5 reasons why passwords are no more safe - What’s next?

5 reasons why passwords are no more safe – What’s next?

Online platforms are using passwords to secure the privacy and data of their users – but are they secure?  

Passwords started with the Compatible Time-Sharing System (CTSS), an operating system introduced at MIT in 1961. It was the first computer system to implement a password login. We are in 2020 and the decades of passwords usage made it the major security protocol. Although the increase in data breaches, social engineering attacks, and cyber crimes has tarnished the reputation of passwords. But still, the masses are using it as a medium to ensure customer privacy and data security on their platforms. Even the banks are using passwords to allow online access to their customers. But the research and increasing cyber crimes hint that passwords are losing their value. Newer technologies such as two-factor authentication and AI-based biometric authentication are the trends slowly building up. 

A survey found that one out of five American consumers has experienced an online account compromise. And these frauds are possible due to a lack of efficiency in password security. 

Data breaches are a common way to get hold of someone else’s confidential data. 4.1 billion records were lost in the first half of 2019 (Forbes). And the data stolen in these data breaches are used to gain illegal access to online platforms, protected with inefficient passwords. But why are the passwords inefficient? 

Why passwords are losing value?

Passwords are in use for decades but gradually people are losing faith in the security provided by passwords. When it comes to actual impenetrable security, businesses prefer other security means such as biometrics and two-factor authentication along with passwords. Even cell phones now have biometric unlock feature to secure the device. So passwords are no more the favorite security tool.  

  • The traditional authentication checks 

Passwords are still limited to traditional binary and alphanumeric figures. The typical input for password-protected access is still username and password. Guessing someone’s username is not difficult. And people use the same email address to onboard several online platforms.  The research found that in the U.S the average email address is associated with 130 accounts. This leads to easy access to someone’s email ID. Next comes the password. It is also the same in most of the cases. Google found that 52% of the people use the same password for multiple accounts and 13% use the same password for all accounts. 

  • Changing passwords frequently is not enough 

The supporters of passwords always say that frequently changed passwords are the key to security. But let’s see how this frequent password changing mechanism works. The best practice is to change the password every month and the password created must be complex enough to make it difficult to crack. But does it actually works this way? No, it doesn’t. 

Users find this password changing thing very hectic and most of the time they don’t change their passwords frequently. Research on 1,000 U.S google users found that one-third of the users change their account passwords one to two times a year. 10.9% of respondents said that they never change their passwords. So it shows users, generally don’t bother sticking to the secure password policies. 

If we talk about the strength of passwords, people generally tend to create easy to remember passwords especially when they are directed to change passwords every month, they make easier passwords and save them somewhere (written and digital form) or shares with a colleague. 69% of users still share their password with a colleague. National Cyber Security Centre (NCSC) 

So the user behavior is key behind the inefficiency of password security. 57% of the people who have fallen for a phishing attack still haven’t changed their password in the UK. 

Hence the passwords security mechanism doesn’t have any concrete measures to make the people develop a habit to change their passwords or to develop strong passwords. The web portal could send reminders for password change and security alerts, but could not force them to do it. 

  • Complexity is not paying off

It is often considered that strong passwords are difficult to hack. But still, there is a risk of hacking or forgetting the password. People tend to forget difficult and complex passwords, so they frequently reset the passwords. It affects the user experience on your online platform. 

The hackers are well aware of the science of strong passwords, Brute force attacks are used to decode these passwords. A Brute force attack is conducted by trying all the machine-generated combinations for a password unless a match is found. So even strong passwords might fall for a brute force attack. 

  • Hackers are becoming smarter 

Hackers are becoming smarter and they know well how to use the technology. Social engineering (phishing attacks) is the commonly used technique that helps them get the required information from the people. 50% of internet users receive at least one phishing email a day and 97% of them can’t actually identify a phishing email. So it is very easy for a hacker to get into someone’s system and hack log in credentials of a user. 

Also, the hackers are aware of all the password protection techniques and know well how to surpass them.

  • Readily available password reset options  

Due to phishing attacks, it is not difficult for hackers to enter the system of a person. It is quite easy to enter someone’s mailbox and get access to confidential emails of a person. Every login page allows the user to make several login attempts and an option to reset a password. Some take 24 hours to reset a password, others do it right away. If a hacker has access to someone’s account it can easily use the password reset link to invade an account. Given the practice of using the same passwords on all accounts, it becomes, even more, easier to hack an account. Because most of the online businesses are using passwords to protect an account. 

What does the future hold for user onboarding?

With the decrease in the value of passwords, businesses are looking for new ways to replace passwords. Biometric verification solutions and 2FA delivers high security that passwords lack. 

Biometric authentication

Biometric authentication is one of the fastly rising technologies used in this world. Biometric authentication solutions use face verification to allow access to an online account. It covers all that lacked in password systems. 

It is almost impossible to manipulate a biometric authentication system. It uses a liveness detection mechanism to identify paper backed images used for verification. A real-person must make the verification to get past the security checks. Minor facial movements are traced to check that a real person is behind the camera. Unique facial features and contour points are detected with a 3D depth perception technique to identify paper-backed and photoshopped images. 

The picture of the real user is saved in the database in the form of a mathematical formula and used to compare the facial image submitted for login. Artificial Intelligence is used in these solutions to perform verification on the user. 

Biometric login is quite easier to use for the end-users due to vast usage of selfie cameras in mobile phones. Also, these solutions deliver high accuracy (98.67%). So, due to all these perks, biometric signage is the next big thing and businesses are using it to increase security on their platforms. 

Two-factor authentication

It is often used in combination with passwords. 2FA sends a unique code to the mobile phone of the user, that is required to log in to his account. 

To wrap up, passwords are losing value due to high risk. This lack of efficiency of passwords requires businesses to explore new user security techniques. Strong security measures that allow fast logins enhances user experience. As the ultimate goal is user satisfaction, businesses must think of giving up the old security practices, to gain higher customer value.

4 Fraud Prevention Tips For Your E-commerce Business this Holiday Season

4 Fraud Prevention Tips For Your E-commerce Business this Holiday Season

With the holiday shopping season in full swing, e-commerce fraud risk is a glaring reality that needs to be accounted for before it translates into large business losses. By 2019, there will be an estimated 1.92 billion global digital buyers that need to be served, as well as authenticated. While this opens up countless business opportunities for vendors, it also indicates the need to single out bad actors that commit high-value identity fraud every year. 

Cybercriminals and scammers are catching up growing digital buying trends and breaking their way into legitimate online transactions. The holiday season is the ideal time for hackers and identity thieves to commit identity fraud due to the large volume of sales that are processed in a small amount of time. 

According to data from ACI Worldwide, fraud attempts spiked by 30% over the previous holiday season, in millions of online transactions especially on Christmas Eve. Fraudsters are trying to get past busy sales representatives and burdened software that miss the smallest details required to a naughty holiday buyer. 

Here are 4 tips for your business to defend itself from E-commerce Fraud this holiday season: 

1- Understand holiday e-commerce fraud types

With every passing day, we’re looking at innovative forms of online buying options, such as P2P payment gateways and social media buying solutions. While it’s not fair to say that the digital buying economy is a new concept, it is also true that firms are still struggling to understand the types of risk they are faced with. 

Digital ID theft and fraud is the most common and well known type of online scam that has affected millions of people across the world, and caused consumers to lose up to $1.48 billion in 2018, according to the Insurance Information Institute. During the holiday season, the percentage of fraudulent transaction is expected to increase manifold, especially card-not-present fraud. 

Other types of fraud include: 

  • Account Takeover Fraud – Legitimate accounts are hacked by imposters to make purchases 
  • Phishing Scams – Fraudulent attempts to gain personal user information
  • Credit Card Fraud – Fraud committed using a credit card as illegal source of funds in a transaction 
  • Card-not-present Fraud – Absence of actual card when carrying out a transaction
  • Friendly Fraud – Actual transactions made by cardholders, later disputed by themselves to claim chargebacks

2- Upgrade fraud prevention tools and identity verification services

To find out if your holiday season customers are actually who they claim to be use authentic and reliable verification services. Security barriers in online environments are becoming easy to intercept, as technology lands in the hands of both good and bad actors. 

With the types of frauds listed above, hackers are learning to commit financial crimes without leaving a trace. This is where automated identity verification services with AI based features need to be utilised for strong risk prevention shield. Identifying users at source entails thorough KYC, AML and KYB checks with the following services: 

Specialised features such as liveness detection and consent verification provide users and businesses with a level of trust that is otherwise impossible to achieve with manual verifications for large sales volumes. In this respect, biometric verification is also gaining popularity due it its convenience, especially for mobile users, and can be employed to verify users in a matter of seconds. 

At the same time, it is important to note that automated fraud prevention and identity verification processes need to be used with caution due to the inevitable risk of accepting fraudulent orders, resulting in high chargebacks. Human intelligence is therefore an integral part of the verification process for complete accuracy. 

3- Monitor key e-commerce sales metrics

With fraud prevention software and human review of transactions, it is possible to identify red flags during peak season. Narrowing down geographical location through IP and browser information also helps preventing fraud well in time. Suspicious orders can be identified by looking at buying patterns and understanding how a sudden change in purchase activity can really be from a fraudulent source. 

Marketing and sales metrics such as click-through rates, conversion rates and chargebacks must be reported on an ongoing basis by business executives to stay on top of any irregular patterns in e-commerce sales. Sometimes, indicators as simple as unusual delivery addresses or inaccurate customer credentials can impact sales trends for a busy quarter. However, additional authentication methods must be placed to review such anomalies before taking stern action and blacklisting authentic customers erroneously. 

Read more about how you can prevent frauds by following AML and KYC regulations

4- Customise a fraud mitigation plan for the holidays

In 2018, holiday season retail e-commerce spending totalled almost $120 billion, and Cyber Monday in 2019 alone racked up close to $9.4 billion in online spending, the biggest ever recorded. This means greater handling of customers, sales and transactions by regular as well as temporary staff. A fool-proof plan to handle these both manually and digitally must be developed well in advance to ensure the security of successful deliveries. 

To process more orders than usual, sales reps will have to think about the numerous queries that new and returning customers will have. Moreover, process to approve and decline orders also need to be streamlined in order to check for inconsistent personal details such as delivery address and credit card details. 

Well coordinated marketing and sales team are always able to maximise returns from promotions, deals, coupons and website traffic. Any miscommunication at this stage can lead to large financial losses as well as tangible damage to brand reputation. Examining historical patterns in consumer history are also helpful indicators for discerning fraudulent transactions and saving both time and money. 

All in all, e-commerce vendors must steer clear of impending online fraud schemes by employing strict safeguards, as well as becoming aware of newer types of threats that may hurt them, especially in busy holiday season. 

Child Identity Theft Ways to Protect your Children

7 Ways to Protect Your Children from Identity Theft

Living in the digital world, the word “Identity theft” makes us more than a little nervous. Knowing that someone out there is using your identity for criminal activities sound so scary. It is even more surprising for parents to know that stealing their children’s identities is easier. What makes it more frightening is the nature of the theft that it may take too long to discover the crime.

No one can provide better protection to children other than parents. Parents are ultimately the best protection against child identity thieves. However, the lawmakers are now actively taking part as well in raising awareness about this matter. In fact, there are some movements for the protection of children’s data – for instance, National Child Identity Theft Awareness Day. 

Moreover, the government is introducing Child protection laws – The Digital Economy Act 2017 – to protect the identities of children in the digital world. These laws enforce the digital platforms to incorporate age verification checks to their digital platforms to keep minors away from the dark web and age-restricted mature content.

National Child Identity Theft Awareness Day

Identity theft is becoming a worldwide issue. Every year millions of people fell victim to this crime and lose billions due to frauds that occurred using stolen identities. According to The Harris Poll, around 15 million Americans fell victim to identity theft in 2017. Not just the adults but the children are equally or more on the target list of identity thieves. According to Javelin’s Report, more than a million children were the victims of identity theft in 2017 which resulted in a loss of $2.6 billion.

Taking into account the alarming situation of children identity theft, the world’s leading global information services company, Experian, started the movement “National Child Identity Theft Awareness Day” – held on September 1 every year. The aim of this movement is to educate the parents about protecting their children’s sensitive information. Most parents are unaware of the reasons and vulnerabilities that lead to identity theft. As per a study, the children who are bullied online are nine times more likely to fall victim to identity theft.

Identity thieves primarily target children because of their clean histories and the criminals can use their information for a longer period of time without getting caught. The reason is parents are oblivious of the fact that their child’s identity is under threat. Hence they don’t necessarily check their children’s credit report.

The Cultivating Threat

The nature of the crime “Child Identity theft” to stay undetected for a longer period of time makes it hair-raising. Every year criminals succeed in exploiting millions of children’s identities. The explosion of the internet and smart devices is not helping either, instead, it has fueled up identity theft to an alarming rate.

Tips for Parents to protect their Children Identity

Tips for Parents to protect their Children Identity

Parents are often under the wrong impression that their child’s identity will never be stolen and that’s what they do wrong. Even if you are sure that your children are safe, a few preventive measures won’t hurt, right? There are some common red flags parents don’t pay attention to and hence their children get stuck with privacy problems. 

Here are some simple tips for parents to protect their precious bundles from falling victim to this rising crime.

Look out for Red Flags

The best way to deal with the problem is to know its root causes first. Once you are aware of the factors that can lead to some problems then you can easily combat that. In order to protect your children from identity theft, you must look out for warning signs. Just imagine you come across a pre-approved credit card offer in your child’s name. It may sound some computer glitch to you. But what if it’s not?

This can be a warning sign that someone is using your child’s identity. If you ignore this thinking of it some computer mistakes then it may lead you to a major problem. 

Monitor your child’s Social Media

Living in the world of mobile phones and tablets, children using the internet is not something new. Every child now has a presence on the internet whether it’s about watching cartoons on youtube, playing games or using social media. You have no idea who the fellow gamers and anonymous friends are. They can even be identity thieves or pedophiles.

Allowing your child to explore the technology isn’t bad but leaving them on their own may have a negative impact. If you are letting your children participate online then make sure to monitor their activities. The passwords of the accounts must always be available to parents so that they can check regularly with whom their children are interacting. Children may find it their privacy breach or may just hate the idea of giving their passwords. But it’s essential for their protection.

Protect your Child’s Social Security Number

The social security number is the key to a child’s identity and is the first thing that identity thieves target. They can use it to unlock many hidden doors for their benefit. The stolen SSN can be used for multiple purposes – the creation of synthetic identities being the significant one. These identities can be used to open a bank account, issue a credit card, get a bank loan or a car and health insurance, etc. By the time such frauds are detected, it has already caused enough damage.

To avoid these situations, as parents what you can do is obtain SSN for your children first and then keep it safe. Parents need to be vigilant in sharing the children’s SSNs. there are many organizations that ask for children’s social security numbers even though they don’t need it. In such cases, parents should inquire about which purpose are they going to use it.

Open Joint Bank Account

Parents are often seen opening bank accounts on their children’s names to deposit saving checks and bonds. But these savings accounts can pave the way to identity theft. Since once your child’s account has an account, it means that there will definitely be bank statements, emails and letters from the bank. The fraudsters can access that information by some means and use it to get their hands on your child’s cash. Moreover, criminals may use that account to do business or for illegal transactions like money laundering, terrorist funding, etc. 

If you are opening an account on the child’s name then make sure to link it to your account as well, or open a joint account. It will help you keep an eye on the transactions and monitor the payments. Whenever there is some suspicious activity you can be notified instantly. Sometimes, clever crooks use the child’s account to take loans from banks which they have no intention of returning. In those circumstances, the child’s name will be reported to the agencies which may lead to a severe mess, difficult to clean up. By having a joint account, your permission will also be required in order to process any payment or loan.

Dispose of Data Carefully

The discarded data is worth a million in the dark web since the criminals can use it for multiple illegal reasons. You need to be very cautious while throwing away the garbaged documents. Always dispose of the documents, or anything addressed to your children before throwing them out. The things that are wastage for you can be valuable for crooks. 

Safeguard your smart devices

The advancement in technology has opened new doors for cybercriminals to exploit the user devices and obtain the personal data stored in it. It is your duty as parents to secure your smart devices in every possible way. Never store your sensitive data on laptops or mobiles. Always keep it stored in external hard drives or flash USBs.

Moreover, set strong passwords for your devices and install security apps and antivirus software to keep them secure. 

Find and Freeze Credit Report

We often think that children don’t have any credit histories so why would identity go after them? That’s where we are wrong. The clear status of the child’s credit history intrigues the thieves since using their identity they can apply for credit cards, open utility accounts, take out loans, commit tax frauds and many other forms of digital fraud. Timely check the credit history of your children. If no credit report exists then it’s best otherwise immediately get the report and proclaim it to the respective authorities. It may be a sign of possible identity theft.

facebook launches

Facebook Launches a New Payment System Following Libra

Facebook Pay is a new payment system launched by Facebook for all the apps under the Facebook umbrella including Messenger, WhatsApp, and Instagram. Facebook Pay is designed to facilitate payments across all social networks. According to Deborah Liu, Vicepresident of Marketplace and Commerce, Facebook Pay is introduced to provide “convenient, secure and consistent payment experience” for all people across the Facebook platform. 

Through Facebook Pay, you will be able to send money to your friends, buy stuff online or even donate to charities online. Facebook Pay will begin rolling out on Messenger and Facebook in the US this week. Initially, the payment system will be available for fundraisers, event tickets, in-game purchases, person-to-person payments and even purchases from some businesses that operate on Facebook’s Marketplace. 

Facebook Launches Libra

According to Facebook’s Newsroom, Facebook Pay is an entirely different entity than Facebook’s new Calibra wallet and the Libra network. The payment system can be accessed through the setting sections of Facebook or Messenger apps. The payment system will support most debit and credit cards along with PayPal. 

 

Source: Facebook

Facebook Pay comes just weeks after a substantial number of companies dropped out of Libra. PayPal – the nonprofit company that oversees the creation and rollout of the cryptocurrency. – was one of the first companies to disassociate from the Libra Association. For right now, Libra doesn’t have the backing of most major US payment processors. This still hasn’t stopped Facebook from expanding in the digital payment industry with Facebook Pay. 

Equifax Survey shows Britain Prefers Biometric Verification

Equifax Survey shows Britain Prefers Biometric Verification

Credit reporting agency, Equifax, reports that Brits are much more open to adopting biometric authentication and identification. According to the research, more Brits are using technology and are happy with further increases in usage. Using biometric authentication to unlock your smartphones is one of the most used applications of the technology, but what about age verification in the pub? 

The company surveyed 2000 people. According to the survey, 71% of the participants are content with finger-print or facial recognition to completely replace the old-school PIN and passwords for accessing smartphones. Another 64% would welcome the same technologies to replace passwords for laptops. 60% of the respondents are okay with biometric authentication for age verification while the use of biometrics for voting ballots was backed by 58%. The people surveyed were more careful when it came to the usage of biometrics to unlock their front door (41%), start their car (45%), or withdraw cash (46%). 

Keith McGill – Head of ID & Fraud at Equifax said: 

“As the rise in financial fraud continues, particularly when it comes to identity theft, it’s essential we develop and embrace new and innovative means to protect consumers.”

One of the challenges of widespread usage of biometric authentication will be around privacy and data protection concerns. This being said, it is still imperative to embrace and enhance biometrics and relevant technologies to mitigate frauds and scams. 

FATF Issues Guidance Paper For Incorporating Digital ID

FATF Issues Guidance Paper For Incorporating Digital ID

The Financial Action Task Force (FATF) has issued a guidance paper, last week, that outlines a risk-based approach to governments, financial institutions, and other relevant enterprises. The guidance paper guides these entities to use digital identity verification services to comply with Anti-Money Laundering (AML) and Counter Financing Terrorism (CFT) requirements under its standards. 

According to the paper, 

“The rapid pace of innovation in the digital identity (ID) space has reached an inflection point. Digital ID standards, technology, and processes have evolved to a point where digital ID systems are, or could soon be, available at scale.” 

The paper also points out the emergent role of digital payments. By 2020, digital payments will be growing at an estimated 12.7% annually and 70% of the world GDP forecast will be digitized. By understanding the role digital ID systems play in this swift expansion is important in achieving AML/CFT compliance and enhancing Customer Due Diligence measures. 

Financial institutions have to recognize and identify the risks that come with incorporating large scale digital ID systems. The associated risks can be privacy, fraud, governance, identity theft, and data security. 

FATF Guidance on digital ID

  (Source: @FATFNews)

FATF encourages authorities to “adopt policies, regulations, supervision, and examination procedures that encourage regulated entities to develop an efficient, integrated approach to digital ID streaming applicable digital processes across all relevant efforts.” 

Currently, the FATF is consulting private sector stakeholders and is also welcoming any feedback or proposals from financial institutes, banks, virtual asset service providers, authorities and regulators until November 29, 2019. 

Another element the paper focuses on is the implementation of “Recommendation 10” which specifies Customer Due Diligence measures. Through the use of digital ID systems, verifying the authenticity of clients at on-boarding, ongoing due diligence and Third-Party Reliance (Recommendation 17) is encouraged. 

Find more relevant resources on FATF:

FATF Issues Guidance Paper For Incorporating Digital ID

FATF Guideline Key Features

RegTech – FATF Guidance for Digital Identity Verification

Regulatory authorities have recognized the benefits of technology and its use for seamless regulatory compliance and scrutiny. Digital identity verification referred to as “digital ID systems” in the FATF guidelines, is a futuristic approach towards fraud prevention. FATF recently issued a guideline for digital ID systems, their use cases, the risks involved and the benefits of such solutions. 

FATF took this initiative back in 2017. It showed its positive attitude towards technological solutions for regulatory compliance that are aligned with the regulations of FATF. Since then FATF has been working on developing guidelines for such fintech and RegTech solutions, that will further make this industry fraud-free. As the guideline highlighted that risk prevails in the fintech industry as well and it can be mitigated through regulatory compliance. The FATF guideline on the digital ID systems is still under scrutiny and it requested suggestions for public stakeholders to leave no loophole for financial criminals. 

FATF Guideline Key Features

The following are the key features of FATF guidance on digital ID systems. It is expected that the final draft of guidance will be very much different from the current draft. 

 

  • Stakeholders of the Digital ID guidance

 

FATF developed guidelines to assist in regulatory compliance, supervision, examination, and cybersecurity authorities by government organizations involved in policymaking. Also, the private sector that delivers digital ID systems will have a lot to gain from the guidance. 

Last but not least, the businesses and organizations that use outsourced digital ID systems will also benefit from this guidance, as it will help them to choose the best Digital ID verification solution. 

 

  • Limitations of the guidance

 

The guidance draft issued by FATF doesn’t cover any information regarding some Customer Due Diligence (CDD) practices. The guidance doesn’t cover the CDD through digital ID for legal person verification, Ultimate Beneficiary Owner (UBO) screening, and nature of a business relationship. 

There is no doubt that digital ID verification can serve these above-mentioned purposes as well but for the time being FATF didn’t cover these in this guidance. 

 

  • Main components and participants of the digital Identity systems

 

The guidance mentioned three main components and participants that it seeks to be available in digital identity systems used by the entities. It includes the process of identity screening through digital ID systems, the ongoing screening and the technical aspects of the digital identity systems. 

  • Identity proofing and enrollment is the first component and it involves the collection and verification of customer data. A picture is shown on the 13th page of the guidance draft and it shows the process of collection of data from the official identity document (like ID card) and then screening of the information to verify the identity of a customer. The component one also includes the verification of a person through biometrics like face verification and liveness detection to ensure that the original person is providing the identity evidence.

 

  • Identification and identity lifecycle management is the second component and it includes the information regarding the stakeholders that need to be verified. The system should be designed to verify the identity of new customers and to verify the identity of already existing customers. It also mentioned that the digital identity system can be used every time a customer logs in to his/her account online or for every face to face interaction with the customers. Such verification should be performed on all the transactions and events mentioned in the FATF regulations regarding identity verification.  

 

  • Portability of identity proof is the third component that allows the end-users to develop portable identities that will be issued for future verification. 

 

 

  • References 

 

The guidance referred to NIFT Digital ID Guidelines and EU’s EIDAS Regulations and explained how Digital ID systems help in the effective implementation of CFT and AML regulations. 

 

 

  • Technical standards

 

The Digital ID systems that follow the guidelines of following international standard organizations are good to go as per the guideline:

  • various jurisdictions or supra-national jurisdictions (e.g. eIDAS Regulation by the European Union)
  • International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), Faster Identity Online (FIDO) Alliance, and the OpenID Foundation (OIDF), and
  • International Telecommunications Union (ITU) and GSMA (for industry-specific). 

To wrap up, businesses are required to comply with KYC, AML and CDD recommendations of FATF in every corner of the world. Now FATF is making things easier for them by developing a guideline for digital ID systems. Just follow this guideline for choosing the best identity verification solution for your business.

esa aml compliance

AML Compliance in EU Member States and Risks of Businesses

Making regulations is just the first step, the true game starts when it comes to implementation, the European Supervisory Authorities report gave this clear message. 

European Union regulatory authorities are always in a wake to improve Anti Money Laundering (AML) and Counter Financial Terrorism (CFT) regulations. Currently, the fourth AML directive is in action in the member states of the EU. Europen Union Supervisory Authorities (ESAs) recently gave a joint opinion based on the AML and CFT data collected from the member countries and expressed their concerns regarding the CFT and AML compliance in the reporting entities. 

The member countries are required to give this joint opinion on money laundering and terrorist financing risks in the EU financial sector every two years based on Article 6(5) of (EU) 2015/849 (the 4th AML directive). The ESAs (EBA, EIOPA, ESMA) report showed concerns regarding monitoring transactions and suspicious transaction reporting, cryptocurrencies, Brexit, and the risks associated with operations of businesses that handle a large number of financial transactions. 

Major Concerns of ESAs

The ESAs expressed some major concerns regarding the risks lurking in the financial infrastructure of EU countries. The detailed report contained the data proof of how credit institutions are exposed to more risk as compared to previous years. 

Inconsistent implementation of 4th AML directive

 

The uniform implementation of the 4th AML directive is a challenge as the legislations in a country are influenced by several stakeholders. The report of Joint Supervisory Authorities (JSA) highlighted that political and regulatory entities in the countries influence the implementation of the EU AML and CFT regulations. The countries often don’t understand the regulations properly and there is a lack of uniformity in the regulations across the EU so it leaves a loophole for the companies that plan to do illegal business. For example, if one country is rigid in AML and CFT compliance then the businesses or the criminals move to other countries with relatively lenient regulatory compliance requirements. So, it affects the effectiveness of AML and CFT regulations. 

Brexit

 

The United Kingdom is all set to leave the European Union in some time. The report of the ESAs identified that the firms working in the EU will be affected by this change in the EU landscape. The firms listed in the UK will have to update their operations as per the new UK regulations. Also, the firms outside the UK will have to get themselves registered with the UK as per the new regulations. 

This huge change in the infrastructure will affect the regulatory landscape of the EU. Most probably it will make loopholes for financial criminals. The UK was used by the shell companies in the past, and now this sudden shift in regulations will definitely take some time, so, the criminals are most likely to gain over this delay. 

Nicola Gratteri a public prosecutor in Calabria predicted that Brexit might aid the Italian mafia in pooling in their illegal money to the UK. Shell companies will be the safe haven of criminals to legitimize their cash proceeds from drug dealing, human trafficking, etc. 

Regtech and Fintech

 

Technology is a freeware that is used equally for fraud and fraud prevention. The advent of Fintech and Regtech definitely improved the operations in the financial sector but it also increased the risk. Lack of regulations and minor regulatory compliance in this sector is the source of risk. Fintech and Regtech are widely adopted by people and are very dear to legitimate users due to the ease created due to these solutions. 

Lack of legal and regulatory understanding among the Fintech and Regtech businesses is a point of concern. The businesses that don’t practice are more likely to fall prey to identity thieves and criminals. The in-depth understanding of regulations and regulatory compliance by Regtech solutions is vital to deliver quality risk prevention, so the businesses should be careful while choosing one such solution. 

Cryptocurrencies

 

Cryptocurrencies are major concerns of the JSAs. Although the AMLD5 and AMLD6 are drafted to address this risk. Lack of regulatory awareness and commitment in the cryptocurrency ecosystem are some major concerns expressed in the report. The EU is also planning to increase the scope of “virtual currencies” to “virtual assets” as per the FATF regulations. This is because there is a lack of awareness among the businesses offering the cryptocurrency services. 

Internal control

 

The internal controls of businesses are found to be lacking in their internal controls. Some major issues were found are Customer Due Diligence (CDD), lack or suspicious transaction reporting, lack of transaction monitoring, etc. 

Lack of effective compliance 

 

The businesses in the EU countries are found to be lacking in AML and CFT compliance, the report stated that sanctions screening is not enough. The businesses have to keep an eye on the transactions of their customers as well. Complete reliance on CDD is the loophole in the internal controls of firms. 

Also, businesses are required to practice compliance in a smart manner. In case they completely disown the customers based on the high risk associated with them, it will increase the chances of money laundering in the EU. 

Credit Institutions

 

The report highlighted that some credit institutions are exposed to major risks due to their business operations. Financial transactions as the key part of their operation so the risk of being exploited by money launderer sand terrorist financiers is high. The businesses are required to practice proactive fraud prevention and CDD. 

To wrap up, the businesses in the EU and outside the EU will be affected by the increased pressure on AML and CFT compliance among the member countries. The businesses from non-member countries will also be affected by this. The EU has also recommended the reporting entities to practice the EU regulations outside the region (Non-EEA states). The Brexit is also expected to happen in the near future so it will also affect the operations, regulatory compliance of the global businesses. Proactive fraud prevention, thorough regulatory compliance, and timely decisions will help businesses in achieving high returns in the future.

The Bank Secrecy Act

Know Your Business-Pillar of Strength To AML Regulations

Moving in the world of technology, where every industry is going digital, there has been very less transparency among the businesses. Collaborating with businesses and entities online leaves room for some suspicious activities – means you will have no idea about the identity of the person on the other end. For example, the business you are onboarding may be a shell company or funding the terrorist.

Know your business (KYB) – these three words always seem to pop up everywhere in the industrial sectors, especially in financial institutions. KYB has successfully evolved from Know your customer (KYC) process and has eventually become an important part of today’s regulatory firms. It plays a vital role in low-friction regtech platforms to serve all types of customers without getting involved in illegal activities and entities.

The Bank Secrecy Act (BSA) of 1979:

Back in 1970, when the Vietnam war was on the full swing, a deadly confrontation erupted regarding drug trafficking. As a result, the administration laid a strong foundation against the War of Drug. The Bank Secrecy Act of 1979 (BSA) was introduced as a part of this policy agenda to deter illegal fundings. The BSA requires all U.S. financial institutions to report certain types of customer activities to the regulatory firm – FinCEN, the federal Financial Crimes Enforcement Network. For instance, financial firms need to report about the transactions totaling $10,000 or above.

The intentions of these regulations were to hinder the cartels, drug smugglers and other productive criminal enterprises from moving money through the US. The BSA makes the transactions more visible to the federal law enforcement hence starving the actors from their profits.

From KYC to KYB

The BSA is itself a foundation for the anti-money laundering (AML) regulations also known as Know your customer (KYC) compliance. It was enumerated in the 2001 USA Patriot Act as a result of the 9/11 incident and came into effect in 2003 – adopted by a joint resolution of federal financial agencies. These regulations intend to curb the flow of money to terrorist factions and other money laundering crimes. To meet these regulations, the institutes are required to maintain a record of personally verifiable information of every customer.

It won’t be an understatement to say KYC was built upon the BSA, which enforces the financial firms to ensure the identity of their customers that they are who they claim to be. However, the BSA rules were somehow vague that were covered by KYC regulations with the introduction of the Customer Identification Program (CIP) and Customer Due Diligence (CDD).

While KYC compliance ensures the identity of the customers and keeps an eye on the risk factors associated with them, but unfortunately there is still a major loophole unsolved. That is the financial institutes weren’t required to identify or verify the stakeholders and beneficiaries of the businesses and entities they are serving. This means that legitimate firms could unknowingly shelter bad entities or shell companies while performing illegal and high-value transactions on their behalf. Doing so makes the financial firms equally responsible for the illicit transactions taking place right under their nose. 

This issue came into light through the scandal of Panama papers back in 2016 and as a result, KYB services were introduced for business verification.

Dive Deep into KYB

 

The officially titled “Customer Due Diligence Requirements for Financial Institutions” is what we consider as know your business checks or KYB. It can be taken as an extensive form of knowing your customer since it doesn’t only verify the name of the person to whom the business is registered. It also enforces the institutions to verify the identities of the chief executives and any other person who owns 25 percent or more of the business. 

KYB compliance covers an entire industry of consultants who facilitate various firms to ensure that their business customers are properly investigated and none of them are involved in illegal activities. Every financial institution, merchant acquirer or payment companies who deal with money transfers and transactions, is enforced to perform KYB check of the businesses with whom it does business.

The checks for KYB solutions include the verification of company registration, business license, identification of a business, and other executives of the business. The KYB compliance requirements may vary from address and date of birth to driving license, passports and bank statements. Moreover, these checks are also performed against sanction lists, PEPs, Adverse media, and disqualified directors. 

These authentication checks are carried out by the KYB solution providers depending on the nature of the business, transaction value, suspicious reports, and more importantly the country legislations.

The Role of 5th AML Directive

 

The regulatory regimes around the world are continuously changing with every passing day. Last year, two major regulatory directives were updated, the 2nd Payment Services Directive (PSD2) and the Fifth Anti-Money Laundering Directive (AMLD5). The PSD2 requires financial institutions to make certain data available to other institutions through the use of APIs (Application Programming Interfaces). Whereas, AMLD5 compels the financial businesses to keep tight reins on the personal information online.

The businesses from financial institutes to merchants, everyone is facing regulatory pressure to meet stringent verification requirements. To do so they deliberately need to adjust the processes to conduct due diligence. The 5th AML directive along with PSD2 and GDPR regulates organizations to verify the businesses – the KYB compliance.

AMLD5, in particular, holds liability for the EU states to collect all the legal documentation regarding the company in a central registry. Moreover, it is mandatory that this central registry must be available and accessible to all the obliged entities that are required to perform business verification. 

Enhanced Due Diligence

 

After the Panama Paper Scandal, verifying the business entities and the mainstream business structure is an integral part of AML compliance requirements, compelling enhanced due diligence (EDD). It obliges securing additional information about the business client, for instance, the nature of the business relationship, source of funds, transaction history and the enhanced monitoring of the business relationship.

KYB in Europe

 

In Europe, the 4th AML Directive is already in effect and by January 2020, AMLD5 will also be in action. The AML 4 requires the businesses to identify the obliged entities and take prudent measures to verify their identities. It facilitates the businesses to know about the UBOs in regards to trust, foundations, and legality of the entities to better understand the structure of the business and customers.

According to defined rules, the beneficial proprietor in the EU is any person who owns 25% of the corporate business. However, in the upcoming AMLD5, the proposal is lowered to 10%. 

KYB in the US

 

The Customer Due Diligence (CDD) Final Rule has been in effect since May 2018, in the US. This rule states as: 

“Beginning on the Applicability Date, covered financial institutions must identify and verify the identity of the beneficial proprietors of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted)”

As per the regulations, the financial institutes include banks, dealers and brokers, mutual funds and futures commission merchants. However, different jurisdictions constitute different requirements. In fact, even one region may have different regulations to be applicable to the state members. For example, the US financial institutes, in addition to the Bank Secrecy Act (BSA), they are liable to OFAC (Office of Foreign Assets Control), FACTA (Foreign Account Tax Compliance Act) and SEC disclosure rules.

KYB Process –  From Weeks to Seconds 

 

Performing Business verification is quite difficult, time-consuming and costly. Most of the companies hide their true identities in order to surpass the money trial. Also, the shell company can obscure their true information in filling and different jurisdictions. The percentage of possession is mostly disguised through different paper trials which makes it difficult to identify. In fact, in some countries, there is no proper paper trial – means no documentation is required for setting up a business, hence no source to investigate for shareholders’ information – which is against the FATF, AML and CTF regulations.

Some of the companies are overcoming this problem by implementing KYB solutions just like KYC. However, manual verification is quite slow, error-prone and costly. To incorporate this con, the KYB solution providers are actively adopting automated ways to verify the businesses in real-time.

In this era of high competition and complex compliance requirements, there is a need for electronic ID verification of business. By automating the KYB process, the financial institutes can securely access the UBOs identifying information from the central registry and verify it. Moreover, meeting the KYB compliance can paramount the complex regulatory environment.

Global Economies are joining forces with FATF against money laundering

Global Economies are joining forces with FATF against money laundering

Financial Action Task Force (FATF) has been very keen on eliminating financial crime (money laundering, terrorist financing) at a global level. The regulatory authority recommended some major changes in  AML (Anti Money Laundering) practices and screened the AML practices of some of its members (direct or indirect) and also, added new countries in its member’s list. 

FATF is one of the most influential global financial regulators. It has 39 complete members and several members under its affiliates (APG, CFATF, EAG, etc.) around the globe working on a thorough implementation of AML regulations. FATF is always keen on eliminating money laundering from all the countries and territories. Numerous industries including financial and non-financial sectors are added to the scope of reporting entities of FATF recommendations. 

In a wake to ensure global compliance, FATF is always in search of loopholes in AML and CFT (Counter Financial terrorism)  regulations and compliance practices of the member countries. Regular screening of AML practices of its member countries is a part of its operations. 

In 2019 as well, FATF took some vital steps to expanded the scope of its regulations to a global level and to cover the gaps between global AML regulations

Saudi Arabia Became the First Arab Member of FATF

 

FATF expands the scope of its regulations to a global level by adding new members. Becoming a member of FATF requires the country to fully comply with FATF recommendations making it almost impossible for criminals to exploit it. 

Saudi Arabia is setting standards for the Arab and Middle eastern countries by becoming a member of FATF. the country was practicing the global AML and CFT regulations for the last four years. Also, in March 2019, it was about to be blacklisted by FATF, but missed it closely and now becomes full member of FATF.  

Financial institutions and businesses offering any types of financial services will be liable to comply with global AML regulations. This means the latest AML recommendations of FATF regarding cryptocurrencies and the legal sector will also be imposed on the reporting entities in Saudi Arabia. This initiative of Saudi Arabia will bring more business into the country as it is identified as a safe country by fully complying with the 40 recommendations of FATF. Meanwhile, the businesses in the country will be under the strict scrutiny of the regulatory authorities. 

It is high time that businesses in Saudi Arabia should identify the crucial need to practice complete AML compliance.

Pakistan in the Greylist 

 

FATF keeps an eye on its member countries by screening their efforts to eliminate money laundering and terrorist financing. Pakistan is a member of the Asia Pacific Group on Money Laundering (APG) and was under the scrutiny of FATF since 2018. The reason behind this scrutiny is the terrorist attacks in India. It was claimed by the Indian authorities that the terrorist activity was executed by a terrorist group in Pakistan. Also, the Panama Papers placed a question mark on the AML and CFT practices of Pakistan. The regulatory authorities in Pakistan are required to take proactive measures recommended by FATF to be removed from the grey list. 

In 2019, FATF made an analysis of the AML practices of regulatory institutions in Pakistan.  The decision has to come regarding, whether Pakistan will be added to the blacklist or not. 

It shows that FATF does not ignore any kind of non-compliance by its member states. In order to maintain the good image of their country, the member states are always in a wake to adopt stringent practices to enforce AML compliance in the business sector (financial and non-financial). Because becoming a member of FATF of just the first step, the countries have to go through regular screening of FATF and need to maintain a crime-free financial infrastructure in the country. 

So, the businesses in full member countries and indirect-member countries are in dire need of practicing complete AML compliance. As non-compliance will lead to dangerous consequences like huge fines and loss of credit rating, loss of credibility, etc. 

Changes in FATF Regulations

 

FATF gives recommendations whenever it finds a loophole in global AML and CFT regulations. In 2019, the authority gave some major recommendations to its member countries. 

FATF recommended AML compliance for the cryptocurrency and legal sector in 2019. The legal sector is required to screen the Ultimate Beneficiary Owners (UBOs) of the entities they represent. 

Also, the cryptocurrency businesses are required to practice AML and KYC compliance just like the financial sector. 

The reason behind these new recommendations is the increase in fraud in these sectors. Cryptocurrency is widely exploited by financial criminals at a global level. According to a report, $1.1 billion of cryptocurrency was stolen in 2018. On the other hand, the legal sector is also exploited by money launderers to incorporate their black money into the business proceeds of shell companies. That is why the legal professionals are required to verify the identity of UBOs of business entities they are serving.

FATF also recommends the art dealers and precious metal dealers to practice KYC screening on their customers and to report transactions above the predetermined threshold. 

Why Do Businesses need to Practice AML Compliance?

 

 

The businesses in the financial and non-financial sectors are covered in the scope of AML recommendations of FATF. Operating in countries that are full or indirect members of FATF, the businesses are obliged to practice thorough compliance with global AML regulations. Harmful consequences follow the non-compliance practices of businesses. 

Non-compliance could result in fines, loss of credibility, credit rating and market value, and in some cases complete shutdown of the non-compliant entity. For instance, take the case of the Danske Bank’s Estonia branch which was closed due to a huge money-laundering scandal. Also, the bank faced several lawsuits and huge penalty. 

The recent efforts of FATF show that the entity will leave no rock unturned to eliminate money laundering at a global level. So, it means that businesses have no other option but to take proactive measures against financial crime. Running real-time KYC and AML screening on the customers before onboarding them eliminates the risk at the very beginning. It enhances the credibility and credit rating of a company along with proactive fraud prevention. Such steps will help businesses in gaining a competitive edge. Hence, such proactive measures create a win-win situation for businesses.

Identity Verification Key to Eliminate BEC Fraud

Identity Verification – Key to Eliminate BEC Fraud

Fraud prevention and cybersecurity are the major concerns of the companies in the digital era. Norton predicted that cybercriminals will steal an estimated 33 billion records in 2023. And misuse of such information is a common practice. Fraud comes unannounced so the businesses need to adopt a proactive approach towards such events. Fraud prevention is a continuous process. For example, if you perform KYC and AML screening before onboarding your customers and do not practice it at the time of every transaction you are leaving a loophole for a Business Email Compromise (BEC) fraud. 

BEC fraud, also called CEO fraud is very common because most of the communication is online. The criminals do a lot of research before targeting an entity for BEC fraud. In this fraud, the criminals will send an email or make a call for urgent fund transfer to a company impersonating as one of their customers or merchants

BEC fraud is executed in a very friendly way. The criminals either manipulate the person with a friendly chat or by showing urgency in fulfillment of their fund transfer request. 

For example, 50 years old Evaldas Rimasauskas tricked Google and Facebook to wire more than $100 million to his bank accounts. 

The man researched a merchant of Facebook and Google namely, “Quanta Computer” and registered a firm with a similar name. Then he sent fake invoices and contracts to make the fraud appear more natural.  

He tricked the employees of both companies into wiring money to his bank accounts in Latvia and Cyprus. Then he transferred the funds to his bank accounts in Hong Kong, Hungary, Cyprus, Slovakia, Latvia, and Lithuania to hide the money trail. 

How is a BEC Fraud Executed?

 

A BEC fraud starts with a lot of research about entities (businesses that could be the soft targets for the fraud. The criminals collect information related to the merchants or customers of the company that has their payments pending. Once they have the information the criminals will make an email ID quite similar to that of your client’s email ID and contacts one of your employees. At times the criminals use the legitimate email ID of your customers because one of your customers might have been careless about securing their email credentials. 

This fraud could also be executed the other way round. The criminals might use your email credentials to contact your merchants and clients for fund transfer of pending payments. Your clients will make the payments and you will have to bear a financial loss if your legit email credentials are used for the execution of the fraud. 

The contact is mostly conducted through a casual email like asking about your last vacation or your health. Once they break the ice, they will send a friendly email regarding the change of their account details or for an urgent fund transfer.  

Not suspecting anything suspicious the employees often fulfill the request, quickly due to the urgency created by the criminal. 

Often the criminals send fake invoices as well with the official header or logo of one of your clients. Or they make calls impersonating as the CEO of your client company to make things look more natural. 

Also, in most of the email compromise frauds, the criminals ask for a wire transfer and leverage over the confidence that companies have in security protocols practiced in wire transfer fraud. 

Industries That Are Common Victims of BEC Fraud

Banks

 

Banks are the most common targets of BEC fraud as they are the financial intermediaries and serve a diverse clientele. Banks around the globe are struggling to retain their customers after the advent of fintech and are always in contact with their clients. Receiving wire transfer requests from customers is common for banks. When they receive any such email for urgent transfer from a credible client the employee often tries to fulfill the request at the earliest to retain happy customers. 

Real estate

 

Real estate is also a common victim. The criminals collect information regarding some ongoing real estate deals and contact the buyer as the legal representative of the seller and request a fast payment or clearance of dues. 

As the deal is in the closing phase the buyer does not suspect anything suspicious and makes the transaction. 

B2B Businesses

 

In this case, the criminals target the companies in a B2B relationship. The email ID of the CEO or legal representative of one of the companies is exploited in such cases. The criminals collect complete information regarding the previous email communication among the two companies and use it to send an email with a natural casual tone. 

How to Prevent BEC Fraud?

 

BEC fraud has caused huge losses to many businesses of all sizes and types, even the non-profit organizations have been the victims of this fraud. FBI’s Internet Crime Report (ICR) found that BEC fraud losses rose by 90.3% in 2018 and fraud complaints rose by 14.3%. 

Businesses of all types and sizes need to pay heed towards the prevention of BEC fraud. It not only cause financial loss but also affects the credibility of a company. Below are a few suggestions for preventing BEC fraud.

Identity verification of every request of wire transfer

 

Most of the businesses use online communication, but do not understand the significant risk lurking in the cyberspaces. Businesses need to develop and practice in-house fraud prevention measures to counter any BEC fraud attempt. 

Businesses should use verification methods to screen every such request. Ask the email sender to go through a real-time identity verification process every time a customer makes such a request. The verification could be performed through face recognition or 2-factor authentication. 

Online identity verification is a feasible solution as it shows quick results and does not cause any inconvenience for the end-user. Also, the visible security measures will show your commitment to the security of your merchants or customers. 

Train your employees

 

Employees of companies are the common victims of BEC frauds. The criminals choose a soft target that is easy to manipulate for wire transfer fraud or a phishing scam. 

So, the employees must be trained on a regular basis, regarding the latest trends in cybersecurity and the types of cybercrimes. This will help them to identify suspicious emails and fake fund transfer requests. 

The training could be based on the following pointers:

 

  1. Do not open any emails that are way too attractive, it might be a phishing email. 
  2. Beware of urgent payment requests from your merchants. 
  3. Tackling the account credential change request from your customers/merchants
  4. Very casual and friendly email from your merchants 
  5. Train them about the technical aspects of fraud prevention software used in your company

Report the concerned authorities 

 

As soon as you find a BEC fraud, report it to the concerned authorities. It will protect the company from such attacks in the future. Also, it is the corporate and legal responsibility of the businesses to report such fraud attempts for the benefit of the masses. 

Email security

 

Using email security filters help in analyzing and detecting any threats in the email messages. Also using the filters for detecting the newly registered domain names similar to your domain name helps in finding the potential risk before it could cause any harm. 

Such filters help in identifying and stopping spoofing emails from reaching the mailbox of the employees. 

To wrap up, BEC fraud is a planned crime and businesses need to be proactive to eliminate such frauds. Caution in sharing contact information and basic identity verification of the person making such fund transfer requests is necessary to eliminate the chances of becoming a victim of BEC fraud. In-depth verification of clients and merchants before making transactions helps in eliminating the risk at the very first stage. These minimal and easy steps might prevent a huge loss for your company.

Reasons Why Brokerage Firms Need ID Verification

4 Reasons Why Brokerage Firms Need ID Verification?

According to Steve Grobman, Chief Technology Officer for McAfee, “The digital world has transformed almost every aspect of our lives but bought risks and crimes too. Crime is more efficient, less risky, more profitable and has never been easier to execute. Financial institutions of all stripes- banks, credit unions, brokerages, and payment companies need to take a layered approach to cybersecurity and fraud prevention.”

Moreover, the New Global Cybersecurity Report Reveals Cybercrime Takes Almost $600 Billion Toll on Global Economy. Financial institutions are required to abide by AML and KYC regulations. They are required to perform KYC and AML compliance. Financial institutions need to practice in-depth KYC and AML compliance to prevent themselves from falling prey to cyber scams like a data breach, money laundering, ransomware, etc.

An Insight to Brokerage Firms

Want to trade stocks? You’re going to need an online broker. Brokerage firms are financial institutions that help you buy and sell securities. They act as the middle man between the buyer and the seller. Depending on the brokerage firm type you choose, you can either make your investments via telephone, internet, or smartphone. Brokerage firms generally charge per buy or sell order. Online brokerage houses may not have any physical office at all. They operate via the internet only so they are more prone to falling for cyberattacks. Isn’t it? 

Online Identity verification can serve the best in this regard.

ID Verification- Requirement for Brokerage Firms

 

To comply with the US. government law, Brokers collects personal information from their customers. It may include tax identification and financial information. Rules imposed by a Self-Regulatory Organization (SROs) brokers request information from new customers as well as customers having a long-standing relationship with the firm. Also to fulfill the KYC and AML requirement they need to know who they are dealing with plus if they are exchanging the money between the right two parties. 

Following are a few reasons why ID verification is crucial for brokerage firms:

 

  • To Fulfill Suitability Law

 

According to FINRA suitability and SRO rule when a broker recommends that a customer buy or sell particular security he must have a reasonable basis for believing that its suitable for the customer. 

 

  • To Fulfill Record-keeping Requirement

 

SEC rule requires the brokerage firms to create a record for each account with an individual customer. It should cover name, address, DOB, government-issued ID information. To be sure about all the record brokerage firms need to verify all this information first. ID verification plays its part here. Brokerage firms need an online address verification tool to confirm that the person is not lying about his residence. Online ID verification is important for brokerage firms not only to combat fraudsters but also to fulfils the record-keeping requirement by SEC (Securities and Exchange Commission). Brokers must make a good faith effort to obtain and verify the information of their clients. 

 

  • To Combat Terrorist Financing:

 

Money laundering is committed to hiding the money trail or black money. Financial institutes are often deployed by criminals to launder black money in other countries for various purposes including terrorist financing. The brokerage firms can be a victim of this too. So to adhere to Counter Financing of Terrorism (CFT) brokerage firms need to know who they are dealing with and where the exchange is taking place. 

 

  • To Counter Fake Identities and Frauds:

 

According to a study, 3 million identities were stolen in 2018 and 1.4 million of those stolen identities were fraud-related. Criminals use fake identities to open accounts at financial institutions to conduct their illegal activities. The most common victims of identity thieves are the financial institutions because they serve well the money motive of criminals. Online KYC and AML solutions help the financial institutions in preventing the risk that comes from a diverse clientele. Identity thieves and money launderers can be identified at the very first stage and help the businesses in serving only legitimate businesses. 

Wrapping it up, the brokerage firms (online or physical) are common victims of criminals. The product of brokerage firms is exploited for hiding the black money or to transfer funds to the terrorists anonymously. Hence, the reason why brokerage firms are advised to run in-depth KYC and AML screening on their investors. It helps them onboard a secure clientele and getting a good credit rating due to regulatory compliance.