FATF Issues Guidance Paper For Incorporating Digital ID

FATF Issues Guidance Paper For Incorporating Digital ID

The Financial Action Task Force (FATF) has issued a guidance paper, last week, that outlines a risk-based approach to governments, financial institutions, and other relevant enterprises. The guidance paper guides these entities to use digital identity verification services to comply with Anti-Money Laundering (AML) and Counter Financing Terrorism (CFT) requirements under its standards. 

According to the paper, 

“The rapid pace of innovation in the digital identity (ID) space has reached an inflection point. Digital ID standards, technology, and processes have evolved to a point where digital ID systems are, or could soon be, available at scale.” 

The paper also points out the emergent role of digital payments. By 2020, digital payments will be growing at an estimated 12.7% annually and 70% of the world GDP forecast will be digitized. By understanding the role digital ID systems play in this swift expansion is important in achieving AML/CFT compliance and enhancing Customer Due Diligence measures. 

Financial institutions have to recognize and identify the risks that come with incorporating large scale digital ID systems. The associated risks can be privacy, fraud, governance, identity theft, and data security. 

FATF Guidance on digital ID

  (Source: @FATFNews)

FATF encourages authorities to “adopt policies, regulations, supervision, and examination procedures that encourage regulated entities to develop an efficient, integrated approach to digital ID streaming applicable digital processes across all relevant efforts.” 

Currently, the FATF is consulting private sector stakeholders and is also welcoming any feedback or proposals from financial institutes, banks, virtual asset service providers, authorities and regulators until November 29, 2019. 

Another element the paper focuses on is the implementation of “Recommendation 10” which specifies Customer Due Diligence measures. Through the use of digital ID systems, verifying the authenticity of clients at on-boarding, ongoing due diligence and Third-Party Reliance (Recommendation 17) is encouraged. 

Find more relevant resources on FATF:

FATF Issues Guidance Paper For Incorporating Digital ID

Why CDD is significant for both Know Your Customer and Know your Business verification?

Customer Due Diligence: From KYC to KYB

Why CDD is significant for both Know Your Customer and Know your Business verification?

Banking is a profitable sector but is risky at the same time. Frauds, as well as compliance risks, are often complicated and intricate. The banks and financial institutes are spending a high amount of capital on KYC compliance, which surpassed $100 billion in the year 2019. Even with this much investment, global banks have been fined $321 billion since the global crisis in 2008. Further complicating these risks is the fact that financial crimes such as money laundering, terrorist financing, and cyber frauds are increasing.

On the other hand, regulatory authorities are striving hard to enforce measures that could lead to the eradication of financial crimes. One of the first regulations that were enacted amidst the Vietnam war back in the 1970s was BSA. US regulatory authorities issued the Bank Secrecy Act of 1970 (BSA).

The purpose of this law was to counter money laundering activities emerging from illicit drug trafficking. Under this provision, banks are obliged to report any customer activity that seems suspicious such as transaction above $10,000 to the Federal Financial Crimes Enforcement Network (FinCEN).

The regulations aimed to make it difficult for the drug cartels, terrorists, and other lucrative criminal enterprises to launder money by making their transactions more visible to law enforcement agencies.

Introduction of Customer Due Diligence as Know Your Customer (KYC) regulations

 

The Banking Act of 1970, laid the foundation for the Anti Money laundering (AML) regulations later in US patriot Act, 2001, after the tragic incident of 9/11. Customer due diligence (CDD) was declared necessary for the financial sector. The term coined for performing CDD is Know Your Customer or KYC.

The KYC regulations were fortified to restrain the flow of money to the terrorists. It requires financial institutes to verify the customer to ensure that they are, who they claim to be. These regulations led to the adoption of various approaches to comply with CDD and KYC laws. Since the US regulatory changes affect the landscapes of the global financial sectors, these regulatory changes were accepted by the banking sector worldwide.

Financial Sectors adopted several ID verification controls to respond to these regulations. These ID verification controls include:

  • Maintaining a thorough Customer Identification Program (CIP).
  • Verifying customers against the list released by Law enforcement agencies.
  • Predicting, customer’s behavior and criminal risks associated with a particular entity, based on the statistical data.
  • Ongoing screening of the transactional activities of suspected customers.

It continues to be the main line of defense for the financial sector against financial crimes, with minor amendments. For a simple person, this law appears comprehensive. However, in June 2016, a loophole was identified in KYC compliance regulations. 

The banks weren’t required to verify the identity of stakeholders and beneficiaries of the businesses they provide services. It was after Panama Papers Scandal the world realized that apparently, legitimate businesses could hide the identities of bad actors and perform illegal activities on their behalf. The regulatory authorities identified the risk and issued a fix as Know Your Business (KYB).

Tying up Loose Ends with KYC Verification

 

This fix made by regulatory authorities in the KYC checks includes the Customer Due Diligence for the financial institutes. Under the new provision, Financial institutes are now required to perform stringent verification checks. KYB regulations are aimed to identify the shell companies that are involved in money laundering and other illicit financial crimes. 

Firms are required to verify the person who owns the business legally as well as, the identity of stakeholders owning a minimum of 25% share in the business. European Commission also introduced the same legislation in its 4th AML Directive (4AMLD). This process of business verification was improved, with new regulatory changes in AMLD5 and AMLD6, which are aimed to make due diligence transparent.

However, KYB compliance is not easy to achieve as it seems. The major problem in KYB verification is the identification of shareholders in the businesses. Most of the time, no record of these entities is available and to make things worse, the disclosure requirements in each jurisdiction varies. This sometimes makes it impossible to identify the stakeholders in the business. It is a recipe for disaster, for the firms who want to stay in compliance.

Turning towards Technology for Solution 

 

Emerging from the ashes of the global financial crisis in 2008, the new regulatory technologies are helping to ease the burden of compliance by reducing the operational costs as well as mitigating the risks for financial crimes. At the crux of these technologies, is the use of new technologies such as Identity verification and KYC identification, to help financial institutes to monitor, comply and regulate. The RegTech solutions are already assisting financial institutes to meet KYC and AML regulations.

Businesses need to stay one step ahead of the fraudsters. With a comprehensive approach to global risk mitigation, businesses could easily prevent fraudulent activities and stay in compliance with regulatory authorities. 

RegTech industry is rendering efficient AI-based solutions for Business verification solutions that can eliminate the inefficiencies and risks involved in onboarding new customers. For instance, automation of official document checking process and verification against the government issued registries. 

The future of RegTech is expected to see great adoption in the financial sector in the future. Owing to the changes in regulatory compliance, performing KYC and KYB verification parallelly will enhance the customer due diligence process and businesses to stay compliant.

AMLD Regulations catching up with Technology

AMLD5 – Regulations catching up with Technology

In this era of technology, it is a common saying that “Innovation leads and regulation follows.” This couldn’t be any truer with the adoption of the Fifth Anti-Money Laundering Directive (AMLD5) by the European Union. AMLD5 is basically an extension of the previous iteration – AML4. Both of these directives are to tackle and control the on-growing power and risks associated with the use of technology by criminals. 

Moving into the fourth industrial revolution, businesses are completely under the limelight of technology. Of course, the criminal world is also taking advantage of technology to carry out their operations more effectively and anonymously. This drives the attention of government and regulatory agencies to come up with stricter directive for businesses to curb criminal activities.

The aim behind the introduction of AMLD5 is to prevent money laundering, terrorist funding and illicit transfer of money throughout the financial industries of the EU. The same was the goal statement of AMLD4 but in some ways, AMLD5 is more advanced and covers some further aspects. It includes a better definition of the virtual currencies, the changes and the information-sharing policies that are required to combat crimes related to prepaid cards and financial institutes.

From AMLD4 to AMLD5

 

Previously AMLD4 tackled the risks by making it mandatory for “obliged entities”- banks and financial institutions – to meet KYC and due diligence requirements. Also, the companies operating within the EU were obliged to maintain central registers of their ownerships. According to the European central bank, AMLD4 didn’t go far enough to curb the risks posed by criminal transactions and money laundering.

The main reason was the recent terrorist attacks throughout Europe. Moreover, the Panama papers scandal in 2016 followed Paradise Papers publications in 2017 made it a top agenda for the regulators to come up with a more efficient directive. These papers provided insight to the government into the ways politicians and wealthy-beings can exploit tight-lipped offshore tax regimes. These incidents created a huge fuss around the world questioning the credibility of country regulations. 

Taking into account these issues, the updated framework of the 4th Anti-Money Laundering Directive – AMLD5 came into force in July 2018 which is to be implemented from January 2020. It doesn’t contain any new sets of rules, instead, they are just an extension of the previous ones. The fifth AML directive intends to bring boundless transparency in business activities and company ownership within the EU.

Multiple amendments posed by AMLD5 in the fourth directive. These extensions are to strengthen the policies to deter money laundering due to new technology advancements. AMLD5 not only proposes the public registry for beneficial owners of obliged entities, but it also addresses the significant risks associated with virtual and cryptocurrencies.  

The Obliged Entities and Requirements

 

The fifth AML directive covers various entities that include:

 

  • Financial Institutions – MiFID firms, insurance companies, collective investment schemes.
  • Estate Agents
  • Credit Institutes
  • Providers of virtual currencies
  • Prepaid cards
  • Legal Professionals, Auditors, Tax Advisors, and external accountants
  • Trust, or company service providers
  • Person trading in goods (involving cash payments in amounts of €10,000 or more)

The most important requirement of AMLD5 is requiring the obliged entities to implement the beneficial ownership registry. It is essential for state members to collect and maintain accurate and current information about the legal entities  – as described in AMLD4. In order to meet this requirement, the obliged entities that are operating in the EU must have Know your Customer (KYC) information, in addition to beneficial ownership information, readily available with all the planned procedures.

Enhanced Due Diligence:

 

Undoubtedly, the beneficial ownership registry is the primary level of customer due diligence. However, with the implementation of AMLD5, the obliged entities will have to adopt Enhanced Due Diligence (EDD) requirements. The EU-based banks are compelled to perform EDD every time they enter into transactions from high-risked third countries as defined by the European Commission. This requirement is to diminish the potential of doing business with criminal organizations. 

The process of enhanced due diligence involves the collection of additional information about the customer, the screening and the completion of risk assessment. The risk rating strategies must involve the risk factors that may be responsible for updating the KYC policies and Procedures. For example, technology is the major risk factor and the manual KYC process is needed to be digital.

After the completion of the risk rating process, the entities must ensure the automatic delivering of data to national authorities and providing them access to information. Enforcement of AMLD5’s EDD requirement on EU-based entities doesn’t mean that their clients must also follow them. But if a bank in Europe adopts stringent EDD requirements, then the associated entities are required to ensure that they are complying with AMLD5 requirements along with their regional regulations.

The Significant Changes in the Regulation:

 

Though AMLD5 is an extension of AMLD4 regulations but there are some key changes that are highlighted in this directive, it includes:

1. Virtual Currencies

 

The virtual currencies like Bitcoin possess the transparency feature, i.e. the individuals involved with them tend to stay anonymous. It is both the weakness and strength of the organizations as well. The weakness because of the involvement of money launderers and cybercriminals. AMLD5 clearly states that virtual currency exchange platforms must have to apply Customer Due Diligence(CDD) just like traditional financial institutes.

It includes all the KYC and customer verification requirements. Moreover, customers have to get registered. All these requirements are to combat money laundering and criminal funding that takes place through these platforms.

2. Letterbox Companies

 

Under the new AMLD5 regulations, anyone will be able to access information about the real owners of “Letterbox” Companies that are operating in the EU. These companies are considered the hub of corruption, money laundering and transnational organized crime. This change in the directive can reveal the corruption and tax evasion that may be taking place in the companies. 

Moreover, with the central beneficial owner registry will be available for individuals with a ‘legitimate interest’, for example, an investigative finding out the owners of trusts and companies.

3. Prepaid Cards

 

AMLD5 has called for a reduction in the threshold of anonymous prepaid cards – from €250 to €150. This new arrangement is to combat the criminal activities that might be taking place through these cards. While prepaid cards generally have legitimate uses, the anonymous cards are readily used in money laundering and terrorist funding. 

The banks and other financial institutions are obliged to conduct CDD against the prepaid cardholder if the payments exceed a defined threshold. Moreover, as per AMLD5 regulations, the use of prepaid cards – that are issued outside EU territory – will be prohibited unless they follow AMLD5 regimes

Notable Challenges for Businesses in adopting new Standards

 

Until now, though the businesses used to comply with AML regulations but didn’t have to take that much notice of AML directives as they will have to do now. Previously, financial institutions and tax advisors were the major entities meeting AML compliance. However, with the introduction of AMLD5, now the virtual currency exchange platforms, prepaid cards, and custodian wallets will also have to obliged to new standards and regulations.

The obliged entities have to comply with Customer due diligence, monitoring the virtual currencies transactions and keeping a tight rein on customer activities that they might find suspicious. The major challenge for businesses is that from onboarding customers to ongoing documentation, they have to keep the data up-to-date and share customer information with anti-money laundering authorities.

 

Moreover, businesses will need to make sure that all the staff members have proper knowledge of the AML directives and follow the standards accordingly. It will cost businesses in training their employees. As the date of implementation of AMLD5 is approaching near, the time to incorporate all these new standards and rules is shortening – another challenge for the businesses.

Millenials Bank

Why Millennials don’t care about Conventional Banking Services?

Millennials are different from the baby boomer generation. They earn less than what the previous generation was earning at their age. It is odd that the banks have been unable to capture the market of millennials – the perfect target audience right now. However, faster customer identity verification can make banks millennial-friendly. 

Overview of Millenials

Millennials are the first of their kind – the true digital natives! 

They are internet savvy and armed with smartphones, which they check dozens of times a day. We are talking about people currently in the age group of 18-34. Smartphones play a huge role in their lives. 

The banks have started to think in terms of apps and online services. Also, the young generation is prone to fast internet.

What does internet speed have to do with customer identity verification?

A lot!

Banks are not selling toys or stationery. They have to comply with the financial regulations in providing their services. Say, a millennial wants to open a bank account. The ideal or expected way would be to open it over the internet. But not many banks are providing these services currently.

Why Banks have a hard time Capturing Millenials 

The millennials are not happy with the conventional banking system. They do not have to depend on any particular bank or service in most cases. An army of Fintech companies and products are swarming the markets. 

But despite the banks’ marketing, they are not there where they would like to be, in fact, they are far from it. If there is a bug in the app of a bank, the young customer would not like to wait for it to get fixed. They would like to know, which service is better and faster. 

Moreover, the banks have not yet figured out the perfect products that cater to this market. Millennials are putting off buying large ticket items but, in the future, they will be holding a significant amount of wealth.

Cybercrime is the elephant in the Room 

Let’s address the elephant in the room; privacy and security. We are spending more time gawking at the screens of computers and phones than ever before. You can buy stuff online, apply for a visa, date someone, and the list goes on. However, among this significant amount of data, security is of utmost importance,

Privacy breaches, hacks and other forms of cyber attacks have made this generation weary and cautious of banks. Since the majority of wealth exists digitally, this raises concerns for privacy.

A Safe and Bright Future

One obvious tool to handle security concerns is the verification of identity. When a customer is about to send or receive payment, the verification should be foolproof. This relates to the identity of the user. 

Each time we interact online, it leaves a footprint, which creates their digital identity. As technology gets more advanced, so do the tools. Banking and security services that are powered by AI and machine learning can collect the data better, faster and with better accuracy. Faster identity verification solutions are a healthy sign for banks. 

Conclusion

There are troves of rich data available for businesses. How fast banks capture and utilize it to offer banking products to customers will define who can corner this market first. Banks need to get aggressive in integrating state of the art technology in their services. Otherwise, more technology-based services will take over.

Customer Due Diligence Checklist

Customer Due Diligence Checklist – Is Your Business Compliant?

Compliance regulations can be a challenging task for the financial services sector and fulfilling them can be a long and tedious process. But no matter how onerous the process may be, the costs of non-compliance can be detrimental. Thus the financial services sector must exercise a comprehensive CDD or Customer Due Diligence Checklist. Under the global compliance regulations, every company providing financial services is obliged to perform identity business verification of its clients during the onboarding process.

The customer due diligence process can vary depending on the nature of the account and the client. To simplify the procedure, therefore, companies should adopt a risk-based approach. This allows them to verify their customers based on the levels of risk they pose to the company. For example, a person opening a simple low deposit account may need some basic document verification at the time of onboarding. On the other hand, a beneficial owner of an offshore entity or a person having a high-risk business needs to be subjected to an enhanced due diligence process.

Customer Due Diligence Checklist – Steps towards a Better Compliance Structure

The real question then is that what steps should be taken to establish an efficient due diligence checklist. A simple customer due diligence checklist that banks and financial services can go through to make sure their CDD procedures screen through every sort of risk can include;

 

  • Build a Basic Screening Process to Weed Out any Obvious Levels of Risk

 

Building a basic verification procedure can ensure that there is no obvious fraud involved. This process may involve asking for a person’s ID information including full name, date of birth, address, along with some essential identity documents like an ID card, passport or a driver’s licence. It is also advisable to perform an address verification check by asking for the client’s recent utility bills. These Know Your Customer or KYC checks can help the company weed out any kind of identity fraud and determine if the person is trying to impersonate someone.

Additionally, at this point, it is also advisable to check for any beneficial owners (BO). In case there are any, make sure to get their details as well and the relationship between the BO and the customer. Moreover, perform an AML check to make sure that the customer is not exposed politically.

 

  • Vet Your Third Parties to Enhance the Process

 

Performing the entire CDD process on your own is impossible. To verify a customer you have to rely on third-party databases, banks, lawyers and auditors. It is important to choose outsourced service providers after proper research and due diligence.

 

  • Assess the need for Enhanced Due Diligence

 

For high-risk clients, the process of enhanced due diligence is very important. EDD involves collecting more information using customer risk assessments. Due diligence EDD can be an ongoing process and can be implemented for the entire period of time the client stays with your firm. It is performed by setting up some warning signals in your system to become aware of any threats or risks to your system immediately. Some alert signs that can help you through may include; the type of risk associated with the client’s transactions; their occupation; their address; and the type and value of their transactions.

All these red flags can enable you to assess whether your client is getting involved in money laundering or any other financial crimes. They will help you to timely assess any risks to your firm and take the appropriate action accordingly.

 

  • Make Sure you Comply with Data Protection Regulations

 

Performing customer due diligence is only a part of your responsibility. You must also make sure that every shred of data you collect from your clients is protected and secured. Moreover, GDPR also demands that any entity collecting customer data is also liable to protect it as well.

 

  • Keep Your Data Saved Digitally

 

Make sure all customer data you have is saved digitally and can be produced for proof if or when needed. Securing all CDD and EDD data is not only smart but a necessary regulation from any global regulator. Since any government can ask for client data in case of suspicion of money laundering or corruption, every firm is liable to be able to provide documented proof of their clients’ transactions.

A Customer Due Diligence Checklist can allow banks to implement a comprehensive compliance process. Due diligence CDD is a part of your AML compliance checklist. Shufti Pro is a leading data verification service that provides customer identification as well as business verification service. It provides KYC/AML for security compliance for companies looking to verify their clients through identity checks and AML screening.