Face Verification
Address Verification
Document Verification
Age Verification
VideoIdent
Fast ID
Docless Verification
Consent Verification
NFC Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
QES
AML Screening
Transaction Monitoring
Adverse Media
Business AML Screening
PEP & RCA
Sanctions
Watchlist
Behavioural Biometrics
Device Fingerprinting
Biometric Face Authentication
MFA
Fraud Hub
Onboarding
Ongoing Monitoring
KYC
KYB
KYI
Age Assurance
Identity Verification
Workforce IAM
Candidate Verification
Compliance
Fraud prevention
Trust & safety
Global expansion
Product Managers
Compliance Officers
Fraud Analysts
Developers
Deepfake
Bonus Abuse / Promotion Abuse
Account Takeover
Synthetic Identity Fraud
Document Fraud
Impersonation Fraud
Multi-Accounting
Fraud Networks
Chargeback Fraud
Money Mule Activity
Party Fraud
Regulatory & Compliance Risks
Fintech
Crypto
iGaming
Forex
Social Network
Marketplace
Banking
Gig Economy
Payments
Ride Hailing
Adult Content
Blind Spot Audit
Deepfake Detector
Liveness Spoofs
Document Originality
Document Deepfake
Global Trust Platform
Journey Builder
Case Management
Shufti AI
Fraud Analytics
Vendor Comparison
Brand Personalisation
IDV Modes
AI Compliance Co-Pilot
OCR
Secure Capture
Deployment Options
Identity Methods
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Supported Documents
Supported Countries
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
About
Career
Press Release
Certifications
Partnership
Awards
Events & Webinar
Interactive Demo
Podcast Studio
Spotlight Studio
Forex & CFD Brokers
Verify Every Forex Trading Broker and Secure Every Stage of the Trading
Trader KYC, AML screening, four-tier PEP classification, KYB, and source-of-funds checks across 240+ countries actively processed. Purpose-built for FCA, CFTC, ASIC, CySEC, and MiFID II regulated brokerages.
Proven Performance
Our impact, by the numbers
- <30sMedian Time-to-Decision
- 4,000+Watchlists Screened
- 240+Countries Actively Processed
Trusted by Leading Digital Enterprises Worldwide
Compliance Without Compromise
Why Forex Brokers Choose Shufti
-
Stay Ahead of Every Regulator
MiFID II enforcement is tightening. FATF Recommendation 22 extends full CDD obligations to every forex broker classified as a DNFBP. The FCA, CFTC, ASIC, and CySEC are running parallel supervisory programmes. Shufti's AML rule sets and jurisdiction coverage update continuously, so compliance posture keeps pace with every change without engineering intervention
-
Stop Fraud Before It Trades
The Deloitte Center for Financial Services projects AI-driven fraud losses reaching $40bn by 2027. Forex platforms face synthetic identity registration, deepfake KYC attacks, multi-accounting, and source-of-funds misrepresentation. iBETA Level 3 certified liveness detection and device intelligence intercept sophisticated fraud at first contact, before a fraudulent account places a single trade.
-
Onboard Without Losing Traders
A median decision time under 30 seconds across 240+ countries actively processed means legitimate traders clear verification before they consider abandoning. Risk-tier configuration lets low-risk retail clients move faster, while high-risk profiles, PEPs, and professional client applications receive the deeper checks MiFID II requires.
Secure Every Stage of the Forex User Lifecycle
Sign Up
Bot Account Farming
Bots cycle through MT4/MT5 broker registration forms at scale, each instance using a fresh email and IP, targeting first-deposit bonuses. Device Fingerprinting catches shared emulator stacks and proxy infrastructure. Behavioural Biometrics kills the campaign at registration, machine-speed form fills and identical interaction patterns have no human equivalent.
Synthetic Identity Registration
A fraudster stitches together stolen PII and fabricated financial history to open a leveraged trading account, bypassing basic format checks. Shufti's eIDV cross-references every submitted detail against government and credit bureau databases, a synthetic identity leaves no verifiable footprint and fails immediately. Device Fingerprinting links the registration device to prior synthetic identity attempts on the platform
Multi-Accounting
A trader registers multiple accounts under name variations or family members' IDs to stack per-user bonuses and bypass individual position limits. Shufti's 1:N Facial Deduplication catches the same face behind different identities at onboarding. Device Fingerprinting links accounts sharing hardware infrastructure, and the Fraud Hub triggers a coordinated block across all linked registrations.
Stolen Identity Registration
A criminal uses breached PII to open a live trading account in a victim's name, then withdraws the deposited funds. Shufti's eIDV detects mismatches between the submitted details and the identity's known electronic footprint. Face Verification confirms the person presenting is live and physically matches the document, stolen PII alone cannot pass both checks
Jurisdiction Spoofing
A trader in an OFAC-sanctioned or ESMA-restricted jurisdiction declares a false EU/UK address and routes their connection through a VPN to appear compliant. Device Fingerprinting detects VPN and proxy infrastructure at the point of registration. Address Verification cross-references the declared address against independent data, surfacing the mismatch. AML Screening applies the correct jurisdictional risk score, not the declared one.
Referral and Bonus Ring Abuse
A coordinated ring registers dozens of broker accounts, rotating devices and emails, targeting first-deposit bonuses and referral payouts. The Fraud Hub surfaces shared device and network infrastructure linking ring members together. Device Fingerprinting connects accounts on farmed devices, and 1:N Facial Deduplication catches members reusing the same face across multiple registrations.
Verify Identity (KYC)
Document Forgery
A fraudster submits a tampered passport or fabricated proof of address to pass the broker's KYC gate and gain access to leveraged instruments. Document Verification applies forensic analysis across any government-issued document, checking MRZ integrity, security feature placement, and AI-generated artefacts. NFC Verification reads the e-passport chip directly, making image-layer forgeries irrelevant.
Deepfake Face Attack
An attacker plays back a deepfake video of a stolen identity during the broker's liveness selfie step. Face Verification (iBETA Level 3) applies 3D depth mapping and micro-movement analysis no current deepfake tooling can replicate. Injection Detection runs simultaneously, identifying virtual camera drivers feeding pre-recorded footage into the biometric capture layer.
Camera Injection Attack
During a broker's liveness check, a fraudster injects a pre-recorded video feed via virtual camera software, bypassing the physical camera entirely. Injection Detection identifies virtual camera drivers at the OS level before biometric capture begins. Device Fingerprinting flags any environment where the declared camera does not match the detected hardware.
KYC Pack Fraud
A fraudster buys a dark-web KYC kit — a forged passport paired with a matched selfie — designed to defeat broker identity checks. NFC Verification reads the e-passport chip; a purchased kit has no working chip and fails immediately. Document Verification then applies forensic checks for template-based fakes, and eIDV confirms the identity has a real electronic footprint.
PEP or Sanctioned Person Onboarding
A politically exposed person or sanctioned trader attempts to onboard a leveraged account using a transliterated name or alias to avoid triggering a watchlist hit. AML Screening applies fuzzy matching across 4,000+ watchlists and 215+ sanctions regimes in 80+ languages, covering all four PEP tiers. Every decision is cryptographically timestamped, giving the broker a defensible record for FCA or CySEC review.
Business Ownership Concealment
A corporate broker applicant hides a sanctioned or high-risk beneficial owner behind a chain of nominee directors and shell entities. Business Verification maps the full ownership structure to the UBO regardless of depth. Due Diligence then screens every identified UBO against the full watchlist, PEP, and adverse media databases — any sanctioned owner at any layer surfaces before the account is approved.
KYC Identity Recycling
A fraudster submits an identity package that passed KYC at another broker or was previously rejected, banking on the absence of cross-platform history. 1:N Facial Deduplication checks every applicant's biometric against a database including prior rejections across platforms. eIDV cross-references the submitted identity against known data footprints to detect PII combinations that have been flagged previously — a package with a rejection history fails both checks.
Suitability Assessment
Accreditation Fraud
A retail trader submits false income statements and fabricated professional experience declarations to qualify as a professional client and access high-leverage products unavailable at the retail tier under MiFID II. Shufti's Investor Verification checks every submitted document against independent financial data sources and flags inconsistencies in the declared income or professional profile. Consent Verification cryptographically binds every declaration to the verified identity with a timestamp, creating a non-repudiable audit record that cannot be altered retroactively. If the documentation does not match the declared profile, the professional client application does not proceed.
Source-of-Funds Misrepresentation
A customer declares a legitimate salary or inheritance as the source of trading capital in order to conceal deposits that originate from criminal proceeds or undeclared income. Shufti's Investor Verification captures source-of-funds documents against the verified identity's known financial footprint and stated trading purpose. AML Screening checks the declared source against sanctions lists, PEP databases, and adverse media across 80+ languages. Where the declared source and the detected risk profile diverge, an EDD trigger fires before the account is funded.
Suitability Test Gaming
A retail trader retakes the MiFID II appropriateness questionnaire multiple times, tweaking answers to unlock access to restricted CFD instruments or higher leverage tiers. Consent Verification cryptographically timestamps every submission, binding each attempt to the verified identity. Multiple consecutive failures are captured in the tamper-evident audit log as a compliance risk signal — available for review before any account upgrade is processed.
Identity Substitution at Assessment
A third party completes the MiFID II appropriateness test on behalf of the account holder to generate a professional client classification for restricted CFD products. Face Verification confirms in real time that the person physically present during assessment matches the verified identity — if they don't match, the professional client classification does not proceed.
Source-of-Wealth Concealment
A high-net-worth client submits professionally formatted documentation for a professional client application with assets whose actual origin is corruption, bribery, or criminal enterprise. Shufti's Due Diligence runs enhanced checks that cross-reference every declared wealth source against adverse media in 80+ languages and all four PEP tiers. AML Screening applies jurisdictional risk scoring to the declared asset origin country, not just the account holder's residence. Where the submitted documentation and the detected risk profile diverge, the application is held for EDD before any tier classification is applied.
Eligibility Fraud for Restricted Products
A retail trader fabricates income evidence and professional qualifications to claim professional client status and access ESMA-restricted high-leverage CFD instruments. Investor Verification runs forensic checks on each piece of submitted evidence, applying data-point consistency analysis across the full submission. Consent Verification records the eligibility declaration with a cryptographic timestamp bound to the verified identity, making the false claim non-repudiable.
Fund Account
Money Mule Deposit
A recruited mule receives bank transfers from a criminal network into their FOREX trading account, opens and closes positions to obscure the paper trail, then withdraws proceeds to a third-party bank account. Transaction Monitoring flags the rapid deposit-to-trade-to-withdrawal sequence. The Fraud Hub surfaces coordinated mule rings operating across multiple broker accounts simultaneously.
Structuring / Smurfing
A launderer splits criminal proceeds into multiple deposits just below the broker's AML reporting thresholds, repeating the pattern across weeks to avoid triggering SARs. Transaction Monitoring evaluates deposit frequency and amounts across the full account history rather than in isolation. AML Screening applies FATF-aligned structuring typologies to flag sub-threshold sequences that are individually innocuous but collectively suspicious.
Stolen Card Funding
A fraudster loads stolen card credentials onto a broker deposit page, converts the balance through rapid position opens, and withdraws before the cardholder files a chargeback. Device Fingerprinting flags devices with prior fraud associations at the deposit step. Transaction Monitoring detects deposit-to-trade velocity inconsistent with the account's verified trading profile and fires a hold before the withdrawal is processed.
Inbound Sanctioned-Source Deposit
Funds are wired from a bank account or payment service linked to OFAC-sanctioned entities, ransomware proceeds, or other illicit sources into a FOREX trading account as a layering step. AML Screening checks every inbound deposit source against OFAC, global sanctions, and adverse media databases in real time, before the deposit is credited. A sanctioned-source match triggers an immediate hold and compliance alert, with the matched list version and timestamp recorded in the audit log.
Third-Party Funding
A FOREX trader receives a deposit from a bank account registered to a different name — a classic pass-through pattern in money mule networks. Transaction Monitoring flags the account name mismatch on every inbound transfer in real time. AML Screening runs on the identified funding source to check for sanctions exposure and adverse media. Consent Verification records whether the account holder explicitly acknowledged and authorised the third-party deposit.
APP Scam Funding
A victim is socially engineered into transferring savings to a fraudster-controlled FOREX broker account, believing they are making a legitimate investment. Behavioural Biometrics monitors the session for coercion signals — unusual hesitation, extended dwell times, interaction patterns inconsistent with the user's prior profile. Transaction Monitoring flags the deposit profile if inconsistent with the account's stated trading purpose before funds are deployed.
Trade
Wash Trading
A fraudster operates two or more linked FOREX accounts and executes matched buy and sell orders between them to generate artificial volume and manipulate reported liquidity. Transaction Monitoring analyses every trade for circular flows with near-zero net P&L. 1:N Facial Deduplication cross-checks whether accounts sharing trade flows are controlled by the same person under different registered identities. The Fraud Hub aggregates the signals into a single coordinated-account finding.
Coordinated Pump and Dump
A ring of linked FOREX accounts accumulates a large position in a thinly traded currency pair or CFD, inflates the price through coordinated buying, then exits simultaneously and leaves other traders with losses. The Fraud Hub surfaces cross-account coordination signals: shared device infrastructure, correlated registration timing, and synchronised position-building. 1:N Facial Deduplication confirms whether multiple ring accounts are controlled by the same individual under different registered identities.
Bonus and Promotion Abuse
A trader claims deposit bonuses and trading volume incentives across multiple broker accounts opened under different identities to exceed per-user limits. 1:N Facial Deduplication checks every new account's selfie against all existing verified accounts to identify the same person behind different registered names. Device Fingerprinting links accounts sharing hardware across different documents and email addresses. The Fraud Hub combines both signals to block bonus farming before any incentive payment is triggered.
Pig-Butchering via Broker Account
A fraudster operates a FOREX broker account as the exit destination in a pig-butchering scam, directing victims to wire progressively larger sums under the pretence of a shared investment opportunity. The Fraud Hub flags accounts with rapid inbound growth from multiple external sources inconsistent with the verified trader profile. Behavioural Biometrics detects near-zero position management despite high deposit volume. Transaction Monitoring surfaces the receive-and-withdraw pattern and triggers an EDD review before funds can be moved.
Layering Through Forex Trades
Illicit funds are converted repeatedly through currency pairs and CFD instruments across linked broker accounts to obscure the money trail before withdrawal. Transaction Monitoring analyses the full trading sequence rather than individual transactions, comparing against each account's stated trading purpose and risk profile. AML Screening runs continuously as the trading pattern evolves. The Fraud Hub cross-references trade flows across linked accounts to surface coordinated layering rings invisible in single-account monitoring.
Front-Running
A broker employee with visibility of pending large client orders places personal trades ahead of the client flow to profit from the predictable price movement. Transaction Monitoring flags trading patterns that consistently precede large client order executions with anomalous timing and position sizing. Behavioural Biometrics flags unusual access to order management systems outside normal operating patterns. The tamper-evident audit trail captures the full timing sequence with precision to support a regulatory inquiry.
Withdraw Funds
Account Takeover Withdrawal
An attacker who has gained access through credential stuffing or phishing attempts to drain the full account balance to an external bank account before the legitimate user notices the breach. Biometric Face Authentication requires a live selfie matched to the enrolled KYC biometric before any withdrawal above threshold is processed, making a stolen password alone insufficient. Device Fingerprinting detects unrecognised devices and triggers step-up verification before the transfer instruction is accepted.
Withdrawal to Sanctioned Destination
A customer routes a FOREX broker withdrawal to an OFAC-listed or globally sanctioned bank account, either as a deliberate layering step or under external coercion. AML Screening checks every declared withdrawal destination against live sanctions databases in real time before the transfer instruction is submitted for processing. A sanctioned-destination match blocks the withdrawal and generates a compliance alert automatically.
Rapid Cash-Out
A fraudster deposits funds into a FOREX trading account, converts them through rapid position opens, and initiates a full withdrawal within minutes before any monitoring threshold fires. Transaction Monitoring flags anomalous deposit-to-withdrawal velocity as a standalone risk signal. An immediate full-balance withdrawal triggers an automatic hold before it reaches the payment processor. Biometric Face Authentication requires biometric re-verification before the hold can be reviewed and lifted.
Withdrawal Address Manipulation
Clipboard-hijacking malware on the trader's device silently replaces the intended withdrawal bank account details with a fraudster-controlled account at the moment of paste. Biometric Face Authentication requires biometric confirmation before any new withdrawal destination is saved to the account profile, making address substitution impossible without the genuine account holder's face. Device Fingerprinting detects operating environment anomalies consistent with clipboard-hijacking tools and flags the session for step-up review.
Support Social Engineering
A fraudster contacts the broker's support team impersonating the account holder and requests a withdrawal bank account change using scraped personal data. Biometric Face Authentication requires live biometric re-verification for any change to payout destinations, regardless of which channel the request arrives through. No quantity of personal information substitutes for the enrolled face — the social engineer cannot produce what only the account holder has.
Third-Party Withdrawal
A FOREX account holder requests a withdrawal to a bank account registered to a different name — a signal of money mule activity in the final stage of a laundering sequence. Transaction Monitoring flags the name mismatch between the verified account holder and the declared withdrawal destination in real time. AML Screening runs on the destination to check for sanctions exposure. Consent Verification records whether the account holder explicitly acknowledged the third-party destination.
Upgrade Account
Fake Documents for Professional Tier
A retail trader submits a forged payslip or fabricated professional qualification certificate to qualify for the professional client tier and access high-leverage CFD instruments unavailable to retail clients. Document Verification applies forensic analysis at the upgrade stage, checking font consistency, security feature integrity, and AI-generated artefact signatures. Face Verification confirms the face on upgrade documents matches the identity enrolled at original KYC — a document failure or face mismatch blocks the tier change before it is processed.
Address Fraud for Jurisdiction Tier
A retail trader submits a fabricated utility bill to declare a lower-risk jurisdiction and gain access to FOREX products restricted in their actual country by ESMA or local regulators. Address Verification cross-references the declared address against independent postal records, electronic footprint data, and jurisdiction-specific database sources. A fabricated bill leaves no matching footprint and the mismatch is surfaced before the jurisdiction classification is changed.
Suitability Upgrade Fraud
A retail trader submits false income declarations and fabricated professional experience evidence to claim professional client classification under MiFID II and bypass ESMA leverage restrictions. Investor Verification runs each submitted document against independent financial data sources, flagging income figures or career histories that don't match the known data footprint. Consent Verification cryptographically timestamps every declaration and binds it to the verified identity, making the false declaration non-repudiable.
Support Social Engineering for Tier Change
An attacker impersonates the account holder in a support interaction and requests a leverage limit increase or tier reclassification without supporting documents. Biometric Face Authentication requires live biometric re-verification before any tier or limit change is processed, regardless of which channel the request arrives through. Personal information knowledge alone cannot authorise the change — the social engineer cannot produce the account holder's enrolled face.
Third-Party Upgrade Application
A third party fills in and submits the professional client suitability application on behalf of the account holder, generating a favourable tier record without the genuine person's involvement. Face Verification confirms in real time that the person completing the application matches the identity enrolled at initial KYC. Biometric Face Authentication adds a binding check at submission — any face mismatch stops the upgrade before it is recorded.
Source-of-Wealth Fraud at Tier Change
A high-net-worth applicant submits polished documentation for a professional client application with assets whose true origin is corruption, bribery, or criminal enterprise. Investor Verification cross-references declared wealth sources against jurisdictional risk profiles and known patterns of wealth concealment. AML Screening checks PEP status and sanctions exposure on the declared source of wealth. Where the declared profile and detected risk signals diverge, the upgrade is held for EDD before any tier change is applied.
Account Maintenance
Password Reset Account Takeover
An attacker compromises the account holder's phone number via SIM swap or email via phishing, then uses the intercepted reset link to take over the FOREX trading account. Biometric Face Authentication requires a live selfie matched to the enrolled KYC biometric before any password reset is completed, making phone or email compromise alone insufficient. Device Fingerprinting flags unrecognised devices initiating the reset and escalates the verification requirement before the reset link can be used.
Fraudulent Bank Account Addition
An attacker who has gained partial account access attempts to add their own bank account as a fiat withdrawal destination before the legitimate holder notices. Biometric Face Authentication requires biometric verification before any new payout destination is saved, closing the window partial access creates. Device Fingerprinting flags unrecognised devices initiating the change and requires a second confirmation layer before activation.
Identity Detail Change to Evade Screening
A FOREX account holder who has received an AML alert attempts to alter their registered name or date of birth to create a mismatch with the watchlist entry that triggered the flag. AML Screening automatically re-runs against any new details the moment a core identity field is submitted for change. Document Verification requires re-submission of government-issued ID, and eIDV cross-checks the new details against the identity's known electronic footprint before the change is approved.
Session Takeover
A stolen session token gives an attacker persistent access to the FOREX trading account to change settings and prepare withdrawal instructions without triggering a new login event. Behavioural Biometrics monitors interaction patterns throughout the session and detects when typing rhythm, navigation flow, or device handling changes in a way consistent with a different person. Device Fingerprinting tracks mid-session hardware profile shifts. Either signal triggers step-up re-authentication before the session can continue.
MFA Fatigue Attack
An attacker with stolen credentials floods the account holder with repeated authentication prompts until the user approves one out of frustration, bypassing MFA entirely. Biometric Face Authentication requires a live biometric step that cannot be satisfied by approving a push notification, making prompt fatigue exploitation impossible. Behavioural Biometrics detects the unusual authentication request cadence as an anomaly signal, and an unusual approval following rapid rejections triggers an additional biometric check before the session is opened.
Jurisdiction Evasion via Profile Change
A FOREX account holder whose verified residence restricts CFD product access or leverage tiers requests a declared address change to a permitted jurisdiction to bypass those restrictions. Address Verification independently cross-references the new declared address before the jurisdiction classification is updated. eIDV re-validates the identity against the claimed jurisdiction's authoritative data sources. AML Screening re-runs automatically for the new jurisdiction's risk profile before the classification change is applied.
Ongoing Monitoring
Sanctions Re-Listing After Onboarding
A FOREX account holder who was clean at onboarding is subsequently added to a global sanctions list following a regulatory action or criminal designation. Ongoing AML Screening fires an immediate alert the moment a re-designation is recorded on any of the 4,000+ screened watchlists. Perpetual KYC updates the account's risk status in real time, enabling the broker to act before the customer's next login
Risk Profile Drift
A FOREX account holder onboarded with a standard retail risk profile gradually shifts to trading patterns, deposit sources, and withdrawal destinations inconsistent with their stated purpose. Perpetual KYC monitors all account signals continuously and updates the risk score dynamically as behaviours shift. Transaction Monitoring tracks cumulative pattern drift across the full account history. When the risk score crosses a defined threshold, EDD is triggered automatically.
PEP Status Change Post-Onboarding
A FOREX account holder becomes politically exposed after onboarding through an election result, government appointment, or close family association with a newly designated official. Ongoing AML Screening covers all four PEP tiers and monitors for new designations continuously. The compliance team receives the alert with tier classification and relationship evidence the moment the PEP database reflects the new designation.
Adverse Media Emergence
Criminal proceedings, a regulatory enforcement action, or serious adverse press linking the FOREX account holder to fraud, corruption, or financial crime are published after onboarding. AML Screening monitors 50,000+ adverse media sources in 80+ languages continuously and fires an alert the moment new material is detected. The compliance team receives the finding with source, publication, and severity classification attached.
Structured Layering Over Time
A FOREX account holder moves illicit funds through a sustained series of small trades spread across weeks, deliberately staying below thresholds to avoid triggering single-transaction monitoring alerts. Transaction Monitoring analyses cumulative trading patterns across extended time windows and detects sustained sub-threshold behaviour that adds up to a suspicious aggregate. AML Screening cross-references the pattern against the account's declared trading purpose and risk tier. The Fraud Hub surfaces coordinated layering rings split across multiple accounts.
Coordinated Account Ring Activity
Multiple FOREX accounts controlled by linked individuals execute coordinated deposit, trade, and withdrawal sequences below account-level thresholds to layer illicit funds through the broker. The Fraud Hub links accounts through shared device data, biometric matches, and registration signals. Transaction Monitoring analyses the group's combined cash flow as a single monitored entity. 1:N Facial Deduplication identifies whether ring members are the same person operating under different identities.
Periodic Review
Periodic Review Evasion
A FOREX account holder with an escalating risk profile deliberately suppresses trading activity before a known scheduled review period, then resumes after the window closes. Perpetual KYC is event-driven rather than calendar-driven, evaluating the full account history continuously so that suppression before a review date does not reset the risk score. The slowdown and resumption pattern is itself captured as a distinctive signal visible to the compliance team.
Identity Swap at Re-Verification
A FOREX account holder submits entirely different government-issued documents at the re-KYC stage, claiming the originals were lost or expired, to reset the identity record and obscure the account history. Biometric Face Authentication requires the current selfie to match the biometric enrolled at original onboarding, regardless of which new documents are presented. Face Verification, certified to iBETA Level 3, performs the match against the stored biometric record — a biometric match is mandatory before any document update is accepted.
Beneficial Owner Change to Conceal Risk
A corporate FOREX client restructures its ownership chain at the re-KYC stage to remove a newly sanctioned or high-risk UBO and replace them with a clean nominee. Business Verification re-maps the full ownership structure on any declared entity change, tracing through nominee and holding layers to the ultimate beneficial owner. AML Screening runs on every newly identified UBO against the full watchlist, PEP, and adverse media databases — a sanctioned owner who moves behind a nominee is identified through the same methodology applied at initial onboarding.
EDD Avoidance Through Account Dormancy
A high-risk FOREX account holder reduces trading activity below EDD thresholds, waiting in a deliberately dormant state to avoid scrutiny. Perpetual KYC treats account dormancy itself as a risk signal rather than a neutral condition, particularly for accounts with established risk histories. Transaction Monitoring flags the resumption of trading activity following deliberate inactivity. Re-activation from a high-risk dormant state triggers EDD automatically.
Re-Screening Gap During Re-KYC Window
A FOREX account holder exploits the lag between scheduled re-KYC cycles to transact at elevated risk during a window when the compliance team is not actively reviewing the account. Ongoing AML Screening runs continuously across all active accounts regardless of each account's position in the re-KYC schedule. Watchlist changes trigger immediate re-assessment without waiting for the calendar-based review. No unmonitored window exists in a continuous screening architecture.
PEP or Sanctions Designation During Dormancy
A FOREX account holder who has been inactive is added to a watchlist while the account sits dormant and apparently low-risk. Ongoing AML Screening runs against all accounts regardless of activity status, so a dormant account receives the same continuous screening as an active one. A sanctions or PEP designation on a dormant account fires an immediate compliance alert to the broker's team before re-activation is permitted
Close Account
Pre-SAR Closure
A FOREX account holder under active AML review submits an account closure request and a GDPR erasure demand simultaneously, aiming to destroy the transaction history before a SAR can be filed. Transaction Monitoring and AML Screening run a final review sweep the moment the closure request is received and flag any pending compliance status. Regulatory retention rules take precedence over erasure requests under GDPR and financial crime legislation. The closure does not proceed while any AML matter is open and unresolved.
Balance Extraction Before Closure
A FOREX account holder withdraws the full balance immediately after receiving a compliance communication, then submits a closure request to prevent further monitoring of the destination the funds moved to. Transaction Monitoring flags a full-balance withdrawal immediately following a compliance event as a high-priority risk signal. An automatic hold is placed on the transfer before funds reach the payment processor. Biometric Face Authentication requires biometric re-verification from the genuine account holder before the hold is reviewed.
Re-Application Under New Identity
FOREX customer offboarded for compliance reasons reapplies using different government-issued documents or a close associate's identity to restart the relationship from a clean record. 1:N Facial Deduplication screens every new applicant's biometric against the full platform history, including deactivated accounts and rejected applications. AML Screening re-runs on the submitted identity. A biometric connection to a closed or rejected account blocks the new application automatically.
GDPR Erasure to Evade AML
A FOREX account holder with a pending AML flag submits a personal data erasure request timed to coincide with a developing regulatory inquiry. Ongoing AML Screening flags the combination of an open AML status and an incoming erasure request as a risk signal requiring compliance review before any data processing action is taken. Financial crime legislation and regulatory retention obligations take precedence over erasure rights under Article 17(3) GDPR, and the request is suspended while the matter is open.
Coordinated Mule Ring Exit
Multiple linked FOREX accounts in a mule ring submit closure requests in a short window immediately after completing a coordinated structuring sequence, aiming to disperse processed funds and exit the platform simultaneously. Transaction Monitoring detects the coordinated closure pattern across linked accounts and treats the batch closure as a network-level AML signal. The Fraud Hub cross-references closure requests against the accounts' shared device data and identity links. AML Screening runs a final sweep on all ring accounts before any closure is processed.
Account Retention Fraud
A FOREX account holder closes an account specifically to avoid a looming risk review, then immediately re-applies using a close associate's identity or marginally different personal details to reset the compliance relationship. 1:N Facial Deduplication connects the re-applicant's biometric to the deactivated account record regardless of new identity documents. The Fraud Hub cross-references the re-application timing, device data, and registration signals against the prior closure event. The connection is flagged before the new application is approved.
Built For Every Role That Owns the Compliance Decision
Combine products across identity, compliance, and fraud defence to build a verification stack that meets your regulatory requirements, without rebuilding the integration each time the rulebook changes.
Compliance Officer
Stop manually reconciling vendor data. Shufti automates the audit trail and provides a unified, jurisdiction-specific evidence package for every trader, updated in real time. MiFID II, FATF R.22, FCA SYSC, CFTC, ASIC, and CySEC coverage in one place.
Head of Product
Eliminate market-specific friction with a configurable risk-tier engine. Localised pass-rate data optimises the onboarding UX before launch. Risk-based routing adjusts the verification depth per client segment automatically.
Head of Engineering
One REST API for the full trader lifecycle. Deploy across document verification, biometric liveness, AML screening, and transaction monitoring without managing vendor sprawl. Sandbox up in under five minutes.
Fraud Analyst
Cut manual review time with a unified Fraud Hub that surfaces the reason behind every flag before the case is opened. Cross-account signals, device links, and AML match context all in one view.
Everything you need to know in one place
Frequently Asked Questions
Forex brokers are classified as Designated Non-Financial Businesses and Professions (DNFBPs) under FATF Recommendation 22. This means full CDD, PEP screening, and source-of-funds obligations apply, on par with financial institutions. In the EU and UK, brokers also fall under MiFID II, requiring client categorisation, suitability assessment records, and KYC documentation mapped to investment-firm rules. National supervisors including the FCA, CFTC, NFA, ASIC, and CySEC each carry their own recordkeeping and verification requirements. Shufti maintains mapped rule sets across all active jurisdictions.
Journey Builder routes retail clients through a standard identification flow and automatically steps up to suitability documentation, source-of-funds capture, and four-tier PEP analysis for professional client applications and high-deposit registrations. Each path produces a MiFID II client identification record and a FATF R.22 CDD record. Investor Verification captures and binds accreditation and income evidence to the verified identity with a timestamped audit trail, reducing manual follow-up on suitability reviews.
ISO/IEC 30107-3 PAD Level 3 is the highest independent certification tier for presentation attack detection. iBETA tested the liveness system against printed photos, 3D masks, video replay attacks, and deepfake injection vectors. Level 3 certification confirms the system passed every attack category at that tier. For a forex broker, this means every liveness decision carries third-party validated evidence that the person presenting was live and genuine, not a spoofed artefact, which is the standard examiners are now referencing when reviewing biometric KYC implementations.
Watchlists are refreshed on a 15-minute cycle. Coverage spans 4,000+ sanctions and watchlists, 215+ sanctions regimes including OFAC SDN, EU consolidated, UK OFSI, UN, HMT, and 100+ national lists, four PEP tiers (domestic, foreign, international organisation, family and close associates), and 50,000+ adverse media sources. Every match decision carries a cryptographic hash, list version, and timestamp, auditable months later for an FCA examination or CFTC inquiry.
Investor Verification captures source-of-funds and source-of-wealth documentation and binds it to the verified identity record. The captured evidence is cross-referenced against AML screening results, PEP status, and jurisdictional risk scoring for the declared asset origin. All artefacts are stored in the tamper-evident audit log with configurable retention from 5 to 10 years, exportable for examination by FCA, CFTC, ASIC, or CySEC supervisors.
A per-trader evidence package exports in PDF or JSON in under five minutes. It contains document hashes, biometric capture metadata, iBETA-conformant PAD result, full screening match log with list versions, decision rationale, model version, reviewer attribution, and any change events. Bulk historical export is available via API. The artefact is identical regardless of whether the request comes from an FCA supervisor, a CFTC examiner, or an internal audit team.
Perpetual KYC re-screens traders continuously against watchlist updates, trading-pattern changes, source-of-funds variance, and jurisdiction changes. It is event-driven, not calendar-driven, which means a customer who receives a sanctions designation at any point in the relationship is flagged immediately, not at the next annual review cycle. All re-screening events update the tamper-evident audit log.
Evaluate Shufti Against Your Current Forex Stack
MiFID II, FATF R.22, and national supervisory expectations require a verification architecture that connects trader onboarding identity to ongoing transaction monitoring and perpetual re-screening. Point-solution stacks cannot share identity records, produce consistent audit trails, or update compliance rules from a single source.
Evaluate whether your current stack meets that standard.