europe, the 4th AML Directive is already in effect and by January 2020, AMLD5 will also be in action. The AML 4 requires the businesses to identify the obliged entities and take prudent measures to verify their identities. It facilitates the businesses to know about the UBOs in regards to trust, foundations, and legality of the entities to better understand the structure of the business and customers.

According to defined rules, the beneficial proprietor in the EU is any person who owns 25% of the corporate business. However, in the upcoming AMLD5, the proposal is lowered to 10%. 

KYB in the US

 

The Customer Due Diligence (CDD) Final Rule has been in effect since May 2018, in the US. This rule states as: 

“Beginning on the Applicability Date, covered financial institutions must identify and verify the identity of the beneficial proprietors of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted)”

As per the regulations, the financial institutes include banks, dealers and brokers, mutual funds and futures commission merchants. However, different jurisdictions constitute different requirements. In fact, even one region may have different regulations to be applicable to the state members. For example, the US financial institutes, in addition to the Bank Secrecy Act (BSA), they are liable to OFAC (Office of Foreign Assets Control), FACTA (Foreign Account Tax Compliance Act) and SEC disclosure rules.

KYB Process –  From Weeks to Seconds 

 

Performing Business verification is quite difficult, time-consuming and costly. Most of the companies hide their true identities in order to surpass the money trial. Also, the shell company can obscure their true information in filling and different jurisdictions. The percentage of possession is mostly disguised through different paper trials which makes it difficult to identify. In fact, in some countries, there is no proper paper trial – means no documentation is required for setting up a business, hence no source to investigate for shareholders’ information – which is against the FATF, AML and CTF regulations.

Some of the companies are overcoming this problem by implementing KYB solutions just like KYC. However, manual verification is quite slow, error-prone and costly. To incorporate this con, the KYB solution providers are actively adopting automated ways to verify the businesses in real-time.

In this era of high competition and complex compliance requirements, there is a need for electronic ID verification of business. By automating the KYB process, the financial institutes can securely access the UBOs identifying information from the central registry and verify it. Moreover, meeting the KYB compliance can paramount the complex regulatory environment.

Initial CCPA Compliance Costs Could Hit $55 Billion

Initial CCPA Compliance Costs Could Hit $55 Billion: Report

According to an economic impact assessment prepared for the state attorney general’s office by an independent research firm, California’s new privacy law could cost companies a total of $55 billion to get in compliance. Total CCPA compliance costs are likely to vary considerably based on the type of company, the maturity of the businesses’ current privacy compliance system, the number of California consumers they provide goods and services to, and how personal information is currently used in the business.

CCPA provides sweeping privacy protection to California’s residents. It includes a provision that will allow consumers to know what data companies are collecting on them. The bill grants rights to California residents to be informed about how companies collect and use their data, and allows them to request their personal data be deleted, among other protections. It represents the start of a new era of privacy laws designed to protect personal data, says Kelsey Finch of the Future of Privacy Forum. CCPA’s section gives consumers the right to delete personal information from the company’s database. 

CCPA Affecting Businesses :

CCPA will affect three types of businesses based in California:

  • Companies that have gross revenue of at least $25 million.
  • Companies that buy, sell and share the personal information of 50,000 or more consumers, households or devices.
  • Companies that get 50 percent or more of their annual revenue from selling consumers’ personal information.

By estimates, companies with less than 20 employees have to pay $50,000 for compliance. Large companies having more than 500 employees will have to pay an average amount of $42 million. This will make up for 1.8% of California Gross State Product. According to a report, total compliance costs for the companies subject to the law could range from $467 million to more than $16 billion over the next decade.  Researchers estimated that as many as 75% of California businesses earning less than $25 million in revenue would be impacted by the legislation. States have begun to take efforts for privacy legislation. Facebook CEO Mark Zuckerberg advocated for creating a nationwide policy in this regard. Cost and complications will be lessened by setting one legal standard for tech firms than a piecemeal approach to compliance. 

Since many businesses in California that operate in Europe had to make changes to comply with the GDPR which went into effect last year, CCPA has taken some elements from GDPR. The research suggests that the compliance costs for California’s law will be reduced this way. The EU estimated average incremental compliance costs for the GDPR would total about 5,700 Euros a year (nearly $6,300), according to the report, though there is also evident that the regulation lost productivity in sectors that rely heavily on data. Smaller firms are likely to take on a disproportionately larger share of compliance costs compared to larger firms with GDPR.

CCPA- An Inherit Part of GDPR:

Over a year after the introduction of the GDPR, concerns regarding its impact on larger firms appear to have been overstated, while many smaller firms have struggled to meet compliance costs. Resources explain this dichotomy as large technology companies are often several steps ahead of both competitors and regulators. In the long term, however, it is believed that the differential impact will likely shrink, driven in part by competition among third-party services that will help small businesses comply with the legislation. 

Economic Impact on Companies:

Companies are going to face an economic impact due to CCPA. As smaller companies with less than 20 employees are expected to spend about $50,000 in initial CCPA compliance costs, while mid-sized firms with between 20 and 100 employees could incur costs of $100,000 to start, according to the study.

The expenses come at a time when companies are reaping big rewards from the buying and selling of personal consumer data. The use of personal data in online advertising is a $12 billion annual business in California. When combined with the buying and selling of information from data brokers, the number rises to $20 billion annually.

California businesses could spend an additional $16 billion over the next decade after initial compliance expenses to keep up with changes and other expenses, according to the report. Those expenses could include hefty fines for those who violate the law.

A recent report from the International Association of Privacy Professionals found that as of this summer, only 2 percent of affected businesses were fully compliant with the law.

Meanwhile, some other state legislators are using California law as a model. In Nevada, for instance, a new privacy law went into effect on Oct. 1. That law, known as Senate Bill 220, will give consumers more ways to keep websites from selling personal data.

 Businesses that need to comply with CCPA:

Following are some businesses that have huge private data that needs to be protected by CCPA:

 

  • E-Commerce:

 

Online businesses have a huge private date of which they are taking advantage. The user surfing through the internet is analyzed by AI-based products and products of their interest are shown to get him attracted. This means that user data is being used to get more sales of their desired products by advertising it. So CCPA will enhance the privacy policies of businesses across the globe. The so-called rights over consumer data will be exploited by CCPA.

 

  • AI-based Verification Services:

 

As the regulations regarding KYC and AML are becoming more stringent businesses are adopting identity verification services for their customers and for other businesses. For this, they have huge data of clients that they have to verify. Identity verification service providers have the most confidential data on hand, hence they must follow the provisions of the California Consumer Privacy Act.

 

  • Social media:

 

Social media plays a vital role in their shopping decisions. Its a platform to target audience of interest. According to a study, 87% of shoppers are satisfied with the shopping experience through social media. There are many social media marketing tools that are employed to get to the audience of interest and to improve the sales of a particular product. Businesses are aware of these tools and deploying them well. The use of these marketing products employe available information on social media platforms. Social media sites have to change their practices of selling the personal information of users to third parties. The consent of the user must be required for selling this data to a third party business.

So, businesses need to comply with CCPA for the protection of private data of consumers. Since many California businesses had to comply with Europe’s General Data Protection Regulation last year, some of the compliance costs for the new state law will likely be reduced, according to the report’s authors. Many businesses need to comply with CCPA to mitigate the risk of a data breach. The law will go into effect on Jan. 1, 2020.

KYC checks KYC solutions KYC and AML

Winter is Coming: With a Storm of KYC and AML Regulations

The ever-evolving regulations are creating challenges and complexities for the financial institutes, both in national and international markets. Financial sector deals approximately with 200 regulatory changes per day and these numbers are rising. Most of the time, businesses fail to concede these regulatory requirements and face heavy fines. Since 2008, global banks have been fined more than $321 billion collectively for not following Know Your Customer (KYC) and Anti Money Laundering (AML) regulations

Even with a compliance cost of almost $100 billion globally in a single year, crimes like money laundering, terrorist financing, and cyber frauds are increasing. Financial Institutes (FI) do not only find it challenging to comply with KYC and AML regulations but increased fraudulent activities make these things even worse. Financial institutes often fail to identify fraudsters and face fines and even get banned.

Fraudsters and money launderers are exploring new ways of carrying illegal activities. An undercover agent who infiltrated Pablo Escobar’s drug cartel responds, “You can launder money in so many different ways, it is as unique as snowflakes.” To counter these challenges, regulatory authorities are making updates in regulations almost every day.

Changing Regulations with the Changing World

 

In the aftermath of the 2008 financial crisis, regulatory authorities put forth several noticeable amounts of regulations, but now almost after a decade, some regulators and lawmakers think it is time to analyze what is working and what is not and make necessary amendments accordingly.

Banks and financial institutes are the protectors of the financial systems and the responsibility to prevent financial crimes lies with them. In the last decade, these institutions have worked tirelessly to establish reliable KYC and AML procedures and systems. However, changes created by technology and globalization demands modifications in regulations. 

For instance, high demand for virtual currency has made regulators reassess in place regulations and make amendments to regularise cryptocurrency. As most of the cryptocurrencies are not backed up by any central governments the potential of its use in illegal activities, especially terror financing and money laundering, already threatens the authorities and businesses. 

The authorities are making amendments and the newest laws to regulate all these advances in financial systems. Here are some recent changes by notable global regulatory authorities: 

FATF

Financial Action Task Force (FATF) is an intergovernmental organization, which strives to eliminate money laundering and terrorist financing globally. The organization has been very keen on recommending necessary changes required to comprehensively deal with financial crimes.

Noticing the recent trends of money laundering (ML) and terrorist financing (TF), FATF recommends member states to perform legal screening of Ultimate Beneficial Owners (UBOs) of every business. Owing to the exploitation of virtual currency by criminals, FATF also recommends regulating cryptocurrencies. According to a report, $4.26 billion worth of cryptocurrencies were stolen by cybercriminals, only in 2019. FATF expects members to implement these regulative reforms in their respective states for combating ML and TF. 

European Commission’s AMLD5 and AMLD6

As a part of an action plan against money laundering and terrorism, the European Commission has introduced new regulations in the 5th and 6th AML directives. Every European country is required to implement these regulations as a part of its national action plan on AML and CFT.

AMLD5

 

The most prominent law in AMLD5 is the regulation of cryptocurrency exchanges and service providers. Before this directive, e-wallet providers and crypto exchanges were not covered under the financial regulations. AMLD5 made it compulsory for crypto businesses to perform KYC for identity verification. Furthermore, member states are required to maintain a central register for Ultimate Beneficial Ownership (UBOs) of the crypto businesses.

AMLD5 also lowers the threshold for the prepaid cards to decrease the risks of money laundering through these cards. According to the U.S Federal Bureau of Investigation (FBI), drug cartels use prepaid cards as a source to launder money earned from illegal drug sales in the USA. European countries are required to implement AMLD5 by January 10, 2020.

AMLD6

 

While the European Union’s member nations are striving to implement AMLD5, the European Commission published a new directive i.e. AMLD6 in their journal. This new directive will make AML and KYC regulations more stringent. By setting a clearer definition of money laundering and increasing the minimum liability for predicate offences, the EU aims to make AML and KYC more robust. 

The key elements of AMLD6 are: 

 

  • Addition of Cyber Crimes in Predicate offences. Predicate offences are crimes underlying money laundering and terrorist financing. Initially, cybercrimes including online identity theft, credit card frauds were not included in predicate offences. Once AMLD6 is implemented the businesses will require more enhanced KYC checks to avoid indulging in unlawful activities.
  • Inclusion of the entities that are aiding criminals to launder money in money laundering crimes. The addition of ‘enablers’ can make money laundering tracking easier.
  • The punishment for money laundering and terrorist financing is increased for up to four years including other penalties.

RegTech: A useful KYC solution  

 

While the aforementioned are major regulatory changes in the world, many countries are also regulating businesses to perform enhanced due diligence and KYC at national levels. Financial Sector is obliged to follow these regulations.

However, the financial sector is not lagging and is taking measures to remain compliant with rules. Since the finance sector always remains one step ahead in adopting innovative technology. One of the latest addition to the finance sector’s arsenal is Artificial Intelligence (AI). The finance sector can adopt AI to make KYC/AML screening more robust, cost-effective, and time-efficient.

RegTech (Regulatory Technology) refers to the use of technology-based solutions to help in compliance with financial regulations. RegTech is enabling rapid development in the financial sector regarding compliance. AI-based identity verification and AML screening solution are both cost-effective and time-efficient. Businesses should adopt AI-based KYC and customers due to diligence solutions (CDD) when onboarding customers to remain compliant with regulatory changes and avoid any offence.  

Conclusion

 

KYC laws are continually modified to catch up with the latest techniques for perpetrating financial crimes. A recent example is AMLD6 by European Commission, which intends to make KYC and AML compliance stricter. The financial sector must adopt effective measures to maintain the integrity of the institutions as well as meet the regulatory requirements. They are the first line of defence against money laundering and need to act accordingly. To ensure that businesses remain in compliance with these changes, RegTech industry is rendering efficient AI-based solutions for KYC checks.   

EUs Sixth AntiMoney Laundering Directive AMLD6

EU’s Sixth Anti-Money Laundering Directive (AMLD6)

Summary: Sixth Anti-Money Laundering Directive (AMLD6) highlights a stringent framework to combat money laundering and terrorist financing. It extends the scope of criminal liabilities and entities with an updated list of predicate offenses. AMLD6 came up with tougher penalties and widens the criminal liability to legal persons. 

The European Commission affirmed action plans to tighten the reins on mounting money laundering and terrorist financing. On 26 June 2017, the 4th Anti-Money Laundering Directive (AMLD4) came into force contributing to the same idea of combating bad money flow. It stated the regulations for information exchange and its operation among financial institutions. After this, EU co-legislators identified the need for amendments in AMLD4 which were declared in AMLD5. These changes are expected to come into effect by the 10th of January 2020 and state sectors which need to strengthen the standard operations to deter the risks of money laundering. Also, it asserts that the sectors facilitating criminal activity will be subjected to harsh regulatory penalties. Recently, the EU Commission came up with Sixth Anti-Money Laundering Directive(AMLD6) published in the EU’s Official Journal. AMLD6 introduces a harmonized authoritarian framework for the elimination of money laundering. 

AMLD6 strengthens the existing norms of anti-money laundering. It establishes minimal criminal liability rules for money laundering by setting it’s clear definition and stating predicate offences, enforces minimal sanctions and extends criminal liability to legal professionals. It reinforces the framework with the police cooperation point of view. Furthermore, the Directive sets specific requirements regarding information records and requests, sensitive data processing, and restrictions to rights. 

AMLD6 – New Measures and Amendments

 

EU Commission proposed new measures to fight against terrorist financing and money laundering activities. Commission believes that existing models are neither comprehensive nor consistent. It suggests that definitions should be cleared at the national level and scope should be widened that covers the industries with a broader perspective. It further elaborates that criminal proceedings are innovative enough to exploit the parliamentary discrepancies. These weaknesses become the source of opportunities for money launderers to convert their ill-gotten gains to good money. 

The draft provided by EU legislation is obliged to send it to Parliament as well as Council. The trialogue of three bodies will reproduce an agreed document that would be accepted as a new EU law. Denmark will not be affected by this law due to its legal agreements and the UK government may be opted out of the adoption of AMLD6 notwithstanding Brexit agreement. The fundamental component of AMLD6 is the list of 22 predicate offences. AMLD6 defines these predicate offences explicitly which will definitely impose obligations on the firms. Companies would have to take in place monitoring systems to detect direct and indirect links facilitating predicate offences. 

Following are the key elements of AMLD6 that incorporate criminal legislation:

 

 

  • Harmonized list of Predicate Offences

 

The scope of 22 predicate offences has extended. Now it includes the emerging threats of environmental crimes and cybercrimes in the EU. Environmental crimes refer to those that set out in legal acts of the Union. Similarly, cybercrimes are declared as predicate offence that was not catered in the FATF recommendations. Tax crimes are also in the scope of AMLD6, the crimes that directly and directly committed due to tax commutation. To avoid the ruinous circumstances, firms should familiarize themselves with the expanse of 22 predicate offences. 

 

  • Aiding and Abetting, Inciting and Attempting

 

The money laundering scope is extended in AMLD6. Now, aiding and abetting, and inciting and attempting lies under the premises of money laundering perspectives. By including these entities that are called ‘enablers’, money laundering tracking can become easier. These entities are considered the facilitators of the money laundering process. Therefore, AMLD6 extends its boundaries for money launderers to combat the risks of embezzling funds transfer. 

 

Key Points of 6th AML Directive

 

 

  • Criminal liability extension to Legal Professionals

 

Recalling AMLD5 in which legal professionals were spotlighted to undergo client identity verification and keep accurate information about them. AMLD6 focuses on the evaluation of legal professionals. According to which, criminal liability is extended to legal professionals i.e. partnerships and companies. It is applicable to those who facilitate money laundering through their businesses directly or indirectly for the sake of their own benefit. Legal professionals would be answerable if Individuals who caught transferring illicit funds is not identified. 

In addition to this, the representatives, executives, supervisors, and decision-makers who lack proper individual authentication or supervision would be accountable for facilitating criminal activity.

 

  • Tougher Regulatory Penalties

 

One of the most important area covered in AMLD6. The Directive says that all Member States are supposed to set the imprisonment of at least four years to deter money laundering. The business that caught facilitating money laundering would be temporarily or permanently banned. Also, there would be the closure of business units and operations, exclusion from public funding access, halted grants and concessions through which predicate offence is committed. Wise companies are in the race of complying with the regulatory norms to avoid harsh fines and reputational loss of a company. 

The rising exposure to money laundering is alarming for industries and businesses. Any entity that facilitates money laundering or terrorist financing actions will be sentenced with heavy penalties. Companies are seeking innovative solutions to tackle money laundering and to perform efficient monitoring of bad money flow through Artificial Intelligence and Machine Learning techniques. 

Data Protection and Privacy

 

This initiative facilitates competent authorities to take in place stringent mechanisms through which personal and sensitive data is collected and processed. The fundamental rights of the subjects should not be compromised in any way. The directive focuses on data protection and privacy rights, the information collection should be minimal and should not include any financial information, for example, financial transactions or credit in bank accounts. Although a limited set of information includes personal data i.e. subject’s name, bank account number, date of birth, etc. Information on the total number of bank accounts of the subject is necessary for the purpose of investigation.

Sixth Anti-Money Laundering Directive (AMLD6) will be formally published and adopted in the EU’s Official Journal and at least after 26 months of coming into force, firms would have to comply with the directive. Member States have to follow the regulatory provisions and laws to take into account the associated predicate offences that could be promoted in the premises of legitimate business in any way.

Global Economies are joining forces with FATF against money laundering

Global Economies are joining forces with FATF against money laundering

Financial Action Task Force (FATF) has been very keen on eliminating financial crime (money laundering, terrorist financing) at a global level. The regulatory authority recommended some major changes in  AML (Anti Money Laundering) practices and screened the AML practices of some of its members (direct or indirect) and also, added new countries in its member’s list. 

FATF is one of the most influential global financial regulators. It has 39 complete members and several members under its affiliates (APG, CFATF, EAG, etc.) around the globe working on a thorough implementation of AML regulations. FATF is always keen on eliminating money laundering from all the countries and territories. Numerous industries including financial and non-financial sectors are added to the scope of reporting entities of FATF recommendations. 

In a wake to ensure global compliance, FATF is always in search of loopholes in AML and CFT (Counter Financial terrorism)  regulations and compliance practices of the member countries. Regular screening of AML practices of its member countries is a part of its operations. 

In 2019 as well, FATF took some vital steps to expanded the scope of its regulations to a global level and to cover the gaps between global AML regulations

Saudi Arabia Became the First Arab Member of FATF

 

FATF expands the scope of its regulations to a global level by adding new members. Becoming a member of FATF requires the country to fully comply with FATF recommendations making it almost impossible for criminals to exploit it. 

Saudi Arabia is setting standards for the Arab and Middle eastern countries by becoming a member of FATF. the country was practicing the global AML and CFT regulations for the last four years. Also, in March 2019, it was about to be blacklisted by FATF, but missed it closely and now becomes full member of FATF.  

Financial institutions and businesses offering any types of financial services will be liable to comply with global AML regulations. This means the latest AML recommendations of FATF regarding cryptocurrencies and the legal sector will also be imposed on the reporting entities in Saudi Arabia. This initiative of Saudi Arabia will bring more business into the country as it is identified as a safe country by fully complying with the 40 recommendations of FATF. Meanwhile, the businesses in the country will be under the strict scrutiny of the regulatory authorities. 

It is high time that businesses in Saudi Arabia should identify the crucial need to practice complete AML compliance.

Pakistan in the Greylist 

 

FATF keeps an eye on its member countries by screening their efforts to eliminate money laundering and terrorist financing. Pakistan is a member of the Asia Pacific Group on Money Laundering (APG) and was under the scrutiny of FATF since 2018. The reason behind this scrutiny is the terrorist attacks in India. It was claimed by the Indian authorities that the terrorist activity was executed by a terrorist group in Pakistan. Also, the Panama Papers placed a question mark on the AML and CFT practices of Pakistan. The regulatory authorities in Pakistan are required to take proactive measures recommended by FATF to be removed from the grey list. 

In 2019, FATF made an analysis of the AML practices of regulatory institutions in Pakistan.  The decision has to come regarding, whether Pakistan will be added to the blacklist or not. 

It shows that FATF does not ignore any kind of non-compliance by its member states. In order to maintain the good image of their country, the member states are always in a wake to adopt stringent practices to enforce AML compliance in the business sector (financial and non-financial). Because becoming a member of FATF of just the first step, the countries have to go through regular screening of FATF and need to maintain a crime-free financial infrastructure in the country. 

So, the businesses in full member countries and indirect-member countries are in dire need of practicing complete AML compliance. As non-compliance will lead to dangerous consequences like huge fines and loss of credit rating, loss of credibility, etc. 

Changes in FATF Regulations

 

FATF gives recommendations whenever it finds a loophole in global AML and CFT regulations. In 2019, the authority gave some major recommendations to its member countries. 

FATF recommended AML compliance for the cryptocurrency and legal sector in 2019. The legal sector is required to screen the Ultimate Beneficiary Owners (UBOs) of the entities they represent. 

Also, the cryptocurrency businesses are required to practice AML and KYC compliance just like the financial sector. 

The reason behind these new recommendations is the increase in fraud in these sectors. Cryptocurrency is widely exploited by financial criminals at a global level. According to a report, $1.1 billion of cryptocurrency was stolen in 2018. On the other hand, the legal sector is also exploited by money launderers to incorporate their black money into the business proceeds of shell companies. That is why the legal professionals are required to verify the identity of UBOs of business entities they are serving.

FATF also recommends the art dealers and precious metal dealers to practice KYC screening on their customers and to report transactions above the predetermined threshold. 

Why Do Businesses need to Practice AML Compliance?

 

 

The businesses in the financial and non-financial sectors are covered in the scope of AML recommendations of FATF. Operating in countries that are full or indirect members of FATF, the businesses are obliged to practice thorough compliance with global AML regulations. Harmful consequences follow the non-compliance practices of businesses. 

Non-compliance could result in fines, loss of credibility, credit rating and market value, and in some cases complete shutdown of the non-compliant entity. For instance, take the case of the Danske Bank’s Estonia branch which was closed due to a huge money-laundering scandal. Also, the bank faced several lawsuits and huge penalty. 

The recent efforts of FATF show that the entity will leave no rock unturned to eliminate money laundering at a global level. So, it means that businesses have no other option but to take proactive measures against financial crime. Running real-time KYC and AML screening on the customers before onboarding them eliminates the risk at the very beginning. It enhances the credibility and credit rating of a company along with proactive fraud prevention. Such steps will help businesses in gaining a competitive edge. Hence, such proactive measures create a win-win situation for businesses.

Danske Bank Scandal Banks Under Strict AML Scrutiny of FSA

Danske Bank Scandal: Banks Under Strict AML Scrutiny of FSA

Money laundering is becoming a global phenomenon. As per the United Nations Office on Drug and crime, money laundering of an amount equal to 2% to 5% of global GDP is laundered annually. Huge scandals, like Swedbank and Danske Bank’s money laundering cases, surfaced in the last few years and made the regulatory authorities to become more stringent in their AML regulations. The regulatory authorities in Denmark are also planning to exercise more stringent control over the banks, as they are commonly targeted for such crimes. 

The Denmark authorities and government are all set to give a hard time to the banks regarding AML compliance. Financial Supervisory Authority (FSA) is the regulatory authority in Denmark that has joined forces with the government to eliminate money laundering prevailing in its financial system. The aim is to achieve a fraud-free financial ecosystem through the regulation of banks and other financial institutions.

Danske Bank’s Money Laundering Case

 

Danske Bank was once considered one of the most trusted financial institutions of Denmark. It fell from grace when the biggest money-laundering scandal rose to the surface with Danske bank pointed as the culprit. 

The bank was involved in one of the huge scandals of money laundering, where €200bn was channeled through the Estonian branch of the bank. The banks were also charged with the lawsuits of manipulating their investors in several other countries. 

The in-depth investigation of the bank’s history reveals that the Estonia Branch was used for illegal activities for a long time. It started with the opening of the Estonia branch of the Danske bank in 2007. Months after its launch the branch faced criticism from the Estonian watchdog regarding the weak KYC practices. Also, the Russian Central bank warned the branch that it was being used for money laundering. 

The Estonia branch became even more open for money launderers when the AML protocols of this branch differed from that of the Head of Danske Bank in Copenhagen due to some technical changes. 

Thomas Borgen became the chief executive and increased business for non-resident investors from Russia and other ex-Soviet states. During the period of 2007 to 2011, most of the profits of the branch came from those non-resident investors. Later it was revealed that most of the transactions and investments made by those non-resident investors were for money laundering.

In 2012, the Danish regulatory authority became suspicious and demanded an explanation regarding the complaints from the Estonian regulatory authority. And in 2013, an American bank JP Morgan canceled its banking association with the Estonia branch of Danske bank. 

In 2013 a whistleblower contacted the regulatory authority in Denmark regarding the huge amount of non-resident funds through the Estonia branch of the bank. Based on those revelations internal auditors revealed that a huge amount of money actually flowed through that branch, including the money from a high-profile Russian Family whose assets were managed by a UK firm. 

Dring 2015-16 the branch closed all its non-resident operations. Later in 2017, U.S, Azerbaijan, Moldova, Russia, etc claimed money laundering through that branch, which affected the investors. Following those claims, the Danish regulatory authority apprehended the bank but did not take any action. In 2018, the Chief Executive of the bank, Mr. Thomas Borgen was removed from the office. 

Due to continued reports and global shame of Danske Bank, Denmark’s regulatory authority took action and demanded the closure of the Estonia branch of the bank.  

Also, the Denmark government decided to take some rigid steps for the thorough implementation of AML regulations. To do that the regulatory authorities did research and it was found that the financial regulatory authority of Denmark FSA needed some major changes regarding its authority and laws. 

Major Changes in AML Regulatory Landscape of Denmark 

 

One of the major changes made in the AML regulatory landscape is focused on banks and the authority exercised by the Financial Supervisory Authority (FSA) of Denmark on banks. The government aims at regaining its image of the least corrupt country by extending the authority of FSA. The Danish business minister, Rasmus Jarlov said, “we need a more strong and more aggressive financial regulator.”

The government of Denmark is also tightening the reins on the financial regulatory Authority of Denmark. The close relations of the regulatory authority with Danske and other banks are criticized as well. Also, the defensive stance of FSA towards the culprit bank at the beginning of 2019, also raised concerns and criticism. The regulatory authority is advised to become more strict towards the banks and their regulatory compliance. 

The major concerns of the government are to make the regulatory authority more efficient towards the implementation of AML laws. Below are some initial steps taken by the Danish government to achieve strict regulatory compliance in banks and developing a stronger regulatory authority. 

The Authority of FSA to charge penalties from banks

 

The regulatory authority of Denmark namely FSA will be given more authority for the rigid implementation of AMLregulations. The authority will be given more control over the financial institutions, especially banks. FSA will have the right to charge non-compliance penalties from the banks. Previously it was not in the authority of FSA.

The increase in the financial budget of FSA

 

The financial budget of FSA was increased by the majority vote of the Danish Parliament. The regulatory authority will receive a $7.25 million increase in its annual budget to increase its activities of anti-money laundering.  

Increase in Anti Money Laundering staff 

 

The Danish government and regulatory authorities are all set to give a hard time to non-compliant banks. The Danish regulatory authority will increase its AML compliance staff. It will increase the scrutiny of Danish banks. 

Also, FSA will conduct a comprehensive money laundering inspection of major Danish banks.

High-time for Danish banks to go AML complaint

 

FSA will be exercising a more rigid approach towards efficient completion of its duties. The regulatory authority is given more authority, money, and staff to ensure thorough AML compliance by the banks. 

It is high time the banks should start using global KYC and AML compliance solutions for thorough risk prevention. Online AML screening helps in swift and cost-effective compliance. Better invest in compliance and enjoy risk-free business with good credit rating than pay huge penalties.

Mastercards Excessive Chargeback Program

Mastercard’s EFM Compliance – Another Reason to Invest in Verification

The modern world is an era of technology. Moving into the fourth industrial revolution, digitization of organizations is gaining grounds in the marketplace. The industries are rapidly adopting the latest technology to secure their place in the competitive market. The identity thieves and fraudsters have set their new targets, i.e. online business. Using advanced technological tactics and sophisticated tools, they are actively exploiting the business and consumers.

The primary purpose of all the thieves and fraudsters is to gain a monetary advantage, no matter what type of fraud it is. Living in the 21st century, traditional payments are moving towards the elimination of cash. The trend of online transactions and mobile payments is on the rise and fraudsters, are not going to miss the opportunity to compromise the transactions. Over the past few years, card fraud has become one of the fastest-growing and challenging frauds for businesses and organizations. 

The organizations accepting card payments are constantly under threat of fraudsters and cybercriminals. This means they are exposed to chargeback losses, customer churns, brand damage and other financial impacts of the digital frauds. Moreover, the strict KYC and AML regulations on businesses dealing with money demand an effective verification solution that can fulfill the regulatory requirements.

What’s new?

Taking into account the increased card frauds, the businesses don’t have to tackle fraud to protect themselves but it is their responsibility to protect the respective card networks as well. This is the reason why the service providers have their own monitoring policies and programs imposed on the merchants and businesses. It helps the merchants to drive improvement in their fraud prevention strategies and tools.

Mastercard’s new fraud monitoring program is set to be implemented from October 2019 to all the merchants in the US. With the execution of this program, the businesses will need to invest in the verification and authentication services to curb chargebacks and prevent themselves from hefty fines.

Mastercard’s Excessive Chargeback Program:

 

Considering the rising trend of chargebacks, MasterCard has launched an Excessive chargeback program to carefully scrutinize each merchant’s chargeback activities. In this program, with the predetermined chargeback thresholds, the acquirers can effectively evaluate and predict chargeback risk associated with a merchant. Monitoring these chargebacks rates, the acquirers can take action when a merchant exceeds or is expected to exceed the predefined acceptable threshold.

Mastercard chargeback thresholds are determined on the basis of the chargeback-to-transaction This ratio is calculated by dividing the current month’s first chargebacks amount by the total number of transactions in the previous month. 

Excessive Fraud Merchant (EFM) Compliance Program:

 

Recently landed in October 2019, MasterCard’s new Excessive Fraud Merchant (EFM) compliance program is applicable to all the merchants in US businesses. This program is applicable to every merchant who meets or exceeds the pre-defined thresholds for following short-list of criteria:

  • The minimum number of e-commerce Mastercard Payments must be 1,000
  • The net fraud volume per month is greater than $50,000
  • A fraud-count-to-transaction ratio (FCTR) that is greater than 0.50% 
  • Total 3D Secure (3DS) Mastercard transactions that amount to less than 10% of total Mastercard payment volume 

In addition to the chargeback threshold, in the EFM program, MasterCard predefines the fraud threshold. The failure of merchants to meet this predetermined threshold level can result in fines and deactivation of the card service as well. The net fraud volume is calculated according to the following chargeback codes:

  • 4871: Chip/PIN Liability Shift 
  • 4870: Chip Liability Shift 
  • 4863: Cardholder does not Recognize – Potential Fraud 
  • 4840: Fraudulent Processing of Transactions 
  • 4837: No Cardholder Authorization 

The fines will begin to imposed from March 2020. These fines will be applicable to any merchant remaining the EMF programs for two or more executive months, eventually varying the fine charges. For instance, after being in the program for two months, the fine will start at $500 rising to $1000 for three months, $5000 for 4-6 months and $25,000 for 7-11 months.

What does it mean for Merchants?

 

Disputes and fraudulent payments are unfortunate aspects of online payments. The best way to manage them is to prevent them from happening by integrating an effective fraud prevention strategy. With the new Mastercard’s fraud prevention programs, the merchants need to invest in payment verification and authentication solutions in order to avoid remaining in the EFM program.

The fraudsters and scammers are using advanced tactics and automated tools to stay anonymous and spoof authentication checks and filters to carryout fraudulent payments using stolen identities and customers’ credentials. Merchants must need to respond in kind to prevent them from exploiting the business. It can be done by adopting an AI-powered identification solution. Shufti Pro’s verification solution uses multiple verification and authentication services that are best suited for online businesses. 

Preventing Fraudulent Payments

 

A payment is considered fraudulent in a case when the cardholder or accountholder doesn’t authorize it. The fraudulent payments are often made using stolen cards and card numbers – card not present frauds. Sometimes, through account takeover, fraudulent purchases are also made. By the time the cardholders review their card statement or get notified about the payments, the transactions have already been made. As a result, they contact their card issuers and claim a chargeback and ask them to dispute it.

Collect information – Verify Payments

 

Insufficient and vague information provided by the customers at the time of checkout is one of the major reasons why businesses fail to identify if the customer is legitimate or not. Just because someone successfully logged in to the account doesn’t guarantee that the transaction is done by an authorized entity. The businesses need to integrate authentication checks at the time of checkout to verify the identity of the authorized customers.

For instance, integrating Shufti Pro’s Consent verification in the e-commerce platforms requires a video consent from customers holding the identity card or credit card. With the hybrid approach of AI and HI technology, the authorized users are verified at the time of checkout. If the authentication is failed, the payment won’t be approved. The identity verification services provided by Shufti Pro combat intruders while keeping any customer burden and losses to a minimum. 

 

How is Libra Launch Changing the Cryptocurrency Landscape

How is Libra’s Launch Changing the Cryptocurrency Landscape?

Libra will have to go the extra mile to prove itself worthy of global acclaim that it aims to achieve.  

Since the news came out that Facebook is launching its own cryptocurrency there has been a lot of criticism from several entities. Regulatory authorities are giving the Libra Association a hard time before its launch. The new cryptocurrency received significant  criticism from global regulatory authorities, analysts, and lawmakers. 

Facebook will have to take major security measures for KYC/AML Screening and data security to gain the confidence of the global regulatory authorities and other stakeholders in the global financial system. 

There are several reservations of the global regulatory authorities related to Facebook’s Libra. The unconventional framework of the Libra association, its huge goals and the closely knitted stewardship of the company are some worth mentioning. Due to this not so typical cryptocurrency business model, Libra is facing huge criticism from the masses. But the founders are persistent in their goals and aim to get the regulatory authorities by their side before the launch of Libra. 

Introduction and Timeline of Libra

Libra is a cryptocurrency founded by Facebook under the supervision of Libra Association, registered in Switzerland. It is projected to be launched in 2020. Facebook shared the news with the world in 2019 and triggered the bombardment of criticism from several entities towards Facebook and Libra association. 

Libra association is a group entity, it plans to onboard 100 members and currently, it has 28 members. Some big companies like PayPal, Visa & MasterCard and Uber are some exceptional members of Libra Association. 

Libra is the first corporate cryptocurrency and it is going through a tough phase of negotiations with the regulatory authorities. Facebook is still in talks with the U.S Senate, the cryptocurrency hasn’t received a green signal from the U.S regulatory authority, as per the news. 

Libra Association aims to start its operations after receiving acceptance from major regulatory authorities but projected to launch in 2020. Ever since the news of the launch of Libra, the cryptocurrency market also experienced major fluctuations of its history. 

The reservations of regulatory authorities, lawmakers and analysts over the Launch of Libra

The regulatory authorities, analytics, and lawmakers have a list of reservations over the launch of cryptocurrency by Facebook. Below is a list of some of the major reservations that gained acclaim from the masses: 

  • Facebook’s global clientele and Libra’s success

The lawmakers are concerned over Libra’s connection with Facebook. It is expected that Libra will be the most quickly and widely accepted cryptocurrency because of the massive global clientele of Facebook. This will affect the cryptocurrency market and might make Libra the competition of global fiat currencies like dollar, etc. 

If Libra received the success projected by the analysts then it might be the substitute of fiat currency. But the co-founder of Libra, David Marcus acclaimed that Libra is not designed with the intention to compete with fiat money, it is merely a solution to ease global online payments. 

  • Libra will be a fully fiat-backed cryptocurrency

Libra will be backed by fiat reserves on a ratio of 1:1, and this is one of the major concerns of regulatory authorities. If Libra will receive the expected growth it will gain tremendous economic power which will affect the fiat currencies and governments. 

Although this feature of fully fiat-backed cryptocurrency makes Libra worthwhile for the investors, as most of the investors prefer to invest in currencies with low risk. 

  • The stewardship of Libra raising concerns

Libra has raised a huge chunk of investment from diverse industries. The Libra Association has members from telecommunications, non-profit organizations, payments, and venture capital. The members infer that they joined the Libra association because it is a revolutionary project.  

The analysts are raising questions on the credibility of Libra due to the closely knitted board of the association. A few major investors like Peter Thiel, Fredric Court, Mark Zuckerberg, David Marcus, and a Venture capital firm Andreessen Horowitz, are somehow related to Facebook or were related to it in the past. 

This closely related stewardship of Facebook is raising suspicion. It is inferred that Facebook is a high-authority member of Libra and will exercise control over the Libra Association. 

Although the cryptocurrency market showed good progress since the news of Libra’s launch. It is expected that Libra will form a hegemony in the cryptocurrency industry. The crypto wallets and other cryptocurrencies might face downfall because the companies that invested in Libra will guide their customers to pool in Libra. This reservation is still in an ambiguous state until the launch of Libra. 

  • Data security and tinted background of Facebook

Facebook was charged with heavy fines in the past due to misuse of the personal data of its users. It was fined $ 5 billion over violations of consumer data protection. The company was fined for giving access to Yahoo and Amazon to the personal data of its users. Also, FB claimed that it saved $3 billion in its budget for non-compliance penalties. 

The past of Facebook is raising suspicion among the regulators, it is expected that if Facebook’s Libra did this once to the financial confidential data of its users, it will wreak havoc in the global economies. 

How is Libra Association Coping with this Barrage of Criticism?

Facebook will be a separate entity

Facebook infers that the Libra Association is a separate entity and will not affect the operations or the interest of the Libra Association. 

Libra is a combination of companies and non-profit organizations and plans to onboard only 100 members who will have to invest at least $10 million in it, with the exemption of non-profit organizations. So, Libra Association will work independently and Facebook will just be a member. 

It is a cryptocurrency and not an investment vehicle

The reservations of the regulatory authorities are answered with the unconventional model of Libra Association. The association is aiming to create ease in global payments and to decrease dependence on banks. The new cryptocurrency aims at creating ease in payments and developing a decentralized payment solution for the people around the world and not the creation of global speculation opportunities in cryptocurrency exchanges. Libra association has clearly declared that its primary aim is to provide a global payment solution and not the investment vehicle. 

Libra is striving for the approval of the global regulatory authorities

Libra Association is planning to start operations in 2020, and is registered in Switzerland, but plans to get the approval of major regulatory authorities like the U.S. and the UK. The association needs the approval for two reasons; to gain a positive image in the eyes of the regulatory authorities and to grab market share around the globe. Regulatory approval will help it in gain customer value. 

David Marcus the co-founder of Libra expressed his commitment and said, “I agree with you that this needs to be analyzed understood and the proper oversight needs to be set up before Libra can launch. This is my commitment to you: we will take the time to get this right.”

What might be the impact of Libra on money laundering and terrorist financing?

Global regulatory authorities are working hard to enhance the security practices of cryptocurrency facilitators. KYC and AML screening of investors and users is necessary for several global regimes, like FATF, etc. The launch of Libra might be exploited by money launderers and terrorist financiers as the cryptocurrency will provide easily accessible payment solutions. To eliminate this risk, Libra Association will have to implement stringent security measures like in-depth screening of its customers, record keeping of all transactions, etc. 

Libra will have to invest a lot in identity verification and KYC/AML screening of its stakeholders. With the tinted past that the company has with regard to information security, it will have to take huge steps to go the extra mile in preventing its misuse. 

Outsourced KYC and AML screening solutions can be a feasible solution for Libra Association because many criminals and speculators have seen opportunities in it. Online KYC/AML screening of all the concerned entities – investors, customers, partners, employees, etc – will help the association in gaining a global risk cover for its global project.

artificial intelligence shuftipro

AI a Blessing – AML compliance cost reduced by $217 billion

The U.S. financial firms spend approximately $25.3 Billion in terms of compliance, risk management and AML procedures. Europeans banks come close with $20 Billion annual AML expenditure.

The increasing territorial and regulatory gap between organisations and consumers has lead to a demand for digitisation of operations. Regulatory bodies owing to evolving nature of online fraud and monetary assets (cryptocurrency) are putting a safety check on every interaction between a business and its consumer. This results in a narrow gap between compliance management and profits. But fortunately technology has evolved enough to remove this barrier.

Leveraging Artificial Intelligence

RegTech has gained sure footing in the recent years. By using AI, Machine Learning and Data Analytics it gave a relatively new approach towards traditional compliance procedure. Being fairly a newer concept, it definitely faced a pushback from regulatory bodies.

However, the situation now has changed.

The Financial Crimes Enforcement Network (FINCEN) has announced its ascent for organisations to “responsibly” implement and use AI powered approach towards meeting BSA/AML requirements. U.S. regulators have given a nod to emerging technologies and their possible applications for risk management.

 

A joint statement by five (5) U.S. Agencies, The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, FinCEN, the National Credit Union Administration, and the Office of the Comptroller of the Currency stated that,

“private-sector innovation, including adopting new technologies and finding new ways to use existing tools, can help banks identify and report money laundering, terrorist financing, and other illicit financial activity.”

The first step towards engineering an AI based compliance procedure is to replace existing rule-based processes. This can be achieved by engaging transaction monitoring, and detection models with the help of Machine Learning. The inclusion of Artificial Intelligence reduces the cost of manual labour, time spent on monitoring, and inaccuracy of results with the help of intelligent solutions. These solutions are fed logic to their backend and are able to replicate a set of decisions based on past events. AI is not just a readymade solution. It gives an opportunity to organisations to train systems according to their requirements.

Banks, Payment processors and other FinTech institutes can identify relevant KYC and AML compliance processes and easily implement their AI based application. Owing to the nature of their operations financial institutions hold vast data banks. By using Big Data Analytics this data is easily divided and categorised into distinct chunks. These chunks are further assigned machine rules to “read” future transactions and apply processes based on that.

The traditional approach towards KYC and AML compliance may hinder practicality. With the help of innovative solutions organisations are now able to cut costs and reduce number of resources exhausted to secure compliant processes.

It is no surprise that the Global RegTech industry is expected is expected to grow to $12.3 Billion by 2023.

 

Read more on how RegTech makes AML Compliance effortless.

Regtech

RegTech facilitates effortless AML Compliance

 

The latest report by Research and Markets states that RegTech industry is expected to grow to USD 12.3 Billion by 2023.

RegTech is relatively a newer concept. It leverages technology to assist financial institutions and other markets in complying with global regulations. The main applications are Customer Due Diligence and Risk Management. RegTech companies develop intelligent solutions by using innovative technologies like Artificial Intelligence, Machine learning and Big Data to translate compliance rules into practical implementation.

The Financial Crisis of 2008 was the driving force behind evolution of FinTech. To address the gaps in consumer experience and efficient services, technology played a vital role. Online payments, Distributed Ledgers, Virtual Wallets are some key outcomes which are now used in day-to-day activities.

The development of FinTech led to a parallel development of RegTech. By automating and digitising traditional methods the nature of customer on-boarding drastically changed. The resulting online ecosystem demanded a robust, and new form of governing rules. As a result financial regulators introduced new set of compliances which proved to be beneficial but put a strain over businesses.

RegTech facilitating FinTech

It is to be noted that regulatory compliances can be a lot of headache when it comes to implementing systems, training legacy infrastructures or covering a global audience. Seeing financial crisis, hack attacks, scams etc; financial bodies made information collection laborious. Although with justified reasons at heart.

To handle this RegTech offers two solutions:

  1. Saving time and cost
  2. Accurate and real-time results.

It make easier for companies to quickly and efficiently adapt to new regulations. The market is not limited for application of RegTech. It sits at the heart of every interaction between a financial institute and its consumer. With the growing CDD, KYC, KYCC, AML, CFT rules, RegTech is changing the scope of customer on-boarding.

 Who creates RegTech?

Is essentially an open communication between regulatory authorities and technology experts. The concepts, ideas and rules are those which are found to be the standards and then fed into the system.

It is neither the job of RegTech solution providers, or industry advisers to create the guidelines. Although, some suggest that industry needs more consistent approach toward standard of identification and risk management. However, technology experts have an equal opportunity to understand market demands, and compliance trends to develop solutions.

 

Leveraging RegTech for AML Compliance

Research and Markets’ latest report state that Identity and Access Management is expected to grow to USD 37.79 Billion by 2023 while Compliance and Risk Management to USD 64.61 Billion by 2025.

ID Verification and Risk Assessment plays a pivotal role in establishing any business relation. Especially when this is taking place online. To create trust between a consumer and merchant, an established and verified identity is a must. To curb fraud and terrorist financing, and collect valid information, compliance demands to thoroughly vet a consumer’s ID documents, and remote presence. EU’s 4MLD requires all screening of potential customers against OFAC and FATF standardised AML watchlists. It is to restrict investors with a criminal or PEP status.

Admittedly, these key requirements ultimately increase the cost and labour involved to meet compliances. RegTech provides businesses an all in one effortless solution with real-time processes to verify and screen identities. With the help of Big Data, AI, and Machine Learning, RegTech solutions can easily crawl vast data banks, apply logical commands and reduce time or friction.

Each passing year brings newer regulations. This has a direct effect on the operations of businesses. It means that RegTech has become necessary. From KYC, AML to transaction monitoring, the scope of market is promising. The trends in the field evolve with the requirements. 

european commission AML countries announcement 2019

US Treasury opposes European Commission AML Country List

The European Commission has adopted a new list of 23 countries which lack appropriate framework for anti-money laundering and counter terrorist financing.

On February 13th, the EC published its report on the state of AML; threats and possibilities. Iran, Iraq, Saudi Arabia, Puerto Rico, Pakistan, Sri Lanka, and North Korea are among the exhaustive list. According to EC, these territories “pose significant threat” to the financial and trade ecosystem due to key strategic flaws. The U.S. Department of the Treasury has highly criticised EC’s inclusion of four American territories; Puerto Rico, Guam, American Samoa and the US Virgin Islands under the high risk category.

In a continuity of political backlash, Panama has termed its inclusion to the list as “unfair punishment”.

The U.S. Treasury Department published a press release on the same day stating the evaluation process and methodology adopted by EC to be questionable. The process of developing the list lacks an in-depth review to perform assessment.  The countries added to the list were informed only a few days before publication of the report. The official commentary does not include a substantial guide to improve measures or appeal for exclusion from this list. Even the assessment seems to be perfunctory.

The Department quotes FATF; globally recognised standards body for AML/CFT as a benchmark for assessment procedures. Compared to FATF’s legally and research intensive methodology as well as dialogue formulation with territories, EC’s report appears deficient in terms of data, information, and method. The body goes on to reject the report. It announced that U.S. is committed to the AML/CFT standards as set forth by the FATF and will go on to ensure strict compliance with them. The Department has further intimated that U.S. financial institutions are under no legal restrictions to entertain or acknowledge EC’s findings.

 

The EC member states United Kingdom and France have already expressed their strong concerns over the publication of list by EC. The countries have strong trade and economic ties with list additions such as Saudi Arabia. The Saudi representatives regrets country’s inclusion to the list. Media, however, is discussing possible outcomes that could threaten the Vision 2030 investment.

As of now the EC has not made any further comments in this regard. The list compiled by EC is submitted for final approval by European Parliament and Council. After which it will officially come into force.

Studies show that USD 2 Trillion is laundered through AML software for banking systems. As compliances are growing stricter the need to improve AML/CFT measures by organisations is stronger than ever.

Why PEPs are High Risk and a Threat To Your Business?

Why PEPs are High Risk and a Threat To Your Business?

In the Financial and Trade industry, you may have often heard the term PEPs and the importance of early-stage PEP detection in order to combat money laundering and terrorist funding. 

Politically Exposed Person(s) (PEPs) are profiled individuals who currently hold a public office or are associates of such personnel. The global approach by regulatory and financial bodies limit doing business with PEPs. Owing to the likelihood of money laundering, bribery, and terrorist funding that may result due to the influence of such individuals. Financial institutes view PEPs as a compliance risk. EU, UN, FINCEN, SECO and other regulatory bodies have strict rules when it comes to interacting with potential customers who are not vetted to assess their risk status. This a key component of AML compliance.

Organizations are supposed to assign a risk rating against each individual to identify how much an identity could be responsible for the loss. Organizations are subject to hefty fines and legal actions in case of non-compliance with local and global regulatory obligations.

FATF defined PEPs

The Financial Action Task Force (FATF) is an intergovernmental organization. It was established as an initiative by G7 to create practical policies for anti-money laundering and due diligence. It acts as a supervisory body and formulates recommendations to assist the legal framework of global financial space. Global institutions consider FATF’s guidelines as International Standards.

The latest definition of PEPs provides with four categories:

High Risk – Level I PEPs

  • Heads of state and government
  • Members of government (national and regional)
  • Members of Parliaments (national and regional)
  • Heads of the military, judiciary, law enforcement and board of central banks
  • Top ranking officials of political parties

Medium – High Risk – Level II PEPs

  • Senior officials of the military, judiciary, and law enforcement agencies
  • Senior officials of other state agencies and bodies and high ranking civil servants
  • Senior members of religious groups
  • Ambassadors, consuls, high commissioners

Medium Risk – Level III PEPs

Senior management and board of directors of state-owned businesses and organizations – e.g. Chairman of a Bank

Low Risk – Level IV PEPs

  • Mayors and members of local county, city and district assemblies
  • Senior officials and functionaries of international or supranational organizations

PEPs and Compliances

Financial Authorities and Regulatory bodies translate FATF’s guidelines into practical rules. Compliances define risk involved according to the nature of businesses. How and when to apply Customer Due Diligence. These compliances at international or state-level monitor security measures taken by organizations. They identify and loopholes that maybe there. As per compliance rules, it is a requirement for certain Institutes to perform Enhanced Due Diligence when it comes to PEPs.

Identifying PEPs

In order to implement AML compliance for PEP identification, businesses and financial institutions must have procedures in place to effectively identify and restrict a PEP. To do this two questions are of importance:

(i) When do you check for a PEP?

(ii) How do you check for a PEP?

Customer screening needs to be done to identify the risk associated with it. For this, the updated PEP record should be integrated with the system that automatically verifies the onboarding identity against it. This helps you catch the malicious entity beforehand. 

EU and FINCEN regulations state that strict Customer Due Diligence must be applied before establishing any business relationship with a potential customer. This indicates that PEP screening must be done during the on-boarding process.

Financial Action Task Force (FATF) establishes a standardized “list” of known entities and profiles updated on a daily basis with new data extracted from global sources. This enlists all individuals on the basis of their personal information (Name, DoB, Country of Residence) which satisfies FATF’s definition of a PEP. All potential customers must be screened against these lists to ensure that they are not present in the PEP record lists.

Is there such a thing as good PEP?

The answer is no. The concept of PEPs is not defined on moral grounds. All PEPs are not inherently “bad”. Not in terms of morals. The risk of a PEP is relevant to the possibility to commit illegal activities under the Risk-Based Thinking model. A risk-based Thinking approach means to ensure practices in place to proactively address future disasters. Based on the history that gave birth to various ruinous circumstances for business, each onboarding identity should be screened against security parameters using a pre-defined risk-based thinking model. This helps deter the rate of fraudulent activities in a legitimate system.

As per FATF’s definition of a PEP, four distinct categories are mentioned. Businesses can apply restrictions and train their systems as well as employees accordingly. A low-risk PEP may be allowed performing transactions while a high-risk PEP may not be allowed entry in the system altogether. Keeping all such parameters in place, businesses can ensure high-end security and prevent their system from the criminal entities and therefore, regulatory penalties.

Click here to perform a quick test and see how PEP identification is done in action.