Visa Mastercard Face FTC Inquiry Over Debit Card Transactions

Visa, Mastercard Face FTC Inquiry Over Debit Card Transactions

Visa Inc. and Mastercard Inc. are once again facing inquiries by the Federal Trade Commission over policies that prevent merchants from routing debit card transactions over substitute networks. 

As part of a preliminary inquiry, the FTC has been reaching out to large merchants and their trade groups over this issue. The issue at hand is whether Visa, Mastercard, and other large debit card issuers are restricting retailers from routing some mobile payments and tap-to-pay transactions over alternate networks like Pulse, NYCE and Star. 

A spokesman for Mastercard, Seth Eisen, said that the organization will cooperate with FTC’s request. On the other hand, representatives for Visa and FTC declined to comment. 

FTC investigators are focusing on transactions made with mobile wallets as those can automatically route to the global application identifiers which employ the networks of Visa and Mastercard. Another aspect of the investigation is to make sure that the country’s largest debit card issuers are restricting transactions that don’t demand a personal identification number from being directed over other networks. 

The FTC has also investigated issues with debit routing in the past. In 2016, Visa modified its rules after an FTC inquiry, explaining that the retailers would not be required to demand the cardholders to choose a network for their transactions. 

 

FATF Issues Guidance Paper For Incorporating Digital ID

FATF Issues Guidance Paper For Incorporating Digital ID

The Financial Action Task Force (FATF) has issued a guidance paper, last week, that outlines a risk-based approach to governments, financial institutions, and other relevant enterprises. The guidance paper guides these entities to use digital identity verification services to comply with Anti-Money Laundering (AML) and Counter Financing Terrorism (CFT) requirements under its standards. 

According to the paper, 

“The rapid pace of innovation in the digital identity (ID) space has reached an inflection point. Digital ID standards, technology, and processes have evolved to a point where digital ID systems are, or could soon be, available at scale.” 

The paper also points out the emergent role of digital payments. By 2020, digital payments will be growing at an estimated 12.7% annually and 70% of the world GDP forecast will be digitized. By understanding the role digital ID systems play in this swift expansion is important in achieving AML/CFT compliance and enhancing Customer Due Diligence measures. 

Financial institutions have to recognize and identify the risks that come with incorporating large scale digital ID systems. The associated risks can be privacy, fraud, governance, identity theft, and data security. 

FATF Guidance on digital ID

  (Source: @FATFNews)

FATF encourages authorities to “adopt policies, regulations, supervision, and examination procedures that encourage regulated entities to develop an efficient, integrated approach to digital ID streaming applicable digital processes across all relevant efforts.” 

Currently, the FATF is consulting private sector stakeholders and is also welcoming any feedback or proposals from financial institutes, banks, virtual asset service providers, authorities and regulators until November 29, 2019. 

Another element the paper focuses on is the implementation of “Recommendation 10” which specifies Customer Due Diligence measures. Through the use of digital ID systems, verifying the authenticity of clients at on-boarding, ongoing due diligence and Third-Party Reliance (Recommendation 17) is encouraged. 

Find more relevant resources on FATF:

FATF Issues Guidance Paper For Incorporating Digital ID

FATF Guideline Key Features

RegTech – FATF Guidance for Digital Identity Verification

Regulatory authorities have recognized the benefits of technology and its use for seamless regulatory compliance and scrutiny. Digital identity verification referred to as “digital ID systems” in the FATF guidelines, is a futuristic approach towards fraud prevention. FATF recently issued a guideline for digital ID systems, their use cases, the risks involved and the benefits of such solutions. 

FATF took this initiative back in 2017. It showed its positive attitude towards technological solutions for regulatory compliance that are aligned with the regulations of FATF. Since then FATF has been working on developing guidelines for such fintech and RegTech solutions, that will further make this industry fraud-free. As the guideline highlighted that risk prevails in the fintech industry as well and it can be mitigated through regulatory compliance. The FATF guideline on the digital ID systems is still under scrutiny and it requested suggestions for public stakeholders to leave no loophole for financial criminals. 

FATF Guideline Key Features

The following are the key features of FATF guidance on digital ID systems. It is expected that the final draft of guidance will be very much different from the current draft. 

Stakeholders of the Digital ID guidance

FATF developed guidelines to assist in regulatory compliance, supervision, examination, and cybersecurity authorities by government organizations involved in policymaking. Also, the private sector that delivers digital ID systems will have a lot to gain from the guidance. 

Last but not least, the businesses and organizations that use outsourced digital ID systems will also benefit from this guidance, as it will help them to choose the best Digital ID verification solution. 

Limitations of the guidance

The guidance draft issued by FATF doesn’t cover any information regarding some Customer Due Diligence (CDD) practices. The guidance doesn’t cover the CDD through digital ID for legal person verification, Ultimate Beneficiary Owner (UBO) screening, and nature of a business relationship. 

There is no doubt that digital ID verification can serve these above-mentioned purposes as well but for the time being FATF didn’t cover these in this guidance. 

Main components and participants of the digital Identity systems

The guidance mentioned three main components and participants that it seeks to be available in digital identity systems used by the entities. It includes the process of identity screening through digital ID systems, the ongoing screening and the technical aspects of the digital identity systems. 

Identity proofing and enrollment is the first component and it involves the collection and verification of customer data. A picture is shown on the 13th page of the guidance draft and it shows the process of collection of data from the official identity document (like ID card) and then screening of the information to verify the identity of a customer. The component one also includes the verification of a person through biometrics like face verification and liveness detection to ensure that the original person is providing the identity evidence.

Identification and identity lifecycle management is the second component and it includes the information regarding the stakeholders that need to be verified. The system should be designed to verify the identity of new customers and to verify the identity of already existing customers. It also mentioned that the digital identity system can be used every time a customer logs in to his/her account online or for every face to face interaction with the customers. Such verification should be performed on all the transactions and events mentioned in the FATF regulations regarding identity verification.

Portability of identity proof is the third component that allows the end-users to develop portable identities that will be issued for future verification. 

References 

The guidance referred to NIFT Digital ID Guidelines and EU’s EIDAS Regulations and explained how Digital ID systems help in the effective implementation of CFT and AML regulations. 

Technical standards

The Digital ID systems that follow the guidelines of following international standard organizations are good to go as per the guideline:

  • various jurisdictions or supra-national jurisdictions (e.g. eIDAS Regulation by the European Union)
  • International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), Faster Identity Online (FIDO) Alliance, and the OpenID Foundation (OIDF), and
  • International Telecommunications Union (ITU) and GSMA (for industry-specific). 

To wrap up, businesses are required to comply with KYC, AML and CDD recommendations of FATF in every corner of the world. Now FATF is making things easier for them by developing a guideline for digital ID systems. Just follow this guideline for choosing the best identity verification solution for your business.

esa aml compliance

AML Compliance in EU Member States and Risks of Businesses

Making regulations is just the first step, the true game starts when it comes to implementation, the European Supervisory Authorities report gave this clear message. 

European Union regulatory authorities are always in a wake to improve Anti Money Laundering (AML) and Counter Financial Terrorism (CFT) regulations. Currently, the fourth AML directive is in action in the member states of the EU. Europen Union Supervisory Authorities (ESAs) recently gave a joint opinion based on the AML and CFT data collected from the member countries and expressed their concerns regarding the CFT and AML compliance in the reporting entities. 

The member countries are required to give this joint opinion on money laundering and terrorist financing risks in the EU financial sector every two years based on Article 6(5) of (EU) 2015/849 (the 4th AML directive). The ESAs (EBA, EIOPA, ESMA) report showed concerns regarding monitoring transactions and suspicious transaction reporting, cryptocurrencies, Brexit, and the risks associated with operations of businesses that handle a large number of financial transactions. 

Major Concerns of ESAs

The ESAs expressed some major concerns regarding the risks lurking in the financial infrastructure of EU countries. The detailed report contained the data proof of how credit institutions are exposed to more risk as compared to previous years. 

Inconsistent implementation of 4th AML directive

 

The uniform implementation of the 4th AML directive is a challenge as the legislations in a country are influenced by several stakeholders. The report of Joint Supervisory Authorities (JSA) highlighted that political and regulatory entities in the countries influence the implementation of the EU AML and CFT regulations. The countries often don’t understand the regulations properly and there is a lack of uniformity in the regulations across the EU so it leaves a loophole for the companies that plan to do illegal business. For example, if one country is rigid in AML and CFT compliance then the businesses or the criminals move to other countries with relatively lenient regulatory compliance requirements. So, it affects the effectiveness of AML and CFT regulations. 

Brexit

 

The United Kingdom is all set to leave the European Union in some time. The report of the ESAs identified that the firms working in the EU will be affected by this change in the EU landscape. The firms listed in the UK will have to update their operations as per the new UK regulations. Also, the firms outside the UK will have to get themselves registered with the UK as per the new regulations. 

This huge change in the infrastructure will affect the regulatory landscape of the EU. Most probably it will make loopholes for financial criminals. The UK was used by the shell companies in the past, and now this sudden shift in regulations will definitely take some time, so, the criminals are most likely to gain over this delay. 

Nicola Gratteri a public prosecutor in Calabria predicted that Brexit might aid the Italian mafia in pooling in their illegal money to the UK. Shell companies will be the safe haven of criminals to legitimize their cash proceeds from drug dealing, human trafficking, etc. 

Regtech and Fintech

 

Technology is a freeware that is used equally for fraud and fraud prevention. The advent of Fintech and Regtech definitely improved the operations in the financial sector but it also increased the risk. Lack of regulations and minor regulatory compliance in this sector is the source of risk. Fintech and Regtech are widely adopted by people and are very dear to legitimate users due to the ease created due to these solutions. 

Lack of legal and regulatory understanding among the Fintech and Regtech businesses is a point of concern. The businesses that don’t practice are more likely to fall prey to identity thieves and criminals. The in-depth understanding of regulations and regulatory compliance by Regtech solutions is vital to deliver quality risk prevention, so the businesses should be careful while choosing one such solution. 

Cryptocurrencies

 

Cryptocurrencies are major concerns of the JSAs. Although the AMLD5 and AMLD6 are drafted to address this risk. Lack of regulatory awareness and commitment in the cryptocurrency ecosystem are some major concerns expressed in the report. The EU is also planning to increase the scope of “virtual currencies” to “virtual assets” as per the FATF regulations. This is because there is a lack of awareness among the businesses offering the cryptocurrency services. 

Internal control

 

The internal controls of businesses are found to be lacking in their internal controls. Some major issues were found are Customer Due Diligence (CDD), lack or suspicious transaction reporting, lack of transaction monitoring, etc. 

Lack of effective compliance 

 

The businesses in the EU countries are found to be lacking in AML and CFT compliance, the report stated that sanctions screening is not enough. The businesses have to keep an eye on the transactions of their customers as well. Complete reliance on CDD is the loophole in the internal controls of firms. 

Also, businesses are required to practice compliance in a smart manner. In case they completely disown the customers based on the high risk associated with them, it will increase the chances of money laundering in the EU. 

Credit Institutions

 

The report highlighted that some credit institutions are exposed to major risks due to their business operations. Financial transactions as the key part of their operation so the risk of being exploited by money launderer sand terrorist financiers is high. The businesses are required to practice proactive fraud prevention and CDD. 

To wrap up, the businesses in the EU and outside the EU will be affected by the increased pressure on AML and CFT compliance among the member countries. The businesses from non-member countries will also be affected by this. The EU has also recommended the reporting entities to practice the EU regulations outside the region (Non-EEA states). The Brexit is also expected to happen in the near future so it will also affect the operations, regulatory compliance of the global businesses. Proactive fraud prevention, thorough regulatory compliance, and timely decisions will help businesses in achieving high returns in the future.

FATF Plenary Outcomes

FATF October 2019 Plenary – Here is What You Need to Know

Financial Action Task Force (FATF) President Xiangmin Liu, chaired the first meeting from 16-18 October 2019 under the FATF Chinese Presidency. In this three day meeting, 800 delegates represented 205 jurisdictions. The international organizations which include the UN, IMF, World Bank, etc. discussed the current issues that are giving rise to financial crimes and presented solutions that possibly contribute to global security.  

FATF is an inter-governmental body that aims to set standards for effective implementation of the regulatory, legal and operational measures to combat money laundering and terrorist financing. FATF goals for the elimination of any criminal activity that disrupts the flow of the financial system. In the recent meeting, FATF highlights important issues discussed below: 

 

  • Associated Risks with Virtual Assets 

 

Money laundering and terrorist financing risks with virtual currency, “stablecoins” or similar assets are pondering. FATF focuses on countries and their norms to facilitate the virtual currency industry. According to FATF, it is necessary for the countries to take in place requirements while recognizing the risks associated with virtual assets. This sector should be properly supervised to eliminate the incidences that aid criminal activities. The countries which have already implemented measures should report back regarding the actions they took for evaluation purposes.

It is the duty of FATF to monitor the standards industry is following in its development processes and make sure that they are complying with the requirements defined by FATF. Emerging virtual assets such as “stablecoins” are supposed to introduce to a shift in the virtual currency ecosystem which could be a source to facilitate criminal activities most likely money laundering and terrorist financing. “Stablecoins” service providers are supposed to adhere to FATF standards strictly just like traditional financial service providers do. FATF is continuously monitoring the characteristics and is looking for further specifications these virtual assets hold and to be reported with updates these currencies come up with. 

 

  • Understanding Digital Identity Use

 

A swift shift towards the digital world, digital payments, and digital identity are worth notable. Every year, a large number of transactions through digital means take place and are growing by 12%. The digital identity roaming over the internet should be identified and verified. This is a vital step to perform as its negligence gives rise to criminal activities. Fake identities over the internet participate in money laundering and terrorist financing. This can be eliminated through customer identification to make sure that each person has its own real identity. 

FATF is going to release a draft for public consultation elaborating on the use of digital identity. The draft would give clear statements regarding the use, reliability, and standards of digital identification systems. FATF aims to eliminate the sources that are facilitating criminal activities.  

 

  • Follow-up Assessments

 

Mutual Evaluation of the Russian Federation and Turkey 

 

FATF plenary conducted a mutual evaluation of the Russian Federation and Turkey. It evaluated the effectiveness of AML/CFT compliance in both countries. Also, their compliance level with FATF requirements. 

In Russia, the FATF-EAG-MONEYVAL assessment was conducted whch showed that Russia has an in-depth understanding of the criminal activities and risks associated with them. It follows robust policies to combat risks of financial crimes like terrorist financing. However, it needs to work on the supervision standards of money laundering especilaly the money that is laundered abroad. 

In Turkey, plenary concluded that measures Turkey is taking in place to cater to money laundering and terrorist financing activities are stringent. However, it is in dire need of persuing financial crimes in line with the risk profile of the country. Also, there should be strict actions immediately to freeze the criminal liability at the spot which includes any detection of terrorist financing or money laundering or even weapon proliferation of the purpose of mass destruction. 

Plenary discussed AML/CFT regulations compliance of each country. After evaluation of both countries’ compliance with FATF requirements, mutual evaluation reports will officially publish in December 2019. 

Norway and Spain Follow-up Assessments

 

Since the mutual evaluations conducted in 2014, plenary discussed changes Norway and Spain entertained at their ends regarding money laundering and terrorist financing activities. 

Norway is on the go to strengthen its strategies for financial intelligence to understand the bad money flow through money laundering and terrorist financing, it has developed effective strategies to combat the risks of dirty money flow. Its improvements towards the ability to freeze suspicious criminal liabilities are also effective.

 Similarly, Spain is also active in ensuring the sources that facilitate criminal activities and measures they are taking to combat them. It has established an effective framework and mechanism to freeze the weapons proliferation supposed for mass destruction.

Denmark, Ireland and Singapore Mutual Evaluation

 

FATF plenary re-rated these countries on the basis of mutual evaluation. It came out that among these, Ireland moved to regular follow-up procedures from enhanced processes. FATF will be publishing the mutual evaluation report soon declaring fluctuations in technical compliances. Also, the rating with respect to measures taken to eliminate terrorist financing, money laundering and ability of weapon freezing having mass destruction intentions.

Brazil’s Mutual Evaluation Report

 

In the report of 2016, FATF conveyed concerns about Brazil’s continued failure with technical compliances to deter the risks of money laundering and terrorist financing. FATF declared that this would be the primary concern in the October FATF plenary. Now, evaluation resulted in positive results depicting the effective adoption of regulatory compliance by Brazil. Its substantial progress has proved to address most of the compliance requirements for the betterment of the financial system.

However, serious concerns remain regarding the international compliance standards of Brazil. This emerged as a result of limitation laid by a provisional injunction that was issued by a Brazilian Supreme Court judge. This limitation was on the use of financial intelligence for criminal investigations. FATF is active to get timely updates regarding this matter.

 

  • Jurisdictions Identification

 

Identifying Jurisdictions w.r.t AML/CFT Deficiencies

 

FATF concerned the identification of Juridictions with respect to strategies that they are taking in place for the elimination of terrorist financing and money laundering. FATF maintains public documents of June 2019 containing lists of jurisdictions that might pose potential risks to the international financial system. These contain amendments regarding the call for action and an action plan with FATF.

Ethiopia, Srilanka, and Tunisia with no Jurisdiction monitoring 

 

FATF is satisfied with the progress of Ethiopia, Srilanka, and Tunisia in addressing AML/CFT deficiencies. Now, these jurisdictions are out of the list of FATF monitoring. 

The FATF praised Ethiopia, Sri Lanka and Tunisia for the significant progress made in addressing the strategic AML/CFT deficiencies identified earlier by the FATF and included in their respective action plans.

These jurisdictions will not be subject to the FATF’s monitoring any long under its on-going global AML/CFT compliance process and will work with the FATF-Style Regional Body of which they are a member and continue to encourage their AML/CFT regimes.

New Jurisdiction Monitoring over Iceland, Mongolia, and Zimbabwe

 

FATF identified serious deficiencies in AML/CFT compliance programs of Iceland, Mongolia, and Zimbabwe. Each jurisdiction now has developed an action plan to comply with FATF requirements and FATF is looking forward to their plan. 

Pakistan and AML/CFT System

 

Since Pakistan committed to making high-level progress in June 2018 in regard to the requirements of FATF and APG, Pakistan has improved the AML/CFT regime’s compliance. However still, the progress is not up to the mark. Pakistan still lacks a proper understanding of terrorist financing risks. It is able to complete five out of 27 action plans. FATF urges Pakistan to complete the thorough action plan by February 2020. In case of any discrepancy, FATF will take action. This action could be a serious call to all jurisdictions to give special attention to the relationship with Pakistan’s financial institutions.

Iran and AML/CFT System

 

In June 2018, Iran committed with FATF regarding effective practices with respect to AML/CFT strategies to overcome the current deficiency and to act upon the implementation of the Action Plan. Iran significantly lacks proper identification of terrorist financing risks. FATF calls upon its members in June 2019 to conduct the supervisory examination in Iran’s subsidiaries and branches of financial institutions. Now if before the deadline i.e February 2020, Iran does not act upon the conventions of terrorist financing and Palermo, FATF will call for members and subject Iran with effective countermeasures. 

Iran will be in FATF public statements till it fully comes up with with the Action Plan. Until Iran takes a serious approach towards the implementation of countermeasures to eliminate terrorist financing, FATF will be highly concerned with the risks that can arise from Iran regions and pose this threat to the international financial system.

 

  • Promoting more Effective Supervision

 

In the plenary of FATF, one the major discussion involve identification of improvements that can better help in the supervision of AML/CFT regimes. FATF discussed the program and aims to outreach to improved strategies to national supervisors. The objective behind this effort is to let entities regulate their processes and focus more on the outcomes while taking in place a risk-based approach. 

 

  • New Practices for Legal Professionals

 

FATF focuses on the transparency of beneficial owners of the legal sector. It is important to prevent terrorist financing and money laundering through companies. However, jurisdictions find it challenging to implement the requirements in this field. Although mutual evaluations using a prolonged approach opens the ways for effective solutions. The collection of information through several sources contributes to effective approach towards the prevention of misuse of the legal sector. Facilitation of criminal activity through legal persons can be avoided. A large number of sources help in better addressing of problems and identifying their respective solutions. Using input from global databases can help in catering to criminal activities in a better way. 

KYC checks KYC solutions KYC and AML

Winter is Coming: With a Storm of KYC and AML Regulations

The ever-evolving regulations are creating challenges and complexities for the financial institutes, both in national and international markets. Financial sector deals approximately with 200 regulatory changes per day and these numbers are rising. Most of the time, businesses fail to concede these regulatory requirements and face heavy fines. Since 2008, global banks have been fined more than $321 billion collectively for not following Know Your Customer (KYC) and Anti Money Laundering (AML) regulations

Even with a compliance cost of almost $100 billion globally in a single year, crimes like money laundering, terrorist financing, and cyber frauds are increasing. Financial Institutes (FI) do not only find it challenging to comply with KYC and AML regulations but increased fraudulent activities make these things even worse. Financial institutes often fail to identify fraudsters and face fines and even get banned.

Fraudsters and money launderers are exploring new ways of carrying illegal activities. An undercover agent who infiltrated Pablo Escobar’s drug cartel responds, “You can launder money in so many different ways, it is as unique as snowflakes.” To counter these challenges, regulatory authorities are making updates in regulations almost every day.

Changing Regulations with the Changing World

 

In the aftermath of the 2008 financial crisis, regulatory authorities put forth several noticeable amounts of regulations, but now almost after a decade, some regulators and lawmakers think it is time to analyze what is working and what is not and make necessary amendments accordingly.

Banks and financial institutes are the protectors of the financial systems and the responsibility to prevent financial crimes lies with them. In the last decade, these institutions have worked tirelessly to establish reliable KYC and AML procedures and systems. However, changes created by technology and globalization demands modifications in regulations. 

For instance, high demand for virtual currency has made regulators reassess in place regulations and make amendments to regularise cryptocurrency. As most of the cryptocurrencies are not backed up by any central governments the potential of its use in illegal activities, especially terror financing and money laundering, already threatens the authorities and businesses. 

The authorities are making amendments and the newest laws to regulate all these advances in financial systems. Here are some recent changes by notable global regulatory authorities: 

FATF

Financial Action Task Force (FATF) is an intergovernmental organization, which strives to eliminate money laundering and terrorist financing globally. The organization has been very keen on recommending necessary changes required to comprehensively deal with financial crimes.

Noticing the recent trends of money laundering (ML) and terrorist financing (TF), FATF recommends member states to perform legal screening of Ultimate Beneficial Owners (UBOs) of every business. Owing to the exploitation of virtual currency by criminals, FATF also recommends regulating cryptocurrencies. According to a report, $4.26 billion worth of cryptocurrencies were stolen by cybercriminals, only in 2019. FATF expects members to implement these regulative reforms in their respective states for combating ML and TF. 

European Commission’s AMLD5 and AMLD6

As a part of an action plan against money laundering and terrorism, the European Commission has introduced new regulations in the 5th and 6th AML directives. Every European country is required to implement these regulations as a part of its national action plan on AML and CFT.

AMLD5

 

The most prominent law in AMLD5 is the regulation of cryptocurrency exchanges and service providers. Before this directive, e-wallet providers and crypto exchanges were not covered under the financial regulations. AMLD5 made it compulsory for crypto businesses to perform KYC for identity verification. Furthermore, member states are required to maintain a central register for Ultimate Beneficial Ownership (UBOs) of the crypto businesses.

AMLD5 also lowers the threshold for the prepaid cards to decrease the risks of money laundering through these cards. According to the U.S Federal Bureau of Investigation (FBI), drug cartels use prepaid cards as a source to launder money earned from illegal drug sales in the USA. European countries are required to implement AMLD5 by January 10, 2020.

AMLD6

 

While the European Union’s member nations are striving to implement AMLD5, the European Commission published a new directive i.e. AMLD6 in their journal. This new directive will make AML and KYC regulations more stringent. By setting a clearer definition of money laundering and increasing the minimum liability for predicate offences, the EU aims to make AML and KYC more robust. 

The key elements of AMLD6 are: 

 

  • Addition of Cyber Crimes in Predicate offences. Predicate offences are crimes underlying money laundering and terrorist financing. Initially, cybercrimes including online identity theft, credit card frauds were not included in predicate offences. Once AMLD6 is implemented the businesses will require more enhanced KYC checks to avoid indulging in unlawful activities.
  • Inclusion of the entities that are aiding criminals to launder money in money laundering crimes. The addition of ‘enablers’ can make money laundering tracking easier.
  • The punishment for money laundering and terrorist financing is increased for up to four years including other penalties.

RegTech: A useful KYC solution  

 

While the aforementioned are major regulatory changes in the world, many countries are also regulating businesses to perform enhanced due diligence and KYC at national levels. Financial Sector is obliged to follow these regulations.

However, the financial sector is not lagging and is taking measures to remain compliant with rules. Since the finance sector always remains one step ahead in adopting innovative technology. One of the latest addition to the finance sector’s arsenal is Artificial Intelligence (AI). The finance sector can adopt AI to make KYC/AML screening more robust, cost-effective, and time-efficient.

RegTech (Regulatory Technology) refers to the use of technology-based solutions to help in compliance with financial regulations. RegTech is enabling rapid development in the financial sector regarding compliance. AI-based identity verification and AML screening solution are both cost-effective and time-efficient. Businesses should adopt AI-based KYC and customers due to diligence solutions (CDD) when onboarding customers to remain compliant with regulatory changes and avoid any offence.  

Conclusion

 

KYC laws are continually modified to catch up with the latest techniques for perpetrating financial crimes. A recent example is AMLD6 by European Commission, which intends to make KYC and AML compliance stricter. The financial sector must adopt effective measures to maintain the integrity of the institutions as well as meet the regulatory requirements. They are the first line of defence against money laundering and need to act accordingly. To ensure that businesses remain in compliance with these changes, RegTech industry is rendering efficient AI-based solutions for KYC checks.   

Global Economies are joining forces with FATF against money laundering

Global Economies are joining forces with FATF against money laundering

Financial Action Task Force (FATF) has been very keen on eliminating financial crime (money laundering, terrorist financing) at a global level. The regulatory authority recommended some major changes in  AML (Anti Money Laundering) practices and screened the AML practices of some of its members (direct or indirect) and also, added new countries in its member’s list. 

FATF is one of the most influential global financial regulators. It has 39 complete members and several members under its affiliates (APG, CFATF, EAG, etc.) around the globe working on a thorough implementation of AML regulations. FATF is always keen on eliminating money laundering from all the countries and territories. Numerous industries including financial and non-financial sectors are added to the scope of reporting entities of FATF recommendations. 

In a wake to ensure global compliance, FATF is always in search of loopholes in AML and CFT (Counter Financial terrorism)  regulations and compliance practices of the member countries. Regular screening of AML practices of its member countries is a part of its operations. 

In 2019 as well, FATF took some vital steps to expanded the scope of its regulations to a global level and to cover the gaps between global AML regulations

Saudi Arabia Became the First Arab Member of FATF

 

FATF expands the scope of its regulations to a global level by adding new members. Becoming a member of FATF requires the country to fully comply with FATF recommendations making it almost impossible for criminals to exploit it. 

Saudi Arabia is setting standards for the Arab and Middle eastern countries by becoming a member of FATF. the country was practicing the global AML and CFT regulations for the last four years. Also, in March 2019, it was about to be blacklisted by FATF, but missed it closely and now becomes full member of FATF.  

Financial institutions and businesses offering any types of financial services will be liable to comply with global AML regulations. This means the latest AML recommendations of FATF regarding cryptocurrencies and the legal sector will also be imposed on the reporting entities in Saudi Arabia. This initiative of Saudi Arabia will bring more business into the country as it is identified as a safe country by fully complying with the 40 recommendations of FATF. Meanwhile, the businesses in the country will be under the strict scrutiny of the regulatory authorities. 

It is high time that businesses in Saudi Arabia should identify the crucial need to practice complete AML compliance.

Pakistan in the Greylist 

 

FATF keeps an eye on its member countries by screening their efforts to eliminate money laundering and terrorist financing. Pakistan is a member of the Asia Pacific Group on Money Laundering (APG) and was under the scrutiny of FATF since 2018. The reason behind this scrutiny is the terrorist attacks in India. It was claimed by the Indian authorities that the terrorist activity was executed by a terrorist group in Pakistan. Also, the Panama Papers placed a question mark on the AML and CFT practices of Pakistan. The regulatory authorities in Pakistan are required to take proactive measures recommended by FATF to be removed from the grey list. 

In 2019, FATF made an analysis of the AML practices of regulatory institutions in Pakistan.  The decision has to come regarding, whether Pakistan will be added to the blacklist or not. 

It shows that FATF does not ignore any kind of non-compliance by its member states. In order to maintain the good image of their country, the member states are always in a wake to adopt stringent practices to enforce AML compliance in the business sector (financial and non-financial). Because becoming a member of FATF of just the first step, the countries have to go through regular screening of FATF and need to maintain a crime-free financial infrastructure in the country. 

So, the businesses in full member countries and indirect-member countries are in dire need of practicing complete AML compliance. As non-compliance will lead to dangerous consequences like huge fines and loss of credit rating, loss of credibility, etc. 

Changes in FATF Regulations

 

FATF gives recommendations whenever it finds a loophole in global AML and CFT regulations. In 2019, the authority gave some major recommendations to its member countries. 

FATF recommended AML compliance for the cryptocurrency and legal sector in 2019. The legal sector is required to screen the Ultimate Beneficiary Owners (UBOs) of the entities they represent. 

Also, the cryptocurrency businesses are required to practice AML and KYC compliance just like the financial sector. 

The reason behind these new recommendations is the increase in fraud in these sectors. Cryptocurrency is widely exploited by financial criminals at a global level. According to a report, $1.1 billion of cryptocurrency was stolen in 2018. On the other hand, the legal sector is also exploited by money launderers to incorporate their black money into the business proceeds of shell companies. That is why the legal professionals are required to verify the identity of UBOs of business entities they are serving.

FATF also recommends the art dealers and precious metal dealers to practice KYC screening on their customers and to report transactions above the predetermined threshold. 

Why Do Businesses need to Practice AML Compliance?

 

 

The businesses in the financial and non-financial sectors are covered in the scope of AML recommendations of FATF. Operating in countries that are full or indirect members of FATF, the businesses are obliged to practice thorough compliance with global AML regulations. Harmful consequences follow the non-compliance practices of businesses. 

Non-compliance could result in fines, loss of credibility, credit rating and market value, and in some cases complete shutdown of the non-compliant entity. For instance, take the case of the Danske Bank’s Estonia branch which was closed due to a huge money-laundering scandal. Also, the bank faced several lawsuits and huge penalty. 

The recent efforts of FATF show that the entity will leave no rock unturned to eliminate money laundering at a global level. So, it means that businesses have no other option but to take proactive measures against financial crime. Running real-time KYC and AML screening on the customers before onboarding them eliminates the risk at the very beginning. It enhances the credibility and credit rating of a company along with proactive fraud prevention. Such steps will help businesses in gaining a competitive edge. Hence, such proactive measures create a win-win situation for businesses.

AML Rules for Virtual Currency and Legal Sector FATF 2019

AML Rules for Virtual Currency and Legal Sector – FATF 2019

Financial Action Task Force (FATF) is an inter-governmental regulatory authority. It was founded in 1989 to combat money laundering. In 2001 the authority also added terrorist financing in its regulatory framework. FATF works on through implementation of global AML regulations in its member countries and to research the money laundering and terrorist financing trends in the world. FATF also gives regulatory suggestions based on its research. 

Money laundering and terrorist financing are becoming a threat to global economies. Billions of dollars are laundered annually around the globe. The cases like Swedbank and Danske bank proved that no business is too big to fail when it comes to money laundering. Regulatory authorities are introducing more rigid regulations to control crime. Real-time AML screening solutions are used by global businesses to cater to the risk coming from their diverse clientele and to insure thorough compliance. 

FATF Crackdown on Cryptocurrency

The virtual currency has become a global phenomenon and has a global market worth $300 billion. Numerous cryptocurrencies are launched increasing the competition and loopholes for money launderers and terrorist financiers. Facebook also announced launching its cryptocurrency “Libra”. Which received criticism from 3 major European central banks. 

The recommendations of FATF are based on the current global scenario of cryptocurrency. Cryptocurrency is globally exploited for money laundering due to a lack of regulations in this sector. Many cryptocurrencies are practicing in-house protocols like online AML screening solutions to deter frauds, but such practices are not centralized and leave loopholes within the industry. 

As per the wall street Journal, FATF gave the recommendations for cryptocurrency regulation in June 2019. According to the new regulations, member countries are guided to register and monitor the cryptocurrencies on a regular basis.

The cryptocurrency businesses, exchanges are required to perform necessary KYC and AML verification processes on their clients and investors before serving them. Also, the cryptocurrency exchange and facilitators are required to report the transactions above the minimum transaction threshold. In order to keep track of crypto transfers, the crypto businesses are required to transmit the customer data to other financial institutions whenever making a transaction above $1000. 

Industry and regulatory experts are working on developing a centralized system for transferring the data of customers. Also, FATF announced in June that it will conduct a 12-month review in June 2020 after analysis of member countries and concerned firms. 

FATF Recommended Risk-Based AML for Legal Sector

Legal Professionals are exposed to a unique kind of risk coming from serving money launderers and terrorist financiers. FATF recommended new AML practices in June 2019, especially for legal professionals to cater to the risk of serving money launderers lingering within the industry. 

The new AML recommendations of FATF are designed to address the risk faced by legal professionals and the firms that have legal professionals as clients. The new recommendations require the concerned parties to exercise more vigilant customer due diligence processes to mitigate the risk of serving criminals. 

The guidelines will help to mitigate the risk through ongoing screening of clients of legal professionals. The recommendations suggest that legal professionals must pay heed to the identification and verification of ultimate beneficiary owners of the entities that they serve. In case the legal professionals serve a shell company it will affect their credibility by serving the money launderers in legitimizing their black money. 

In-depth identity verification of clients will be the obligation of legal professionals. So it infers that the legal sector will have to face serious consequences in case of non-compliance. 

What Cryptocurrency and Legal Sector Can Do About New AML Regulations?

After the new recommendations of FATF virtual currency and the legal sector will need to amend their KYC and AML protocols. The businesses in both sectors will have to do in-depth identity verification and AML screening of their clients.

The new recommendations of FATF are designed to fill the loopholes in the global industries and to mitigate money laundering and terrorist financing at a global level. 

The virtual currency sector serves a global clientele and many legal professionals also have the same. AML & Kyc compliance will help them to mitigate the fraud coming from diverse clientele. Also, once a centralized process and protocols are designed for global compliance, businesses around the world will have a compact set of procedures to eliminate money laundering through joint efforts. 

Once the virtual currency and the legal sector have streamlined their KYC/AML protocols at a global level it will introduce more growth opportunities in these industries. As all the countries will have the same rules and regulations so fraudsters will have no loophole to exploit and collaboration among businesses will be seamless. 

Online KYC and AML screening solutions will help businesses in virtual currency and legal sectors to mitigate the risk in a feasible cost-effective way. It is not possible for the businesses to physically verify their global clients and to screen their Identity documents physically. Developing an in-house system for KYC and AML verification is costly and requires hefty resources so, outsourcing a KYC/AML screening solution is a feasible solution.

Global AML Regimes Tightening Reins on Money Launderers

Global AML Regimes – Tightening Reins on Money Launderers

Money laundering is a global menace. Money laundering and terrorist financing are the major targets of global regulatory authorities like FATF, FCA, FINTRAC, FINMA, etc. Many countries like the UK, USA, and Canada are becoming more rigid in developing and implementing AML regulations on their reporting entities. It motivated businesses around the globe to invest more in advanced AML solutions to avoid any non-compliance penalties. 

Money laundering is a global crisis so, AML regimes are becoming global, through international businesses. As per the United Nations Office of Drugs and Crime estimates, the annual money laundering amount is 2% to 5% of global GDP. 

The loss does stop here but extends to the penalties that global financial institutions pay due to non-compliance. For instance, take the case of Swedbank and Danske bank that paid millions of dollars in penalties due to money laundering practiced in their Estonian branches. 

Both the banks were ignorant of their AML compliance and suffered huge losses due to these cases. The scandal wiped €7 billion off Swedbank’s market value and took a toll over its credit rating. As for Danske bank, it closed its Estonia branch as per the regulatory requirement. 

These shocking revelations affected the AML regulations, regulatory authorities are even more rigid towards AML compliance. Also, the financial institutions and businesses are paying more heed towards AML compliance due to rapid changes in global AML regimes.

Dutch Banks Joining Forces Against Money Launderers

Dutch banks have been exploited several times by the money launderers in the previous years. The largest Dutch bank paid $858 million to settle an investigation last year. It was the largest fine in Dutch corporate history. 

In order to mitigate the risk of further damage, five Dutch banks are exploring joint monitoring of transactions. The banks are aware of the technical and regulatory roadblocks that will hinder this collaboration because confidential data of clients will be shared among the collaborating banks. 

A group of Nordic banks, including Danske bank, are planning to establish a joint venture to develop a platform for handling due-diligence data of their customers. Also, they are working on developing complex algorithms to identify illegal fund transfers. 

The USA Expanding its Counter-Terrorism Powers to Hinder Terrorist Financing

The USA is also expanding its counter-terrorism powers to fight terrorist groups and money launderers. The Wall Street Journal, 11th Sept 2019, reported that Trump administration is expanding its counter-terrorism powers to a global level. The USA will target the international financial institutions that will assist the U.S.-designated terrorist groups and their affiliates. Also, it imposed sanctions on several individuals and entities involved in terrorist groups. 

In its wake to improve security in the state, the U.S. Treasury imposed sanctions on three Korean groups namely, Lazarus Group, Bluenoroff, and Andriel involved primarily in global cyberattacks on financial institutions and ransomware attacks. It is found that these groups are directly controlled by North Korea’s primary intelligence bureau, RGB. These measures are taken to reduce money laundering and terrorist financing in the USA. 

The UK MLA-2017 Amendments of 2019

The UK announced new regulations in AML group-wide policies of the Money Laundering Act (MLA-2017). These new regulations will be in action from 3 Sept. 2019 and will extend the scope of EU regulations to other states. The reporting entities will have to extend necessary EU AML practices to non-EEA states where they have local entities. 

The businesses are entitled to review the regulatory framework of AML/CFT regulations in other states. In case they are facing any hindrance from the authorities in other countries they must report to the FCA(Financial Services Authority) within 28 calendar days of the concerned country. 

If there are restrictions in practicing EU AML regulations in non-EEA states the businesses must take additional measures to mitigate the risk. In case additional measures are not fruitful the businesses are directed to terminate some or all of their operations in that country to mitigate the risk. These new regulations will change the overall AML compliance practices of the businesses.  

Canada – Amendments in PCMLTFA

The Canadian government amended the regulations of the Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA). FINTRAC (Financial Transactions and Report Analysis Center) will implement new AML regulations. 

The major amendment in AML regulations is that the reporting entities are allowed to accept photocopies or scanned copies of identity documents for verification of the clients. In the past, only physical documents were allowed for verification of clients. 

Now the financial institutions and businesses can use identity and document verification software for due diligence. It will enhance the accuracy of their AML compliance practices. Also, online verification is less costly and time-efficient. 

The new Canadian regulations are designed to align the AML regulations of Canada with global AML regulations of FATF (Financial Action Task Force). Money Services Businesses (MSBs) are included in the Reporting entities (RE) list. 

The MSBs will have to follow the same AML regulations of due diligence, recording, and reporting just like the typical financial institutions. Financial institutions will not be allowed to conduct business with unregulated MSBs. The MSBs will have to run in-depth identity verification on all their clients. 

Virtual currency businesses will be registered just as MSBs and will have to follow rigid AML regulations. They are directed to report any cryptocurrency transaction above minimum transaction threshold of $10,000. 

The reporting time for MSBs and virtual currency businesses is also reduced to 3 days from 30 days, which is the global criteria.  

What Businesses Need to do About These Changes?

Global businesses will be affected by these changes. The businesses will have to rethink their AML practices. As most of the AML regimes require the verification of global clients so it is necessary to use feasible solutions for frictionless compliance. Manual compliance could only be helpful when the clients are local. 

Real-time AML compliance solutions will help financial institutions to mitigate the risk coming from international clients especially when the clients are from high-risk countries. Its high time to make smart decisions to stay one step ahead of fraudsters in the future. 

Impact of Canada Evolving AML Regimes on Your Business

Impact of Canada’s Evolving AML Regimes on Your Business

Canada’s AML regulations changed a lot in 2019. More rigid AML regulations are imposed on all types of businesses to reduce money laundering and terrorist financing in Canada. These new regulations will enhance the due diligence practices of companies as digital customer onboarding is allowed to the businesses. 

The government of Canada amended the regulations of Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA). FINTRAC (Financial Transactions and Report Analysis Center) will be implementing the new AML regulations

FINTRAC is an independent federal body in Canada that is responsible for collecting and analyzing the information to detect and prevent money laundering and terrorist financing in Canada. 

The new Regulations are designed to align the Anti Money Laundering (AML) and terrorist financing regulations with the international regulations of FATF (Financial Action Task Force). 

The amendments were introduced in June 2019 after the analysis of the 2016 report by FATF. The report stated that Canada has been the hub of money laundering, real estate, and other industries that are used to launder money to and from Canada. 

Not only that the Mauren Maloney’s report on moany laundering in Canada also highlighted that money laundering is not limited to a few states of Canada. The report estimated that a total of $46.7 billion were laundered through Canada’s economy last year. While British Columbia was responsible for roughly $7.4 billion. 

Based on such shocking facts, Canadian regulatory bodies are keen to control money laundering in Canada, as it is expected that these revelations might be the tip of an iceberg. The latest amendments are designed to bridge the loopholes in digital financial operations and to regulate the unregulated domestic and international entities. 

Key initiatives proposed by the new regulations are as follows:

Digital KYC is possible

Reporting Entities (REs) will be allowed to accept photocopies or scanned copies of identity documents for performing due diligence. In the past, physical documents were required for identity verification of the customers. Customers were required to visit brick and mortar outlets of banks and other financial institutions to register. 

Now that scanned copies of documents are also considered legal, businesses can utilize digital customer onboarding software to onboard clients fastly. Clients can be verified online within a few minutes. It will reduce the hassle of manual customer verification software. This new amendment will improve the customer value of banks and will prevent risk as online identity verification & AML software provide high precision in results. 

Regulation of Money Services Businesses (MSBs)

Money Services Businesses that provided online services are the loophole, exploited by money launderers and terrorist financiers. The latest amendments have addressed this security concern. 

Domestic as well as foreign MSBs will have to follow the same due diligence, recording and reporting regulations. The new regulations will enable FINTRAC to levy administrative monetary penalties on foreign MSBs and will lead to cancellation of their FINTRAC registration if not paid. 

Also, financial institutions within Canada will not be allowed to do business with unregistered MSBs. So, it will tighten the reigns on money launderers and will help financial regulatory authorities to improve the credibility of Canada among other states.

The international MSB’s dealing in Canada will need to run Identity verification on their clients to fulfill the regulations otherwise FINTRAC holds the right to charge financial penalties. 

Virtual Currency Businesses

Virtual currency businesses will be added to PCMLTFA regulations. Virtual currency exchanges and value transfer services would be regulated as MSBs. They will be liable for AML, reporting and record-keeping regulations as well. Also, the virtual currency businesses will have to report any transaction above $10,000. 

Prepaid Access Products will be added to the REs (Reporting Entities) that offer bank accounts. The Prepaid access products providers will have to verify the identity of clients, keep records and report suspicious transactions. All the rules that apply to REs that offer bank accounts will be applied to prepaid access products. 

AML Reporting standards

Previously the financial sector was obliged to report suspicious transactions within 30 days. Now FINTRAC aims at aligning its regulations with international regulations of FATF, reporting must be practiced within 3 days of a suspicious transaction. 

What businesses need to do about these amendments?

With changes in PCMLTFA regulations, businesses will have to change their AML compliance practices aswell. Digital KYC and AML solutions will help them in complete compliance as international MSBs working in Canada will also be required to perform AML on their clients. 

Internet-based businesses especially the virtual currency businesses will have to follow the international due diligence, recording and reporting regulations. All these regulations will not only impact the AML compliance practices of businesses and financial institutions but will enhance their risk cover against money launderers and terrorist financiers. 

Digital KYC and AML software are feasible solutions to keep up with new AML regulations. It provides high precision results within a minute. And runs continuous checks on high-risk clients, reducing the compliance hassle of banks and businesses.

Why PEPs are High Risk and a Threat To Your Business?

Why PEPs are High Risk and a Threat To Your Business?

In the Financial and Trade industry, you may have often heard the term PEPs and the importance of early-stage PEP detection in order to combat money laundering and terrorist funding. 

Politically Exposed Person(s) (PEPs) are profiled individuals who currently hold a public office or are associates of such personnel. The global approach by regulatory and financial bodies limit doing business with PEPs. Owing to the likelihood of money laundering, bribery, and terrorist funding that may result due to the influence of such individuals. Financial institutes view PEPs as a compliance risk. EU, UN, FINCEN, SECO and other regulatory bodies have strict rules when it comes to interacting with potential customers who are not vetted to assess their risk status. This a key component of AML compliance.

Organizations are supposed to assign a risk rating against each individual to identify how much an identity could be responsible for the loss. Organizations are subject to hefty fines and legal actions in case of non-compliance with local and global regulatory obligations.

FATF defined PEPs

The Financial Action Task Force (FATF) is an intergovernmental organization. It was established as an initiative by G7 to create practical policies for anti-money laundering and due diligence. It acts as a supervisory body and formulates recommendations to assist the legal framework of global financial space. Global institutions consider FATF’s guidelines as International Standards.

The latest definition of PEPs provides with four categories:

High Risk – Level I PEPs

  • Heads of state and government
  • Members of government (national and regional)
  • Members of Parliaments (national and regional)
  • Heads of the military, judiciary, law enforcement and board of central banks
  • Top ranking officials of political parties

Medium – High Risk – Level II PEPs

  • Senior officials of the military, judiciary, and law enforcement agencies
  • Senior officials of other state agencies and bodies and high ranking civil servants
  • Senior members of religious groups
  • Ambassadors, consuls, high commissioners

Medium Risk – Level III PEPs

Senior management and board of directors of state-owned businesses and organizations – e.g. Chairman of a Bank

Low Risk – Level IV PEPs

  • Mayors and members of local county, city and district assemblies
  • Senior officials and functionaries of international or supranational organizations

PEPs and Compliances

Financial Authorities and Regulatory bodies translate FATF’s guidelines into practical rules. Compliances define risk involved according to the nature of businesses. How and when to apply Customer Due Diligence. These compliances at international or state-level monitor security measures taken by organizations. They identify and loopholes that maybe there. As per compliance rules, it is a requirement for certain Institutes to perform Enhanced Due Diligence when it comes to PEPs.

Identifying PEPs

In order to implement AML compliance for PEP identification, businesses and financial institutions must have procedures in place to effectively identify and restrict a PEP. To do this two questions are of importance:

(i) When do you check for a PEP?

(ii) How do you check for a PEP?

Customer screening needs to be done to identify the risk associated with it. For this, the updated PEP record should be integrated with the system that automatically verifies the onboarding identity against it. This helps you catch the malicious entity beforehand. 

EU and FINCEN regulations state that strict Customer Due Diligence must be applied before establishing any business relationship with a potential customer. This indicates that PEP screening must be done during the on-boarding process.

Financial Action Task Force (FATF) establishes a standardized “list” of known entities and profiles updated on a daily basis with new data extracted from global sources. This enlists all individuals on the basis of their personal information (Name, DoB, Country of Residence) which satisfies FATF’s definition of a PEP. All potential customers must be screened against these lists to ensure that they are not present in the PEP record lists.

Is there such a thing as good PEP?

The answer is no. The concept of PEPs is not defined on moral grounds. All PEPs are not inherently “bad”. Not in terms of morals. The risk of a PEP is relevant to the possibility to commit illegal activities under the Risk-Based Thinking model. A risk-based Thinking approach means to ensure practices in place to proactively address future disasters. Based on the history that gave birth to various ruinous circumstances for business, each onboarding identity should be screened against security parameters using a pre-defined risk-based thinking model. This helps deter the rate of fraudulent activities in a legitimate system.

As per FATF’s definition of a PEP, four distinct categories are mentioned. Businesses can apply restrictions and train their systems as well as employees accordingly. A low-risk PEP may be allowed performing transactions while a high-risk PEP may not be allowed entry in the system altogether. Keeping all such parameters in place, businesses can ensure high-end security and prevent their system from the criminal entities and therefore, regulatory penalties.

Click here to perform a quick test and see how PEP identification is done in action.