Securing the Fintech with Regtech Soluiton

FATF Guideline Key Features

RegTech – FATF Guidance for Digital Identity Verification

Regulatory authorities have recognized the benefits of technology and its use for seamless regulatory compliance and scrutiny. Digital identity verification referred to as “digital ID systems” in the FATF guidelines, is a futuristic approach towards fraud prevention. FATF recently issued a guideline for digital ID systems, their use cases, the risks involved and the benefits of such solutions. 

FATF took this initiative back in 2017. It showed its positive attitude towards technological solutions for regulatory compliance that are aligned with the regulations of FATF. Since then FATF has been working on developing guidelines for such fintech and RegTech solutions, that will further make this industry fraud-free. As the guideline highlighted that risk prevails in the fintech industry as well and it can be mitigated through regulatory compliance. The FATF guideline on the digital ID systems is still under scrutiny and it requested suggestions for public stakeholders to leave no loophole for financial criminals. 

FATF Guideline Key Features

The following are the key features of FATF guidance on digital ID systems. It is expected that the final draft of guidance will be very much different from the current draft. 

 

  • Stakeholders of the Digital ID guidance

 

FATF developed guidelines to assist in regulatory compliance, supervision, examination, and cybersecurity authorities by government organizations involved in policymaking. Also, the private sector that delivers digital ID systems will have a lot to gain from the guidance. 

Last but not least, the businesses and organizations that use outsourced digital ID systems will also benefit from this guidance, as it will help them to choose the best Digital ID verification solution. 

 

  • Limitations of the guidance

 

The guidance draft issued by FATF doesn’t cover any information regarding some Customer Due Diligence (CDD) practices. The guidance doesn’t cover the CDD through digital ID for legal person verification, Ultimate Beneficiary Owner (UBO) screening, and nature of a business relationship. 

There is no doubt that digital ID verification can serve these above-mentioned purposes as well but for the time being FATF didn’t cover these in this guidance. 

 

  • Main components and participants of the digital Identity systems

 

The guidance mentioned three main components and participants that it seeks to be available in digital identity systems used by the entities. It includes the process of identity screening through digital ID systems, the ongoing screening and the technical aspects of the digital identity systems. 

  • Identity proofing and enrollment is the first component and it involves the collection and verification of customer data. A picture is shown on the 13th page of the guidance draft and it shows the process of collection of data from the official identity document (like ID card) and then screening of the information to verify the identity of a customer. The component one also includes the verification of a person through biometrics like face verification and liveness detection to ensure that the original person is providing the identity evidence.

 

  • Identification and identity lifecycle management is the second component and it includes the information regarding the stakeholders that need to be verified. The system should be designed to verify the identity of new customers and to verify the identity of already existing customers. It also mentioned that the digital identity system can be used every time a customer logs in to his/her account online or for every face to face interaction with the customers. Such verification should be performed on all the transactions and events mentioned in the FATF regulations regarding identity verification.  

 

  • Portability of identity proof is the third component that allows the end-users to develop portable identities that will be issued for future verification. 

 

 

  • References 

 

The guidance referred to NIFT Digital ID Guidelines and EU’s EIDAS Regulations and explained how Digital ID systems help in the effective implementation of CFT and AML regulations. 

 

 

  • Technical standards

 

The Digital ID systems that follow the guidelines of following international standard organizations are good to go as per the guideline:

  • various jurisdictions or supra-national jurisdictions (e.g. eIDAS Regulation by the European Union)
  • International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), Faster Identity Online (FIDO) Alliance, and the OpenID Foundation (OIDF), and
  • International Telecommunications Union (ITU) and GSMA (for industry-specific). 

To wrap up, businesses are required to comply with KYC, AML and CDD recommendations of FATF in every corner of the world. Now FATF is making things easier for them by developing a guideline for digital ID systems. Just follow this guideline for choosing the best identity verification solution for your business.

Facial Recognition: Burgeoning Threat to Privacy

Facial Recognition: Burgeoning Threat to Privacy

The expanding use of facial recognition technology for ID verification, user authentication, and accessibility is finally coming under fire from privacy evangelists worldwide. Proponents of digital privacy are talking about user consent, data context, transparency in data collection, data security, and lastly accountability. Adherence to strict principles of privacy, as well as free speech, entails proper regulation aimed at controlled use of facial technology. 

Facial scanning systems are used for a variety of purposes: facial detection, facial characterization, and facial recognition. As a major pillar of digital identity verification, facial authentication serves as a means of confirming an individual’s identity, and stores critical user data in the process. The technology is keeping the trade-up by allowing users broader use of digital platforms and enhanced knowledge of data collection.

The Digital ID Market: A Snapshot

Digital identity verification is changing the way companies are working. In Europe alone, the expected growth of the identity verification market is found to be 13.3% from 2018 to 2027. By then, the market will have grown to US$4.4 billion. By the year 2030, the McKinsey Global Institute puts value addition by digital identification at 3 to 13 percent of GDP for countries implementing it.

 

The Digital ID Market: A Snapshot

 

At the same time, cybersecurity threats are also on the rise, indicating a glaring need for enhanced security solutions for enterprises. According to Juniper, cybercrimes have cost $2 trillion in losses in 2019 alone. By 2021, Forbes predicts this amount will triple as more and more people find ways to mask identities and engage in illicit activities online. 

As a direct consequence of this, the cybersecurity market is also expected to grow to a humongous $300 billion industry, as apprehended in a press release by Global Market Insights. 

As technological advancement fast-tracks, this figure will probably grow in proportion to the growing threats to cyberspace, both for individuals and enterprises. 

Facial Recognition Data Risks

 

Formidable forces tug at the digital user from both ends of the digital spectrum. Biometric data, while allowing consumers to avail a wide range of digital services without much friction, also continue to pose serious risks that they may or may not be aware of. 

Facial recognition data, if misused, can lead to the risks that consumers are generally unaware of, for instance,

  1. Facial spoofs
  2. Diminished freedom of speech 
  3. Misidentification 
  4. Illegal profiling

Much has been said about the use of facial recognition technology in surveillance by law enforcement agencies. At airports, public events and even schools, facial profiling has led to serious invasion of privacy that is increasingly gaining public traction. While most users are happy to use services like face tagging and fingerprint scanning on their smartphones, privacy activists are springing into action with rising knowledge and reporting of data breaches.

Let’s dig deeper into one of the most potent cybersecurity threats linked to facial recognition technology: Deepfake. 

How Deepfakes Impact Cybersecurity

 

In the world of digital security, deepfakes are posing a brand new threat to industries at large. To date, there are 14,678 deepfake videos on the internet. As barriers to the use of AI are lowered, adversaries share the same access to advanced technological capabilities as regulators. High rates of phishing attacks are targeting financial institutions, service providers and digital businesses alike. Representation of enterprises is at risk as deepfakes are fully capable of altering videos and audio without being detected. 

This has profound security implications for identity verification processes based on biometrics, which will find it harder to identify the true presence of a customer. 

With the pervasive use of evolving technology, cybercriminals will find it easier to access sophisticated tools and nearly anyone can create deepfakes of people and brands. This involves higher rates of identity threats, cyber frauds and running smear campaigns against public personalities and reputable brands. 

For facial identification software, this means fake positives created by deepfake technology can assist cyber criminals in impersonating virtually anyone on the database. Cybersecurity experts are rushing to integrate better technological solutions such as audio and video detection, in order to mitigate the impact of deepfake crimes. More subtle features of a person’s face will be recorded in order to detect impersonators. 

However, it is impossible to turn a blind eye to the raging speed at which the use of generative adversarial networks is making deepfakes harder to detect. According to experts, the underlying AI technology that supports the proliferation of such impersonation crimes is what will fuel more cyber attacks. 

Blockchain technology might also help in authenticating videos. Again, the success of this solution also depends on validating the source of the material, without which any individual or enterprise is at high risk of being maligned. 

Implications Across Users

 

Gartner warns enterprises about the use of biometric approaches to identity verification, as spoof attacks continue to riddle the digital security landscape. While popular celebrities can be exploited by incorrectly using their facial identity in pictures and videos, large corporations are also at high risk of being targeted.

Sensational announcements about the company or industry trends can lead to stock scares and other financial repercussions. Fake news and misinformation have the potential to cause meltdowns in political landscapes. Additionally, doctored videos on social media can cause an uproar among certain demographics, leading to social unrest. 

Identity Verification Technology – A win-win approach

 

With more and more companies using digital onboarding solutions, the threat of deepfakes is real and must be effectively countered. Companies are no longer looking only for identity solutions that make the best use of customer biometrics. Instead, they now have an increasing interest in how the stored information is safeguarded against burgeoning cyber threats. 

The first step in resolving digital impersonation crimes is to be fully aware of the possibilities as such. Enterprises and professionals need to be apprised of the rising misuse of digital verification software, and the likelihood of personal data being compromised. 

Face swapping technologies must now be matched with face detection software that helps identity fake videos and content that misleads. In addition, digital security solutions must be ramped up, especially those involving the use of sensitive client data. 

Biometric authentication and liveness detection solutions

 

Liveness detection, as an added feature of facial recognition, provides an efficient solution to deepfakes as fraudulent attempts at using past photos/videos to bypassing biometric identification increase. The same technology behind deepfakes can also be employed to counter frauds and spoof attacks, to ensure that personal data is not compromised for cybercrime. 

Differentiating between spoofs and real users became easier as additional layers of security are added to the verification process. Users are required to appear in front of a camera and capture a selfie or a live video. 

Shufti Pro performs biometric analysis to validate true customer presence, with markers that check for eyes, hair, age, and color texture differences. Coupled with microexpressions analysis, 3D depth perception and human face attributes analysis, this ID verification process ensures maximum protection against digital impersonators. 

More on Liveness Detection as an AntiSpoof measure here
EU’s Sixth Anti-Money Laundering Directive (AMLD6)

EU’s Sixth Anti-Money Laundering Directive (AMLD6)

Summary: Sixth Anti-Money Laundering Directive (AMLD6) highlights a stringent framework to combat money laundering and terrorist financing. It extends the scope of criminal liabilities and entities with an updated list of predicate offenses. AMLD6 came up with tougher penalties and widens the criminal liability to legal persons. 

The European Commission affirmed action plans to tighten the reins on mounting money laundering and terrorist financing. On 26 June 2017, the 4th Anti-Money Laundering Directive (AMLD4) came into force contributing to the same idea of combating bad money flow. It stated the regulations for information exchange and its operation among financial institutions. After this, EU co-legislators identified the need for amendments in AMLD4 which were declared in AMLD5. These changes are expected to come into effect by the 10th of January 2020 and state sectors which need to strengthen the standard operations to deter the risks of money laundering. Also, it asserts that the sectors facilitating criminal activity will be subjected to harsh regulatory penalties. Recently, the EU Commission came up with Sixth Anti-Money Laundering Directive(AMLD6) published in the EU’s Official Journal. AMLD6 introduces a harmonized authoritarian framework for the elimination of money laundering. 

AMLD6 strengthens the existing norms of anti-money laundering. It establishes minimal criminal liability rules for money laundering by setting it’s clear definition and stating predicate offences, enforces minimal sanctions and extends criminal liability to legal professionals. It reinforces the framework with the police cooperation point of view. Furthermore, the Directive sets specific requirements regarding information records and requests, sensitive data processing, and restrictions to rights. 

AMLD6 – New Measures and Amendments

 

EU Commission proposed new measures to fight against terrorist financing and money laundering activities. Commission believes that existing models are neither comprehensive nor consistent. It suggests that definitions should be cleared at the national level and scope should be widened that covers the industries with a broader perspective. It further elaborates that criminal proceedings are innovative enough to exploit the parliamentary discrepancies. These weaknesses become the source of opportunities for money launderers to convert their ill-gotten gains to good money. 

The draft provided by EU legislation is obliged to send it to Parliament as well as Council. The trialogue of three bodies will reproduce an agreed document that would be accepted as a new EU law. Denmark will not be affected by this law due to its legal agreements and the UK government may be opted out of the adoption of AMLD6 notwithstanding Brexit agreement. The fundamental component of AMLD6 is the list of 22 predicate offences. AMLD6 defines these predicate offences explicitly which will definitely impose obligations on the firms. Companies would have to take in place monitoring systems to detect direct and indirect links facilitating predicate offences. 

Following are the key elements of AMLD6 that incorporate criminal legislation:

 

 

  • Harmonized list of Predicate Offences

 

The scope of 22 predicate offences has extended. Now it includes the emerging threats of environmental crimes and cybercrimes in the EU. Environmental crimes refer to those that set out in legal acts of the Union. Similarly, cybercrimes are declared as predicate offence that was not catered in the FATF recommendations. Tax crimes are also in the scope of AMLD6, the crimes that directly and directly committed due to tax commutation. To avoid the ruinous circumstances, firms should familiarize themselves with the expanse of 22 predicate offences. 

 

  • Aiding and Abetting, Inciting and Attempting

 

The money laundering scope is extended in AMLD6. Now, aiding and abetting, and inciting and attempting lies under the premises of money laundering perspectives. By including these entities that are called ‘enablers’, money laundering tracking can become easier. These entities are considered the facilitators of the money laundering process. Therefore, AMLD6 extends its boundaries for money launderers to combat the risks of embezzling funds transfer. 

 

AMLD6 - New Measures and Amendments

 

 

  • Criminal liability extension to Legal Professionals

 

Recalling AMLD5 in which legal professionals were spotlighted to undergo client identity verification and keep accurate information about them. AMLD6 focuses on the evaluation of legal professionals. According to which, criminal liability is extended to legal professionals i.e. partnerships and companies. It is applicable to those who facilitate money laundering through their businesses directly or indirectly for the sake of their own benefit. Legal professionals would be answerable if Individuals who caught transferring illicit funds is not identified. 

In addition to this, the representatives, executives, supervisors, and decision-makers who lack proper individual authentication or supervision would be accountable for facilitating criminal activity.

 

  • Tougher Regulatory Penalties

 

One of the most important area covered in AMLD6. The Directive says that all Member States are supposed to set the imprisonment of at least four years to deter money laundering. The business that caught facilitating money laundering would be temporarily or permanently banned. Also, there would be the closure of business units and operations, exclusion from public funding access, halted grants and concessions through which predicate offence is committed. Wise companies are in the race of complying with the regulatory norms to avoid harsh fines and reputational loss of a company. 

The rising exposure to money laundering is alarming for industries and businesses. Any entity that facilitates money laundering or terrorist financing actions will be sentenced with heavy penalties. Companies are seeking innovative solutions to tackle money laundering and to perform efficient monitoring of bad money flow through Artificial Intelligence and Machine Learning techniques. 

Data Protection and Privacy

 

This initiative facilitates competent authorities to take in place stringent mechanisms through which personal and sensitive data is collected and processed. The fundamental rights of the subjects should not be compromised in any way. The directive focuses on data protection and privacy rights, the information collection should be minimal and should not include any financial information, for example, financial transactions or credit in bank accounts. Although a limited set of information includes personal data i.e. subject’s name, bank account number, date of birth, etc. Information on the total number of bank accounts of the subject is necessary for the purpose of investigation.

Sixth Anti-Money Laundering Directive (AMLD6) will be formally published and adopted in the EU’s Official Journal and at least after 26 months of coming into force, firms would have to comply with the directive. Member States have to follow the regulatory provisions and laws to take into account the associated predicate offences that could be promoted in the premises of legitimate business in any way.

AMLD5 - Regulations catching up with Technology

AMLD5 – Regulations catching up with Technology

In this era of technology, it is a common saying that “Innovation leads and regulation follows.” This couldn’t be any truer with the adoption of the Fifth Anti-Money Laundering Directive (AMLD5) by the European Union. AMLD5 is basically an extension of the previous iteration – AML4. Both of these directives are to tackle and control the on-growing power and risks associated with the use of technology by criminals. 

Moving into the fourth industrial revolution, businesses are completely under the limelight of technology. Of course, the criminal world is also taking advantage of technology to carry out their operations more effectively and anonymously. This drives the attention of government and regulatory agencies to come up with stricter directive for businesses to curb criminal activities.

The aim behind the introduction of AMLD5 is to prevent money laundering, terrorist funding and illicit transfer of money throughout the financial industries of the EU. The same was the goal statement of AMLD4 but in some ways, AMLD5 is more advanced and covers some further aspects. It includes a better definition of the virtual currencies, the changes and the information-sharing policies that are required to combat crimes related to prepaid cards and financial institutes.

From AMLD4 to AMLD5

 

Previously AMLD4 tackled the risks by making it mandatory for “obliged entities”- banks and financial institutions – to meet KYC and due diligence requirements. Also, the companies operating within the EU were obliged to maintain central registers of their ownerships. According to the European central bank, AMLD4 didn’t go far enough to curb the risks posed by criminal transactions and money laundering.

The main reason was the recent terrorist attacks throughout Europe. Moreover, the Panama papers scandal in 2016 followed Paradise Papers publications in 2017 made it a top agenda for the regulators to come up with a more efficient directive. These papers provided insight to the government into the ways politicians and wealthy-beings can exploit tight-lipped offshore tax regimes. These incidents created a huge fuss around the world questioning the credibility of country regulations. 

Taking into account these issues, the updated framework of the 4th Anti-Money Laundering Directive – AMLD5 came into force in July 2018 which is to be implemented from January 2020. It doesn’t contain any new sets of rules, instead, they are just an extension of the previous ones. The fifth AML directive intends to bring boundless transparency in business activities and company ownership within the EU.

Multiple amendments posed by AMLD5 in the fourth directive. These extensions are to strengthen the policies to deter money laundering due to new technology advancements. AMLD5 not only proposes the public registry for beneficial owners of obliged entities, but it also addresses the significant risks associated with virtual and cryptocurrencies.  

The Obliged Entities and Requirements

 

The fifth AML directive covers various entities that include:

 

  • Financial Institutions – MiFID firms, insurance companies, collective investment schemes.
  • Estate Agents
  • Credit Institutes
  • Providers of virtual currencies
  • Prepaid cards
  • Legal Professionals, Auditors, Tax Advisors, and external accountants
  • Trust, or company service providers
  • Person trading in goods (involving cash payments in amounts of €10,000 or more)

The most important requirement of AMLD5 is requiring the obliged entities to implement the beneficial ownership registry. It is essential for state members to collect and maintain accurate and current information about the legal entities  – as described in AMLD4. In order to meet this requirement, the obliged entities that are operating in the EU must have Know your Customer (KYC) information, in addition to beneficial ownership information, readily available with all the planned procedures.

Enhanced Due Diligence:

 

Undoubtedly, the beneficial ownership registry is the primary level of customer due diligence. However, with the implementation of AMLD5, the obliged entities will have to adopt Enhanced Due Diligence (EDD) requirements. The EU-based banks are compelled to perform EDD every time they enter into transactions from high-risked third countries as defined by the European Commission. This requirement is to diminish the potential of doing business with criminal organizations. 

The process of enhanced due diligence involves the collection of additional information about the customer, the screening and the completion of risk assessment. The risk rating strategies must involve the risk factors that may be responsible for updating the KYC policies and Procedures. For example, technology is the major risk factor and the manual KYC process is needed to be digital.

After the completion of the risk rating process, the entities must ensure the automatic delivering of data to national authorities and providing them access to information. Enforcement of AMLD5’s EDD requirement on EU-based entities doesn’t mean that their clients must also follow them. But if a bank in Europe adopts stringent EDD requirements, then the associated entities are required to ensure that they are complying with AMLD5 requirements along with their regional regulations.

The Significant Changes in the Regulation:

 

Though AMLD5 is an extension of AMLD4 regulations but there are some key changes that are highlighted in this directive, it includes:

1. Virtual Currencies

 

The virtual currencies like Bitcoin possess the transparency feature, i.e. the individuals involved with them tend to stay anonymous. It is both the weakness and strength of the organizations as well. The weakness because of the involvement of money launderers and cybercriminals. AMLD5 clearly states that virtual currency exchange platforms must have to apply Customer Due Diligence(CDD) just like traditional financial institutes.

It includes all the KYC and customer verification requirements. Moreover, customers have to get registered. All these requirements are to combat money laundering and criminal funding that takes place through these platforms.

2. Letterbox Companies

 

Under the new AMLD5 regulations, anyone will be able to access information about the real owners of “Letterbox” Companies that are operating in the EU. These companies are considered the hub of corruption, money laundering and transnational organized crime. This change in the directive can reveal the corruption and tax evasion that may be taking place in the companies. 

Moreover, with the central beneficial owner registry will be available for individuals with a ‘legitimate interest’, for example, an investigative finding out the owners of trusts and companies.

3. Prepaid Cards

 

AMLD5 has called for a reduction in the threshold of anonymous prepaid cards – from €250 to €150. This new arrangement is to combat the criminal activities that might be taking place through these cards. While prepaid cards generally have legitimate uses, the anonymous cards are readily used in money laundering and terrorist funding. 

The banks and other financial institutions are obliged to conduct CDD against the prepaid cardholder if the payments exceed a defined threshold. Moreover, as per AMLD5 regulations, the use of prepaid cards – that are issued outside EU territory – will be prohibited unless they follow AMLD5 regimes

Notable Challenges for Businesses in adopting new Standards

 

Until now, though the businesses used to comply with AML regulations but didn’t have to take that much notice of AML directives as they will have to do now. Previously, financial institutions and tax advisors were the major entities meeting AML compliance. However, with the introduction of AMLD5, now the virtual currency exchange platforms, prepaid cards, and custodian wallets will also have to obliged to new standards and regulations.

The obliged entities have to comply with Customer due diligence, monitoring the virtual currencies transactions and keeping a tight rein on customer activities that they might find suspicious. The major challenge for businesses is that from onboarding customers to ongoing documentation, they have to keep the data up-to-date and share customer information with anti-money laundering authorities.

 

Moreover, businesses will need to make sure that all the staff members have proper knowledge of the AML directives and follow the standards accordingly. It will cost businesses in training their employees. As the date of implementation of AMLD5 is approaching near, the time to incorporate all these new standards and rules is shortening – another challenge for the businesses.

Significance of AML Compliance in Money Services Business

Significance of AML Compliance in Money Services Business

The financial sector landscape is evolving with the advent of the FinTech industry. Many revolutionary services and products are introduced by this sector and Money Services Businesses (MSBs) are one good example of such businesses. These revolutionary innovations increased ease for the masses. But lack of KYC and AML regulatory compliance specific to this sector left loopholes for the criminals. Also, most of the money transfer businesses are showing a lack of concern towards AML compliance, which increased the fraud rate in this sector. 

Sensing the urgency, some countries including Australia, Canada,etc. are taking steps to prevent financial crime in money services businesses. Before we explore the regulatory and preventive measures taken by these countries let’s dig deeper into MSBs as defined by the regulatory authorities. 

If we look at the definitions provided by FinCEN, AUSTRAC, FATF, and

FINTRAC, broadly an MSB business includes any individual, business or organization that performs the following operations as a :

  • Currency dealer or exchange
  • Issuer or seller of traveler’s checks, money orders, etc
  • Money transmitters 
  • Check casher
  • Remittance service provider

If a person or a business conducts these operations worth $1000 or more on a daily basis than it is liable for compliance with KYC and AML regulations. 

The MSBs are regulated in several regimes but lack of implementation and scrutiny led to an increased exploitation of this sector. Regulations are developed for AML compliance in MSB but lack of implementation is the issue. Regulatory authorities like FATF, AUSTRAC, and FINTRAC adopted a risk-based approach in MSBs’ AML regulation. 

Primary actions required for KYC and AML compliance by MSB are as follows:

  • Complete KYC of customers (identity verification)
  • AML screening of customers
  • Getting registered with the regulatory bodies

Why MSBs Need KYC/AML Compliance?

 

MSBs are some of the most common victim of money launderers. Often the MSBs do not perform KYC and AML screening on their customers, and this loophole in security is utilized by fraudsters. Money launderers and terrorist financiers cannot go to banks because they often run KYC/AML screening on people before serving them. That is why criminals use MSBs. 

They transfer the funds without being traced. Later, if a transaction is labeled as illegal the criminal will be untraceable because they use fake identities. Ultimately the service provider MSB will be deemed liable for fine.  

So, the MSBs need to practice in-depth KYC and AML screening on their customers before onboarding them. KYC and AML compliance helps MSBs in gaining credibility and customer trust. Research found that people feel more confident with online platforms that have some sort of visible security measures like real-time identity verification, 2-factor authentication, face verification, etc.  

Regulatory Authorities Tightening Reins on MSBs

 

The need for improved compliance culture is identified by global regulatory institutions. Financial watchdogs are all set to eliminate money laundering from all the business sectors. This compliance culture could be achieved only if the businesses will also understand their responsibility towards eliminating financial crime from their spaces. 

AUSTRAC Targeting Money Transfer Businesses for AML Scrutiny

 

AUSTRAC (Australian Transaction Report and Analysis Center) is targeting the money transfer businesses for thorough implementation of KYC and AML laws in that sector. 

In August 2019, Austrac launched the campaign against illegal money transfer businesses. This campaign requires the money transfer businesses to register with AUSTRAC and to practice KYC/AML compliance. The objective of this campaign is to reduce the exploitation of these unregistered businesses by criminals. 

Money transfer businesses that will not register with AUSTRAC will be liable for a fine of $420,000, seven years jail or both. 

The money transfer businesses are required to submit their International Funds Transfer Instruction (IFTI) to AUSTRAC on time. Those who fail to do so are fined for non-compliance. 

In September 2019, the regulatory authority fined $252,000 to Compas global holdings Pty Ltd. the company was unable to report the international fund transfer between 2018-2019. 

Not only that AUSTAC also ordered PayPal Australia to hire an external auditor at their cost to report on the fund transfer of the company to and from Australia. This order was generated after the self-reporting of PayPal on the findings of its internal report. 

AUSTRAC is aiming at eliminating the crimes associated with money laundering through strict scrutiny of the businesses involved in high-risk fund transfers. “Money laundering enables criminal activity that causes real harm to Australians, such as human trafficking, child exploitation, illegal firearm sales, and drug trafficking.”  AUSTRAC Chief Executive Nicole Rose said in a statement. 

Canada Increasing Pressure on MSBs (Money Services Businesses)

 

Canada also increased pressure on MSBs and introduced some rigid KYC and AML laws for this sector. The government of Canada amended the regulations of Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA). FINTRAC (Financial Transactions and Report Analysis Center) will be responsible for the implementation of these laws. 

The new laws for MSBs have the following key points:

 

  1. The MSBs (local or international) should be registered with FINTRAC and it will have the right to charge penalties in case of non-compliance. 
  2. The financial institutions are not allowed to conduct business with unregistered MSBs. 
  3. The MSBs are entered into the reporting entities list of FINTRAC. 
  4. The AML screening, recording and reporting regulations that were previously imposed on fiat businesses are now imposed on the MSBs as well. It means that the MSBs operating in Canada will have to conduct in-depth KYC and AML screening of their customers before onboarding them. Also, they will have to maintain a record of the compliance process and should report any suspicious transactions above the predetermined threshold. 

How Online KYC/AML Screening Will Help? 

 

Online KYC and AML screening can be the companion of a hard time for the MSBs. The customers of these businesses are from every corner of the world so manual verification is not possible. Developing in-house verification software requires exhaustive resources and bears huge costs, so it is not a feasible solution. 

Online KYC and AML screening solution is a cost-effective and easy solution that delivers results with high precision within a minute. It is high time the Money Services Businesses should invest in KYC and AML compliance because the regulatory authorities have identified the risk lurking in this business sector and are all set to give a hard time to non-compliant businesses. 

RegTech: The Case for Financial Inclusion

RegTech: The Case for Financial Inclusion

FinTech and Financial Service Delivery

The FinTech industry has grown tremendously in recent years, introducing both scale and efficiency in new banking technologies. According to Statista, at an annual growth rate of 18%, global transaction value in FinTech is expected to grow to $8 trillion by 2022. 

Traditional financial service providers (banks, insurance, transactions and payment services, mobile wallet payments) have no option but to catch up with changing tides, in order to survive the technology revolution. From cutting costs to providing seamless transaction experiences, FinTech has changed the way people manage money. 

The world has witnessed more transparency in banking, and, financial transactions are thriving with the use of disruptive technologies such as AI, machine learning, and blockchain. Fueled by the advent of the internet, FinTech has now grown to taller heights with mobile payments and online banking. 

Reaching the Unbanked

 

One of the marked success of this digital wave is how it has led to increased access for previously unbanked populations, largely due to mass outreach of mobiles and the internet. Now, mobile phones are making it possible for more and more people to enter the global financial system, albeit with limited access to services such as mobile payments and transfers. 

The mobile money market is witnessing a revolutionary transformation fueled largely by:

  1. Growing focus on customer experience
  2. Diversified financial services structure
  3. Evolving regulatory landscape
  4. Expanding mobile money services

Mobile money accounts, as well as text and app-based financial accounts, are providing financial coverage to growing global populations. A small but rising percentage is also taking advantage of smartphone technology around the world. However, this is subject to availability of adequate underlying infrastructure such as power supply. The challenge is greater in developing countries where only 40% of adults have access to both the internet and mobile phones, as opposed to 82% in high-income economies. 

 

How RegTech is Relevant to FinTech 

 

A large customer base is currently left unserved in the financial services industry due to lack of the right infrastructure. As the FinTech revolution continues to benefit the economy and break into new markets, it promises to close gaps in financial inclusion. However, this comes with high risks of exploitation that need to be managed. 

Currently, 1.7 billion people in the world are unbanked, down from 2 billion in 2014. This is one of the most challenging pain points for financial service providers. FinTech is changing this, and RegTech can accelerate the process.

 

How RegTech is Relevant to FinTech

 

RegTech startups are experiencing growth and investment at almost the same rate as the FinTech industry. Firms are realising the need to capitalize on compliance efficiency and use it for competitive edge in the industry. There is great potential for powering the future of financial regulation by integrating technologies into supervisory systems used by banks.

RegTech has major implications for financial institutions in the form of reduced regulatory costs and improved operational efficiency. With far-reaching benefits for the economy, RegTech is also aspiring to drive growth and profitability by better regulatory reporting and risk management, as well as transaction monitoring. 

This is especially relevant for emerging markets, where a notable percentage of the population can experience compounded benefits from access to services like micro credit and remittances. The effective use of RegTech strikes a balance between access to credit and credit security. 

With machine learning, artificial intelligence and e-KYC(Know-Your-Customer) verification methods, the gains are far-reaching. Fraud mitigation and reduced compliance costs make it possible for FinTech to include more financially excluded population segments. Automated KYC processes through RegTech ensure that foolproof methods for legal use of financial services can be made effective. Using API code, RegTech can also simplify complex regulations that optimise compliance costs of time and labour. 

Both financial institutions and regulatory authorities see added value in adoption of regulation technology for better compliance and service delivery. APIs for data collection and reporting have also shown a marked improvement in customer engagement, as well as compliance. 

Driven largely by business demand and technology innovation, there are five main service offerings by RegTech :

 

  1. Regulatory reporting
  2. Risk management
  3. Identity management and control
  4. Compliance
  5. Transaction monitoring

Challenges in Financial Service Delivery 

 

As financial services become more digitized and pervasive, regulatory systems need to adopt more forward-thinking ways of digital transformation. 

The foremost challenge in providing digital financial services to previously unserved populations is risk management. In most cases, financial authorities are still learning their way into the digital revolution. If vast amounts of data are collected without apt use of APIs, serious data security concerns could arise. This could undermine the regtech revolution and make the onboarding process more complex for new entrants.  

Supporting infrastructure in the form of digital databases is also absent in most cases. While there is a steep demand for mobile money accounts, some key services such as government payments (pensions, wages, social benefits) are still paid in cash. This reinforces financial exclusion for large segments of the population who could otherwise benefit from services such as mobile payments. 

Additionally, stringent identity verification requirements, such as those in KYC, get in the way of digital relevancy. National identity document verifications are sometimes not enough to ensure that people from remote areas can open an account and other local documents are required for account opening. This opens up a range of opportunities for the RegTech industry to influence financial service delivery, and in turn financial inclusion. 

RegTech Solutions: Closing Delivery Gaps

 

Across the globe, traditional financial systems are increasingly embracing technological advancements and committing to streamlining regulatory networks. Regulatory sandboxes and ‘reglabs’ are now being facilitated for innovation, to cater largely to the spike in regulatory compliance in both developed and developing countries. 

Sandboxes are controlled spaces for tech firms to test out new technologies under the regulator’s supervision. In addition to offering room for innovation, RegTech sandboxes can also be used as effective feedback and communication channels between FinTechs, regulators and RegTech providers. For financial inclusion, this means balancing innovation and risk to reach underserved customers. 

Improving access to mobile money markets also depends a great deal on efficient implementation of KYC regulations. In areas where access to financial services is a challenge, fulfilling tedious document verification requirements can be a cumbersome task. This stands in the way of scaling mobile money networks, hence hurting financial inclusion. 

This is where RegTech plays a central role. By simplifying customer onboarding processes, through efficient use of AI and HI, the mobile money industry can get a real push. The use of innovative e-KYC technologies such as biometric authentication and digital ID systems can make the process more efficient. 

With tangible results in the form of financial stability and customer engagement, investment in better regulation technology is being recognised as key to an efficient financial system. A sound regulatory environment, with regtech applications that support risk management, will ensure that economies reap maximum value from the FinTech revolution. 

 

GDPR Phishing Scams - A Novel Trap to Scoop up Information

GDPR Phishing Scams – A Novel Trap to Scoop up Information

General Data Protection Regulation (GDPR), an EU regulation comes into force on 25 May 2018 and aims to provide users with more control over their online data. 

It is ironic that the aim of GDPR is violated by the scammers in an unexpected way i.e. GDPR phishing scams. 

What are GDPR phishing scams?

To comply with the GDPR requirements, organizations send emails to customers to ask permission to use or retain their data. If customers give their consent, organizations keep those customers on the mailing lists. It was streamlined before the cybercriminal opportunists emerged. They take advantage of the deluge of GDPR emails and arrive in the inboxes of naive customers. Flood of messages is sent from the websites where customers have registered themselves previously and are supposed to resend a consent via email. From there web scraped emails, the personal details are stolen and used in malevolent activities. Criminals trick consumers through such phishing emails and grab credit card details, passwords, and personal information. 

EU GDPR regulation is applicable to all EU residents. They are supposed to strictly follow the GDPR requirements, therefore the emails are sent by the companies far and wide. Scammers use these emails to fool the customers. A large number of phishing scams have surfaced in the past few months. The regulation whose purpose is to secure the data of online users has turned turtle and became the trick to violate privacy. 

Apple Phishing Scam

Phishers impersonate reputable companies and familiar brands because there are higher chances that the recipients will respond to the emails from such email addresses or they would definitely have registered at such websites. Apple is one of those famous brands. 

The attackers sent GDPR phishing emails to users and asked to log in to a fake Apple site. These emails appear as if they belong to a legitimate Apple website and fool the victims by saying, ‘due to unusual circumstances, their account has been limited and need to update the credit card credentials’. At the end of the email, a link is given and when a click stroke is done, it is redirected to a website that seems a real website but is actually a phishing attack. Once the user enters the account credentials, the Apple account is taken over by the attacker where they find all the possible personal and financial information of the user. At the time victims report against the website, the fake website was offline which gets hard to track. 

Airbnb Phishing Scam

The GDPR email phishing scams are predominantly targeting the email addresses of well-known companies. Airbnb has also been subjected to these attacks. After the GDPR compliance requirements, Airbnb started sending legitimate emails to its customers to comply with the policies. Fraudsters took advantage of these emails and send phishing emails to Airbnb users. It seems that email is from a customer support office of Airbnb but these are actually the fraudulent messages whose aim is to steal the customer data for illegal purposes. These sophisticated emails had different URLs, grammar mistakes, spelling mistakes, threatening language and request to update the credentials. After such phishing incidents, Airbnb asked its customer community to verify these emails if they look suspicious.

These two main scams have come onto the surface which explicitly delineates the email malware which is fooling the customers of trusted brands. More such cases can also appear in the future that can directly or indirectly affect the lives of people and organizational reputations. Therefore, such brazen attempts and ransomware attacks should be curbed by logging into the official websites to verify request emails.

AML Checks

AML Checks: An Emerging Frontier in RegTech Revolution

The Anti Money Laundering (AML) landscape has been around since the signing of BSA (Bank Secrecy Act) in 1970. Financial institutions have been battling with compliance regulations since forever. Over the years the financial services industry has confronted $26 billion by way of non-compliance fines. To enable the banking sector to fulfil its compliance obligations, the RegTech industry has come up with some of the most technologically advanced solutions. They are able to enhance the capability and output of compliance teams in banks and financial service firms. From advanced analytical tools to anti money laundering checks, banks are now able to fight fire with fire.

Overspending on AML Compliance

The risk of money laundering has increased significantly due to the fact that overseas transaction volumes have increased making the financial system more vulnerable to financial crimes. The constantly changing AML regulations and the increase in non-cash payments have added to this risk infinitely as well. But the banking sector has been dealing with all these challenges by investing heavily in the expansion of their compliance teams. This has not only increased their annual spending on AML compliance – $3.5 Billion – but has made the process, if anything, more complicated than ever before. In the US compliance staff in banks has increased exponentially.

The Drawbacks of Prevailing AML Systems

For the moment, AML systems currently resemble operational units that have huge overheads and still employ manual procedures to manage client profiles. The cost of such compliance teams would have been acceptable if only they were as effective. Some of the major drawbacks of these AML systems include;

  • Large amounts of unstructured data make it difficult for different teams to accumulate and organise information. This ultimately causes operations to slow down, creating friction in onboarding procedures. Banks still resort to calling each customer individually to update their documents for KYC (Know Your Customer) procedures. Simple tasks such as these can be easily automated.
  • The systems in use for analysing client data are outdated and slow. Such legacy systems use fixed rules for analysing customer data and are unable to account for unforeseen scenarios. This rule-based approach generates a large number of false positives, that ends up wasting a significant amount of time and money to be wasted towards investigating bogus leads.
  • Outdated systems also result in erratic reporting of suspicious activity. As financial institutions deal with a large number of customer data, the system can produce an equal amount of false positives, thereby causing the compliance team to overlook legitimately high-risk cases.
  • Due diligence procedures in banks are still manual. They rely on manual identification, verification and screening of clients, which are both slow and have a higher rate of inaccuracy.
  • The complexity in financial transactions and the proliferation of faster services has made it difficult for financial companies to monitor client activity. Online payments and anonymous fund transfers also lack adequate KYC and AML procedures.

As prevailing systems are becoming more and more inefficient and costly, banks are exploring new avenues to perform AML compliance. An emerging avenue in this regard is regulatory technology or RegTech that is enabling the financial sector to implement advanced tech solutions to aid their AML compliance functions. More than anything, these systems have the ability to reduce costs and enhance the onboarding process. All such tools can make compliance systems in banks more feasible and cost-effective.

 

AML Compliance Systems and Tools

The RegTech space is now leveraging technologies like AI and big data to make streamline compliance procedures in banks and financial institutions. One such system is advanced analytics that can intelligently analyse client data and process it within minutes. The current analytical models being implemented are rather tuned to explicit regulatory and anti-money laundering requirements. Therefore, nearly 90% of the warning signals generated by them are false positives.

However, advanced analytical tools are now allowing banks to venture beyond such legacy systems. They primarily operate based on machine learning algorithms that can learn from past behaviour and issue alerts using predictive analytics. They sift through past data to look for patterns and determine legitimate and suspicious transactions. Such analytical models require large data sets to work with that financial companies can provide easily. ML algorithms help reduce the number of false results significantly, thereby saving ample time for compliance teams to investigate legitimate alerts. The manual work in such cases can be reduced by at least 50%.

The Fintech industry is still working on developing more advanced systems. They are using deep learning which is a step further from machine learning. It can be used for image processing and to imitate human speech. In short, it is able to mimic human cognition and implement intelligence towards the investigation of financial crimes like humans do. Efforts are being made to refine such processes and bring them into the mainstream.

Anti Money Laundering Checks

Another simple yet highly effective tool for improving AML compliance is AML screening. Anti Money Laundering checks also use AI to perform background checks of individuals by screening them through global sanction lists and databases. AML & CTF checks enable banks to screen out money launderers, financial criminals and Politically Exposed Persons (PEPs). Financial institutions can choose whether or not to take on a flagged person as a client or to at least classify them as a higher risk client and thus charge higher premiums accordingly.

Shufti Pro is an anti-fraud solution that uses AI and Human Intelligence to provide KYC and AML verification services to businesses. It can effectively help prevent your business from financial crime laundering through anti money laundering checks. Shufti Pro is providing ongoing PEP screening for clients wherein banking institutions can execute ongoing screening for a specific list of clients or even their entire clientele. They can also implement batch screening which allows them to screen existing customers through AML sanction lists.

Recommended For You:

 

Regtech

RegTech facilitates effortless AML Compliance

 

The latest report by Research and Markets states that RegTech industry is expected to grow to USD 12.3 Billion by 2023.

RegTech is relatively a newer concept. It leverages technology to assist financial institutions and other markets in complying with global regulations. The main applications are Customer Due Diligence and Risk Management. RegTech companies develop intelligent solutions by using innovative technologies like Artificial Intelligence, Machine learning and Big Data to translate compliance rules into practical implementation.

The Financial Crisis of 2008 was the driving force behind evolution of FinTech. To address the gaps in consumer experience and efficient services, technology played a vital role. Online payments, Distributed Ledgers, Virtual Wallets are some key outcomes which are now used in day-to-day activities.

The development of FinTech led to a parallel development of RegTech. By automating and digitising traditional methods the nature of customer on-boarding drastically changed. The resulting online ecosystem demanded a robust, and new form of governing rules. As a result financial regulators introduced new set of compliances which proved to be beneficial but put a strain over businesses.

RegTech facilitating FinTech

It is to be noted that regulatory compliances can be a lot of headache when it comes to implementing systems, training legacy infrastructures or covering a global audience. Seeing financial crisis, hack attacks, scams etc; financial bodies made information collection laborious. Although with justified reasons at heart.

To handle this RegTech offers two solutions:

  1. Saving time and cost
  2. Accurate and real-time results.

It make easier for companies to quickly and efficiently adapt to new regulations. The market is not limited for application of RegTech. It sits at the heart of every interaction between a financial institute and its consumer. With the growing CDD, KYC, KYCC, AML, CFT rules, RegTech is changing the scope of customer on-boarding.

 Who creates RegTech?

Is essentially an open communication between regulatory authorities and technology experts. The concepts, ideas and rules are those which are found to be the standards and then fed into the system.

It is neither the job of RegTech solution providers, or industry advisers to create the guidelines. Although, some suggest that industry needs more consistent approach toward standard of identification and risk management. However, technology experts have an equal opportunity to understand market demands, and compliance trends to develop solutions.

 

Leveraging RegTech for AML Compliance

Research and Markets’ latest report state that Identity and Access Management is expected to grow to USD 37.79 Billion by 2023 while Compliance and Risk Management to USD 64.61 Billion by 2025.

ID Verification and Risk Assessment plays a pivotal role in establishing any business relation. Especially when this is taking place online. To create trust between a consumer and merchant, an established and verified identity is a must. To curb fraud and terrorist financing, and collect valid information, compliance demands to thoroughly vet a consumer’s ID documents, and remote presence. EU’s 4MLD requires all screening of potential customers against OFAC and FATF standardised AML watchlists. It is to restrict investors with a criminal or PEP status.

Admittedly, these key requirements ultimately increase the cost and labour involved to meet compliances. RegTech provides businesses an all in one effortless solution with real-time processes to verify and screen identities. With the help of Big Data, AI, and Machine Learning, RegTech solutions can easily crawl vast data banks, apply logical commands and reduce time or friction.

Each passing year brings newer regulations. This has a direct effect on the operations of businesses. It means that RegTech has become necessary. From KYC, AML to transaction monitoring, the scope of market is promising. The trends in the field evolve with the requirements. 

GDPR

Shufti Pro GDPR Review 2018: How we protected our clients from regulatory fines?

Shufti Pro stands out in KYC industry not only because of its highly customizable and global identity verification services but because of the unique regulatory protection provided by Shufti Pro to its customers. After all, the collection of personal information to authenticate the true identity of an end-user puts both Shufti Pro and its customers at a substantial risk. Regulators from all over the world have put forward strict privacy laws and regulations that not only dictate strict guidelines for personal data collection but also want companies to follow set rules when it comes to using personal information of a common user.

GDPR was one of the most comprehensive and powerful regulations introduced a couple of years back and July 2018 was the deadline for businesses to become GDPR Compliant. This set of rules was applicable for businesses that were either based within the European Union or even those that were based outside of EU but provided services to its citizens. In order to safeguard its customers from multi-million dollars fines – fines for businesses found in breach of GDPR – Shufti Pro aligned its verification services in line with GDPR specific guidelines.

GDPR guidelines for Identity Verification Services by Shufti Pro

GDPR never had any specific guidelines set out for identity verification services or for third party KYC service providers. In fact, it was a generic set of instructions for any business that was collecting personal information of its customers and the privacy guidelines that these businesses have to follow.

As a third-party verification service that was verifying the identity and financial risk attached to customers of online businesses, Shufti Pro designated a special role for itself as per the specific terminology introduced by GDPR i.e. processor of data. This made our clients collecter of personal information in order to verify the identity of incoming users.

Read: Try Shufti Pro KYC Services Free of Cost for 15 Days Now

It meant that although, Shufti Pro was the business entity that was tasked to verify the personal information claimed by end-user it was the responsibility of Shufti Pro client to secure that data. On our own end, the collected information was secured from not only any brute force attack but special protocols were developed to delete the collected data, when a request was received either from Shufti Pro client but also from an end-user as well.

KYC Verification procedure under GDPR

Shufti Pro only collects data for verification purposes as per the legal agreement signed by Shufti Pro and its customers. This data will be limited to verification of the credentials, identity or any other related verification that was required by our customers to be provided as per the legal agreement. We have even added a consent button at the form where a customer is supposed to fill its identification details. We also provide the option for customers to go through our data protection, privacy policy and Terms & Conditions, to ensure full transparency.

Access Rights

User can request access to the personal data he has shared with Shufti Pro about himself. Personal data is anything identifiable, like his name and email address. If he requests access, Shufti Pro (as the processor) need to provide a copy of the data, in most cases in machine-readable format (e.g. CSV or XLS). Daniel can also request to see and verify the lawfulness of processing. A client can seek access to their data by asking Shufti Pro of what they require at privacy@shuftipro.com. We at Shufti Pro believe to be at legal and moral obligation to facilitate any manner of an individual rights request. Shufti Pro enables you to grant any access request by easily exporting user record into a machine-readable format.

Deletion Rights

Under the GDPR, the user has the right to request that Shufti Pro delete all personal data it has collected from him. The GDPR is required to permanently remove userís contact from their database, including verification results, all personal information, saved images/video, form submission data, and credit card data. In a GDPR compliant manner, a client can seek to have their data deleted by querying Shufti Pro at privacy@shuftipro.com. The Data protection officer at Shufti Pro in most cases will respond back within a 30 day period. In many cases, the right to deletion is not absolute and can depend on the context of the request, so it doesnít always apply.

 

Regtech

3 Reasons why RegTech is the Future of Innovation?

Regulatory Technologies, commonly referred to as RegTech, is an innovative use case of Financial technology building on the fintech security. According to an estimate, USD 118 Billion will be spent on regulatory and compliance software by 2020. After all no matter how innovative Fintech becomes, no digital business will be interested in it unless it adheres to the regulatory compliance that the business has to follow. Simply put, a Document verification service or an identity verification solution is of no use to a European company if it does not comply with GDPR. So it is pertinent that instead of just integrating fintech solutions, businesses opt for Regtech solutions and in case you have been living under a rock for past 2 years and don’t know what is RegTech, then read the following lines carefully:

What is RegTech?

The term was coined by Deloitte and according to Investopedia it was “created to address regulatory challenges in financial services through innovative technology”. So basically it is an extension of Financial Technology that not only helps in performing complex and complicated tasks of financial service industry but also helps comply with regulatory compliance. Regulatory technology takes into account, regulatory guidelines issued by financial regulators overseeing the operations of their potential clientele. Fintech security can be enhanced by using RegTech such as a identity verification solution that follows the privacy law and data protection protocols applicable in a given territory.

Features of RegTech

Regtech industry is currently growing rapidly with solutions ranging from automated business verification to AML services being devised in various forms. But despite having applications in multiple industries, RegTech share some common features such as:

Highly Structured – RegTech Industry has been able to deliver highly structured regtech solutions that had impeccable scalability despite having multiple layers of operations and digital tasks. An online ID verification service, such as Shufti Pro, can perform identity checks not only for officially issued identity documents but can even use customized identity documents for authenticating a person’s identity.

Swift Performance – It is a given that FinTech & RegTech are quick at processing any digital procedure. It ensures not only better customer satisfaction but a smooth pipeline for interaction between a human resource and a Regtech solution as well.

Smooth Integration – Regtech Industry mostly offers solutions that are required to be integrated with pre-existing software, online systems or web-based services. It may be know your customer service or a document verification solution, but flawless integration is important for any Regulatory Technology.

Future of RegTech

RegTech industry has a huge potential of earning revenue as most of the market for RegTech is untapped. Moreover, there are new financial systems and digital platforms that are in need of innovative regtech solutions. Regtech for Blockchain and Cryptocurrency RegTech can help these new age business platforms to achieve a level of transparancy and legitimacy. This will help them curry favor with not only their regulators but their investors and potential customer base as well.

Banks are already pushing financial regulators to allow them in the adoption of improved fintech and it is high time that businesses around the globe start utilizing fintech & regtech to perform a range of digital services that fall within the purview of regulatory compliance as well. Fraud prevention can be performed with Online ID verification and a document verification service can come in handy for a remote service provider.

Recommended For You:

KYC & AML For Bitcoin

Here’s How Compliance to KYC and AML Regulations May Help Crypto Rebound

Cryptocurrency was the talk of the day in the months and even years leading up to the present weeks. Very recently, we have seen a drop in the mentions of cryptocurrency in online world. In early 2018, the value of cryptocurrency and tokens in the market was above $800 billion. This number has dipped below $180 billion, showing a fall of more than 75% in the previous 5 months.

Lack of Compliance to Regulations in ID Verification

The non-compliance to the laws set forth by national and international watchdogs with regards to AML compliances and KYC regulations has definitely been a major push for the downfall of the use of cryptocurrency, globally. There were high risks associated with the crypto trading because the KYC and AML regulations during the ID verification process were not being complied with, majorly. One reason may be the lack of awareness for the need of an automated identity verification system when trading cryptocurrency. Whatever the case may be, the crypto market has not proved to be safe enough for blockchain businesses and online platforms due to the increased rate of scams and frauds.

Another reason was the irreversible nature of the cryptocurrency transactions. This made it an easy target for people looking for a perfect means of money laundering – an ungoverned method of money transfer, i.e. cryptocurrency. Online and blockchain businesses found this to be a major issue. They found it tedious and cumbersome to take necessary steps for KYC and AML compliance for ID verification. Some of the countries had a specific set of rules that needed to be followed by the companies under their jurisdiction, in addition to the basic KYC and AML regulations. This put a lot of unwanted burden on businesses, which lead them to drop the idea or usage of cryptos and blockchain for their ventures, be it for a token sale or general payment transactions.

An American Economist, Mr. Rogoff said,

“I think bitcoin will be worth a tiny fraction of what it is now if we’re headed out ten years from now. Basically, if you take away the possibility of money laundering, tax evasion, its actual uses as a transaction vehicle are very small.”

(An interview with CNBC, quoted by express.co.uk)

This has proved to be surprisingly true as the situation stands today.

Stabilizing cryptocurrency through conventional Financial Regulations


The KYC and AML regulations are enforced by the FATF, an international organization responsible for the fight against terrorism and criminal activities. Their major regulation with regards to the cryptocurrency is centered around the idea that a money trail needs to be left behind, because if that is done, then money laundering can be prevented by tracing it back to the origins.

This can be done by the successful integration of KYC and AML solution in the systems at the banks, financial institutions, online businesses, payment processing platforms, blockchain businesses, etc. All the transactions in the crypto space are through wallet addresses and do not require personal details of the sender or the receiver, like name, DoB, etc. This further leads to the anonymity of transactions, and the laundered money is even harder to trace back to the source.

With KYC and AML services installed in the system, before every transaction is processed or the money is received by an individual, they would be required to go through an identity verification process, which would act as a record of their involvement in the process.

The Shift of Physical and Online Businesses to Blockchain

Another solution to stabilizing the cryptocurrency can be shifting the digital businesses to blockchain technology. The blockchain is a ledger that keeps a record of all transactions that occur. Even though with blockchain we can trace the transactions back to their original source, that alone is not enough to make exchanges secure. There are a lot of ways to dupe the blockchain system without the integration of KYC and AML integration in the ID verification system.

Merely recording the details of transactions does not ensure that the person performing the exchange is the same as the one whose credentials, account or identity are being used. In order to makes sure that the sender and the receiver are who they say they are, there needs to be an identity verification system in place. This system should be able to identify a person based on their ID documents and facial features. Many AML softwares also run the sender’s credentials against sanctions lists, watchlists and global government databases to screen for PEPs in criminal and terrorism lists.

If the person clears all the checks, only then can the transaction be processed. This not only leaves a proof in the form of images or videos but also helps the businesses keep a track of where their exchange went sideways. All in all, it will suffice to say that inclusion of KYC and AML in the ID verification process, along with a more controlled, and governed blockchain-based businesses can definitely help bring cryptocurrency back.

Recommended For You:

FINMA

Effect of the Amendment to the FINMA Compliance on IDV Service Providers

In the first quarter of the year 2018, the Swiss Financial Market Supervisory Authority rolled out an amendment to their existing policies regarding Digital Identification and Verification services opted by all the organizations within the Swiss region. The major changes pertained to the Online and Video Verification milieu and due diligence procedures.

We, here at Shufti Pro, carried out an in-depth analysis and self-assessment of our technology and procedures. This article sheds light on how Shufti Pro runs in accordance with the updated FINMA regulations.

FINMA updated their Customer Due Diligence requirements for client onboarding via digital channels to reflect advances in technology. The consultation period for the changes to the circular ran until 28 March 2018. This allowed a sufficient room for maturity to financial institutions so they can update their documentation, technology, and procedures to comply with the new regulations.

What did the amended regulations say?

The amended circular takes into account the development in technology through neutrality and effective money laundering prevention mechanisms. The FINMA circular, dated 13 February 2018 highlights the following:

  1. The video identification process no longer contains the provision regarding the single-use password known as the Transaction Authentication Number (TAN).
  2. Instead, at least three randomly selected visual security features of identification documents must be checked.
  3. For online identification, FINMA no longer requires a transfer from a bank in Switzerland to ensure compliance with due diligence requirements. Instead, under certain conditions, a transfer from a bank in a Financial Action Task Force (FATF) defined member state is now permitted.
  4. Additionally, liveness detection is required as a further security measure when checking photographs.

Shufti Pro, being a dynamic, easily customizable and scalable solution, immediately took steps to make the steps for its identity verification procedures completely transparent and comprehensible.

 

How does Shufti Pro comply?

Being an online identity and document verification solution, serving clients globally, Shufti Pro aims to remain top of the line when it comes to complying with the updated regulations and/or amendments. To ensure that no legal issues arise for our customers regardless of their location, we have taken the necessary steps to transform our services.

As an outsourced verification service provider, Shufti Pro ascertains the identity of the individual through the identification document itself and the photograph present on it. The identity is ascertained through reliable and independently sourced government-issued documents, where the document will be scrutinized for a minimum of three optical security features’ checks. Shufti Pro’s computer vision system performs the following checks on the identity document:

  • MRZ code
  • Holographic-kinematic features
  • Form-related features

The information entered by the client is compared to that shown on the identification document by the individual along with the Selfie image of the customer/end-user.

In addition, Shufti Pro offers Live Video Verification to the customers, where an end-user appears in front of a web camera, displaying their face followed by their Identification document. The Shufti Pro engine programmatically incorporates liveness detection measures, through which the presence of a ‘real human’ is assured. These include 3D Depth Perception, Image Distortion Analysis, Image Facial Mapping, Micro Expressions, and Image Texture Detection. All of these combine to form a mechanism that remotely detects human presence without being spoofed. There are provisions for ‘selfie upload’ and that too go through the same Liveness Detection based scrutinization.

Shufti Pro’s easily modifiable system is ready to accommodate any changes requested by the customers pertaining to the technology or processes. Without compromising the service quality and ensuring true value for money, we strive to provide industry best identity verification and KYC solution.

Recommended For You:

 

AML Directive Shufti Pro

EU’s 4th AML Directive Aims to make the Payment Ecosystem Crime Free

On June 26, 2018, the European Union landed the fourth AML directive that is targeted at combating cryptocurrency crimes.

With the new EU AML directive in place, it is deemed that crypto-related crimes shall take a serious hit. Being an unregulated currency, crypto money poses a high risk of frauds entailing money laundering, identity theft and terrorist funding. Therefore, this directive might just be that ray of hope regulatory authorities awaited. 

What Do New EU AML Directives Bring to the Table

The new rules imposed by the EU serve to better explore and comprehend the risks associated with cryptocurrencies, enhance the communication between the Financial Intelligence Units (FIUs), and imposing all-inclusive monitoring on high-risk transactions, especially those originating from third-world states. This would maintain the integrity of the region’s payment system, while impeding the efforts towards terrorist financing and money laundering.

Around forty new suggestions by the Financial Action Task Force (FATF) have been incorporated in the new directive. It has been decided that along with the EU, the EBA, ESMA (ESAs) and EIOPA will also be taking risk assessment and combating measures.

Implementation of the Stricter Side of Rules

An alert and active checking on cash transactions amounting to ten thousand euros has been implemented. This limit has been brought down from fifteen thousand euros. Any transactions exceeding the aforementioned threshold will be considered as ‘obliged entities’. This comes under the extended AML regulations that now place wider range of restrictions on monetary exchanges that are over a particular amount.

Real estate agents have also had to face the extended rules applied by the EU. These are not just applicable to the dealers who buy and sell properties; even those who sublet the properties are also placed under the microscope. It will ensure no business is contributing towards terrorist funding and any illicit activities.

This restriction is not limited to cash exchanges and real estate agents only, rather, gambling companies were placed under scrutiny as well. Providers of such services shall be ranked as obliged entities as well and can be removed provided they pose a medium-high money laundering risk. Only low-risk providers shall be deliberated over and may be allowed to stay in business.

EU Member States Jump up to the Mark

All the states that come under the European Union are obligated to create and maintain central registers wherein the details concerning the ownership of Anglo-American trusts and various corporations are logged.

This ensures that the transparency rate with regards to the data for beneficial ownership of organizations remains high, and the quality of the same becomes superior.

Access of this information shall be available to the Financial Intelligence Units (FIUs) so Customer Due Diligence may be ensured, under the revised and extended AML legislation requirements.

Furthermore, in order to gather information about the Anglo-American trust structures, certain individuals and corporations may also be allowed to access the data present in the central registers.

Effect on Compliances and Global PEPs Lists

With an expanded scope of the fourth AML directive in place, the number of people considered out of line as also increased. This means that global watch lists, sanctions lists and PEPs will have to be updated to include individuals who are a part of governing bodies of various political parties.

It is stated in the revised regulation that financial institutions like banks, investment firms, and other institutions will comply group-wide. Business of all kinds for and with such institutions will be halted in countries where all AML directives and stances taken to combat terrorist funding activities are not complied to.

In addition to that, appropriate measures will be taken against the states that refuse to comply with the AML directive. Aside from the official warning that will be issued to these states in observation of such a legislative breach will include but won’t be limited to a fine of at least one million euros. For banks and financial institutions, this fine would amount to anything greater than or equal to five million euros.

Conclusion

To sum up, along with the previously enforced GDPR rules, the new fourth directive of the AML legislation has brought together the European Union states to work and fight against the terrorist funding, crime financing and money laundering activities. The actions taken against them are bound to have positive effects on the payment ecosystem of the EU, with resource drainage in the right places rather than towards illegal and criminal practices.

In this day and age, it is highly imperative that companies and businesses opt for identity management applications to safeguard their operations against fraudsters and money launderers. Shufti Pro can help enhance security and guard organisations before any losses are incurred.

Recommended For You:

Customer Due Diligence

How does CDD effectively help with AML Compliance?

Customer Due Diligence that is otherwise known as CDD in banking and financial vernacular is an important aspect of AML compliance. There are various international regulators that have strict guidelines issued over the years in order to clamp down not only money laundering but to make its harder for funds to be transferred for carrying out terror activities. Some of the major global organisations that have set forth this kind of regulations include United States’ Federal Financial Institutions Examinations Council on Customer Due Diligence (FFEIC) and the Financial Action Task Force’s (FATF)

So in case, you are not aware with the phenomenon of Customer Due Diligence, here are some basic pointers to help you understand this important AML Compliance practice

Customer Due Diligence

Customer Due Diligence means identifying who your customer is and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source. This means verifying various information such as your customer’s:

  • Name
  • Address
  • Date of birth
  • Official identification document

In today’s heavily regulated markets it is more important than ever to have an accurate view of who your clients are. Identifying them accurately at an early stage can ensure your organisation doesn’t lose money or that it is not slapped a fine from national/international regulators. The main benefit of CDD is therefore assessing how much financial risk a customer might pose for your overall operations. There needs to be a solid effort on part of financial institute or bank to follow through the money trail, origin & destination of transactions and legality of business resulting into the revenue streams.

Beneficial Ownership & AML Compliance

A Financial institute or fund managing entity also need to identify the ‘beneficial owner’ of assets, accounts or funds that are being handled. This kind of authentication is necessary because in many cases customers that show up to a front desk are actually fronting someone else or are acting on behalf of another person in a particular transaction. This kind of transactional behavior is showcased because the “beneficial owner” want to hide their identity with regard to the assets handled by your organization. This protocol CDD requires you to establish the ownership structure of a company, partnership or trust.

To give a wider understanding, a typical beneficial owner is the person who’s behind the customer and who owns or controls the customer, or it’s the person on whose behalf a transaction or activity is being carried out by your potential customer. If you have doubts about a customer’s identity, you must stop dealing with them until you’re sure. This kind of cautionary behavior might not seem appropriate for business and many managers might feel CDD to be an unwanted burden in their already over-strained working hours but this is your best chance to prevent yourself from becoming an unwanted participant or source of money laundering or terror funding.

Forms of Customer Due Diligence

Customer due diligence is also divided into 2 types by regulators. One is called Normal Due Diligence and other is regarded as enhanced due diligence process. It is highly advised that normal due diligence process is not only limited to extraordinary transactions, funds or assets but they must be performed on smaller amounts/funds as well. This will enable a check for the validity of transactional volume and to ensure that funds are not being sent in smaller amounts using multiple routes to be collected into a single kitty. Not to mention that enhanced due diligence will ensure that larger funds/assets/transactions handled by your banking organization or financial institution are duly vetted to minimize risk of any regulatory penalty.

Shufti Pro is a perfect solution for banking organization and financial institutions that are looking to adapt AML Compliance in addition to Customer Due Diligence. We offer an Artificial Intelligence based SaaS product that not only provides AML Compliance but KYC services as well to make entire process of customer onboarding and transaction monitoring hassle free for our clients.

Recommended For You:

Identity Verification

How Identity Verification Services make Regulatory Compliance Easier?

Financial institutions and banks have ended up in a loop of dumping billions of dollars because of ever-tightening regulatory compliance especially in regards to identity verification services and data protection. GDPR becomes mandatory in next few days for all the companies who want to operate in European Union. There are country-wise data protection and banking compliance regulations that are also needed to be taken care of by MNCs and financial institutions wishing to expand into those markets. FINMA regulations in Switzerland and FINTRAC compliance in Canada are few examples of these country specific guidelines.

Regulatory compliance fines over the years have cost financial institutions billions of dollars but the same banks and institutions were already spending billions of dollars for introducing structural changes to make their practices pro-regulations and pro-compliance. So if money is not going to solve the issue of regulatory compliance for banks and financial institutions than what is? The answer is pretty simple: A robust, cutting edge, end-to-end Digital Verification system. It not only reduces the processing time but if a right service provider is chosen, it can enable financial organizations to go about their usual business without having to worry about regulatory compliance and fines that come with these regulations.

Identity Verification Services

An intergovernmental body called The Financial Action Task Force suggests banks and financial organizations following  steps, to make identity verification services more effective for overall compliance observance:

  • Verifying the account owner’s identity
  • Understanding and obtaining information on the purpose and intended nature of the business relationship
  • Ensuring through ongoing analysis that transactions are “consistent with the institution’s knowledge of the customer, their business and risk profile, including where necessary, the source of funds”

Ever since 9/11 attacks, the clamp down on Terror Funding has also raised the stakes for financial institutes and international banks to ensure that the funds they are handling do not end up in wrong hands. FINMA and FINTRAC regulations have strict protocols to ensure that the money being transferred through the banks, working within their respective countries, are in no way related to a terrorist outfit or in hindsight, a person fronting for such organizations.

FINTRAC Regulations

FINTRAC regulations are applicable within the territorial confines of Canada offering protection not only against money laundering but since December 2001, this anti-graft government body has stepped into curbing terror financing as well. In 2006, customer identity verification also became a vital aspect of FINTRAC’s mandate. Today FINTRAC requires its regulated entities to submit following information in order to conduct business in Canadian territory

  • Suspicious Transactions
  • Suspected Terrorist Property
  • Large Cash transactions
  • Outgoing or incoming international Electronic Funds Transfer over 10,000 Canadian Dollars within a 24 hour period
  • Cross border currency reporting

GDPR Compliance

KYC services or providing top of the line Identity verification is useless without protecting the data of the customers held by financial institutions, even if for verification purposes. This is because such vital information also makes financial institutions and organizations prone to data breaches and even misuse of data by the holding organization itself. This led to the launch of GDPR in the first place by EU to ensure digital rights of its users and their digital data as well. Some of the bindings of GDPR are:

  • Encryption of personal data
  • Seeking consent of the person whose data is being stored
  • Data must be obtained for specific, explicit and legitimate purpose
  • Individuals must be able to withdraw consent and can force organization to forget about them

Identity Verification Service, when provided through a full proof system, can safeguard financial institutions and banking industry from any monetary penalties without having to spend billions of dollars worth of annual compliance budget. Shufti Pro is such a product that can easily perform end-to-end digital identity verification in real time and can support banks from any part of the world, operating in any language because of its Universal Language Support. Powered by 1000 whitelists and 3000 databases, AML compliance also becomes easier for financial institutions working under the regulations of FINMA, FINTRAC or GDPR.

Identity verification services not only streamline customer onboarding but it also plays a pivotal role in monitoring suspicious funds transfer, assessing risk for handling the funds of a particular organization/individual and better adoption of due diligence. Identity Verification is not only go-to-technology for financial institutions who want to avoid frequent fines from regulatory bodies but they also safeguard overall interests of customers as well by eliminating the risks of fraud, identity theft and account hacking. Identity Verification can enable banking sector to provide financial services in a more transparent and secure manner, without making any compromise on regulatory compliance.