Securing the Fintech with Regtech Soluiton

AML Checks

AML Checks: An Emerging Frontier in RegTech Revolution

The Anti Money Laundering (AML) landscape has been around since the signing of BSA (Bank Secrecy Act) in 1970. Financial institutions have been battling with compliance regulations since forever. Over the years the financial services industry has confronted $26 billion by way of non-compliance fines. To enable the banking sector to fulfil its compliance obligations, the RegTech industry has come up with some of the most technologically advanced solutions. They are able to enhance the capability and output of compliance teams in banks and financial service firms. From advanced analytical tools to anti money laundering checks, banks are now able to fight fire with fire.

Overspending on AML Compliance

The risk of money laundering has increased significantly due to the fact that overseas transaction volumes have increased making the financial system more vulnerable to financial crimes. The constantly changing AML regulations and the increase in non-cash payments have added to this risk infinitely as well. But the banking sector has been dealing with all these challenges by investing heavily in the expansion of their compliance teams. This has not only increased their annual spending on AML compliance – $3.5 Billion – but has made the process, if anything, more complicated than ever before. In the US compliance staff in banks has increased exponentially.

The Drawbacks of Prevailing AML Systems

For the moment, AML systems currently resemble operational units that have huge overheads and still employ manual procedures to manage client profiles. The cost of such compliance teams would have been acceptable if only they were as effective. Some of the major drawbacks of these AML systems include;

  • Large amounts of unstructured data make it difficult for different teams to accumulate and organise information. This ultimately causes operations to slow down, creating friction in onboarding procedures. Banks still resort to calling each customer individually to update their documents for KYC (Know Your Customer) procedures. Simple tasks such as these can be easily automated.
  • The systems in use for analysing client data are outdated and slow. Such legacy systems use fixed rules for analysing customer data and are unable to account for unforeseen scenarios. This rule-based approach generates a large number of false positives, that ends up wasting a significant amount of time and money to be wasted towards investigating bogus leads.
  • Outdated systems also result in erratic reporting of suspicious activity. As financial institutions deal with a large number of customer data, the system can produce an equal amount of false positives, thereby causing the compliance team to overlook legitimately high-risk cases.
  • Due diligence procedures in banks are still manual. They rely on manual identification, verification and screening of clients, which are both slow and have a higher rate of inaccuracy.
  • The complexity in financial transactions and the proliferation of faster services has made it difficult for financial companies to monitor client activity. Online payments and anonymous fund transfers also lack adequate KYC and AML procedures.

As prevailing systems are becoming more and more inefficient and costly, banks are exploring new avenues to perform AML compliance. An emerging avenue in this regard is regulatory technology or RegTech that is enabling the financial sector to implement advanced tech solutions to aid their AML compliance functions. More than anything, these systems have the ability to reduce costs and enhance the onboarding process. All such tools can make compliance systems in banks more feasible and cost-effective.


AML Compliance Systems and Tools

The RegTech space is now leveraging technologies like AI and big data to make streamline compliance procedures in banks and financial institutions. One such system is advanced analytics that can intelligently analyse client data and process it within minutes. The current analytical models being implemented are rather tuned to explicit regulatory and anti-money laundering requirements. Therefore, nearly 90% of the warning signals generated by them are false positives.

However, advanced analytical tools are now allowing banks to venture beyond such legacy systems. They primarily operate based on machine learning algorithms that can learn from past behaviour and issue alerts using predictive analytics. They sift through past data to look for patterns and determine legitimate and suspicious transactions. Such analytical models require large data sets to work with that financial companies can provide easily. ML algorithms help reduce the number of false results significantly, thereby saving ample time for compliance teams to investigate legitimate alerts. The manual work in such cases can be reduced by at least 50%.

The Fintech industry is still working on developing more advanced systems. They are using deep learning which is a step further from machine learning. It can be used for image processing and to imitate human speech. In short, it is able to mimic human cognition and implement intelligence towards the investigation of financial crimes like humans do. Efforts are being made to refine such processes and bring them into the mainstream.

Anti Money Laundering Checks

Another simple yet highly effective tool for improving AML compliance is AML screening. Anti Money Laundering checks also use AI to perform background checks of individuals by screening them through global sanction lists and databases. AML & CTF checks enable banks to screen out money launderers, financial criminals and Politically Exposed Persons (PEPs). Financial institutions can choose whether or not to take on a flagged person as a client or to at least classify them as a higher risk client and thus charge higher premiums accordingly.

Shufti Pro is an anti-fraud solution that uses AI and Human Intelligence to provide KYC and AML verification services to businesses. It can effectively help prevent your business from financial crime laundering through anti money laundering checks. Shufti Pro is providing ongoing PEP screening for clients wherein banking institutions can execute ongoing screening for a specific list of clients or even their entire clientele. They can also implement batch screening which allows them to screen existing customers through AML sanction lists.

Recommended For You:



RegTech facilitates effortless AML Compliance


The latest report by Research and Markets states that RegTech industry is expected to grow to USD 12.3 Billion by 2023.

RegTech is relatively a newer concept. It leverages technology to assist financial institutions and other markets in complying with global regulations. The main applications are Customer Due Diligence and Risk Management. RegTech companies develop intelligent solutions by using innovative technologies like Artificial Intelligence, Machine learning and Big Data to translate compliance rules into practical implementation.

The Financial Crisis of 2008 was the driving force behind evolution of FinTech. To address the gaps in consumer experience and efficient services, technology played a vital role. Online payments, Distributed Ledgers, Virtual Wallets are some key outcomes which are now used in day-to-day activities.

The development of FinTech led to a parallel development of RegTech. By automating and digitising traditional methods the nature of customer on-boarding drastically changed. The resulting online ecosystem demanded a robust, and new form of governing rules. As a result financial regulators introduced new set of compliances which proved to be beneficial but put a strain over businesses.

RegTech facilitating FinTech

It is to be noted that regulatory compliances can be a lot of headache when it comes to implementing systems, training legacy infrastructures or covering a global audience. Seeing financial crisis, hack attacks, scams etc; financial bodies made information collection laborious. Although with justified reasons at heart.

To handle this RegTech offers two solutions:

  1. Saving time and cost
  2. Accurate and real-time results.

It make easier for companies to quickly and efficiently adapt to new regulations. The market is not limited for application of RegTech. It sits at the heart of every interaction between a financial institute and its consumer. With the growing CDD, KYC, KYCC, AML, CFT rules, RegTech is changing the scope of customer on-boarding.

 Who creates RegTech?

Is essentially an open communication between regulatory authorities and technology experts. The concepts, ideas and rules are those which are found to be the standards and then fed into the system.

It is neither the job of RegTech solution providers, or industry advisers to create the guidelines. Although, some suggest that industry needs more consistent approach toward standard of identification and risk management. However, technology experts have an equal opportunity to understand market demands, and compliance trends to develop solutions.


Leveraging RegTech for AML Compliance

Research and Markets’ latest report state that Identity and Access Management is expected to grow to USD 37.79 Billion by 2023 while Compliance and Risk Management to USD 64.61 Billion by 2025.

ID Verification and Risk Assessment plays a pivotal role in establishing any business relation. Especially when this is taking place online. To create trust between a consumer and merchant, an established and verified identity is a must. To curb fraud and terrorist financing, and collect valid information, compliance demands to thoroughly vet a consumer’s ID documents, and remote presence. EU’s 4MLD requires all screening of potential customers against OFAC and FATF standardised AML watchlists. It is to restrict investors with a criminal or PEP status.

Admittedly, these key requirements ultimately increase the cost and labour involved to meet compliances. RegTech provides businesses an all in one effortless solution with real-time processes to verify and screen identities. With the help of Big Data, AI, and Machine Learning, RegTech solutions can easily crawl vast data banks, apply logical commands and reduce time or friction.

Each passing year brings newer regulations. This has a direct effect on the operations of businesses. It means that RegTech has become necessary. From KYC, AML to transaction monitoring, the scope of market is promising. The trends in the field evolve with the requirements. 


Shufti Pro GDPR Review 2018: How we protected our clients from regulatory fines?

Shufti Pro stands out in KYC industry not only because of its highly customizable and global identity verification services but because of the unique regulatory protection provided by Shufti Pro to its customers. After all, the collection of personal information to authenticate the true identity of an end-user puts both Shufti Pro and its customers at a substantial risk. Regulators from all over the world have put forward strict privacy laws and regulations that not only dictate strict guidelines for personal data collection but also want companies to follow set rules when it comes to using personal information of a common user.

GDPR was one of the most comprehensive and powerful regulations introduced a couple of years back and July 2018 was the deadline for businesses to become GDPR Compliant. This set of rules was applicable for businesses that were either based within the European Union or even those that were based outside of EU but provided services to its citizens. In order to safeguard its customers from multi-million dollars fines – fines for businesses found in breach of GDPR – Shufti Pro aligned its verification services in line with GDPR specific guidelines.

GDPR guidelines for Identity Verification Services by Shufti Pro

GDPR never had any specific guidelines set out for identity verification services or for third party KYC service providers. In fact, it was a generic set of instructions for any business that was collecting personal information of its customers and the privacy guidelines that these businesses have to follow.

As a third-party verification service that was verifying the identity and financial risk attached to customers of online businesses, Shufti Pro designated a special role for itself as per the specific terminology introduced by GDPR i.e. processor of data. This made our clients collecter of personal information in order to verify the identity of incoming users.

Read: Try Shufti Pro KYC Services Free of Cost for 15 Days Now

It meant that although, Shufti Pro was the business entity that was tasked to verify the personal information claimed by end-user it was the responsibility of Shufti Pro client to secure that data. On our own end, the collected information was secured from not only any brute force attack but special protocols were developed to delete the collected data, when a request was received either from Shufti Pro client but also from an end-user as well.

KYC Verification procedure under GDPR

Shufti Pro only collects data for verification purposes as per the legal agreement signed by Shufti Pro and its customers. This data will be limited to verification of the credentials, identity or any other related verification that was required by our customers to be provided as per the legal agreement. We have even added a consent button at the form where a customer is supposed to fill its identification details. We also provide the option for customers to go through our data protection, privacy policy and Terms & Conditions, to ensure full transparency.

Access Rights

User can request access to the personal data he has shared with Shufti Pro about himself. Personal data is anything identifiable, like his name and email address. If he requests access, Shufti Pro (as the processor) need to provide a copy of the data, in most cases in machine-readable format (e.g. CSV or XLS). Daniel can also request to see and verify the lawfulness of processing. A client can seek access to their data by asking Shufti Pro of what they require at We at Shufti Pro believe to be at legal and moral obligation to facilitate any manner of an individual rights request. Shufti Pro enables you to grant any access request by easily exporting user record into a machine-readable format.

Deletion Rights

Under the GDPR, the user has the right to request that Shufti Pro delete all personal data it has collected from him. The GDPR is required to permanently remove userís contact from their database, including verification results, all personal information, saved images/video, form submission data, and credit card data. In a GDPR compliant manner, a client can seek to have their data deleted by querying Shufti Pro at The Data protection officer at Shufti Pro in most cases will respond back within a 30 day period. In many cases, the right to deletion is not absolute and can depend on the context of the request, so it doesnít always apply.



3 Reasons why RegTech is the Future of Innovation?

Regulatory Technologies, commonly referred to as RegTech, is an innovative use case of Financial technology building on the fintech security. According to an estimate, USD 118 Billion will be spent on regulatory and compliance software by 2020. After all no matter how innovative Fintech becomes, no digital business will be interested in it unless it adheres to the regulatory compliance that the business has to follow. Simply put, a Document verification service or an identity verification solution is of no use to a European company if it does not comply with GDPR. So it is pertinent that instead of just integrating fintech solutions, businesses opt for Regtech solutions and in case you have been living under a rock for past 2 years and don’t know what is RegTech, then read the following lines carefully:

What is RegTech?

The term was coined by Deloitte and according to Investopedia it was “created to address regulatory challenges in financial services through innovative technology”. So basically it is an extension of Financial Technology that not only helps in performing complex and complicated tasks of financial service industry but also helps comply with regulatory compliance. Regulatory technology takes into account, regulatory guidelines issued by financial regulators overseeing the operations of their potential clientele. Fintech security can be enhanced by using RegTech such as a identity verification solution that follows the privacy law and data protection protocols applicable in a given territory.

Features of RegTech

Regtech industry is currently growing rapidly with solutions ranging from automated business verification to AML services being devised in various forms. But despite having applications in multiple industries, RegTech share some common features such as:

Highly Structured – RegTech Industry has been able to deliver highly structured regtech solutions that had impeccable scalability despite having multiple layers of operations and digital tasks. An online ID verification service, such as Shufti Pro, can perform identity checks not only for officially issued identity documents but can even use customized identity documents for authenticating a person’s identity.

Swift Performance – It is a given that FinTech & RegTech are quick at processing any digital procedure. It ensures not only better customer satisfaction but a smooth pipeline for interaction between a human resource and a Regtech solution as well.

Smooth Integration – Regtech Industry mostly offers solutions that are required to be integrated with pre-existing software, online systems or web-based services. It may be know your customer service or a document verification solution, but flawless integration is important for any Regulatory Technology.

Future of RegTech

RegTech industry has a huge potential of earning revenue as most of the market for RegTech is untapped. Moreover, there are new financial systems and digital platforms that are in need of innovative regtech solutions. Regtech for Blockchain and Cryptocurrency RegTech can help these new age business platforms to achieve a level of transparancy and legitimacy. This will help them curry favor with not only their regulators but their investors and potential customer base as well.

Banks are already pushing financial regulators to allow them in the adoption of improved fintech and it is high time that businesses around the globe start utilizing fintech & regtech to perform a range of digital services that fall within the purview of regulatory compliance as well. Fraud prevention can be performed with Online ID verification and a document verification service can come in handy for a remote service provider.

Recommended For You:

KYC & AML For Bitcoin

Here’s How Compliance to KYC and AML Regulations May Help Crypto Rebound

Cryptocurrency was the talk of the day in the months and even years leading up to the present weeks. Very recently, we have seen a drop in the mentions of cryptocurrency in online world. In early 2018, the value of cryptocurrency and tokens in the market was above $800 billion. This number has dipped below $180 billion, showing a fall of more than 75% in the previous 5 months.

Lack of Compliance to Regulations in ID Verification

The non-compliance to the laws set forth by national and international watchdogs with regards to AML compliances and KYC regulations has definitely been a major push for the downfall of the use of cryptocurrency, globally. There were high risks associated with the crypto trading because the KYC and AML regulations during the ID verification process were not being complied with, majorly. One reason may be the lack of awareness for the need of an automated identity verification system when trading cryptocurrency. Whatever the case may be, the crypto market has not proved to be safe enough for blockchain businesses and online platforms due to the increased rate of scams and frauds.

Another reason was the irreversible nature of the cryptocurrency transactions. This made it an easy target for people looking for a perfect means of money laundering – an ungoverned method of money transfer, i.e. cryptocurrency. Online and blockchain businesses found this to be a major issue. They found it tedious and cumbersome to take necessary steps for KYC and AML compliance for ID verification. Some of the countries had a specific set of rules that needed to be followed by the companies under their jurisdiction, in addition to the basic KYC and AML regulations. This put a lot of unwanted burden on businesses, which lead them to drop the idea or usage of cryptos and blockchain for their ventures, be it for a token sale or general payment transactions.

An American Economist, Mr. Rogoff said,

“I think bitcoin will be worth a tiny fraction of what it is now if we’re headed out ten years from now. Basically, if you take away the possibility of money laundering, tax evasion, its actual uses as a transaction vehicle are very small.”

(An interview with CNBC, quoted by

This has proved to be surprisingly true as the situation stands today.

Stabilizing cryptocurrency through conventional Financial Regulations

The KYC and AML regulations are enforced by the FATF, an international organization responsible for the fight against terrorism and criminal activities. Their major regulation with regards to the cryptocurrency is centered around the idea that a money trail needs to be left behind, because if that is done, then money laundering can be prevented by tracing it back to the origins.

This can be done by the successful integration of KYC and AML solution in the systems at the banks, financial institutions, online businesses, payment processing platforms, blockchain businesses, etc. All the transactions in the crypto space are through wallet addresses and do not require personal details of the sender or the receiver, like name, DoB, etc. This further leads to the anonymity of transactions, and the laundered money is even harder to trace back to the source.

With KYC and AML services installed in the system, before every transaction is processed or the money is received by an individual, they would be required to go through an identity verification process, which would act as a record of their involvement in the process.

The Shift of Physical and Online Businesses to Blockchain

Another solution to stabilizing the cryptocurrency can be shifting the digital businesses to blockchain technology. The blockchain is a ledger that keeps a record of all transactions that occur. Even though with blockchain we can trace the transactions back to their original source, that alone is not enough to make exchanges secure. There are a lot of ways to dupe the blockchain system without the integration of KYC and AML integration in the ID verification system.

Merely recording the details of transactions does not ensure that the person performing the exchange is the same as the one whose credentials, account or identity are being used. In order to makes sure that the sender and the receiver are who they say they are, there needs to be an identity verification system in place. This system should be able to identify a person based on their ID documents and facial features. Many AML softwares also run the sender’s credentials against sanctions lists, watchlists and global government databases to screen for PEPs in criminal and terrorism lists.

If the person clears all the checks, only then can the transaction be processed. This not only leaves a proof in the form of images or videos but also helps the businesses keep a track of where their exchange went sideways. All in all, it will suffice to say that inclusion of KYC and AML in the ID verification process, along with a more controlled, and governed blockchain-based businesses can definitely help bring cryptocurrency back.

Recommended For You:


Effect of the Amendment to the FINMA Compliance on IDV Service Providers

In the first quarter of the year 2018, the Swiss Financial Market Supervisory Authority rolled out an amendment to their existing policies regarding Digital Identification and Verification services opted by all the organizations within the Swiss region. The major changes pertained to the Online and Video Verification milieu and due diligence procedures.

We, here at Shufti Pro, carried out an in-depth analysis and self-assessment of our technology and procedures. This article sheds light on how Shufti Pro runs in accordance with the updated FINMA regulations.

FINMA updated their Customer Due Diligence requirements for client onboarding via digital channels to reflect advances in technology. The consultation period for the changes to the circular ran until 28 March 2018. This allowed a sufficient room for maturity to financial institutions so they can update their documentation, technology, and procedures to comply with the new regulations.

What did the amended regulations say?

The amended circular takes into account the development in technology through neutrality and effective money laundering prevention mechanisms. The FINMA circular, dated 13 February 2018 highlights the following:

  1. The video identification process no longer contains the provision regarding the single-use password known as the Transaction Authentication Number (TAN).
  2. Instead, at least three randomly selected visual security features of identification documents must be checked.
  3. For online identification, FINMA no longer requires a transfer from a bank in Switzerland to ensure compliance with due diligence requirements. Instead, under certain conditions, a transfer from a bank in a Financial Action Task Force (FATF) defined member state is now permitted.
  4. Additionally, liveness detection is required as a further security measure when checking photographs.

Shufti Pro, being a dynamic, easily customizable and scalable solution, immediately took steps to make the steps for its identity verification procedures completely transparent and comprehensible.

How does Shufti Pro comply?

Being an online identity and document verification solution, serving clients globally, Shufti Pro aims to remain top of the line when it comes to complying with the updated regulations and/or amendments. To ensure that no legal issues arise for our customers regardless of their location, we have taken the necessary steps to transform our services.

As an outsourced verification service provider, Shufti Pro ascertains the identity of the individual through the identification document itself and the photograph present on it. The identity is ascertained through reliable and independently sourced government-issued documents, where the document will be scrutinized for a minimum of three optical security features’ checks. Shufti Pro’s computer vision system performs the following checks on the identity document:

  • MRZ code
  • Holographic-kinematic features
  • Form-related features

The information entered by the client is compared to that shown on the identification document by the individual along with the Selfie image of the customer/end-user.

In addition, Shufti Pro offers Live Video Verification to the customers, where an end-user appears in front of a web camera, displaying their face followed by their Identification document. The Shufti Pro engine programmatically incorporates liveness detection measures, through which the presence of a ‘real human’ is assured. These include 3D Depth Perception, Image Distortion Analysis, Image Facial Mapping, Micro Expressions, and Image Texture Detection. All of these combine to form a mechanism that remotely detects human presence without being spoofed. There are provisions for ‘selfie upload’ and that too go through the same Liveness Detection based scrutinization.

Shufti Pro’s easily modifiable system is ready to accommodate any changes requested by the customers pertaining to the technology or processes. Without compromising the service quality and ensuring true value for money, we strive to provide industry best identity verification and KYC solution.

Recommended For You:


AML Directive Shufti Pro

EU’s 4th AML Directive Aims to make the Payment Ecosystem Crime Free

On June 26, 2018, the European Union landed the fourth AML directive that is targeted at combating cryptocurrency crimes.

With the new EU AML directive in place, it is deemed that crypto-related crimes shall take a serious hit. Being an unregulated currency, crypto money poses a high risk of frauds entailing money laundering, identity theft and terrorist funding. Therefore, this directive might just be that ray of hope regulatory authorities awaited. 

What Do New EU AML Directives Bring to the Table

The new rules imposed by the EU serve to better explore and comprehend the risks associated with cryptocurrencies, enhance the communication between the Financial Intelligence Units (FIUs), and imposing all-inclusive monitoring on high-risk transactions, especially those originating from third-world states. This would maintain the integrity of the region’s payment system, while impeding the efforts towards terrorist financing and money laundering.

Around forty new suggestions by the Financial Action Task Force (FATF) have been incorporated in the new directive. It has been decided that along with the EU, the EBA, ESMA (ESAs) and EIOPA will also be taking risk assessment and combating measures.

Implementation of the Stricter Side of Rules

An alert and active checking on cash transactions amounting to ten thousand euros has been implemented. This limit has been brought down from fifteen thousand euros. Any transactions exceeding the aforementioned threshold will be considered as ‘obliged entities’. This comes under the extended AML regulations that now place wider range of restrictions on monetary exchanges that are over a particular amount.

Real estate agents have also had to face the extended rules applied by the EU. These are not just applicable to the dealers who buy and sell properties; even those who sublet the properties are also placed under the microscope. It will ensure no business is contributing towards terrorist funding and any illicit activities.

This restriction is not limited to cash exchanges and real estate agents only, rather, gambling companies were placed under scrutiny as well. Providers of such services shall be ranked as obliged entities as well and can be removed provided they pose a medium-high money laundering risk. Only low-risk providers shall be deliberated over and may be allowed to stay in business.

EU Member States Jump up to the Mark

All the states that come under the European Union are obligated to create and maintain central registers wherein the details concerning the ownership of Anglo-American trusts and various corporations are logged.

This ensures that the transparency rate with regards to the data for beneficial ownership of organizations remains high, and the quality of the same becomes superior.

Access of this information shall be available to the Financial Intelligence Units (FIUs) so Customer Due Diligence may be ensured, under the revised and extended AML legislation requirements.

Furthermore, in order to gather information about the Anglo-American trust structures, certain individuals and corporations may also be allowed to access the data present in the central registers.

Effect on Compliances and Global PEPs Lists

With an expanded scope of the fourth AML directive in place, the number of people considered out of line as also increased. This means that global watch lists, sanctions lists and PEPs will have to be updated to include individuals who are a part of governing bodies of various political parties.

It is stated in the revised regulation that financial institutions like banks, investment firms, and other institutions will comply group-wide. Business of all kinds for and with such institutions will be halted in countries where all AML directives and stances taken to combat terrorist funding activities are not complied to.

In addition to that, appropriate measures will be taken against the states that refuse to comply with the AML directive. Aside from the official warning that will be issued to these states in observation of such a legislative breach will include but won’t be limited to a fine of at least one million euros. For banks and financial institutions, this fine would amount to anything greater than or equal to five million euros.


To sum up, along with the previously enforced GDPR rules, the new fourth directive of the AML legislation has brought together the European Union states to work and fight against the terrorist funding, crime financing and money laundering activities. The actions taken against them are bound to have positive effects on the payment ecosystem of the EU, with resource drainage in the right places rather than towards illegal and criminal practices.

In this day and age, it is highly imperative that companies and businesses opt for identity management applications to safeguard their operations against fraudsters and money launderers. Shufti Pro can help enhance security and guard organisations before any losses are incurred.

Recommended For You:

More posts