Global AML Regimes – Tightening Reins on Money Launderers

Global AML Regimes – Tightening Reins on Money Launderers

Learn more

Money laundering is a global menace. Money laundering and terrorist financing are the major targets of global regulatory authorities like FATF, FCA, FINTRAC, FINMA, etc. Many countries like the UK, USA, and Canada are becoming more rigid in developing and implementing AML regulations on their reporting entities. It motivated businesses around the globe to invest more in advanced AML solutions to avoid any non-compliance penalties. 

Money laundering is a global crisis so, AML regimes are becoming global, through international businesses. As per the United Nations Office of Drugs and Crime estimates, the annual money laundering amount is 2% to 5% of global GDP. 

The loss does stop here but extends to the penalties that global financial institutions pay due to non-compliance. For instance, take the case of Swedbank and Danske bank that paid millions of dollars in penalties due to money laundering practiced in their Estonian branches. 

Both the banks were ignorant of their AML compliance and suffered huge losses due to these cases. The scandal wiped €7 billion off Swedbank’s market value and took a toll over its credit rating. As for Danske bank, it closed its Estonia branch as per the regulatory requirement. 

These shocking revelations affected the AML regulations, regulatory authorities are even more rigid towards AML compliance. Also, the financial institutions and businesses are paying more heed towards AML compliance due to rapid changes in global AML regimes.

Dutch Banks Joining Forces Against Money Launderers

Dutch banks have been exploited several times by the money launderers in the previous years. The largest Dutch bank paid $858 million to settle an investigation last year. It was the largest fine in Dutch corporate history. 

In order to mitigate the risk of further damage, five Dutch banks are exploring joint monitoring of transactions. The banks are aware of the technical and regulatory roadblocks that will hinder this collaboration because confidential data of clients will be shared among the collaborating banks. 

A group of Nordic banks, including Danske bank, are planning to establish a joint venture to develop a platform for handling due-diligence data of their customers. Also, they are working on developing complex algorithms to identify illegal fund transfers. 

The USA Expanding its Counter-Terrorism Powers to Hinder Terrorist Financing

The USA is also expanding its counter-terrorism powers to fight terrorist groups and money launderers. The Wall Street Journal, 11th Sept 2019, reported that Trump administration is expanding its counter-terrorism powers to a global level. The USA will target the international financial institutions that will assist the U.S.-designated terrorist groups and their affiliates. Also, it imposed sanctions on several individuals and entities involved in terrorist groups. 

In its wake to improve security in the state, the U.S. Treasury imposed sanctions on three Korean groups namely, Lazarus Group, Bluenoroff, and Andriel involved primarily in global cyberattacks on financial institutions and ransomware attacks. It is found that these groups are directly controlled by North Korea’s primary intelligence bureau, RGB. These measures are taken to reduce money laundering and terrorist financing in the USA. 

The UK MLA-2017 Amendments of 2019

The UK announced new regulations in AML group-wide policies of the Money Laundering Act (MLA-2017). These new regulations will be in action from 3 Sept. 2019 and will extend the scope of EU regulations to other states. The reporting entities will have to extend necessary EU AML practices to non-EEA states where they have local entities. 

The businesses are entitled to review the regulatory framework of AML/CFT regulations in other states. In case they are facing any hindrance from the authorities in other countries they must report to the FCA(Financial Services Authority) within 28 calendar days of the concerned country. 

If there are restrictions in practicing EU AML regulations in non-EEA states the businesses must take additional measures to mitigate the risk. In case additional measures are not fruitful the businesses are directed to terminate some or all of their operations in that country to mitigate the risk. These new regulations will change the overall AML compliance practices of the businesses.  

Canada – Amendments in PCMLTFA

The Canadian government amended the regulations of the Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA). FINTRAC (Financial Transactions and Report Analysis Center) will implement new AML regulations. 

The major amendment in AML regulations is that the reporting entities are allowed to accept photocopies or scanned copies of identity documents for verification of the clients. In the past, only physical documents were allowed for verification of clients. 

Now the financial institutions and businesses can use identity and document verification software for due diligence. It will enhance the accuracy of their AML compliance practices. Also, online verification is less costly and time-efficient. 

The new Canadian regulations are designed to align the AML regulations of Canada with global AML regulations of FATF (Financial Action Task Force). Money Services Businesses (MSBs) are included in the Reporting entities (RE) list. 

The MSBs will have to follow the same AML regulations of due diligence, recording, and reporting just like the typical financial institutions. Financial institutions will not be allowed to conduct business with unregulated MSBs. The MSBs will have to run in-depth identity verification on all their clients. 

Virtual currency businesses will be registered just as MSBs and will have to follow rigid AML regulations. They are directed to report any cryptocurrency transaction above minimum transaction threshold of $10,000. 

The reporting time for MSBs and virtual currency businesses is also reduced to 3 days from 30 days, which is the global criteria.  

What Businesses Need to do About These Changes?

Global businesses will be affected by these changes. The businesses will have to rethink their AML practices. As most of the AML regimes require the verification of global clients so it is necessary to use feasible solutions for frictionless compliance. Manual compliance could only be helpful when the clients are local. 

Real-time AML compliance solutions will help financial institutions to mitigate the risk coming from international clients especially when the clients are from high-risk countries. Its high time to make smart decisions to stay one step ahead of fraudsters in the future. 

Looking for Online Fraud Prevention: Here Is What You Can Do

Looking for Online Fraud Prevention: Here Is What You Can Do

Learn more

In an increasingly digital world, it is extremely important for online businesses to identify fraudulent activities happening in their system. In an online marketplace, a large number of transactions take place every second. Among those, 67% of fraudulent transactions remain undetected which results in heavy loss. According to the end 2018 record, online fraud has reached a loss of $6.4 billion. Fraudsters are always in search of the vulnerabilities in the system, they exploit the entry points and perform malicious activities. Online businesses if on the side focus on the better user experience in customer onboarding, on the other hand, they lack the security measures need for Online Fraud Prevention. It is a crucial need for banks, financial institutions, and online marketplace to reduce the risks of online payment scams and introduce high-level security in their system.
xOnline frauds are of different types. The purpose and intention behind each fraud could be the same only the way is different. Some common types are:
Identity Theft: Cybercriminals attack the system to get the personal information of the people and use them maliciously be assuming it to be someone else’ identity.
Credit Card Fraud: Fraudsters make a purchase into the weak website, enter all the essential information and fool the system using the credit card they have stolen.
Email Phishing Fraud: The fraudster sends an email to the victim (could be a bank employee) which appears to be an official email from some financial authority. This email contains the link which redirects the other person onto a login page of the bank appearing to be exactly the same as their official website. Once the employee enters all login credentials, the scammer gets all the personal information and uses the account for malicious activities.

Industries Affected by Online Fraud

63% of industries have experienced fraudulent online losses. With industrial digital transformation in both front-end and back-end operations, there is a need to take high-security measures against online fraud prevention. 75% of online businesses want a secure online system. For this to achieve, online businesses require solutions that enable trust within and out of the organization. Some of the major industries who faced online fraud are:

Online Retail Industry

In 2019, e-commerce sales are expected to account for 13.7% of retail sales worldwide. E-commerce sales are estimated to be increased by more than 240% which is $4.48 trillion by 2021. If on one side, this massive amount shows the demand for e-commerce on the other side, there is a record of 6% online frauds in the retail industry. The transactions happening in bulk are the great opportunities for the fraudsters to enter into the system. In the retail industry, the highest fraud is inventory fraud and due to a fake credit card. It is necessary for the online retail industry to secure its system in order to prevent online fraud.

Gambling Industry

Today, the gambling industry is generating a huge revenue which was $44 billion in 2016 and is expected to be $81 billion by 2022. The gambling industry is a very tempting platform for money launderers and cybercriminals. A recent report shows an $82 billion loss in the gambling industry due to Card Not Present (CNP) attacks. Also, 3.5% of all online payments that take place are fraudulent. The gambling industry needs to implement AML and KYC based checks back in their system to prevent cyberattacks and money laundering activities.

Healthcare Industry

The healthcare industry holds sensitive information regarding patients and hospitals. This information needs to be stored in a secured database in order to prevent data loss due to Online Fraud Prevention. In 2018, a report shows a $2 billion loss due to online fraudulent activities. This loss merely is not only associated o the bill healthcare industry paid but also the lives of several people were affected. The data of patients which includes insurance details, medical history, and personal information is stolen. Fraudsters use it to do money laundering, track their insurance details and blackmail them. For the healthcare industry, it is important to secure their data with significant security measures in order to prevent their system and patients from the heavy risks.

Online Fraud Protection

Online businesses should adopt serious security measures to mitigate the risks of online fraud. For this, identity verification and authentication are compulsory. Each identity entering into the system should be verified under certain AML and KYC regulatory compliances. The banking industry and financial institutions can prevent their system from cyberattacks using KYC compliance. This will reduce the risks of credit card fraud and online payment scams. Biometric verification (fingerprints, iris scanning, facial recognition, etc.) can help in customer verification. There are multiple other ways to verify and authenticate users. Below is a chart that shows the percentage of verification methods adopted by multiple online industries:
Online Fraud detection and prevention methods businesses

Regulation Governing online Fraud Prevention


General Data Protection Regulation (GDPR) is the EU’s most vital regulation for privacy protection. GDPR presents certain rules regarding how the data of people should be gathered, used, manage and protect. For any online business that holds any sensitive information are obligated towards the regulations defined in GDPR.


BaFin is the financial regulatory authority for Germany. On the basis of European supervisory standards, BaFin takes risk-oriented security approaches that are appropriate for industries and online businesses. It ensures reliability in the financial market and introduce policies accordingly.


PSD2 in the EU forms regulations that support forms of payment institutions, introduce interaction methods and facilitate open banking. Under these regulations, online businesses map their systems and provide their customers with several services.


EU’s regulation that defines policies for trust services and electronic verification of customers. These services help in the identification and verification of individuals online and through electronic documents. Banks and financial institutions can implement ceratin functionalities based on the regulation of eIDAS in order to prevent online payment fraud.


For any online business, along with better user experience, the implementation of security measures is equally important. The cost businesses pay with vulnerable systems not only affect the economy but also result in inevitable damage to business reputation. Adoption of secure technological solutions can lessen the risks of heavy fines and business fall. Also, this helps to fulfill the previous loss by encountering them in the future.

Effect of the Amendment to the FINMA Compliance on IDV Service Providers

Effect of the Amendment to the FINMA Compliance on IDV Service Providers

Learn more

In the first quarter of the year 2018, the Swiss Financial Market Supervisory Authority rolled out an amendment to their existing policies regarding Digital Identification and Verification services opted by all the organizations within the Swiss region. The major changes pertained to the Online and Video Verification milieu and due diligence procedures.

We, here at Shufti Pro, carried out an in-depth analysis and self-assessment of our technology and procedures. This article sheds light on how Shufti Pro runs in accordance with the updated FINMA regulations.

FINMA updated their Customer Due Diligence requirements for client onboarding via digital channels to reflect advances in technology. The consultation period for the changes to the circular ran until 28 March 2018. This allowed a sufficient room for maturity to financial institutions so they can update their documentation, technology, and procedures to comply with the new regulations.

What did the amended regulations say?

The amended circular takes into account the development in technology through neutrality and effective money laundering prevention mechanisms. The FINMA circular, dated 13 February 2018 highlights the following:

  1. The video identification process no longer contains the provision regarding the single-use password known as the Transaction Authentication Number (TAN).
  2. Instead, at least three randomly selected visual security features of identification documents must be checked.
  3. For online identification, FINMA no longer requires a transfer from a bank in Switzerland to ensure compliance with due diligence requirements. Instead, under certain conditions, a transfer from a bank in a Financial Action Task Force (FATF) defined member state is now permitted.
  4. Additionally, liveness detection is required as a further security measure when checking photographs.

Shufti Pro, being a dynamic, easily customizable and scalable solution, immediately took steps to make the steps for its identity verification procedures completely transparent and comprehensible.


How does Shufti Pro comply?

Being an online identity and document verification solution, serving clients globally, Shufti Pro aims to remain top of the line when it comes to complying with the updated regulations and/or amendments. To ensure that no legal issues arise for our customers regardless of their location, we have taken the necessary steps to transform our services.

As an outsourced verification service provider, Shufti Pro ascertains the identity of the individual through the identification document itself and the photograph present on it. The identity is ascertained through reliable and independently sourced government-issued documents, where the document will be scrutinized for a minimum of three optical security features’ checks. Shufti Pro’s computer vision system performs the following checks on the identity document:

  • MRZ code
  • Holographic-kinematic features
  • Form-related features

The information entered by the client is compared to that shown on the identification document by the individual along with the Selfie image of the customer/end-user.

In addition, Shufti Pro offers Live Video Verification to the customers, where an end-user appears in front of a web camera, displaying their face followed by their Identification document. The Shufti Pro engine programmatically incorporates liveness detection measures, through which the presence of a ‘real human’ is assured. These include 3D Depth Perception, Image Distortion Analysis, Image Facial Mapping, Micro Expressions, and Image Texture Detection. All of these combine to form a mechanism that remotely detects human presence without being spoofed. There are provisions for ‘selfie upload’ and that too go through the same Liveness Detection based scrutinization.

Shufti Pro’s easily modifiable system is ready to accommodate any changes requested by the customers pertaining to the technology or processes. Without compromising the service quality and ensuring true value for money, we strive to provide industry best identity verification and KYC solution.

Recommended For You: