Financial technology, known more commonly as FinTech, is a term that refers to the use of technology to improve financial services and make them more efficient. As a driver of the digital economy, FinTech has the potential to revolutionize financial sectors through innovative financial solutions.
The global FinTech industry is expected to grow at a compound annual growth rate (CAGR) of 6%, making it worth $26.5 trillion by the year 2022. Using software or other technology, FinTech powers mobile payments, crowdfunding platforms, insurance, investment, lending, as well as blockchain and cryptocurrency. In simple terms, it’s an emerging industry that aims to streamline financial flows and manage finances to enhance user experience and service delivery in the industry.
Taking the financial services industry by storm, FinTech companies are valued in billions of dollars, with companies such as Adyen, Qudian, Avant and Ant Financial topping the list. In 2019, FinTech investments reached $55.3 billion, with close to half the amount coming from China. For the common man, services like Square, Swipe, Venmo, WePay have altered the way they perceive lending and payment transactions.
The mobile cash app, PayPal, recorded a 17% year-on-year growth and 286 million accounts active worldwide in the second quarter of 2019. Relatively traditional credit cards, such as Visa, are also catching up on the trend and making the move towards software technology.
From businesses to consumers, the term encompasses all kinds of technology used in financial services, including mobile, software or cloud services. This has made consumers less reliant on traditional banking services and financial institutions.
In 2019, 64% of consumers used at least one or more FinTech applications. This steep rise in the use of FinTech services reveals a new consumer pattern, in that users now prefer a digitized experience when it comes to accessing their finances on the go.
With consumer-focused applications, technology has moved from the back-end of banking platforms directly into the hands of the end-user. Managing and tracking funds, insurance, and investments are easily just a tap away, with most of the services accessible from hand-held devices like smartphones and tablets.
As a substitute for traditional financial institutions, Fintech lenders provide customers with loans based on credit scores and peer-to-peer loans. Budget apps provide financial advice and opportunities for individuals and households, as well as retirement and investment advice.
Raising capital has become easier for firms, startups, and entrepreneurs through online crowdfunding platforms. Social projects, innovative products, and causes manage to raise equity capital by connecting with established investors. This virtual technique for fundraising also provides transparency to lenders and borrowers alike.
Consumers currently outside the formal banking sector can be reached with digital banking services, for example, in the form of prepaid cards.
Banking services such as bill payments, funds transfer, and virtual access to bank accounts have been made possible on mobile devices through FinTech. A number of banking operations can be performed online using biometric technology. This includes payment back-end and infrastructure required to run payment processing, electronic payments and other points of sale terminals.
As a more flexible option than conventional insurers, the use of software technology to provide insurance services has become common. Personalized offers and pricing, data-driven insurance plans and risk management allows users an enhanced experience.
FinTech investment solutions allow users to manage their investments in one place. Using a smartphone, financial instruments can be bought and sold. Augmented investment management analytics, offered as part of the digital service, allows users to better manage their next investment move.
Blockchain and Cryptocurrency
Blockchain technology and digital currencies provide secure transactions that can be implemented to business-to-business (B2B) transactions. FinTech companies can leverage this technology into finance and banking realities and extend their user base.
FinTech Use Cases
An estimated 2 billion people do not hold a bank account. Tapping into this market segment, located mainly in South Asia and parts of Africa and South America, is a key business opportunity for FinTech firms. This follows from the basic premise that FinTech builds on: reaching the end-user without friction.
This outreach of Business to Client (B2C) budget apps and cash apps has the potential to revolutionize finances as we know it. Anyone with a mobile device can have direct access to their financial assets and make transactions without having to go through formal, and somewhat outdated, banking formalities.
Easy Lending Solutions
Banks have served as the primary source of loans and financing for businesses for a long time. With the advent of FinTech, this is about to change. Through mobile technology, companies and individuals can now find a greater mix of lending avenues and make the process more transparent as they go.
Lending and payment services were amongst the first few services offered with the intention of supplementing established financial institutions. Access to financial data through cloud-based platforms and Customer Relationship Management software also lends a hand in supporting businesses.
What’s Next for FinTech?
The fact that FinTech has infiltrated the financial services industry does not indicate the demise of conventional banking just as yet. While financial institutions may not be able to turn the tide, they can draw level with disruptors by incorporating innovative technologies in their offerings. Innovation incubators, labs, and other investment vehicles have been put in place by large institutions with a view to adapt to changing times.
As a strategy, understanding FinTech will be part of business acumen, for a future outlook on financial services. As opposed to being considered as alternatives, technological solutions will need to be considered as permanent collaborations between the new and the old. The eventual outcome will be based on the extent of cooperation that can be achieved before innovations start to pay back.
The Internet of Things (IoT), AI and APIs will transform the way businesses plan to use technology to complement their services. Blockchain, for instance, has untapped potential for redefining payments by amplifying the speed at which transactions can be made. Big data is revolutionizing decision making in areas of investment, customer engagement and outreach, as well as product/service development.
In the past few years, we have seen a substantial increase in the number of legislations regarding how legal entities especially financial institutions combat financial crimes like terrorist funding, money laundering, and identity theft. A report estimates that in 2009, criminal proceeds amounted to 3.6% of global GDP, with 2.7% (or USD 1.6 trillion) being laundered. Businesses are in dire need of KYC and AML compliance to fight back all such frauds. Business owners are deploying various measures against scams but the AML compliance program is effective out of all.
AML compliance program is basically a methodology that defines the role that governs how a company monitors accounts, detects and reports financial crimes to relevant authorities. AML screening tackles with the intrinsic money laundering risks the company faces or can face in the future. The role of legislation is crucial in order to know how the AML compliance program should work. Customer screening for anti-money laundering is for completing due diligence to prevent and deter money laundering, terrorist financing, and other financial crimes and frauds.
Why AML Compliance?
AML( Anti Money Laundering) practices have been used for businesses around the globe and all regions require the businesses to perform due diligence on their customers in one way or the other. AML compliance is not as difficult for organizations to follow as it seems. An investment of a few thousand dollars can obviously demit the loss of millions in penalties that businesses will have to pay eventually.
To detect suspicious transactions and analyzing customer data, Anti-money laundering AML screening has been employed by financial institutes and other businesses. To filter customer data and classify it according to the level of suspicious and inspect it for errors is done by AML systems. Any sudden and substantial increase in funds or a large withdrawal of cash includes such anomalies. AML checks are not for money laundering but also put a tight reign on frauds like tax evasion, terrorist financing, etc. AML compliance has a system to report money laundering activities to relevant authorities evaluating the client’s risk profile.
Artificial Intelligence Enhancing AML Checks:
Artificial intelligence (AI) has the potential to transform financial institutions (FIs), disrupting every aspect of financial services, from the customer experience to financial crime. AI technology can be utilized by FIs in a number of ways, with anti-money laundering (AML) one of the main areas of focus. FIs can employ AI to analyze large amounts of data, to filter out false alerts and identify complex criminal conduct. It can identify connections and patterns that are too complex to be picked up by straightforward, rule-based monitoring or the human eye.
FIs are awakening to the potential of AI, both internally and externally, and beginning to embrace it. According to the Digital Banking Report, 35 percent of financial organizations have deployed at least one machine learning solution. Artificial intelligence has the ability to completely transform how banks perform AML and Know Your Customer (KYC) compliance. Additionally, for this need of anti-money laundering, artificial intelligence systems are capable to mine a great volume of data to prevent risk, which simplifies the process of identification of high-risk clients.
AI is crucial when performing repetitive tasks, saving a lot of valuable time, resources and efforts that can be refocused on other tasks. AI technology including natural language processing NLP and machine learning ML can create automation in process of AML screening.
How is AML Compliance impacting Businesses?
AML compliance can intelligently extract risk-related facts from a huge volume of data making the process of identity verification a lot more smooth and risk-free. It has the ability to track the alterations in regulations around the globe. It fights against financial crimes by identifying gaps in customer information by financial institutions and provide Know Your Customer ( KYC) alerts. Here are ways in which AI has revolutionized AML screening to help the client onboarding process easy, resulting in bringing higher revenue and lower fraud risk to the business:
Enhanced Due Diligence:
Artificial intelligence can automate AML screening that helps automate the creation and updating of the client risk profile to match this against the classification process i.e high, medium or low risk that ensures continuous compliance throughout the client life cycle. Moreover, it assists the process of identity verification easier for enhanced due diligence.
Improved Client On-Boarding:
When applied to workflow automation, AI along with AML has the ability to transform the generation of documents, reports, audit trails and alerts/notifications.
Risk Assessment :
AML compliance can help mitigate risk as whenever a client is highlighted with a suspicious activity system can block resulting in the removal of any sort of risk. It gives a full understanding of the different tiers of risks a customer presents and how to mitigate them
Detection of Suspicious Activity:
Any suspicious activity can be detected and immediately reported to the concerned department without putting yourself in trouble. The goal here is to have systems in place for prompt detection of activities associated with money laundering. For instance, suspicious activity can be:
Increase in cash deposits of or business without any obvious reasons.
Providing very little information when applying for a bank account.
Managing Regulatory Compliance and Change:
AML screening ability to counter patterns in a vast range of text enables it to make an understanding of all changing regulatory environment. Furthermore, to analyze and classify documents to extract useful information such as client identities, products, and procedures that can be affected by regulatory changes. It can be instrumental in helping banks and other financial institutions to fight back financial frauds.
AML Screening and Investigation:
A recent Dow Jones-sponsored ACAMS surveyrevealed the most challenging for bank compliance is of false positive. Underpinning the alert generation method with AML may end up in fewer false positives. whereas they’re a major part of the AML compliance method, alerts don’t seem to be enough to support an efficient and thorough investigation method. What’s needed is that the linking of high-quality information to the alert (via interpretation associate degreed link analysis) to supply a correct, graphical illustration of the legal entity structure. AML beside AI will facilitate to leverage antecedently performed steps within the alert investigation method to formulate a suggested next steps approach.
AMLD5- Closing the loopholes of AML:
Consider new technologies and improve transparency AMLD5 is here to fulfill the EU’s next-generation AML requirements:
The goals of 5AMLD are as follows:
Impact on financial intelligence units and facilitate increasing transparency on who really owns companies and trusts by establishing beneficial ownership registers
Prevent risk associated with the use of virtual currencies for terrorist financing and limit the use of prepaid cards
To secure the financial transaction to and from the high-risk third parties.
The access of financial intelligence units to information including bank account registers must be enhanced.
Ensure centralized national bank and payment account registers or central data retrieval systems in all member states.
Making regulations is just the first step, the true game starts when it comes to implementation, the European Supervisory Authorities report gave this clear message.
European Union regulatory authorities are always in a wake to improve Anti Money Laundering (AML) and Counter Financial Terrorism (CFT) regulations. Currently, the fourth AML directive is in action in the member states of the EU. Europen Union Supervisory Authorities (ESAs) recently gave a joint opinion based on the AML and CFT data collected from the member countries and expressed their concerns regarding the CFT and AML compliance in the reporting entities.
The member countries are required to give this joint opinion on money laundering and terrorist financing risks in the EU financial sector every two years based on Article 6(5) of (EU) 2015/849 (the 4th AML directive). The ESAs (EBA, EIOPA, ESMA) report showed concerns regarding monitoring transactions and suspicious transaction reporting, cryptocurrencies, Brexit, and the risks associated with operations of businesses that handle a large number of financial transactions.
Major Concerns of ESAs
The ESAs expressed some major concerns regarding the risks lurking in the financial infrastructure of EU countries. The detailed report contained the data proof of how credit institutions are exposed to more risk as compared to previous years.
Inconsistent implementation of 4th AML directive
The uniform implementation of the 4th AML directive is a challenge as the legislations in a country are influenced by several stakeholders. The report of Joint Supervisory Authorities (JSA) highlighted that political and regulatory entities in the countries influence the implementation of the EU AML and CFT regulations. The countries often don’t understand the regulations properly and there is a lack of uniformity in the regulations across the EU so it leaves a loophole for the companies that plan to do illegal business. For example, if one country is rigid in AML and CFT compliance then the businesses or the criminals move to other countries with relatively lenient regulatory compliance requirements. So, it affects the effectiveness of AML and CFT regulations.
The United Kingdom is all set to leave the European Union in some time. The report of the ESAs identified that the firms working in the EU will be affected by this change in the EU landscape. The firms listed in the UK will have to update their operations as per the new UK regulations. Also, the firms outside the UK will have to get themselves registered with the UK as per the new regulations.
This huge change in the infrastructure will affect the regulatory landscape of the EU. Most probably it will make loopholes for financial criminals. The UK was used by the shell companies in the past, and now this sudden shift in regulations will definitely take some time, so, the criminals are most likely to gain over this delay.
Nicola Gratteri a public prosecutor in Calabria predicted that Brexit might aid the Italian mafia in pooling in their illegal money to the UK. Shell companies will be the safe haven of criminals to legitimize their cash proceeds from drug dealing, human trafficking, etc.
Regtech and Fintech
Technology is a freeware that is used equally for fraud and fraud prevention. The advent of Fintech and Regtech definitely improved the operations in the financial sector but it also increased the risk. Lack of regulations and minor regulatory compliance in this sector is the source of risk. Fintech and Regtech are widely adopted by people and are very dear to legitimate users due to the ease created due to these solutions.
Lack of legal and regulatory understanding among the Fintech and Regtech businesses is a point of concern. The businesses that don’t practice are more likely to fall prey to identity thieves and criminals. The in-depth understanding of regulations and regulatory compliance by Regtech solutions is vital to deliver quality risk prevention, so the businesses should be careful while choosing one such solution.
Cryptocurrencies are major concerns of the JSAs. Although the AMLD5 and AMLD6 are drafted to address this risk. Lack of regulatory awareness and commitment in the cryptocurrency ecosystem are some major concerns expressed in the report. The EU is also planning to increase the scope of “virtual currencies” to “virtual assets” as per the FATF regulations. This is because there is a lack of awareness among the businesses offering the cryptocurrency services.
The internal controls of businesses are found to be lacking in their internal controls. Some major issues were found are Customer Due Diligence (CDD), lack or suspicious transaction reporting, lack of transaction monitoring, etc.
Lack of effective compliance
The businesses in the EU countries are found to be lacking in AML and CFT compliance, the report stated that sanctions screening is not enough. The businesses have to keep an eye on the transactions of their customers as well. Complete reliance on CDD is the loophole in the internal controls of firms.
Also, businesses are required to practice compliance in a smart manner. In case they completely disown the customers based on the high risk associated with them, it will increase the chances of money laundering in the EU.
The report highlighted that some credit institutions are exposed to major risks due to their business operations. Financial transactions as the key part of their operation so the risk of being exploited by money launderer sand terrorist financiers is high. The businesses are required to practice proactive fraud prevention and CDD.
To wrap up, the businesses in the EU and outside the EU will be affected by the increased pressure on AML and CFT compliance among the member countries. The businesses from non-member countries will also be affected by this. The EU has also recommended the reporting entities to practice the EU regulations outside the region (Non-EEA states). The Brexit is also expected to happen in the near future so it will also affect the operations, regulatory compliance of the global businesses. Proactive fraud prevention, thorough regulatory compliance, and timely decisions will help businesses in achieving high returns in the future.
In 2019, 4.4 billion internet users were connected to the internet worldwide, a rise of 9% from last year recorded by Global Digital 2019 report. As the world shrinks to the size of a digital screen in your palm, the relevance of AI-backed technologies can hardly be overstated. Mobile applications took over marketplaces; cloud storage replaced libraries, and facial recognition systems became the new ID.
On the flip side, this has also exposed each one of us to a special kind of threat that is as intangible as its software of origin: the inexplicable loss of privacy.
AI-powered surveillance, in the form of digital imprints, is a worrying phenomenon that is fast taking center stage in technology conversations. Facial recognition is now closely followed by facial replacement systems that are capable of thwarting the very basis of privacy and public anonymity. Synthetic media, in the form of digitally altered audios, videos, and images, are known to have impacted many in recent times. As the largest threat to online audiovisual content, deepfakes are going viral, with more than 10,000 videos recorded to date.
As inescapable as facial technology seems, researchers have found a way to knock it down using adversarial patterns and de-identification software. However, the onus falls on the enablers of technology who must now outpace the rate at which preparators are learning to abuse facial recognition for their own interests.
Trending Facial Recognition Practices
Your face is your identity. Technically speaking, that has never been truer than it is today.
Social media, healthcare, retail & marketing, and law enforcement agencies are amongst the leading users of facial recognition databases that stock countless images of individuals for various reasons. These images are retrieved from surveillance cameras embedded with the technology, and from digital profiles that can be accessed for security and identification purposes.
As a highly controversial technology, facial recognition is now being subjected to strict regulation. Facebook, the multi-billion dollar social media giant, has been penalized for its facial recognition practices several times by legal authorities. Privacy Acts accuse it of misusing public data and disapprove of its data collection policies.
In popular use is Facebook’s Tag Suggestions feature using biometric data (facial scanning) to detect users’ friends in a photo. Meddling with the private affairs and interests of individual Facebook users, the face template developed using this technology is stored and reused by the server several times, mostly without consent. While users have the option to turn off face scanners at any time, the uncontrolled use of the feature exposes them to a wide range of associated threats.
Cautions in Facial Replacement Technology
As advanced as technology may be, it has its limitations. In most cases, the accuracy of identification arises as a leading concern among critics, who point to the possibility of wrongly identifying suspects. This is especially true in the case of people of color, as the US government has found them to be wrongly identified by the best facial algorithms five to ten times higher than whites.
For instance, a facial recognition software, when fed with a single photo of a suspect, can match up to 50 photos from the FBI database, leaving the final decision up to human officials. In most cases, image sources are not properly vetted, further dampening the accuracy of the technology underuse.
Businesses are rapidly integrating facial recognition systems for identity authentication and customer onboarding. But while the technology itself is experiencing rampant adoption, experts are also finding a way to trick it.
De-identification systems, as the name suggests, seek to mislead facial recognition software and trick it into wrongly identifying a subject. It does so by changing vital facial features of a still picture and feeding the flawed information to the system.
As a step forward, Facebook’s AI research firm FAIR claims to have achieved a new milestone by using the same face replacement technology for a live video. According to them, this de-identification technology was born to deter the rising abuse of facial surveillance.
Adversarial Examples and Deepfakes
Facial recognition fooling imagery in the form of adversarial examples also have the ability to fool computer vision systems. Wearable gear such as sunglasses has adversarial patterns that trick the software into identifying faces as someone else, as found by researchers at Carnegie Mellon University.
A group of engineers from the University of KU Leuven in Belgium has attempted to fool AI algorithms built to recognize faces, simply by using some printed patterns. Printed patches on clothing can effectively make someone virtually invisible for surveillance cameras.
Currently, these experiments are limited to specific facial software and databases, but as adversarial networks advance, the technology and expertise will not be limited to a few hands. In the current regulatory scenario, it is hard to say who will win the race: the good guys who will use facial recognition systems to identify criminals or the bad guys who will catch on to the trend of de-identification and use it to fool even the best of technology?
AI researchers of the Deepfake Research Team at Stanford University have delved deeper into the rising trend of synthetic media and found existing techniques such as erasing objects from videos, generating artificial voices, and mirroring body movements, to create deepfakes.
This exposure to synthetic media will change the way we perceive news entirely. Using artificial intelligence to deceive audiences is now a commonly learned skill. Face swapping, digital superimposition of faces on different bodies, and mimicking the way people move and speak can have wide-ranging implications. The use of deepfake technology has been seen in false pornography videos, political smear campaigns and fake news scares, all of which have damaged the reputation and social stability.
Humans Ace AI in Detecting Synthetic Media
The unprecedented scope of facial recognition has opened up a myriad of problems. Technology alone can’t win this war.
Why Machines Fail
Automated software can fail to detect a person entirely, or display improper results because of tweaked patterns in a deepfake video. Essentially, this happens because the machines and software understand faces can be exploited.
Deep learning mechanisms, that power facial recognition technology, extract information from large databases and look for recurring patterns in order to learn to identify a person. This entails measuring scores of data points on a single face image, such as calculating distance between pupils, to reach a conclusion.
Cybercriminals and fraudsters can exploit this weakness by blinding facial recognition software to their identity without having to wear a mask, thereby escaping any consequence whatsoever. Virtually anything and everything that uses AI solutions to carry out tasks are now at risk, as robots designed to do a specific job can easily be misled into making the wrong decision. Self-driving cars, bank identification systems, medial AI vision systems, and the likes are all at serious risk of being misused.
Human Intelligence for Better Judgement
Currently, there is no tool available for accurate detection of deepfakes. As opposed to an algorithm, it is easier for humans to be prepared to detect altered content online and be able to stop it from spreading. An AI arms race coupled with human expertise will discern which technological solutions can keep up with such malicious attempts. The latest detection techniques will, therefore, need to include a combination of artificial and human intelligence.
By this measure, artificial intelligence reveals undeniable flaws that stem from the abstract analysis that it relies on. In comparison, human comprehension surpasses its digital counterpart and identifies more than just pixels on a face.
As a consequence, the use of hybrid technologies, offered by leading identification software tackles this issue with great success. Wherever artificially learned algorithms fail, humans can promptly identify a face and perform valid authentications.
In order to combat digital crimes and secure AI technologies, we will have to awaken the detective in us. Being able to tell a fake video from a real one will take real judgment and intuitive skills, but not without the right training. Currently, we are not equipped to judge audiovisual content, but we can learn how to detect doctored media and verify content based on source, consistency, confirmation, and metadata.
However, as noticed by privacy evangelists and lawmakers alike, the necessary safeguards are not built into these systems. And we have a long way to go before relying on machines for our safety.
Moving in the world of technology, where every industry is going digital, there has been very less transparency among the businesses. Collaborating with businesses and entities online leaves room for some suspicious activities – means you will have no idea about the identity of the person on the other end. For example, the business you are onboarding may be a shell company or funding the terrorist.
Know your business (KYB) – these three words always seem to pop up everywhere in the industrial sectors, especially in financial institutions. KYB has successfully evolved from Know your customer (KYC) process and has eventually become an important part of today’s regulatory firms. It plays a vital role in low-friction regtech platforms to serve all types of customers without getting involved in illegal activities and entities.
The Bank Secrecy Act (BSA) of 1979:
Back in 1970, when the Vietnam war was on the full swing, a deadly confrontation erupted regarding drug trafficking. As a result, the administration laid a strong foundation against the War of Drug. The Bank Secrecy Act of 1979 (BSA) was introduced as a part of this policy agenda to deter illegal fundings. The BSA requires all U.S. financial institutions to report certain types of customer activities to the regulatory firm – FinCEN, the federal Financial Crimes Enforcement Network. For instance, financial firms need to report about the transactions totaling $10,000 or above.
The intentions of these regulations were to hinder the cartels, drug smugglers and other productive criminal enterprises from moving money through the US. The BSA makes the transactions more visible to the federal law enforcement hence starving the actors from their profits.
From KYC to KYB
The BSA is itself a foundation for the anti-money laundering (AML) regulations also known as Know your customer (KYC) compliance. It was enumerated in the 2001 USA Patriot Act as a result of the 9/11 incident and came into effect in 2003 – adopted by a joint resolution of federal financial agencies. These regulations intend to curb the flow of money to terrorist factions and other money laundering crimes. To meet these regulations, the institutes are required to maintain a record of personally verifiable information of every customer.
It won’t be an understatement to say KYC was built upon the BSA, which enforces the financial firms to ensure the identity of their customers that they are who they claim to be. However, the BSA rules were somehow vague that were covered by KYC regulations with the introduction of the Customer Identification Program (CIP) and Customer Due Diligence (CDD).
While KYC compliance ensures the identity of the customers and keeps an eye on the risk factors associated with them, but unfortunately there is still a major loophole unsolved. That is the financial institutes weren’t required to identify or verify the stakeholders and beneficiaries of the businesses and entities they are serving. This means that legitimate firms could unknowingly shelter bad entities or shell companies while performing illegal and high-value transactions on their behalf. Doing so makes the financial firms equally responsible for the illicit transactions taking place right under their nose.
This issue came into light through the scandal of Panama papers back in 2016 and as a result, KYB services were introduced for business verification.
Dive Deep into KYB
The officially titled “Customer Due Diligence Requirements for Financial Institutions” is what we consider as know your business checks or KYB. It can be taken as an extensive form of knowing your customer since it doesn’t only verify the name of the person to whom the business is registered. It also enforces the institutions to verify the identities of the chief executives and any other person who owns 25 percent or more of the business.
KYB compliance covers an entire industry of consultants who facilitate various firms to ensure that their business customers are properly investigated and none of them are involved in illegal activities. Every financial institution, merchant acquirer or payment companies who deal with money transfers and transactions, is enforced to perform KYB check of the businesses with whom it does business.
The checks for KYB solutions include the verification of company registration, business license, identification of a business, and other executives of the business. The KYB compliance requirements may vary from address and date of birth to driving license, passports and bank statements. Moreover, these checks are also performed against sanction lists, PEPs, Adverse media, and disqualified directors.
These authentication checks are carried out by the KYB solution providers depending on the nature of the business, transaction value, suspicious reports, and more importantly the country legislations.
The Role of 5th AML Directive
The regulatory regimes around the world are continuously changing with every passing day. Last year, two major regulatory directives were updated, the 2nd Payment Services Directive (PSD2) and the Fifth Anti-Money Laundering Directive (AMLD5). The PSD2 requires financial institutions to make certain data available to other institutions through the use of APIs (Application Programming Interfaces). Whereas, AMLD5 compels the financial businesses to keep tight reins on the personal information online.
The businesses from financial institutes to merchants, everyone is facing regulatory pressure to meet stringent verification requirements. To do so they deliberately need to adjust the processes to conduct due diligence. The 5th AML directive along with PSD2 and GDPR regulates organizations to verify the businesses – the KYB compliance.
AMLD5, in particular, holds liability for the EU states to collect all the legal documentation regarding the company in a central registry. Moreover, it is mandatory that this central registry must be available and accessible to all the obliged entities that are required to perform business verification.
Enhanced Due Diligence
After the Panama Paper Scandal, verifying the business entities and the mainstream business structure is an integral part of AML compliance requirements, compelling enhanced due diligence (EDD). It obliges securing additional information about the business client, for instance, the nature of the business relationship, source of funds, transaction history and the enhanced monitoring of the business relationship.
KYB in Europe
In Europe, the 4th AML Directive is already in effect and by January 2020, AMLD5 will also be in action. The AML 4 requires the businesses to identify the obliged entities and take prudent measures to verify their identities. It facilitates the businesses to know about the UBOs in regards to trust, foundations, and legality of the entities to better understand the structure of the business and customers.
According to defined rules, the beneficial proprietor in the EU is any person who owns 25% of the corporate business. However, in the upcoming AMLD5, the proposal is lowered to 10%.
KYB in the US
The Customer Due Diligence (CDD) Final Rule has been in effect since May 2018, in the US. This rule states as:
“Beginning on the Applicability Date, covered financial institutions must identify and verify the identity of the beneficial proprietors of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted)”
As per the regulations, the financial institutes include banks, dealers and brokers, mutual funds and futures commission merchants. However, different jurisdictions constitute different requirements. In fact, even one region may have different regulations to be applicable to the state members. For example, the US financial institutes, in addition to the Bank Secrecy Act (BSA), they are liable to OFAC (Office of Foreign Assets Control), FACTA (Foreign Account Tax Compliance Act) and SEC disclosure rules.
KYB Process – From Weeks to Seconds
Performing Business verification is quite difficult, time-consuming and costly. Most of the companies hide their true identities in order to surpass the money trial. Also, the shell company can obscure their true information in filling and different jurisdictions. The percentage of possession is mostly disguised through different paper trials which makes it difficult to identify. In fact, in some countries, there is no proper paper trial – means no documentation is required for setting up a business, hence no source to investigate for shareholders’ information – which is against the FATF, AML and CTF regulations.
Some of the companies are overcoming this problem by implementing KYB solutions just like KYC. However, manual verification is quite slow, error-prone and costly. To incorporate this con, the KYB solution providers are actively adopting automated ways to verify the businesses in real-time.
In this era of high competition and complex compliance requirements, there is a need for electronic ID verification of business. By automating the KYB process, the financial institutes can securely access the UBOs identifying information from the central registry and verify it. Moreover, meeting the KYB compliance can paramount the complex regulatory environment.
A large number of well-renowned companies are under the threat of high-scale data breaches. After one data breach, it does not mean that the same company could not again be exposed to a data breach. Exceptions are there if that company successfully take in place stringent actions after tackling the vulnerabilities exploited before. An example of frequent data breaches is Yahoo data breach. Statistics show that in August 2016, Yahoo hack was uncovered that took place in 2014. It affected user accounts of around 500 million people. The same company faced another hack in December 2016 due to which 1 billion accounts were affected. In October 2017, this report was updated, stating a total of 3 billion affected users and is considered biggest data breach in history.
With the advent of digital file transfers and reliance on digital communication means by multiple industries, data breaches are residing fairly at a high rate. In the U.S, in 2015 data breaches increased to 781 million which were 157 million ten years back i.e. in 2005. In the same time period, compromised user records increased from 67 million to about 169 million. An aforementioned data breach of Yahoo was absolutely contributing to these exposed records. The company advised its users to immediately change passwords and guarantees its users that it will take stringent measures to eliminate the risks of further attacks.
There is a lose-lose situation when a data breach occurs. It is not only the customers whose information is compromised, not just the deceived organization which is dealing with the recovery of hijacked information, meeting legal compliance needs and doing the aftermath of reputational damage. This breach cycle has to break. Otherwise, the lose-lose situation will never end.
What Data is Breached?
Personal, as well as a sensitive chunk of information, is breached. The information which online platforms ask to recognize some identity is compromised. This data includes first and last name, email address, residential address, contact number, username, passwords and some encryption keys that are a secret between user and organization for identification purposes. This information is called personally Identifiable Information (PII).
This hijacked information is sold to third parties and are also weaponized by cybercriminals who use this information to conduct a large number of fraudulent activities. Credit card information is stolen through which fraudsters perform transactions, account takeover frauds are done, real identities are used in several other cybercrimes. Identities of children and adults are used to perform money laundering and terrorist financing. The reason is that these names have not been previously used or involved in any criminal activity before.
Emerging Forms of Data Breaches
The dark web and emerging data breaches are threatening industries. Phishing attacks and account takeover frauds are looming online websites. E-commerce businesses, online gaming, charity, banking websites, etc. are highly prone to cyberattacks because of the assets it deals with. Any loophole in the system can cost businesses with heavy monetary and reputational loss. Online websites need to ensure that they authenticate each onboarding entity thoroughly against a bunch of checks that are enough to filter out bad actors from honest ones. Along with this, existing users should continuously be verified to make sure that identity is not switched with any fraudulent entity.
It is one of the most common data breaches. Identity theft was estimated to be accounted for about 50% of data breaches globally in 2015. It included about 40% of compromised records in the same year. Due to identity theft, a large number of financial institutions are affected. These sectors hold highly sensitive information in which financial information is common. This information if gets compromised results in huge damage for both the victim and the organization. Among this, the second most common type is the financial data breach. The financial sector lost 120 million identities in 2015. Cybercrimes are high in these sectors due to the attracting opportunities that fraudsters look for. The annual loss is an average of $13.5 million, which is highest as compared to other industries.
The emergence of social engineering is giving rise to multiple other frauds. Among which, email phishing attacks and website phishing attacks are common. End-users are targeted with email phishing attacks. A phishing email from a renowned brand is sent to the legitimate customers which ask users to enter their credentials and credit card information. This email is from a fraudster who is trying to hack the account of end-users. This could be done by clicking the malicious link which redirects the user to a website that seems real but is just a clone of that website. Right after suer enter credentials, the account is hacked through that phishing attacks.
Last year, most of the phishing attacks targeted e-commerce businesses, financial systems, and payment websites. Hackers are all active to exploit weaknesses in the system thorugh innovative tricks. On the same side, online businesses should take in place technological solutions to acter to these tricks.
Credential stuffing is more or less similar to account takeover fraud. It is a cyberattack in which username and password related information are compromised and that account is hijacked. Fraudster gets unauthorized access to the account by stuffing combinations of username and passwords through automated requests for login. This stuffing is done by automated bots who fit in every possible combination to hack the account and use it for malevolent purposes. Research shows that stuffing attacks are 8% successful while attempting to account for takeover.
Overcoming Data Breaches with Biometric Authentication
Understanding the nature of data breaches, now there is a need for taking into account measures that mitigate future damage. Considering the common methods of user authentication i.e. 2-factor SMS based authentication ensures security when a user tries to access the account from different devices or locations. But unfortunately, this method of user verification is not most adopted. Only 10% of Gmail users use two-step verification.
Well, that was one choice, data breaches take place as a result of unauthorized data access. Therefore, this should be catered with the immediate security layer that ensures an authentic user is trying to access the data/account, edit it or delete it.
Biometric authentication is another option. For identity proofing and online user verification, a prompt, efficient and robust method is to verify the end-user based on biometrics. This could be through fingerprint scanning, iris/retina scanning or face verification.
Face Verification: Through unique facial features, an end-user can be verified. Every time a user gives an access request to the backend system, it will ask to verify the face biometrics. If the traits match, the user will be authenticated and get access to the account. Face verification uses Artificial Intelligence and Machine learning technology to map the facial features and decide in real-time whether the characteristics match the real user or not.
Yes, fraudsters use tricks to fool the system, but facial recognition systems are strong enough to cater to those. The tricks of the printed image, or already taken selfie are used, which are tackled through liveness detection. Liveness detection ensures that the user is physically present at the time of verification. This can be done by recognizing the blinking of an eye, minor facial movements, 3D depth perception, etc. It ensures that the end-user is not fooling the system in any way.
Biometric authentication is the primary step to cut the roots of growing data breaches. All possible cyberattacks are the result of unauthorized access which compromises user data and costs the businesses way more than the technical solution installment. Also, the regulatory authorities are set up to evaluate industries that are prone to data breaches and whether or not they take in place security measures to deter the risks. Identity verification through biometrics contributes to combat the risks of cyberattacks and hefty compliance fines.
The complex regulatory environment and increased exposure to illegal activities indicate that business verification is in the best interest of regulated companies eyeing long term stability. According to the UNDOC, money laundering is estimated at 2-5% of global GDP, amounting to almost $2 trillion. Digital data breaches have also increased substantially over the recent past, with rising threats of virtual ID theft.
In order to counter this, banks are spending more than $48 million on due diligence and KYB processes, with rising onboarding costs, as reported by the Thomsons Reuters’ survey.
With the advancement in digital technologies and virtual data sets, KYB compliance and verification tools can help mark businesses that are involved in undercover activities and transactions. International requirements of both KYB and AML are increasingly reflecting the need to secure business transactions and prevent illicit financial flows from entering the formal sector.
The Regulatory Approach to KYB
Businesses face strict regulations that require them to identity and verify customers before onboarding them. The 4th AML Directive, in particular, puts emphasis on stringent audit trails that help prevent fraud and financial crime. For this purpose, Digital Verification Services such as KYC and AML screening have proven to be significantly effective in improving compliance procedures.
In a similar tune, regulatory requirements, such as the AMLD5 directive, now demand strict evaluation of both individual clients and commercial entities before carrying out business with them. This is to ensure that financial institutions and other businesses can avoid being connected to illegal transactions conducted by their clients.
Money launderers often get under the cover of businesses and the EU is rolling our stricter regulations for customer due diligence to stamp out aggressors. For regulated companies, this translates into a legal compliance requirement for which the adoption of a duplicate screening process for suppliers, vendors and traders becomes important. Other regulations such as the GDPR, PSD2, and FinCEN also require companies to be aware of the Ultimate Beneficiary Owners (UBOs) of entities before beginning a relationship.
According to new registration demands of the AML directive, all EU states are required to maintain national registers of beneficial ownership information on corporations and other legal entities. All companies and their owners now have to get their details registered, making it all the more easy to identify individuals involved in illegal activities through a business. Information of such regulated businesses will be made available to companies with a legal interest in business relationships.
Similar to KYC, Know Your Business (KYB) is a Verification Solution that cross-checks business identity by extracting official commercial register data using APIs. Using a business’ registration number and jurisdiction code, an efficient digital KYB service can collect verifiable information for the business.
Access to automated commercial registers through a data-powered business verification service make the due diligence process swift and free of errors, while saving valuable time and manpower.
This includes background data on the company: registered address, current status, company type, UBOs, previous name, trademark registration. A financial summary of the company’s operational accounts is also provided by the authentication service, in order to better validate its authenticity.
In addition, business filings offer instant, verifiable information about company financials; access to financial statements, sources and links to downloadable reports (such as register reports, annual accounts and shareholder lists).
Business statements can help companies stay on top of changes in management and organisation of connecting businesses. A change in directors or beneficiary owners can also reflect an evolving business environment, indicating the need for followup information on business matters.
Detailed information on corporate structure also provides insights into parent entities and lists of company subsidiaries (child, sister companies). Key factors under consideration are also based on the country in which the business is registered, the nature of business activities and the value of transactions it carries out.
Challenges in KYB
By far, one of the foremost challenges in KYB compliance lies in accessing beneficial ownership information, especially in jurisdictions that do not require companies to submit relevant documentation. A lack of shareholder information can make it harder to investigate money trails and business authenticity, leading to potential non-compliance costs.
Timely availability of data, in the right format, is also another hindrance, especially as company structures and management change over time. Storage and interpretation of data is also subject to a number of factors, mainly centering on companies adopting a manual approach to due diligence processes.
Moreover, companies that are currently implementing KYC processes have ample room for improvement in process efficiency, costing banks millions of dollars in lost time. It follows that digitization of KYB verification solutions will also be a tedious process of hit-and-trial before firms can grab its full potential.
Business Verification: Moving Forward
When it comes to risky transactions, regulatory authorities are not ready to bend their rules. The 6th AML Directive is also ready to be implemented soon, which indicates little or no leniency for financial institutions or businesses in the coming future. Therefore, KYB is central to the efficiency and transparency of firms doing business.
Data analytics software that aggregate and updates information about businesses assists stakeholders in keeping tabs on their operations and practices, as well as fulfilling due diligence requirements of KYB.
As a one-stop solution for business verification, Shufti Pro offers a cost-effective solution of due diligence review of companies. With an electronic identity verification (eIDV) service, the authentication process for business entities is made easier and more accurate. The integration of APIs and data-driven systems now allow easier extraction of data, as well as smoother coordination mechanisms for compliance review.
Transparent B2B Relations
As a pre-emptive measure, businesses can use KYB solutions as fraud covers in case of a breach. Using the right mix of technology and support, full coverage of business financials and organizational structure can be accessed in order to trace business activities. This also allows firms to maintain updated company databases for better workflows.
Business reputation is also incumbent upon due diligence processes that are reliable and foolproof. As a consequence, identification and verification of the beneficial ownership of connecting entities is vital to solving verification challenges.
Effortless Regulatory Compliance
A user-friendly interface allows businesses to fulfill regulatory compliance needs without any friction. Potential losses and non-compliance penalties diminish productivity for firms willing to extend their business networks. Reputational damage is also a leading cause of business failure when it comes to carrying out business with suspicious entities.
With a comprehensive approach to risk mitigation, online KYB authentication services provide strong risk-shields against such losses, securing long term benefits for all concerned parties.
CCPA provides sweeping privacy protection to California’s residents. It includes a provision that will allow consumers to know what data companies are collecting on them. The bill grants rights to California residents to be informed about how companies collect and use their data, and allows them to request their personal data be deleted, among other protections. It represents the start of a new era of privacy laws designed to protect personal data, says Kelsey Finch of the Future of Privacy Forum. CCPA’s section gives consumers the right to delete personal information from the company’s database.
CCPA Affecting Businesses :
CCPA will affect three types of businesses based in California:
Companies that have gross revenue of at least $25 million.
Companies that buy, sell and share the personal information of 50,000 or more consumers, households or devices.
Companies that get 50 percent or more of their annual revenue from selling consumers’ personal information.
By estimates, companies with less than 20 employees have to pay $50,000 for compliance. Large companies having more than 500 employees will have to pay an average amount of $42 million. This will make up for 1.8% of California Gross State Product. According to a report, total compliance costs for the companies subject to the law could range from $467 million to more than $16 billion over the next decade. Researchers estimated that as many as 75% of California businesses earning less than $25 million in revenue would be impacted by the legislation. States have begun to take efforts for privacy legislation. Facebook CEO Mark Zuckerberg advocated for creating a nationwide policy in this regard. Cost and complications will be lessened by setting one legal standard for tech firms than a piecemeal approach to compliance.
Since many businesses in California that operate in Europe had to make changes to comply with the GDPR which went into effect last year, CCPA has taken some elements from GDPR. The research suggests that the compliance costs for California’s law will be reduced this way. The EU estimated average incremental compliance costs for the GDPR would total about 5,700 Euros a year (nearly $6,300), according to the report, though there is also evident that the regulation lost productivity in sectors that rely heavily on data. Smaller firms are likely to take on a disproportionately larger share of compliance costs compared to larger firms with GDPR.
CCPA- An Inherit Part of GDPR:
Over a year after the introduction of the GDPR, concerns regarding its impact on larger firms appear to have been overstated, while many smaller firms have struggled to meet compliance costs. Resources explain this dichotomy as large technology companies are often several steps ahead of both competitors and regulators. In the long term, however, it is believed that the differential impact will likely shrink, driven in part by competition among third-party services that will help small businesses comply with the legislation.
Economic Impact on Companies:
Companies are going to face an economic impact due to CCPA. As smaller companies with less than 20 employees are expected to spend about $50,000 in initial CCPA compliance costs, while mid-sized firms with between 20 and 100 employees could incur costs of $100,000 to start, according to the study.
The expenses come at a time when companies are reaping big rewards from the buying and selling of personal consumer data. The use of personal data in online advertising is a $12 billion annual business in California. When combined with the buying and selling of information from data brokers, the number rises to $20 billion annually.
California businesses could spend an additional $16 billion over the next decade after initial compliance expenses to keep up with changes and other expenses, according to the report. Those expenses could include hefty fines for those who violate the law.
Meanwhile, some other state legislators are using California law as a model. In Nevada, for instance, a new privacy law went into effect on Oct. 1. That law, known as Senate Bill 220, will give consumers more ways to keep websites from selling personal data.
Businesses that need to comply with CCPA:
Following are some businesses that have huge private data that needs to be protected by CCPA:
Online businesses have a huge private date of which they are taking advantage. The user surfing through the internet is analyzed by AI-based products and products of their interest are shown to get him attracted. This means that user data is being used to get more sales of their desired products by advertising it. So CCPA will enhance the privacy policies of businesses across the globe. The so-called rights over consumer data will be exploited by CCPA.
AI-based Verification Services:
As the regulations regarding KYC and AML are becoming more stringent businesses are adopting identity verification services for their customers and for other businesses. For this, they have huge data of clients that they have to verify. Identity verification service providers have the most confidential data on hand, hence they must follow the provisions of the California Consumer Privacy Act.
Social media plays a vital role in their shopping decisions. Its a platform to target audience of interest. According to a study, 87% of shoppers are satisfied with the shopping experience through social media. There are many social media marketing tools that are employed to get to the audience of interest and to improve the sales of a particular product. Businesses are aware of these tools and deploying them well. The use of these marketing products employe available information on social media platforms. Social media sites have to change their practices of selling the personal information of users to third parties. The consent of the user must be required for selling this data to a third party business.
So, businesses need to comply with CCPA for the protection of private data of consumers. Since many California businesses had to comply with Europe’s General Data Protection Regulation last year, some of the compliance costs for the new state law will likely be reduced, according to the report’s authors. Many businesses need to comply with CCPA to mitigate the risk of a data breach. The law will go into effect on Jan. 1, 2020.
The ever-evolving regulations are creating challenges and complexities for the financial institutes, both in national and international markets. Financial sector deals approximately with 200 regulatory changes per day and these numbers are rising. Most of the time, businesses fail to concede these regulatory requirements and face heavy fines. Since 2008, global banks have been fined more than $321 billion collectively for not following Know Your Customer (KYC) and Anti Money Laundering (AML) regulations.
Even with a compliance cost of almost $100 billion globally in a single year, crimes like money laundering, terrorist financing, and cyber frauds are increasing. Financial Institutes (FI) do not only find it challenging to comply with KYC and AML regulations but increased fraudulent activities make these things even worse. Financial institutes often fail to identify fraudsters and face fines and even get banned.
Fraudsters and money launderers are exploring new ways of carrying illegal activities. An undercover agent who infiltrated Pablo Escobar’s drug cartel responds, “You can launder money in so many different ways, it is as unique as snowflakes.” To counter these challenges, regulatory authorities are making updates in regulations almost every day.
Changing Regulations with the Changing World
In the aftermath of the 2008 financial crisis, regulatory authorities put forth several noticeable amounts of regulations, but now almost after a decade, some regulators and lawmakers think it is time to analyze what is working and what is not and make necessary amendments accordingly.
Banks and financial institutes are the protectors of the financial systems and the responsibility to prevent financial crimes lies with them. In the last decade, these institutions have worked tirelessly to establish reliable KYC and AML procedures and systems. However, changes created by technology and globalization demands modifications in regulations.
For instance, high demand for virtual currency has made regulators reassess in place regulations and make amendments to regularise cryptocurrency. As most of the cryptocurrencies are not backed up by any central governments the potential of its use in illegal activities, especially terror financing and money laundering, already threatens the authorities and businesses.
The authorities are making amendments and the newest laws to regulate all these advances in financial systems. Here are some recent changes by notable global regulatory authorities:
Financial Action Task Force (FATF) is an intergovernmental organization, which strives to eliminate money laundering and terrorist financing globally. The organization has been very keen on recommending necessary changes required to comprehensively deal with financial crimes.
Noticing the recent trends of money laundering (ML) and terrorist financing (TF), FATF recommends member states to perform legal screening of Ultimate Beneficial Owners (UBOs) of every business. Owing to the exploitation of virtual currency by criminals, FATF also recommends regulating cryptocurrencies. According to a report, $4.26 billion worth of cryptocurrencies were stolen by cybercriminals, only in 2019. FATF expects members to implement these regulative reforms in their respective states for combating ML and TF.
European Commission’s AMLD5 and AMLD6
As a part of an action plan against money laundering and terrorism, the European Commission has introduced new regulations in the 5th and 6th AML directives. Every European country is required to implement these regulations as a part of its national action plan on AML and CFT.
The most prominent law in AMLD5 is the regulation of cryptocurrency exchanges and service providers. Before this directive, e-wallet providers and crypto exchanges were not covered under the financial regulations. AMLD5 made it compulsory for crypto businesses to perform KYC for identity verification. Furthermore, member states are required to maintain a central register for Ultimate Beneficial Ownership (UBOs) of the crypto businesses.
AMLD5 also lowers the threshold for the prepaid cards to decrease the risks of money laundering through these cards. According to the U.S Federal Bureau of Investigation (FBI), drug cartels use prepaid cards as a source to launder money earned from illegal drug sales in the USA. European countries are required to implement AMLD5 by January 10, 2020.
While the European Union’s member nations are striving to implement AMLD5, the European Commission published a new directive i.e. AMLD6 in their journal. This new directive will make AML and KYC regulations more stringent. By setting a clearer definition of money laundering and increasing the minimum liability for predicate offences, the EU aims to make AML and KYC more robust.
The key elements of AMLD6 are:
Addition of Cyber Crimes in Predicate offences. Predicate offences are crimes underlying money laundering and terrorist financing. Initially, cybercrimes including online identity theft, credit card frauds were not included in predicate offences. Once AMLD6 is implemented the businesses will require more enhanced KYC checks to avoid indulging in unlawful activities.
Inclusion of the entities that are aiding criminals to launder money in money laundering crimes. The addition of ‘enablers’ can make money laundering tracking easier.
The punishment for money laundering and terrorist financing is increased for up to four years including other penalties.
RegTech: A useful KYC solution
While the aforementioned are major regulatory changes in the world, many countries are also regulating businesses to perform enhanced due diligence and KYC at national levels. Financial Sector is obliged to follow these regulations.
However, the financial sector is not lagging and is taking measures to remain compliant with rules. Since the finance sector always remains one step ahead in adopting innovative technology. One of the latest addition to the finance sector’s arsenal is Artificial Intelligence (AI). The finance sector can adopt AI to make KYC/AML screening more robust, cost-effective, and time-efficient.
RegTech (Regulatory Technology) refers to the use of technology-based solutions to help in compliance with financial regulations. RegTech is enabling rapid development in the financial sector regarding compliance. AI-based identity verification and AML screening solution are both cost-effective and time-efficient. Businesses should adopt AI-based KYC and customers due to diligence solutions (CDD) when onboarding customers to remain compliant with regulatory changes and avoid any offence.
KYC laws are continually modified to catch up with the latest techniques for perpetrating financial crimes. A recent example is AMLD6 by European Commission, which intends to make KYC and AML compliance stricter. The financial sector must adopt effective measures to maintain the integrity of the institutions as well as meet the regulatory requirements. They are the first line of defence against money laundering and need to act accordingly. To ensure that businesses remain in compliance with these changes, RegTech industry is rendering efficient AI-based solutions for KYC checks.
Summary: Sixth Anti-Money Laundering Directive (AMLD6) highlights a stringent framework to combat money laundering and terrorist financing. It extends the scope of criminal liabilities and entities with an updated list of predicate offenses. AMLD6 came up with tougher penalties and widens the criminal liability to legal persons.
The European Commission affirmed action plans to tighten the reins on mounting money laundering and terrorist financing. On 26 June 2017, the 4th Anti-Money Laundering Directive (AMLD4) came into force contributing to the same idea of combating bad money flow. It stated the regulations for information exchange and its operation among financial institutions. After this, EU co-legislators identified the need for amendments in AMLD4 which were declared in AMLD5. These changes are expected to come into effect by the 10th of January 2020 and state sectors which need to strengthen the standard operations to deter the risks of money laundering. Also, it asserts that the sectors facilitating criminal activity will be subjected to harsh regulatory penalties. Recently, the EU Commission came up with Sixth Anti-Money Laundering Directive(AMLD6) published in the EU’s Official Journal. AMLD6 introduces a harmonized authoritarian framework for the elimination of money laundering.
AMLD6 strengthens the existing norms of anti-money laundering. It establishes minimal criminal liability rules for money laundering by setting it’s clear definition and stating predicate offences, enforces minimal sanctions and extends criminal liability to legal professionals. It reinforces the framework with the police cooperation point of view. Furthermore, the Directive sets specific requirements regarding information records and requests, sensitive data processing, and restrictions to rights.
AMLD6 – New Measures and Amendments
EU Commission proposed new measures to fight against terrorist financing and money laundering activities. Commission believes that existing models are neither comprehensive nor consistent. It suggests that definitions should be cleared at the national level and scope should be widened that covers the industries with a broader perspective. It further elaborates that criminal proceedings are innovative enough to exploit the parliamentary discrepancies. These weaknesses become the source of opportunities for money launderers to convert their ill-gotten gains to good money.
The draft provided by EU legislation is obliged to send it to Parliament as well as Council. The trialogue of three bodies will reproduce an agreed document that would be accepted as a new EU law. Denmark will not be affected by this law due to its legal agreements and the UK government may be opted out of the adoption of AMLD6 notwithstanding Brexit agreement. The fundamental component of AMLD6 is the list of 22 predicate offences. AMLD6 defines these predicate offences explicitly which will definitely impose obligations on the firms. Companies would have to take in place monitoring systems to detect direct and indirect links facilitating predicate offences.
Following are the key elements of AMLD6 that incorporate criminal legislation:
Harmonized list of Predicate Offences
The scope of 22 predicate offences has extended. Now it includes the emerging threats of environmental crimes and cybercrimes in the EU. Environmental crimes refer to those that set out in legal acts of the Union. Similarly, cybercrimes are declared as predicate offence that was not catered in the FATF recommendations. Tax crimes are also in the scope of AMLD6, the crimes that directly and directly committed due to tax commutation. To avoid the ruinous circumstances, firms should familiarize themselves with the expanse of 22 predicate offences.
Aiding and Abetting, Inciting and Attempting
The money laundering scope is extended in AMLD6. Now, aiding and abetting, and inciting and attempting lies under the premises of money laundering perspectives. By including these entities that are called ‘enablers’, money laundering tracking can become easier. These entities are considered the facilitators of the money laundering process. Therefore, AMLD6 extends its boundaries for money launderers to combat the risks of embezzling funds transfer.
Criminal liability extension to Legal Professionals
Recalling AMLD5 in which legal professionals were spotlighted to undergo client identity verification and keep accurate information about them. AMLD6 focuses on the evaluation of legal professionals. According to which, criminal liability is extended to legal professionals i.e. partnerships and companies. It is applicable to those who facilitate money laundering through their businesses directly or indirectly for the sake of their own benefit. Legal professionals would be answerable if Individuals who caught transferring illicit funds is not identified.
In addition to this, the representatives, executives, supervisors, and decision-makers who lack proper individual authentication or supervision would be accountable for facilitating criminal activity.
Tougher Regulatory Penalties
One of the most important area covered in AMLD6. The Directive says that all Member States are supposed to set the imprisonment of at least four years to deter money laundering. The business that caught facilitating money laundering would be temporarily or permanently banned. Also, there would be the closure of business units and operations, exclusion from public funding access, halted grants and concessions through which predicate offence is committed. Wise companies are in the race of complying with the regulatory norms to avoid harsh fines and reputational loss of a company.
The rising exposure to money laundering is alarming for industries and businesses. Any entity that facilitates money laundering or terrorist financing actions will be sentenced with heavy penalties. Companies are seeking innovative solutions to tackle money laundering and to perform efficient monitoring of bad money flow through Artificial Intelligence and Machine Learning techniques.
Data Protection and Privacy
This initiative facilitates competent authorities to take in place stringent mechanisms through which personal and sensitive data is collected and processed. The fundamental rights of the subjects should not be compromised in any way. The directive focuses on data protection and privacy rights, the information collection should be minimal and should not include any financial information, for example, financial transactions or credit in bank accounts. Although a limited set of information includes personal data i.e. subject’s name, bank account number, date of birth, etc. Information on the total number of bank accounts of the subject is necessary for the purpose of investigation.
Sixth Anti-Money Laundering Directive (AMLD6) will be formally published and adopted in the EU’s Official Journal and at least after 26 months of coming into force, firms would have to comply with the directive. Member States have to follow the regulatory provisions and laws to take into account the associated predicate offences that could be promoted in the premises of legitimate business in any way.
Financial Action Task Force (FATF) has been very keen on eliminating financial crime (money laundering, terrorist financing) at a global level. The regulatory authority recommended some major changes in AML (Anti Money Laundering) practices and screened the AML practices of some of its members (direct or indirect) and also, added new countries in its member’s list.
FATF is one of the most influential global financial regulators. It has 39 complete members and several members under its affiliates (APG, CFATF, EAG, etc.) around the globe working on a thorough implementation of AML regulations. FATF is always keen on eliminating money laundering from all the countries and territories. Numerous industries including financial and non-financial sectors are added to the scope of reporting entities of FATF recommendations.
In a wake to ensure global compliance, FATF is always in search of loopholes in AML and CFT (Counter Financial terrorism) regulations and compliance practices of the member countries. Regular screening of AML practices of its member countries is a part of its operations.
In 2019 as well, FATF took some vital steps to expanded the scope of its regulations to a global level and to cover the gaps between global AML regulations.
Saudi Arabia Became the First Arab Member of FATF
FATF expands the scope of its regulations to a global level by adding new members. Becoming a member of FATF requires the country to fully comply with FATF recommendations making it almost impossible for criminals to exploit it.
Saudi Arabia is setting standards for the Arab and Middle eastern countries by becoming a member of FATF. the country was practicing the global AML and CFT regulations for the last four years. Also, in March 2019, it was about to be blacklisted by FATF, but missed it closely and now becomes full member of FATF.
Financial institutions and businesses offering any types of financial services will be liable to comply with global AML regulations. This means the latest AML recommendations of FATF regarding cryptocurrencies and the legal sector will also be imposed on the reporting entities in Saudi Arabia. This initiative of Saudi Arabia will bring more business into the country as it is identified as a safe country by fully complying with the 40 recommendations of FATF. Meanwhile, the businesses in the country will be under the strict scrutiny of the regulatory authorities.
It is high time that businesses in Saudi Arabia should identify the crucial need to practice complete AML compliance.
Pakistan in the Greylist
FATF keeps an eye on its member countries by screening their efforts to eliminate money laundering and terrorist financing. Pakistan is a member of the Asia Pacific Group on Money Laundering (APG) and was under the scrutiny of FATF since 2018. The reason behind this scrutiny is the terrorist attacks in India. It was claimed by the Indian authorities that the terrorist activity was executed by a terrorist group in Pakistan. Also, the Panama Papers placed a question mark on the AML and CFT practices of Pakistan. The regulatory authorities in Pakistan are required to take proactive measures recommended by FATF to be removed from the grey list.
In 2019, FATF made an analysis of the AML practices of regulatory institutions in Pakistan. The decision has to come regarding, whether Pakistan will be added to the blacklist or not.
It shows that FATF does not ignore any kind of non-compliance by its member states. In order to maintain the good image of their country, the member states are always in a wake to adopt stringent practices to enforce AML compliance in the business sector (financial and non-financial). Because becoming a member of FATF of just the first step, the countries have to go through regular screening of FATF and need to maintain a crime-free financial infrastructure in the country.
So, the businesses in full member countries and indirect-member countries are in dire need of practicing complete AML compliance. As non-compliance will lead to dangerous consequences like huge fines and loss of credit rating, loss of credibility, etc.
Changes in FATF Regulations
FATF gives recommendations whenever it finds a loophole in global AML and CFT regulations. In 2019, the authority gave some major recommendations to its member countries.
FATF recommended AML compliance for the cryptocurrency and legal sector in 2019. The legal sector is required to screen the Ultimate Beneficiary Owners (UBOs) of the entities they represent.
Also, the cryptocurrency businesses are required to practice AML and KYC compliance just like the financial sector.
The reason behind these new recommendations is the increase in fraud in these sectors. Cryptocurrency is widely exploited by financial criminals at a global level. According to a report, $1.1 billion of cryptocurrency was stolen in 2018. On the other hand, the legal sector is also exploited by money launderers to incorporate their black money into the business proceeds of shell companies. That is why the legal professionals are required to verify the identity of UBOs of business entities they are serving.
FATF also recommends the art dealers and precious metal dealers to practice KYC screening on their customers and to report transactions above the predetermined threshold.
Why Do Businesses need to Practice AML Compliance?
The businesses in the financial and non-financial sectors are covered in the scope of AML recommendations of FATF. Operating in countries that are full or indirect members of FATF, the businesses are obliged to practice thorough compliance with global AML regulations. Harmful consequences follow the non-compliance practices of businesses.
Non-compliance could result in fines, loss of credibility, credit rating and market value, and in some cases complete shutdown of the non-compliant entity. For instance, take the case of the Danske Bank’s Estonia branch which was closed due to a huge money-laundering scandal. Also, the bank faced several lawsuits and huge penalty.
The recent efforts of FATF show that the entity will leave no rock unturned to eliminate money laundering at a global level. So, it means that businesses have no other option but to take proactive measures against financial crime. Running real-time KYC and AML screening on the customers before onboarding them eliminates the risk at the very beginning. It enhances the credibility and credit rating of a company along with proactive fraud prevention. Such steps will help businesses in gaining a competitive edge. Hence, such proactive measures create a win-win situation for businesses.
In this era of technology, it is a common saying that “Innovation leads and regulation follows.” This couldn’t be any truer with the adoption of the Fifth Anti-Money Laundering Directive (AMLD5) by the European Union. AMLD5 is basically an extension of the previous iteration – AML4. Both of these directives are to tackle and control the on-growing power and risks associated with the use of technology by criminals.
Moving into the fourth industrial revolution, businesses are completely under the limelight of technology. Of course, the criminal world is also taking advantage of technology to carry out their operations more effectively and anonymously. This drives the attention of government and regulatory agencies to come up with stricter directive for businesses to curb criminal activities.
The aim behind the introduction of AMLD5 is to prevent money laundering, terrorist funding and illicit transfer of money throughout the financial industries of the EU. The same was the goal statement of AMLD4 but in some ways, AMLD5 is more advanced and covers some further aspects. It includes a better definition of the virtual currencies, the changes and the information-sharing policies that are required to combat crimes related to prepaid cards and financial institutes.
From AMLD4 to AMLD5
Previously AMLD4 tackled the risks by making it mandatory for “obliged entities”- banks and financial institutions – to meet KYC and due diligence requirements. Also, the companies operating within the EU were obliged to maintain central registers of their ownerships. According to the European central bank, AMLD4 didn’t go far enough to curb the risks posed by criminal transactions and money laundering.
The main reason was the recent terrorist attacks throughout Europe. Moreover, the Panama papers scandal in 2016 followed Paradise Papers publications in 2017 made it a top agenda for the regulators to come up with a more efficient directive. These papers provided insight to the government into the ways politicians and wealthy-beings can exploit tight-lipped offshore tax regimes. These incidents created a huge fuss around the world questioning the credibility of country regulations.
Taking into account these issues, the updated framework of the 4th Anti-Money Laundering Directive – AMLD5 came into force in July 2018 which is to be implemented from January 2020. It doesn’t contain any new sets of rules, instead, they are just an extension of the previous ones. The fifth AML directive intends to bring boundless transparency in business activities and company ownership within the EU.
Multiple amendments posed by AMLD5 in the fourth directive. These extensions are to strengthen the policies to deter money laundering due to new technology advancements. AMLD5 not only proposes the public registry for beneficial owners of obliged entities, but it also addresses the significant risks associated with virtual and cryptocurrencies.
The Obliged Entities and Requirements
The fifth AML directive covers various entities that include:
Legal Professionals, Auditors, Tax Advisors, and external accountants
Trust, or company service providers
Person trading in goods (involving cash payments in amounts of €10,000 or more)
The most important requirement of AMLD5 is requiring the obliged entities to implement the beneficial ownership registry. It is essential for state members to collect and maintain accurate and current information about the legal entities – as described in AMLD4. In order to meet this requirement, the obliged entities that are operating in the EU must have Know your Customer (KYC) information, in addition to beneficial ownership information, readily available with all the planned procedures.
Enhanced Due Diligence:
Undoubtedly, the beneficial ownership registry is the primary level of customer due diligence. However, with the implementation of AMLD5, the obliged entities will have to adopt Enhanced Due Diligence (EDD) requirements. The EU-based banks are compelled to perform EDD every time they enter into transactions from high-risked third countries as defined by the European Commission. This requirement is to diminish the potential of doing business with criminal organizations.
The process of enhanced due diligence involves the collection of additional information about the customer, the screening and the completion of risk assessment. The risk rating strategies must involve the risk factors that may be responsible for updating the KYC policies and Procedures. For example, technology is the major risk factor and the manual KYC process is needed to be digital.
After the completion of the risk rating process, the entities must ensure the automatic delivering of data to national authorities and providing them access to information. Enforcement of AMLD5’s EDD requirement on EU-based entities doesn’t mean that their clients must also follow them. But if a bank in Europe adopts stringent EDD requirements, then the associated entities are required to ensure that they are complying with AMLD5 requirements along with their regional regulations.
The Significant Changes in the Regulation:
Though AMLD5 is an extension of AMLD4 regulations but there are some key changes that are highlighted in this directive, it includes:
1. Virtual Currencies
The virtual currencies like Bitcoin possess the transparency feature, i.e. the individuals involved with them tend to stay anonymous. It is both the weakness and strength of the organizations as well. The weakness because of the involvement of money launderers and cybercriminals. AMLD5 clearly states that virtual currency exchange platforms must have to apply Customer Due Diligence(CDD) just like traditional financial institutes.
It includes all the KYC and customer verification requirements. Moreover, customers have to get registered. All these requirements are to combat money laundering and criminal funding that takes place through these platforms.
2. Letterbox Companies
Under the new AMLD5 regulations, anyone will be able to access information about the real owners of “Letterbox” Companies that are operating in the EU. These companies are considered the hub of corruption, money laundering and transnational organized crime. This change in the directive can reveal the corruption and tax evasion that may be taking place in the companies.
Moreover, with the central beneficial owner registry will be available for individuals with a ‘legitimate interest’, for example, an investigative finding out the owners of trusts and companies.
3. Prepaid Cards
AMLD5 has called for a reduction in the threshold of anonymous prepaid cards – from €250 to €150. This new arrangement is to combat the criminal activities that might be taking place through these cards. While prepaid cards generally have legitimate uses, the anonymous cards are readily used in money laundering and terrorist funding.
The banks and other financial institutions are obliged to conduct CDD against the prepaid cardholder if the payments exceed a defined threshold. Moreover, as per AMLD5 regulations, the use of prepaid cards – that are issued outside EU territory – will be prohibited unless they follow AMLD5 regimes
Notable Challenges for Businesses in adopting new Standards
Until now, though the businesses used to comply with AML regulations but didn’t have to take that much notice of AML directives as they will have to do now. Previously, financial institutions and tax advisors were the major entities meeting AML compliance. However, with the introduction of AMLD5, now the virtual currency exchange platforms, prepaid cards, and custodian wallets will also have to obliged to new standards and regulations.
The obliged entities have to comply with Customer due diligence, monitoring the virtual currencies transactions and keeping a tight rein on customer activities that they might find suspicious. The major challenge for businesses is that from onboarding customers to ongoing documentation, they have to keep the data up-to-date and share customer information with anti-money laundering authorities.
Moreover, businesses will need to make sure that all the staff members have proper knowledge of the AML directives and follow the standards accordingly. It will cost businesses in training their employees. As the date of implementation of AMLD5 is approaching near, the time to incorporate all these new standards and rules is shortening – another challenge for the businesses.
The financial sector landscape is evolving with the advent of the FinTech industry. Many revolutionary services and products are introduced by this sector and Money Services Businesses (MSBs) are one good example of such businesses. These revolutionary innovations increased ease for the masses. But lack of KYC and AML regulatory compliance specific to this sector left loopholes for the criminals. Also, most of the money transfer businesses are showing a lack of concern towards AML compliance, which increased the fraud rate in this sector.
Sensing the urgency, some countries including Australia, Canada,etc. are taking steps to prevent financial crime in money services businesses. Before we explore the regulatory and preventive measures taken by these countries let’s dig deeper into MSBs as defined by the regulatory authorities.
If we look at the definitions provided by FinCEN, AUSTRAC, FATF, and
FINTRAC, broadly an MSB business includes any individual, business or organization that performs the following operations as a :
Currency dealer or exchange
Issuer or seller of traveler’s checks, money orders, etc
Remittance service provider
If a person or a business conducts these operations worth $1000 or more on a daily basis than it is liable for compliance with KYC and AML regulations.
The MSBs are regulated in several regimes but lack of implementation and scrutiny led to an increased exploitation of this sector. Regulations are developed for AML compliance in MSB but lack of implementation is the issue. Regulatory authorities like FATF, AUSTRAC, and FINTRAC adopted a risk-based approach in MSBs’ AML regulation.
Primary actions required for KYC and AML compliance by MSB are as follows:
Complete KYC of customers (identity verification)
AML screening of customers
Getting registered with the regulatory bodies
Why MSBs Need KYC/AML Compliance?
MSBs are some of the most common victim of money launderers. Often the MSBs do not perform KYC and AML screening on their customers, and this loophole in security is utilized by fraudsters. Money launderers and terrorist financiers cannot go to banks because they often run KYC/AML screening on people before serving them. That is why criminals use MSBs.
They transfer the funds without being traced. Later, if a transaction is labeled as illegal the criminal will be untraceable because they use fake identities. Ultimately the service provider MSB will be deemed liable for fine.
So, the MSBs need to practice in-depth KYC and AML screening on their customers before onboarding them. KYC and AML compliance helps MSBs in gaining credibility and customer trust. Research found that people feel more confident with online platforms that have some sort of visible security measures like real-time identity verification, 2-factor authentication, face verification, etc.
Regulatory Authorities Tightening Reins on MSBs
The need for improved compliance culture is identified by global regulatory institutions. Financial watchdogs are all set to eliminate money laundering from all the business sectors. This compliance culture could be achieved only if the businesses will also understand their responsibility towards eliminating financial crime from their spaces.
AUSTRAC Targeting Money Transfer Businesses for AML Scrutiny
AUSTRAC (Australian Transaction Report and Analysis Center) is targeting the money transfer businesses for thorough implementation of KYC and AML laws in that sector.
In August 2019, Austrac launched the campaign against illegal money transfer businesses. This campaign requires the money transfer businesses to register with AUSTRAC and to practice KYC/AML compliance. The objective of this campaign is to reduce the exploitation of these unregistered businesses by criminals.
Money transfer businesses that will not register with AUSTRAC will be liable for a fine of $420,000, seven years jail or both.
The money transfer businesses are required to submit their International Funds Transfer Instruction (IFTI) to AUSTRAC on time. Those who fail to do so are fined for non-compliance.
In September 2019, the regulatory authority fined $252,000 to Compas global holdings Pty Ltd. the company was unable to report the international fund transfer between 2018-2019.
Not only that AUSTAC also ordered PayPal Australia to hire an external auditor at their cost to report on the fund transfer of the company to and from Australia. This order was generated after the self-reporting of PayPal on the findings of its internal report.
AUSTRAC is aiming at eliminating the crimes associated with money laundering through strict scrutiny of the businesses involved in high-risk fund transfers. “Money laundering enables criminal activity that causes real harm to Australians, such as human trafficking, child exploitation, illegal firearm sales, and drug trafficking.” AUSTRAC Chief Executive Nicole Rose said in a statement.
Canada Increasing Pressure on MSBs (Money Services Businesses)
Canada also increased pressure on MSBs and introduced some rigid KYC and AML laws for this sector. The government of Canada amended the regulations of Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA). FINTRAC (Financial Transactions and Report Analysis Center) will be responsible for the implementation of these laws.
The new laws for MSBs have the following key points:
The MSBs (local or international) should be registered with FINTRAC and it will have the right to charge penalties in case of non-compliance.
The financial institutions are not allowed to conduct business with unregistered MSBs.
The MSBs are entered into the reporting entities list of FINTRAC.
The AML screening, recording and reporting regulations that were previously imposed on fiat businesses are now imposed on the MSBs as well. It means that the MSBs operating in Canada will have to conduct in-depth KYC and AML screening of their customers before onboarding them. Also, they will have to maintain a record of the compliance process and should report any suspicious transactions above the predetermined threshold.
How Online KYC/AML Screening Will Help?
Online KYC and AML screening can be the companion of a hard time for the MSBs. The customers of these businesses are from every corner of the world so manual verification is not possible. Developing in-house verification software requires exhaustive resources and bears huge costs, so it is not a feasible solution.
Online KYC and AML screening solution is a cost-effective and easy solution that delivers results with high precision within a minute. It is high time the Money Services Businesses should invest in KYC and AML compliance because the regulatory authorities have identified the risk lurking in this business sector and are all set to give a hard time to non-compliant businesses.
As part of the Action Plan against terrorism, the 5th Anti-Money Laundering Directive (5AMLD) proposed by the European Commission aims to address risks associated with virtual currencies and wallet providers. The proposal augments the 4th Directive in its efforts to enact EU rules designed to combat Anti Money Laundering (AML) and financing of terrorist activities (CFT).
The indication is of thorough regulatory change as digital currency exchange platforms and e-wallet providers are now required to comply with AML and CFT requirements. Collecting and monitoring customer data will be part of their compliance operations.
Under the new law, the general public will have access to beneficial ownership information of EU companies, and due diligence measures for financial flows from high-risk countries will be beefed up.
Cryptocurrency – Safe or Not?
Virtual currencies such as bitcoin provide efficient ways of data sharing and user interaction for a wide customer base. However, the inherent way in which cryptocurrencies are able to hide user identity opens up opportunities for suspicious transactions online.
This implies that authorities cannot trace the identity behind any kind of transaction, and financial transfers can therefore be concealed easily. The risk of such services being used by terrorist organisations looms large on the horizon, leading to strict scrutiny measures for the crypto realm in 5AMLD. Virtual currency remittance systems are also at the risk of being used for terrorist and illegal activity financing.
As safety of digital transactions dwindles, KYC for identity verification becomes an increasingly important part of the security equation. In contrast, at the very heart of cryptocurrency is the counter-intuitive idea of decentralisation that allows a user to create a disconnect between his identity and e-money. The key here is finding the middle ground between privacy and legality.
Currently, only a third of all businesses across Europe and the US perform background checks on their users. And this is about to change after the implementation of 5AMLD.
Before this commission, no other EU Laws were directed at monitoring digital currencies or e-wallets. Previously absent in 4AMLD, the new directive includes a definition of virtual currencies:
‘a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically’.
This covers a wide range of virtual money – coins, tokens, custodial wallets – to ensure that no form of electronic value escapes monitoring. Although the definition is all-encompassing, it is useful to note that it merely views cryptocurrency as a means of exchange online and not as assets, securities or commodities.
There is no clarification for ‘virtual currency exchanges’, but individual entities are identified as providing services between virtual and fiat currencies. Again, the scope of such transactions under AML/CFT compliance is unclear, and the commission almost overlooks crypto-to-crypto exchanges. For Initial Coin Offering (ICO) organisers, brokers and other platforms, this underscores the need for detailed checks under 5AMLD Compliance.
In this respect, the UK has warned against the use of crypto assets in illegal activities, and hinted at using a broader regulatory framework.
Next in importance to cryptocurrencies are e-wallets. A custodian wallet is explained by the law as:
“An entity that provides services to safeguard private cryptographic keys on behalf of their customers, to hold, store and transfer virtual currencies”.
Following this interpretation, a service provider shall not be liable under CFT/AML laws unless it holds the user’s private key. Obliged entities include centralised cryptocurrency exchanges such as Mist, Ledger Nano S and Trezor.
Under 5AMLD, previously unlicensed exchange services and e-wallet providers now need to be authorised through a registration process. This means that common AML practices such as customer due diligence, transaction monitoring, and fraud detection will need to become part of company compliance processes. Countries are obliged to create central databases, with complete lists of virtual currency users and their self-declaration forms.
As ironic as it may seem, cryptocurrency providers will collect, store and monitor information of customers, as well as any beneficiary owners that may be involved. For the purpose of AML/CFT screening, this puts an end to any anonymity in the currency space, and enables concerned national authorities to collect such data and verify it against relevant account holders.
The law also lowers the threshold for identifying users of e-money, to further empower Financial Intelligence Units (FIUs) by facilitating information exchange. In addition, when performing a KYC before a business relationship, the corresponding beneficial register in the EU must be accessed.
Onwards and Safer
After the 5th AML Directive of the EU is rolled out, crypto exchanges, e-wallets and trading platforms will require efficient identity verification processes and AML monitoring tools for enhanced customer experience.
For smooth sailing amid regulatory change, digital currency providers are better off adopting reliable KYC/AML/Customer Due Diligence and financial crime control strategies well in time. Cybercrime and terrorism need to be rooted out at source, and compliance officers must carefully identify their exposure to the risk of criminal activity. Keeping in view the products and services being offered, cryptocurrencies must conduct a risk assessment and take pre-emptive action against high-risk transactions and users.
Regulating cryptocurrency space will not be as easy as controlling its non-digital counterpart. Regulators, financial institutions and crypto providers equally face technical challenges in ensuring compliance of AML laws. Sharing relevant, open and transparent information, as well as establishing partnerships at each level, will, therefore, be central to the process of regulation and innovation.
The modern world is an era of technology. Moving into the fourth industrial revolution, digitization of organizations is gaining grounds in the marketplace. The industries are rapidly adopting the latest technology to secure their place in the competitive market. The identity thieves and fraudsters have set their new targets, i.e. online business. Using advanced technological tactics and sophisticated tools, they are actively exploiting the business and consumers.
The primary purpose of all the thieves and fraudsters is to gain a monetary advantage, no matter what type of fraud it is. Living in the 21st century, traditional payments are moving towards the elimination of cash. The trend of online transactions and mobile payments is on the rise and fraudsters, are not going to miss the opportunity to compromise the transactions. Over the past few years, card fraud has become one of the fastest-growing and challenging frauds for businesses and organizations.
The organizations accepting card payments are constantly under threat of fraudsters and cybercriminals. This means they are exposed to chargeback losses, customer churns, brand damage and other financial impacts of the digital frauds. Moreover, the strict KYC and AML regulations on businesses dealing with money demand an effective verification solution that can fulfill the regulatory requirements.
Taking into account the increased card frauds, the businesses don’t have to tackle fraud to protect themselves but it is their responsibility to protect the respective card networks as well. This is the reason why the service providers have their own monitoring policies and programs imposed on the merchants and businesses. It helps the merchants to drive improvement in their fraud prevention strategies and tools.
Mastercard’s new fraud monitoring program is set to be implemented from October 2019 to all the merchants in the US. With the execution of this program, the businesses will need to invest in the verification and authentication services to curb chargebacks and prevent themselves from hefty fines.
Mastercard’s Excessive Chargeback Program:
Considering the rising trend of chargebacks, MasterCard has launched an Excessive chargeback program to carefully scrutinize each merchant’s chargeback activities. In this program, with the predetermined chargeback thresholds, the acquirers can effectively evaluate and predict chargeback risk associated with a merchant. Monitoring these chargebacks rates, the acquirers can take action when a merchant exceeds or is expected to exceed the predefined acceptable threshold.
Mastercard chargeback thresholds are determined on the basis of the chargeback-to-transaction This ratio is calculated by dividing the current month’s first chargebacks amount by the total number of transactions in the previous month.
Recently landed in October 2019, MasterCard’s new Excessive Fraud Merchant (EFM) compliance program is applicable to all the merchants in US businesses. This program is applicable to every merchant who meets or exceeds the pre-defined thresholds for following short-list of criteria:
The minimum number of e-commerce Mastercard Payments must be 1,000
The net fraud volume per month is greater than $50,000
A fraud-count-to-transaction ratio (FCTR) that is greater than 0.50%
Total 3D Secure (3DS) Mastercard transactions that amount to less than 10% of total Mastercard payment volume
In addition to the chargeback threshold, in the EFM program, MasterCard predefines the fraud threshold. The failure of merchants to meet this predetermined threshold level can result in fines and deactivation of the card service as well. The net fraud volume is calculated according to the following chargeback codes:
4871: Chip/PIN Liability Shift
4870: Chip Liability Shift
4863: Cardholder does not Recognize – Potential Fraud
4840: Fraudulent Processing of Transactions
4837: No Cardholder Authorization
The fines will begin to imposed from March 2020. These fines will be applicable to any merchant remaining the EMF programs for two or more executive months, eventually varying the fine charges. For instance, after being in the program for two months, the fine will start at $500 rising to $1000 for three months, $5000 for 4-6 months and $25,000 for 7-11 months.
What does it mean for Merchants?
Disputes and fraudulent payments are unfortunate aspects of online payments. The best way to manage them is to prevent them from happening by integrating an effective fraud prevention strategy. With the new Mastercard’s fraud prevention programs, the merchants need to invest in payment verification and authentication solutions in order to avoid remaining in the EFM program.
The fraudsters and scammers are using advanced tactics and automated tools to stay anonymous and spoof authentication checks and filters to carryout fraudulent payments using stolen identities and customers’ credentials. Merchants must need to respond in kind to prevent them from exploiting the business. It can be done by adopting an AI-powered identification solution. Shufti Pro’s verification solution uses multiple verification and authentication services that are best suited for online businesses.
Preventing Fraudulent Payments
A payment is considered fraudulent in a case when the cardholder or accountholder doesn’t authorize it. The fraudulent payments are often made using stolen cards and card numbers – card not present frauds. Sometimes, through account takeover, fraudulent purchases are also made. By the time the cardholders review their card statement or get notified about the payments, the transactions have already been made. As a result, they contact their card issuers and claim a chargeback and ask them to dispute it.
Collect information – Verify Payments
Insufficient and vague information provided by the customers at the time of checkout is one of the major reasons why businesses fail to identify if the customer is legitimate or not. Just because someone successfully logged in to the account doesn’t guarantee that the transaction is done by an authorized entity. The businesses need to integrate authentication checks at the time of checkout to verify the identity of the authorized customers.
For instance, integrating Shufti Pro’s Consent verification in the e-commerce platforms requires a video consent from customers holding the identity card or credit card. With the hybrid approach of AI and HI technology, the authorized users are verified at the time of checkout. If the authentication is failed, the payment won’t be approved. The identity verification services provided by Shufti Pro combat intruders while keeping any customer burden and losses to a minimum.
With evolving global KYC regulations, the biggest concern of businesses is to streamline their compliance processes with customer onboarding. Online KYC screening solutions address multiple concerns of executives planning to implement KYC compliance in their organization.
Becoming KYC compliant requires extensive research. Below is a detailed guide on KYC for businesses around the world.
What is KYC?
The scope of KYC is not limited to the verification of the clients only. Businesses around the globe practice it to verify their merchants, agents, partners, employees, etc. with the change in purpose, it also changes the name of this process and it becomes, Know your Merchant (KYM), Know Your Business (KYB), or Know Your Employee (KYE). But KYC is the most common, and one compact process can be designed to verify the customers, employees, merchants, etc of a business.
History of KYC
Businesses, especially the financial sector have adopted KYC way before other sectors due to high financial risk associated with their operations. In the past, KYC regulations were only imposed on the financial sector but with the evolution of the financial sector and the advent of FinTech expanded the scope of KYC regulations.
BSA and Advent of KYC in Financial Sector
KYC started when the U.S. introduced the Banking Secrecy Act (BSA) in 1970. This act was developed to control drug trafficking by keeping an eye on black money transactions. Subsequent AML regulations were developed on the basis of BSA in 2001 in the form of the USA Patriot Act which was implemented in 2003.
After that many other regulatory authorities introduced KYC and AML Regulations on regional and international levels.
Evolution of KYC
With an increase in money laundering and terrorist financing, the regulatory authorities are always in a bid to enhance the regulatory framework. The KYC regulations of BSA were globally acclaimed and many states implemented those regulations or developed their own regulations accordingly.
With the break of Panama Papers, the global regulatory authorities amended the KYC regulations to curb money laundering. For instance, FinCEN (U.S regulatory authority) amended the KYC regulations and expanded the scope of customer verification in 2016. Because there were loopholes in the KYC protocols of financial institutions. Shell companies were used by the criminals to wash their black money by manipulating the business proceeds of those businesses.
Since 2016, KYC is also addressed as KYB (Know Your Business). Global regulatory authorities now demand the financial institutions to verify the Ultimate Beneficial Owners (OBO) of the businesses that they serve as clients.
KYC Compliance Program
KYC compliance is not just a one-time practice. It is a thorough verification process that starts with developing a Customer Identification Program (CIP). Then it comes to accessing the risk associated with each client. In the case of a low-risk client, basic KYC is enough but if the customer has a high-risk profile then Enhanced KYC is applied to that customer.
Customer Identification Programs (CIP)
Customer Identification Program is the first step in KYC compliance. It consists of the requirements of regulatory authorities that apply to your business model or industry. CIP protocols are the same in most of the regions in the world. For instance, in the USA the CIP requires that every financial transaction must be verified through an in-depth identity verification of the person making the transaction.
The CIP includes the risk assessment of the individual and business accounts of the financial institutions. The financial institutions are required to define their risk appetite. Once it’s set, the businesses and financial institutions are required to assign a risk rating to each of their clients. It helps them define risk measures for clients falling under different risk brackets. KYC procedures are defined uniquely for complete risk prevention in all those risk brackets. This is the point where the financial institution or the business decides the procedure of Customer Due Diligence (CDD) and Enhanced Due Diligence(EDD).
CIP also includes the collection of customer information and the verification of this information. Once completed the customer is assigned a risk rating and CDD or EDD is performed on that customer based on risk rating.
Customer Due Diligence (CDD)
Customer due diligence is the process of processing the customer’s information for KYC screening. It is the second step in KYC compliance. In this step, the basic information of the customer is collected in real-time or in some cases manually.
The information collected for customer due diligence is as follows:
Date of birth, etc.
This information is used to verify the identity of the customer. The customer is assigned a risk rating as per his credentials. The risk rating of the customer is decided on the basis of the customer’s country, financial credibility, and the AML screening of the customer. In case a customer is found to be related to someone in the PEP or sanction list than the risk is considered high and Enhanced Due diligence is practiced on such clients.
Enhanced Due Diligence (EDD)
In case of a high-risk customer, the financial institutions and businesses perform more strict KYC and AML screening, which is called Enhanced Due Diligence (EDD). Enhanced due diligence includes an in-depth investigation of customer’s identity, financial status, income, etc.
Commonly enhanced due diligence includes collecting information about:
Transactions pattern and any unusual transaction
These EDD measures are designed by businesses as per their risk appetite. It is partially based on regulations and compliance protocols.
Who Needs KYC Compliance?
As per the regulations of global regulatory authorities. The companies around the world are required to perform in-depth identity verification on their customers to eliminate financial crime at an organizational and international level.
As per the global regimes on KYC and AML, the following are major businesses and industries that are liable for KYC and AML compliance.
Banks and all their subsidiaries
Businesses in FinTech, online payment solutions, money transmitters, etc.
Virtual currency businesses
Dealers of precious metals
Real estate sector
Non-bank mortgage lenders
Casinos and online gaming
Real estate sector
Non-bank mortgage lenders
Regulatory Authorities Around the Globe for KYC and AML
The major regulatory authorities that develop, recommend and implement KYC and AML compliance regimes around the globe are as follows:
FATF (Financial Action Task Force) is a global authority that collects and analyzes money laundering and terrorist financing data from the globe and gives regulatory recommendations based on its findings. It has 190 member countries.
FinCEN (Financial Crimes Enforcement Network) is a bureau of the USA treasury department that collects the financial transactions data and uses it for financial crime mitigation and international level.
FINTRAC (Financial Transactions and Report Analysis Center) is a regulatory authority in Canada, that collects and analyzes the financial crime data and works on the thorough implementation of KYC and AML rules in Canada.
FINMA is a swiss financial regulatory authority that supervises banks, insurance companies, stock exchanges, etc. The authority is responsible for the thorough implementation of Swiss KYC and AML regulations in the institutions liable for regulatory compliance.
Europol is a European Union authority that works on anti-money laundering and mitigation of financial crimes like terrorist financing.
Global KYC and AML Regulations
The regulatory authorities around the globe are different in many countries, and there are some global watch dogs as well to bring the countries on one page for counter criminal activities. Most countries have their own regulatory authorities for designing and implementing KYC and AML regulations. But all the regulations have a few things in common, which are minimum requirements of KYC/AML compliance. Global and local businesses need to comply with those regulations at minimum to prevent non-compliance penalties.
Below are major KYC and AML regulations practiced in major states in the world like the USA, UK, Canada, China, etc. These regulations are practiced in other states as well with some variations.
The reporting entities are required to screen the identity of their clients before starting any relationship with them.
KYC and AML screening must be performed regularly on all customers.
Customers should be given risk rating and necessary measures of additional screening should be practiced to cater to excessive risk.
A proper record of KYC and AML screening must be maintained.
Transactions (local/international) above the minimum transaction threshold must be reported to the concerned authorities.
Penalties are charged in case of non-compliance.
For AML screening, the clients must be screened against international sanction lists, terrorist lists, PEPs lists, etc.
Some countries require the reporting entities to maintain an AML department and to hire AML officers as well for thorough compliance.
Due to global risk, businesses are required to develop some sort of global risk cover. Like KYC/AML screening software that could verify people from every corner of the world.
Major updates in Global KYC/AML Laws
Amendments in Canada’s PCMLTFA rules
Canada also changed its KYC and AML regimes to collaborate with the global regulations of FATF. It amended its PCMLTFA rules. FinTRAC, the independent regulatory body in Canada, will be responsible for the thorough implementation of these rules. Digital KYC will be possible as scanned copies of documents can be used for KYC verification of the customers. Money service businesses and virtual currency businesses will be added to reporting entities and they will have to follow KYC and AML regulations just like the typical fiat currency businesses.
The USA expanding its Counter-Terrorism Powers
The USA also changed its KYC rules to cater to increasing money laundering and terrorist financing. It expanded its counter-terrorism powers and now targets the international financial institutions around the world that aid the terrorist groups working in the U.S. Also it added three Korean groups, namely, Bluenoroff, Lazarus Group, and Andriel into sanctions lists. These groups were involved in the global cyber attacks on financial institutions.
UK MLA Amendments
The UK also amended its KYC and AML regulations and expanded the scope to an international level. The Money laundering Act (MLA-2017) of the UK was amended. The UK-based businesses will practice the MLA rules in their international affiliates operating in non-EEA states.
The EU 5AMLD and 6AMLD
The EU implemented its Fifth Anti Money Laundering Directive (5AMLD) in 2018-19. 5AMLD reduced the transaction and deposit limit on the prepaid cards. If the card holder will deposit or make a transaction of above EUR 150 the prepaid card provider will have to run KYC and AML on its customers. This limit is EUR 50 for online transactions.
6AMLD is an extended effort to harmonize AML/CFT regulations in the EU region. 22 predicate offences are provided in the official journal of 6AMLD and the new regulations are pushing reporting entities to go the extra mile in their effort to prevent financial crime in their authority area.
FINMA gave banking certificates to Crypto Banks
FINMA and Swiss regulatory authority issued banking certificates to pure-play cryptocurrency banks. Tight KYC and AML regulations are imposed on these banks.
FATF recommendations for Crypto, legal and precious metal dealers
FATF also gave some recommendations in June 2019. As per the recommendations, the member states are required to implement KYC and AML regulations on virtual currency and legal sector. These businesses will be required to follow the same regulations as financial institutions.
The above discussion shows that fraud and financial crime is a global threat that affects not only the businesses but also the economies. The rise of internet and FinTech created loopholes in the previously prevailing KYC and AML laws. Even if a business is a victim of a phishing scam it will have to bear some sort of financial loss in the form of penalties, profit loss, recovery expenses, etc.
Hence the reason why regulatory authorities around the globe are joining forces against money launderers, terrorist financiers, cybercriminals and identity thieves.
So, the businesses are obliged to exercise KYC and AML compliance for several reasons. KYC and AML compliance help businesses in multiple ways.
Benefits of KYC and AML Compliance
1- Fraud Prevention
One of the major reasons why businesses perform KYC screening on their customers is fraud prevention and risk prevention. Fake or stolen identities are used by fraudsters to conduct their illegal activities anonymously. Mostly the victim businesses and institutions are targeted for financial gain.
Some common frauds with businesses are account takeover fraud, money laundering, terrorist financing, phishing scams, etc.
KYC and AML compliance help businesses with effective risk management. Once the risk is identified, KYC verification helps in seamless and thorough implementation of fraud prevention measures. Because designing risk prevention strategies is the first step, KYC and AML screening helps in reaping the benefits of such strategies.
2- Regulatory Compliance
As mentioned above most of the businesses around the globe are liable for KYC and AML compliance. KYC and AML are not limited to developed and prosperous countries. Global regulatory authorities are expanding the scope of KYC and AML regulations to eliminate money laundering at a global level.
For instance, recently FATF, a global regulatory authority included new members in its member states. The newly added countries are not developed countries but are the ones with a high rate of financial crime. Other than that most of the countries have their own KYC and AML regulations and regulatory authorities for their thorough compliance. Some major authorities are mentioned above.
Regulatory authorities have the right to charge high penalties to the reporting entities in case of non-compliance. KYC and AML compliance practices help businesses in preventing any such penalties.
3- Secure Customer On-boarding and Customer Retention
Going KYC compliant helps businesses in developing a secure customer base. Screening the clients before onboarding shows its commitment towards securing the interest of all the stakeholders.
The research in 2018, found that 66% of the customers feel more secure on online platforms that use security protocols. Performing KYC and AML screening on clients gives a positive message to the customers that you have them covered against fraudsters. Showing your security concern through visible security protocols helps in retaining clients. The same research found that a lack of visible security is the major reason why clients abandon an online transaction, globally.
4- Credibility and Growth
KYC and AML compliance help organizations in gaining credibility and market value. Compliance with regulations help in gaining global acknowledgment, and market share. On the other hand, non-compliance with KYC regulations will leave loopholes for fraudsters that will be exploited by the fraudsters.
In case of non-compliance businesses not only face profit loss they also lose their credit rating in some cases. For example, one of the Swedish banks involved in a money-laundering scandal in 2019 lost its credit rating and market value.
So, KYC compliance helps in gaining retainable growth as KYC verification helps in onboarding only legitimate clients. Also, customers stay for a long time if the business offers good security protocols. So, it helps the business to retain and grow its market value and credit rating.
5- Real-Time KYC: An All-In-One Solution
Real-time KYC is when the customers are verified in real-time through the internet. In real-time KYC and AML screening, the customers are verified within a minute without using any physical document verification.
Identity verification is done through face verification, ID card verification, document verification, 2-factor authentication, etc. AML screening is also conducted along with KYC screening by verifying the information of the end-user with global watchlists, sanction lists, and PEPs lists, etc. So, it helps the businesses in eliminating a huge risk within a minute.
Real-time identity verification and KYC/AML screening solution can be customized according to your compliance budget. On average Shufti Pro offers a 20% low cost as compared to the market rate. Also, real-time verification is less costly as compared to manual verification. No need to hire extra employees or building new infrastructure to accommodate huge compliance department.
2- Frictionless Procedure
Real-time identity verification can be performed within 30 seconds. So it helps in attaining a frictionless KYC and AML compliance.
It helps the businesses in KYC and AML compliance as the whole process of KYC and AML screening is swift and effortless, from the API integration to the verification of the end-user. The end-users will not have to change several windows or webpages for verification.
A real-time identity verification solution provides high precision in results. Although the verification process is completed within a minute but it does not affect the verification results. Shufti Pro delivers a 98.67% precision rate in its identity roofing results.
4- Global Coverage
KYC and AML screening done through AI-based solutions deliver global coverage in risk prevention. The software verifies the information with global databases and screens the information written in all major languages used in Identity documents.
KYC and AML compliance is a global phenomenon, businesses need a compact KYC and AML screening solution to comply with global regulations. Developing an in-house KYC/AML screening solution is not suitable because it is a huge investment. It requires top-notch resources and global coverage for thorough compliance. Hence the reason why most of the businesses around the globe, especially those with a global clientele are using outsourced KYC/AML compliance solutions.
API integration is very easy and swift. All major programming languages are supported and integration can be done with a website and online portal or an app. So, outsourcing proves to be feasible for businesses in all aspects.
Process of Real-Time KYC
First of all you will design your KYC/AML screening solution as per your budget and adds the services that you wish to receive as part of your KYC or AML screening solution. Then comes the integration of your business platform (website, app, online portal) with that of Shufti Pro’s system through API integration. On completion of the integration, the verification process starts. Either the new customers are verified or the previous ones are also verified through batch screening.
For verification, the customer enters the data, and shows its ID card along with its face. So the verification is performed in real-time. After verification the results are shown on the screen and updated in the back office provided to the customer.