RegTech – FATF Guidance for Digital Identity Verification

RegTech – FATF Guidance for Digital Identity Verification

Learn more

Regulatory authorities have recognized the benefits of technology and its use for seamless regulatory compliance and scrutiny. Digital identity verification referred to as “digital ID systems” in the FATF guidelines, is a futuristic approach towards fraud prevention. FATF recently issued a guideline for digital ID systems, their use cases, the risks involved and the benefits of such solutions. 

FATF took this initiative back in 2017. It showed its positive attitude towards technological solutions for regulatory compliance that are aligned with the regulations of FATF. Since then FATF has been working on developing guidelines for such fintech and RegTech solutions, that will further make this industry fraud-free. As the guideline highlighted that risk prevails in the fintech industry as well and it can be mitigated through regulatory compliance. The FATF guideline on the digital ID systems is still under scrutiny and it requested suggestions for public stakeholders to leave no loophole for financial criminals. 

FATF Guideline Key Features

The following are the key features of FATF guidance on digital ID systems. It is expected that the final draft of guidance will be very much different from the current draft. 

Stakeholders of the Digital ID guidance

FATF developed guidelines to assist in regulatory compliance, supervision, examination, and cybersecurity authorities by government organizations involved in policymaking. Also, the private sector that delivers digital ID systems will have a lot to gain from the guidance. 

Last but not least, the businesses and organizations that use outsourced digital ID systems will also benefit from this guidance, as it will help them to choose the best Digital ID verification solution. 

Limitations of the guidance

The guidance draft issued by FATF doesn’t cover any information regarding some Customer Due Diligence (CDD) practices. The guidance doesn’t cover the CDD through digital ID for legal person verification, Ultimate Beneficiary Owner (UBO) screening, and nature of a business relationship. 

There is no doubt that digital ID verification can serve these above-mentioned purposes as well but for the time being FATF didn’t cover these in this guidance. 

Main components and participants of the digital Identity systems

The guidance mentioned three main components and participants that it seeks to be available in digital identity systems used by the entities. It includes the process of identity screening through digital ID systems, the ongoing screening and the technical aspects of the digital identity systems. 

Identity proofing and enrollment is the first component and it involves the collection and verification of customer data. A picture is shown on the 13th page of the guidance draft and it shows the process of collection of data from the official identity document (like ID card) and then screening of the information to verify the identity of a customer. The component one also includes the verification of a person through biometrics like face verification and liveness detection to ensure that the original person is providing the identity evidence.

Identification and identity lifecycle management is the second component and it includes the information regarding the stakeholders that need to be verified. The system should be designed to verify the identity of new customers and to verify the identity of already existing customers. It also mentioned that the digital identity system can be used every time a customer logs in to his/her account online or for every face to face interaction with the customers. Such verification should be performed on all the transactions and events mentioned in the FATF regulations regarding identity verification.

Portability of identity proof is the third component that allows the end-users to develop portable identities that will be issued for future verification. 


The guidance referred to NIFT Digital ID Guidelines and EU’s EIDAS Regulations and explained how Digital ID systems help in the effective implementation of CFT and AML regulations. 

Technical standards

The Digital ID systems that follow the guidelines of following international standard organizations are good to go as per the guideline:

  • various jurisdictions or supra-national jurisdictions (e.g. eIDAS Regulation by the European Union)
  • International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), Faster Identity Online (FIDO) Alliance, and the OpenID Foundation (OIDF), and
  • International Telecommunications Union (ITU) and GSMA (for industry-specific). 

To wrap up, businesses are required to comply with KYC, AML and CDD recommendations of FATF in every corner of the world. Now FATF is making things easier for them by developing a guideline for digital ID systems. Just follow this guideline for choosing the best identity verification solution for your business.

Why Financial Industry Needs KYC/AML Compliance?

Why Financial Industry Needs KYC/AML Compliance?

Learn more

The largest concern of financial institutions is “risk management” due to a high rate of financial crime in the industry. Financial crime takes multiple facets in different sectors of financial industry. Money laundering is one major threat and most of the financial institutions cater to it by using an online KYC/AML verification solution. 

Money laundering and terrorist financing increased at a rapid pace in recent years. Global regulatory authorities are introducing new rigid KYC/AML regulations. Financial institutions are under the strict scrutiny of global financial watchdogs. Millions of dollars of fines are imposed on financial institutions in an event of non-compliance. For instance, FINRA fined $1.1. Million to J.P. Morgan Securities for failing to report 89 potential high-risk profiles after an internal investigation of its stakeholders (employees and advisors). 

The rise of FinTech not only injected more competition into the industry but also shared the financial risk of typical financial institutions. The advent of this industry made banks and other financial institutions to enhance their operations and to introduce digital solutions for their typical financial operations to retain their clients. 

This advanced approach has pros and cons for the financial industry. Financial institutions were able to overcome the competition but also introduced new risks in their business models – the risk of online frauds and crime. 

Common Frauds in the Financial Industry

Before listing the most common frauds it is necessary to understand the motive behind these frauds committed against financial institutions. 

Clients and investors of financial institutions are the most common source of fraud and a threat to financial institutions. The major motive of these criminals is to get financial gain or to commit a financial crime in an anonymous way. Often the criminals use stolen or fake identities to execute their crime. This is the reason why all KYC/AML regulations need financial institutions to run KYC/AML verification on their clients and stakeholders before serving them. 

Common frauds with financial institutions are mentioned below:

Money laundering and terrorist financing 

Money laundering is committed to hide the money trail or black money. Financial institutions are used by criminals to launder their black money in other countries and to finance terrorist groups. Banks are not allowed to extend services to money launderers, in case the banks are found to be involved in such illegal transactions they are fined as per AML regulations. 

Account takeover fraud

Account takeover fraud is also a very common fraud in the financial industry. The criminals take over the account of a legal customer using the stolen credential (passwords, PINs,etc.) and use it for accumulating money or to make a transaction through that account. This is the reason why financial institutions are investing in biometric verification for account access.

Phishing scams

A common cyber-attack on financial institutions is phishing scam which is executed through fake emails sent to the employees of financial institutions. These scams are executed to gain illegal access to the confidential data of an organization. Employee training and firewalls is a good practice to mitigate these scams. 

Fake identities

Criminals use fake identities to open accounts at financial institutions to conduct their illegal activities. The most common victims of identity thieves are the financial institutions because they serve well the money motive of criminals. Research of Insurance Information Institue found that 3 million identities were stolen in 2018 and 1.4 million of those stolen identities were fraud-related. 50% of those identities were stolen to conduct credit card fraud with banks and businesses.

Key Points of Global KYC/AML Regulations

  • Exercise identity verification on your customers before serving them
  • Customers should be screened for international sanction lists, terrorist lists, high-risk countries and PEPs (Politically exposed people)
  • On-going AML screening of clients
  • Proper record-keeping for the AML practices in the organization
  • Any transaction above the “minimum cash transaction threshold” must be reported to the concerned authorities
  • Proper training of employees and an integrated AML compliance program
  • Fines in case of non-compliance

Recent Global trends in KYC/AML

Global financial regimes evolved in 2019. Many changes occurred in KYC and AML Verification regulations around the globe. Countries are working on extending the scope of their KYC/AML regimes. 

Canadian regulatory authority FINTRAC has changed the KYC/AML regimes to align them with international KYC/AML regulations of FATF. Online KYC is possible as scanned copies of identity documents can be used for due diligence. Also, Money Services Businesses and virtual currency businesses are added to the reporting entities list. They will be liable for typical KYC and AML rules that apply to businesses involved in fiat transfers. 

The UK amended its Money Laundering Act (MLA-2017) and require the international affiliates and subsidiaries of UK-based businesses to exercise the EU AML regulations in non-EEA countries aswell. 

Five major Dutch banks are joining forces to develop a joint technological system to handle the due diligence data of their customers. Also, they plan to develop joint KYC/AML procedures by sharing the financial data of their clients, for better KYC and AML compliance. 

Businesses that Need Real-time KYC and AML Verification Solution

As per the global AML and KYC regulations, the financial institutions must perform KYC and AML compliance. Financial institutions need to practice in-depth KYC and AML compliance. The institutions that are liable for compliance under the KYC and AML regimes are banks, brokerage houses, insurance companies, forex exchanges, non-banks mortgage lenders, money transmitters, cryptocurrency facilitators, etc. 

How Online KYC and AML verification is Performed?

The API is integrated with the system of financial institutions. Every time a new user is onboard or end-user accesses its account the verification is performed. Real-time identity verification is performed through in-depth screening of ID document and face verification or biometric verification. Also, the documents and address are verified in real-time before onboarding a new client. Once the verification is completed the end-user is allowed access to the system of the financial institution. 

Incase of AML verification the information of the end-user is screened against regularly updated databases that consist of global sanction lists, watchlists, and PEP lists.

 Benefits of Online KYC and AML Verification Solution?

Financial institutions and businesses are willing about going KYC and AML complaints after looking at the rigid behavior of global watchdogs. It is important to investigate the advantages of every step taken. 

Fraud prevention

Online KYC and AML solutions help the financial institutions in preventing the risk that comes from a diverse clientele. Identity thieves and money launderers can be identified at the very first stage and help the businesses in serving only legitimate businesses. 

Regulatory compliance

Online KYC and AML verification software help the financial institutions in catering to regulatory compliance needs. Compliance prevents penalties and credibility loss that could be huge in some cases. For example, Swedbank was recently fined for non-compliance and lost its market value along with its credit rating. 

Customer on-boarding

Online KYC and AML verification solution help the financial institutions in on-boarding clients with good credibility. Fast verification helps in seamless onboarding and helps retain more happy clients. Customers are verified within 30 seconds, reducing the hassle of manual verification. 

To wrap up KYC and AML compliance is inevitable for global financial institutions. Real-time KYC and AML verification solutions are suitable for seamless compliance. 

AML & KYC Compliance – 5 Ways AI is Supporting the Fight Against Financial Crimes

AML & KYC Compliance – 5 Ways AI is Supporting the Fight Against Financial Crimes

Learn more


Reforming AML & KYC Compliance Structures for Financial Institutions

The capabilities of artificial intelligence (AI) are being pushed to unprecedented levels in the past few years. The banking and financial services sector has reaped extensive benefits from the transformation brought on about by AI in the landscape of IT solutions. The Anti Money Laundering (AML) and Know Your Customer or KYC compliance, in particular, has been made more dynamic and effective through AI-enabled systems. The financial sector produces huge amounts of data, which is what AI works best with. It can mine high volumes of data within seconds and produce risk-analysis of clients, that would otherwise take days or even weeks for the compliance staff to produce.

In the day and age of high connectivity, people expect their services to be fast and efficient. AI has proved to be monumentally adept at performing redundant tasks that require hundreds of man-hours. This has enabled the banking staff to focus their efforts towards more value-oriented tasks. With branches in AI including machine learning and natural language processing (NLP), financial institutes can transform their Client Lifecycle Management (CLM) by automating different procedures that require repetitive labour and are more prone to human error.

How has AI Transformed AML & KYC Compliance

Through NLP technology, AI can now process vast amounts of data provided in different languages which enhances the KYC process for banks. Different documents can be scanned through an automated system, which then reads and processes the information, allowing for a faster data entry process. Additionally, it can also go through external sources with increased efficiency. This allows banks to transform their entire client onboarding procedures to be faster and more dynamic.

The financial sector also has to adhere to a number of anti-money laundering (AML) regulations. AI is enabling financial institutions to implement systems that can perform a risk analysis of high-risk client profiles within seconds. By sifting through large volumes of data, machine learning algorithms are able to detect suspicious activity in client transactions, therefore identifying high-risk clients instantly. Other systems are able to track changes in the regulatory landscape around the world and provide prompt updates to the company. Banks now are also able to screen individual clients through global AML sanction lists through AML screening services provided by an AML and KYC solution provider like Shufti Pro.

Here are some of the ways AI is helping to improve the AML/KYC Compliance process;


  • Developing Comprehensive Risk-Profiles of Clients

Artificial intelligence has been able to digitise the process of evaluating client profiles. These systems can now provide banks with different levels of risk profiles of clients depending on their history and credit score. The profiles can be classified as high, low or medium risk according to the client details. This has made the process of enhanced due diligence (EDD) more efficient for banks, allowing to screen out high-risk individuals.

  • Establishing Ultimate Beneficial Ownership

Under the recent AML and counter-terrorism financing directives, institutions like FATF have introduced UBO legislation, wherein financial institutes are required to establish the ultimate ownership of assets. Compliance departments are required to go through complex data in order to sift through shareholders, beneficial owners, directors and other associates linked to a business. AI has enabled the compliance staff to establish UBO for different clients through enhanced systems. It can read and process vast quantities of data wherein it is able to produce comprehensive risk profiles of clients. As AI technologies are progressing rapidly, these systems will continue to gain consequence over the coming years.

  • AML Screening

Financial institutes around the globe are increasing focus on screening clients through an AML screening process, thus improving the AML and KYC compliance process. Outdated systems have been known to produce an unusually high number of false positives, thus piling up unnecessary work for compliance managers. A KYC solution like Shufti Pro can provide real-time screening of clients through global AML watchlists through an AI-enabled system.

  • Faster Client Onboarding Process

As people are increasingly coming to rely on technology, and are getting used to services that are easily accessible, banks are trying to keep up with the tech revolution. By installing AI-powered systems, client onboarding procedures can be made more efficient as well as effective. Such systems have lent increased capability to banking systems and compliance processes, in particular. Advanced monitoring through AI and real-time screening and alerts can mould the onboarding of clients to be faster than ever before.

  • Keeping Up-to-Date With Compliance Regulations

Systems in AI like machine learning algorithms can detect patterns in data within seconds. The AML and KYC requirements around the world are constantly changing. Regulators dole out new laws and requirements every year in an effort to curb money laundering and financial crimes. This makes the tasks of a compliance team more complicated and dynamic. AI is able to analyse and detect patterns in data, thus keeping compliance requirements up to date.

With Shufti Pro as a KYC service provider, banks and financial institutes can revolutionise their AML and KYC compliance procedures. It provides digital KYC through document verification, facial biometric authentication and AML screening procedures. By implementing KYC as a service, banks do not have to invest separately in developing AI solutions from scratch.

Recommended For you: