Artificial Intelligence has extensive applications across several domains: from banking to health, to travel, to finance. It continues to gain traction across industries that rely heavily on data which virtually encompasses all industries. The IHS Markit’s “Artificial Intelligence in Banking” report declares that the global cost for artificial intelligence is expected to reach $300 billion by 2030. AI in banking sector is no exception and it is providing remarkable benefits to banking.
A study by PricewaterhouseCooper shows that 52% of the financial services industry is making considerable investments in artificial intelligence. 72% of business decision-makers assume that AI will be the business advantage of the future. Machine learning has become an important fixture in banking, leading to infinite possibilities as it continues to grow and advance.
How is Artificial Intelligence used in Banking?
Artificial Intelligence uses deep learning, predictive analytics, and machine learning for an improved banking experience. Through AI, fraud detection, risk assessment, cost reduction, and enhanced customer experience is achieved. The banking industry also benefits from AI in combating frauds and hacks while adhering to KYC and AML compliance regulations.
How is AI Contributing to the Banking Sector
There are a number of ways artificial intelligence is revolutionizing the banking practices. Fraud detection, seamless customer support, mobile banking, risk management are some of the fields in which AI is contributing in.
For financial institutions like banks, security is one of the topmost priorities as banks are under constant threat of frauds and hacks. Through AI, decreasing rates of false positives, preventing fraud attempts and lessening manual reviews of potential payment frauds is achieved. According to a recent survey, ‘AI Innovation Playbook’ published by PYMNTS in collaboration with Brighterion, 80% of fraud specialists who employ AI-based platforms believe the AI technology helps reduce payment frauds and prevent fraud attempts. 63.6% of financial institutions that utilize AI believe that it is capable of preventing fraud before it happens. This shows the scope of AI for the mitigation of payment frauds. Payment frauds are reduced through AI’s ability to interpret trend-based insights through supervised machine learning, which is then joined with completely new knowledge achieved through unsupervised machine learning. Through the combination of both types of machine learning, it is determined whether a transaction is fraudulent or not.
The following points depict why AI is one of the most used tools to combat payment fraud:
With the advancements in technology, payment fraud attacks are increasing in complexity. These attacks normally have a digital footprint or sequence which makes them undetectable using predictive models alone. AI plays its role to mitigate these kinds of attacks and provide a security layer to the bank.
Through the use of AI, payment fraud can be detected swiftly even on a large scale. This is how AI provides an immediate advantage to banks in battling the many risks and methods of fraud.
Through AI’s predictive analytics and machine learning, anomalies in large-scale data sets can be found in seconds.
Along with the number of other advantages of AI in the banking sector, cost reduction is a big one. It is estimated that by 2023, $447 billion will be saved in costs through the use of artificial intelligence. By utilizing AI, banks can cut costs in three key areas:
A huge amount of time is spent in digitizing, identifying and onboarding document templates. Through the automation of the digitization process, banks can reduce the total time spent on this circle. This results in highly improved cycle times and the benefit of redeploying employees to more important projects.
Errors are costly yet unavoidable. A recent survey by Netwrix shows that human error is one of the leading causes of financial data breaches. Through automation in banking systems, errors are lessened to a remarkable degree without an increase in cost. AI systems are much better at handling unstructured data which leads to lower error rates.
Costs of document digitization are huge. Based on the data from IBM, the traditional onboarding process can cost hundreds of millions of dollars. AI tools that are 80% automated and results in 90% accuracy are utilized so that banks are capable of reducing the costs of these onboarding processes. Approximately 30 to 40 percent of the original cost spent on the onboarding process can be saved. The AI-powered onboarding process also results in lessened error rates and greater use of employee labor.
Enhanced Regulatory Compliance
Banks are always under intense pressure from regulatory bodies to enforce the most recent regulations. These regulations are there to protect the banks and customers from fraudulent activities while at the same time, reducing financial crimes like money laundering, tax evasion, and terrorism financing. AI in banking also helps ensure that banks are compliant with the most recent regulations. AI relies on cognitive fraud analytics that watches customer behaviors, track transactions, recognize dubious activities and assess the data of different compliance systems.
Businesses can remain up to date with compliance rules and regulations through the use of AI. AI systems can read compliance requirements and detect any changes in the requirements through deep learning and natural language processing. Through this, banks can remain on top of ever-evolving regulatory requirements and align their own regulations with them. Through technologies like analytics, deep learning, and machine learning, banks can remain compliant with regulations.
Seamless Customer Experience
Customer experience affects every business in the world, including the banking industry. Customer experience directly affects the way people perceive an organization. Especially in the case of banks, people want access to their money 24/7 and they want swift and easy transaction as well. This is where AI chatbots and voice assistants play their role. Chatbots don’t follow any timezone which helps users access them anytime, anywhere in the world.
The most important feature of these chatbots is that they are constantly learning through previous customer interactions which in turn helps enhance them and their customer service. An example of chatbots in banking is the virtual assistant of Bank of America, Erica. Erica constantly sends notifications to their clients, updates users about their credit scores and helps them pay bills and make transactions automatically.
Apart from chatbots, banks are also employing humanoids. Pepper, which is a humanoid developed by SoftBank, is one such example. Through the use of AI, customer experience is enhanced which in turn increases revenue.
When it comes to customer onboarding or granting credit cards to clients, there is always a risk factor associated with it. To mitigate it, a thorough check of the potential customer is needed to authenticate the client. Through the use of AI, Know Your Customer (KYC) checks are done in real-time to identify the clients. Thus, AI offers the chance to save banks millions of dollars due to fraudulent or poor credit applications. Through the use of biometric technology which includes fingerprints, facial recognition scans, iris scans, voice recognition, etc., banks can implement a supplementary layer of security which in turn helps mitigate risks.
Mobile banking is also another application of artificial technology in banking. AI in mobile banking has remarkably revolutionized the concept of banking and customer experience. The core features of mobile banking are 24/7 availability anywhere in the world as well as providing more opportunities for the bank staff to concentrate on more complex issues. According to a survey by the National Business Research Institute, 32% of financial institutions are already using AI tools like predictive analytics, voice recognition, and recommendation engines to provide a more personalized touch to the customers.
The impact of artificial intelligence and machine learning in the banking sector runs deep. As we continue to become comfortable with the existing AI applications, it will continue to enhance and grow savvier. The banking industry is seeing a number of innovations due to artificial intelligence and machine learning and in the upcoming years, these innovations will continue to progress.
The ever-evolving regulations are creating challenges and complexities for the financial institutes, both in national and international markets. Financial sector deals approximately with 200 regulatory changes per day and these numbers are rising. Most of the time, businesses fail to concede these regulatory requirements and face heavy fines. Since 2008, global banks have been fined more than $321 billion collectively for not following Know Your Customer (KYC) and Anti Money Laundering (AML) regulations.
Even with a compliance cost of almost $100 billion globally in a single year, crimes like money laundering, terrorist financing, and cyber frauds are increasing. Financial Institutes (FI) do not only find it challenging to comply with KYC and AML regulations but increased fraudulent activities make these things even worse. Financial institutes often fail to identify fraudsters and face fines and even get banned.
Fraudsters and money launderers are exploring new ways of carrying illegal activities. An undercover agent who infiltrated Pablo Escobar’s drug cartel responds, “You can launder money in so many different ways, it is as unique as snowflakes.” To counter these challenges, regulatory authorities are making updates in regulations almost every day.
Changing Regulations with the Changing World
In the aftermath of the 2008 financial crisis, regulatory authorities put forth several noticeable amounts of regulations, but now almost after a decade, some regulators and lawmakers think it is time to analyze what is working and what is not and make necessary amendments accordingly.
Banks and financial institutes are the protectors of the financial systems and the responsibility to prevent financial crimes lies with them. In the last decade, these institutions have worked tirelessly to establish reliable KYC and AML procedures and systems. However, changes created by technology and globalization demands modifications in regulations.
For instance, high demand for virtual currency has made regulators reassess in place regulations and make amendments to regularise cryptocurrency. As most of the cryptocurrencies are not backed up by any central governments the potential of its use in illegal activities, especially terror financing and money laundering, already threatens the authorities and businesses.
The authorities are making amendments and the newest laws to regulate all these advances in financial systems. Here are some recent changes by notable global regulatory authorities:
Financial Action Task Force (FATF) is an intergovernmental organization, which strives to eliminate money laundering and terrorist financing globally. The organization has been very keen on recommending necessary changes required to comprehensively deal with financial crimes.
Noticing the recent trends of money laundering (ML) and terrorist financing (TF), FATF recommends member states to perform legal screening of Ultimate Beneficial Owners (UBOs) of every business. Owing to the exploitation of virtual currency by criminals, FATF also recommends regulating cryptocurrencies. According to a report, $4.26 billion worth of cryptocurrencies were stolen by cybercriminals, only in 2019. FATF expects members to implement these regulative reforms in their respective states for combating ML and TF.
European Commission’s AMLD5 and AMLD6
As a part of an action plan against money laundering and terrorism, the European Commission has introduced new regulations in the 5th and 6th AML directives. Every European country is required to implement these regulations as a part of its national action plan on AML and CFT.
The most prominent law in AMLD5 is the regulation of cryptocurrency exchanges and service providers. Before this directive, e-wallet providers and crypto exchanges were not covered under the financial regulations. AMLD5 made it compulsory for crypto businesses to perform KYC for identity verification. Furthermore, member states are required to maintain a central register for Ultimate Beneficial Ownership (UBOs) of the crypto businesses.
AMLD5 also lowers the threshold for the prepaid cards to decrease the risks of money laundering through these cards. According to the U.S Federal Bureau of Investigation (FBI), drug cartels use prepaid cards as a source to launder money earned from illegal drug sales in the USA. European countries are required to implement AMLD5 by January 10, 2020.
While the European Union’s member nations are striving to implement AMLD5, the European Commission published a new directive i.e. AMLD6 in their journal. This new directive will make AML and KYC regulations more stringent. By setting a clearer definition of money laundering and increasing the minimum liability for predicate offences, the EU aims to make AML and KYC more robust.
The key elements of AMLD6 are:
Addition of Cyber Crimes in Predicate offences. Predicate offences are crimes underlying money laundering and terrorist financing. Initially, cybercrimes including online identity theft, credit card frauds were not included in predicate offences. Once AMLD6 is implemented the businesses will require more enhanced KYC checks to avoid indulging in unlawful activities.
Inclusion of the entities that are aiding criminals to launder money in money laundering crimes. The addition of ‘enablers’ can make money laundering tracking easier.
The punishment for money laundering and terrorist financing is increased for up to four years including other penalties.
RegTech: A useful KYC solution
While the aforementioned are major regulatory changes in the world, many countries are also regulating businesses to perform enhanced due diligence and KYC at national levels. Financial Sector is obliged to follow these regulations.
However, the financial sector is not lagging and is taking measures to remain compliant with rules. Since the finance sector always remains one step ahead in adopting innovative technology. One of the latest addition to the finance sector’s arsenal is Artificial Intelligence (AI). The finance sector can adopt AI to make KYC/AML screening more robust, cost-effective, and time-efficient.
RegTech (Regulatory Technology) refers to the use of technology-based solutions to help in compliance with financial regulations. RegTech is enabling rapid development in the financial sector regarding compliance. AI-based identity verification and AML screening solution are both cost-effective and time-efficient. Businesses should adopt AI-based KYC and customers due to diligence solutions (CDD) when onboarding customers to remain compliant with regulatory changes and avoid any offence.
KYC laws are continually modified to catch up with the latest techniques for perpetrating financial crimes. A recent example is AMLD6 by European Commission, which intends to make KYC and AML compliance stricter. The financial sector must adopt effective measures to maintain the integrity of the institutions as well as meet the regulatory requirements. They are the first line of defence against money laundering and need to act accordingly. To ensure that businesses remain in compliance with these changes, RegTech industry is rendering efficient AI-based solutions for KYC checks.
Cryptolocator, a cryptocurrency Marketplace, has recently partnered with Shufti Pro to implement state of the art client authentication system.
Cryptolocator is an advanced P2P marketplace for buying, selling, and storing Bitcoin and Ethereum. Users can easily exchange the world’s two most popular cryptocurrencies in their multi-platform systems with traders around the world. Carrying out a robust and seamless due diligence process to register authentic buyers or sellers is imperative for such businesses. The need to integrate a reliable KYC and AML solution was the impetus for Cryptolocator to approach Shufti Pro.
Cryptlocator is a cryptocurrency marketplace with a mission to increase Ether’s availability, organize the trading process and make it secure. The platform brings together those who want to exchange cryptocurrency from all over the world with no limits.
The service gives an opportunity either to post advertisements, creating your own terms of exchange or just choose from a list of ready-to-make offers. Through Shufti Pro’s AI-driven verification software, they have been able to build a comprehensive KYC/AML structure for verification and authentication of users.
Reflecting on the association between the two companies, Victor Fredung, CEO Shufti Pro said:
“We are delighted by the fact that Cryptoloacator has trusted Shufti Pro to help meet with their customer identification requirements. Working with Cryptoloacator has proved to be a challenge as well as a growth opportunity. Shufti Pro is focused on pushing the boundaries of providing the best KYC and AML services through a combination tech of AI and HI (Human Intelligence). We aim to provide quality services to our clients and keep them satisfied by offering them valuable support.”
Kirill Stepanenko, Chief Marketing Officer of Cryptolocator said:
“KYC and AML solutions are becoming a standard for legal cryptocurrency projects. We’ve been looking for an identification service which will make our KYC-process native and simple for our users, but powerful and safe for our platform. Shufti Pro is what exactly meets our needs! Our users easily go through the frictionless experience and get the verification done in less than 30-60 seconds! Moreover, Shufti Pro has a very impressive dashboard that is easy to use for even non-IT people, like our AML-officer. Shufti Pro API is also easy to integrate with our platform code.
Cryptlocator brings together those who want to exchange cryptocurrency from all over the world without limits. Because of the peer-to-peer approach, it is possible to trade fast and directly. Unlike some centralized cryptocurrency exchanges, you make a trade directly with another person. This makes the process lean and fast. Because of Shufti Pro, Cryptolocator can verify the identity of users in real-time. Shufti Pro provides next-generation end-to-end Identity Verification services. It’s a SaaS product offering KYC verification as its basic feature. It was developed to address the gap between quality and availability thus providing the best service to their clients.
About Shufti Pro
Shufti Pro was launched in 2017, London, UK, to provide end-to-end identity verification services. The SaaS provider has offices in the UK, Latvia, Cyprus, and Sweden, and provides document verification, KYC/AML screening, geolocation verification, face verification, and 2-factor authentication to a global clientele. Using a hybrid of AI (Artificial Intelligence) and HI (Human Intelligence), it can verify seven billion people on earth. It delivers results in 30-60 seconds with an impressive 98.67% accuracy.
The modern world is an era of technology. Moving into the fourth industrial revolution, digitization of organizations is gaining grounds in the marketplace. The industries are rapidly adopting the latest technology to secure their place in the competitive market. The identity thieves and fraudsters have set their new targets, i.e. online business. Using advanced technological tactics and sophisticated tools, they are actively exploiting the business and consumers.
The primary purpose of all the thieves and fraudsters is to gain a monetary advantage, no matter what type of fraud it is. Living in the 21st century, traditional payments are moving towards the elimination of cash. The trend of online transactions and mobile payments is on the rise and fraudsters, are not going to miss the opportunity to compromise the transactions. Over the past few years, card fraud has become one of the fastest-growing and challenging frauds for businesses and organizations.
The organizations accepting card payments are constantly under threat of fraudsters and cybercriminals. This means they are exposed to chargeback losses, customer churns, brand damage and other financial impacts of the digital frauds. Moreover, the strict KYC and AML regulations on businesses dealing with money demand an effective verification solution that can fulfill the regulatory requirements.
Taking into account the increased card frauds, the businesses don’t have to tackle fraud to protect themselves but it is their responsibility to protect the respective card networks as well. This is the reason why the service providers have their own monitoring policies and programs imposed on the merchants and businesses. It helps the merchants to drive improvement in their fraud prevention strategies and tools.
Mastercard’s new fraud monitoring program is set to be implemented from October 2019 to all the merchants in the US. With the execution of this program, the businesses will need to invest in the verification and authentication services to curb chargebacks and prevent themselves from hefty fines.
Mastercard’s Excessive Chargeback Program:
Considering the rising trend of chargebacks, MasterCard has launched an Excessive chargeback program to carefully scrutinize each merchant’s chargeback activities. In this program, with the predetermined chargeback thresholds, the acquirers can effectively evaluate and predict chargeback risk associated with a merchant. Monitoring these chargebacks rates, the acquirers can take action when a merchant exceeds or is expected to exceed the predefined acceptable threshold.
Mastercard chargeback thresholds are determined on the basis of the chargeback-to-transaction This ratio is calculated by dividing the current month’s first chargebacks amount by the total number of transactions in the previous month.
Recently landed in October 2019, MasterCard’s new Excessive Fraud Merchant (EFM) compliance program is applicable to all the merchants in US businesses. This program is applicable to every merchant who meets or exceeds the pre-defined thresholds for following short-list of criteria:
The minimum number of e-commerce Mastercard Payments must be 1,000
The net fraud volume per month is greater than $50,000
A fraud-count-to-transaction ratio (FCTR) that is greater than 0.50%
Total 3D Secure (3DS) Mastercard transactions that amount to less than 10% of total Mastercard payment volume
In addition to the chargeback threshold, in the EFM program, MasterCard predefines the fraud threshold. The failure of merchants to meet this predetermined threshold level can result in fines and deactivation of the card service as well. The net fraud volume is calculated according to the following chargeback codes:
4871: Chip/PIN Liability Shift
4870: Chip Liability Shift
4863: Cardholder does not Recognize – Potential Fraud
4840: Fraudulent Processing of Transactions
4837: No Cardholder Authorization
The fines will begin to imposed from March 2020. These fines will be applicable to any merchant remaining the EMF programs for two or more executive months, eventually varying the fine charges. For instance, after being in the program for two months, the fine will start at $500 rising to $1000 for three months, $5000 for 4-6 months and $25,000 for 7-11 months.
What does it mean for Merchants?
Disputes and fraudulent payments are unfortunate aspects of online payments. The best way to manage them is to prevent them from happening by integrating an effective fraud prevention strategy. With the new Mastercard’s fraud prevention programs, the merchants need to invest in payment verification and authentication solutions in order to avoid remaining in the EFM program.
The fraudsters and scammers are using advanced tactics and automated tools to stay anonymous and spoof authentication checks and filters to carryout fraudulent payments using stolen identities and customers’ credentials. Merchants must need to respond in kind to prevent them from exploiting the business. It can be done by adopting an AI-powered identification solution. Shufti Pro’s verification solution uses multiple verification and authentication services that are best suited for online businesses.
Preventing Fraudulent Payments
A payment is considered fraudulent in a case when the cardholder or accountholder doesn’t authorize it. The fraudulent payments are often made using stolen cards and card numbers – card not present frauds. Sometimes, through account takeover, fraudulent purchases are also made. By the time the cardholders review their card statement or get notified about the payments, the transactions have already been made. As a result, they contact their card issuers and claim a chargeback and ask them to dispute it.
Collect information – Verify Payments
Insufficient and vague information provided by the customers at the time of checkout is one of the major reasons why businesses fail to identify if the customer is legitimate or not. Just because someone successfully logged in to the account doesn’t guarantee that the transaction is done by an authorized entity. The businesses need to integrate authentication checks at the time of checkout to verify the identity of the authorized customers.
For instance, integrating Shufti Pro’s Consent verification in the e-commerce platforms requires a video consent from customers holding the identity card or credit card. With the hybrid approach of AI and HI technology, the authorized users are verified at the time of checkout. If the authentication is failed, the payment won’t be approved. The identity verification services provided by Shufti Pro combat intruders while keeping any customer burden and losses to a minimum.
With evolving global KYC regulations, the biggest concern of businesses is to streamline their compliance processes with customer onboarding. Online KYC screening solutions address multiple concerns of executives planning to implement KYC compliance in their organization.
Becoming KYC compliant requires extensive research. Below is a detailed guide on KYC for businesses around the world.
What is KYC?
The scope of KYC is not limited to the verification of the clients only. Businesses around the globe practice it to verify their merchants, agents, partners, employees, etc. with the change in purpose, it also changes the name of this process and it becomes, Know your Merchant (KYM), Know Your Business (KYB), or Know Your Employee (KYE). But KYC is the most common, and one compact process can be designed to verify the customers, employees, merchants, etc of a business.
History of KYC
Businesses, especially the financial sector have adopted KYC way before other sectors due to high financial risk associated with their operations. In the past, KYC regulations were only imposed on the financial sector but with the evolution of the financial sector and the advent of FinTech expanded the scope of KYC regulations.
BSA and Advent of KYC in Financial Sector
KYC started when the U.S. introduced the Banking Secrecy Act (BSA) in 1970. This act was developed to control drug trafficking by keeping an eye on black money transactions. Subsequent AML regulations were developed on the basis of BSA in 2001 in the form of the USA Patriot Act which was implemented in 2003.
After that many other regulatory authorities introduced KYC and AML Regulations on regional and international levels.
Evolution of KYC
With an increase in money laundering and terrorist financing, the regulatory authorities are always in a bid to enhance the regulatory framework. The KYC regulations of BSA were globally acclaimed and many states implemented those regulations or developed their own regulations accordingly.
With the break of Panama Papers, the global regulatory authorities amended the KYC regulations to curb money laundering. For instance, FinCEN (U.S regulatory authority) amended the KYC regulations and expanded the scope of customer verification in 2016. Because there were loopholes in the KYC protocols of financial institutions. Shell companies were used by the criminals to wash their black money by manipulating the business proceeds of those businesses.
Since 2016, KYC is also addressed as KYB (Know Your Business). Global regulatory authorities now demand the financial institutions to verify the Ultimate Beneficial Owners (OBO) of the businesses that they serve as clients.
KYC Compliance Program
KYC compliance is not just a one-time practice. It is a thorough verification process that starts with developing a Customer Identification Program (CIP). Then it comes to accessing the risk associated with each client. In the case of a low-risk client, basic KYC is enough but if the customer has a high-risk profile then Enhanced KYC is applied to that customer.
Customer Identification Programs (CIP)
Customer Identification Program is the first step in KYC compliance. It consists of the requirements of regulatory authorities that apply to your business model or industry. CIP protocols are the same in most of the regions in the world. For instance, in the USA the CIP requires that every financial transaction must be verified through an in-depth identity verification of the person making the transaction.
The CIP includes the risk assessment of the individual and business accounts of the financial institutions. The financial institutions are required to define their risk appetite. Once it’s set, the businesses and financial institutions are required to assign a risk rating to each of their clients. It helps them define risk measures for clients falling under different risk brackets. KYC procedures are defined uniquely for complete risk prevention in all those risk brackets. This is the point where the financial institution or the business decides the procedure of Customer Due Diligence (CDD) and Enhanced Due Diligence(EDD).
CIP also includes the collection of customer information and the verification of this information. Once completed the customer is assigned a risk rating and CDD or EDD is performed on that customer based on risk rating.
Customer Due Diligence (CDD)
Customer due diligence is the process of processing the customer’s information for KYC screening. It is the second step in KYC compliance. In this step, the basic information of the customer is collected in real-time or in some cases manually.
The information collected for customer due diligence is as follows:
Date of birth, etc.
This information is used to verify the identity of the customer. The customer is assigned a risk rating as per his credentials. The risk rating of the customer is decided on the basis of the customer’s country, financial credibility, and the AML screening of the customer. In case a customer is found to be related to someone in the PEP or sanction list than the risk is considered high and Enhanced Due diligence is practiced on such clients.
Enhanced Due Diligence (EDD)
In case of a high-risk customer, the financial institutions and businesses perform more strict KYC and AML screening, which is called Enhanced Due Diligence (EDD). Enhanced due diligence includes an in-depth investigation of customer’s identity, financial status, income, etc.
Commonly enhanced due diligence includes collecting information about:
Transactions pattern and any unusual transaction
These EDD measures are designed by businesses as per their risk appetite. It is partially based on regulations and compliance protocols.
Who Needs KYC Compliance?
As per the regulations of global regulatory authorities. The companies around the world are required to perform in-depth identity verification on their customers to eliminate financial crime at an organizational and international level.
As per the global regimes on KYC and AML, the following are major businesses and industries that are liable for KYC and AML compliance.
Banks and all their subsidiaries
Businesses in FinTech, online payment solutions, money transmitters, etc.
Virtual currency businesses
Dealers of precious metals
Real estate sector
Non-bank mortgage lenders
Casinos and online gaming
Real estate sector
Non-bank mortgage lenders
Regulatory Authorities Around the Globe for KYC and AML
The major regulatory authorities that develop, recommend and implement KYC and AML compliance regimes around the globe are as follows:
FATF (Financial Action Task Force) is a global authority that collects and analyzes money laundering and terrorist financing data from the globe and gives regulatory recommendations based on its findings. It has 190 member countries.
FinCEN (Financial Crimes Enforcement Network) is a bureau of the USA treasury department that collects the financial transactions data and uses it for financial crime mitigation and international level.
FINTRAC (Financial Transactions and Report Analysis Center) is a regulatory authority in Canada, that collects and analyzes the financial crime data and works on the thorough implementation of KYC and AML rules in Canada.
FINMA is a swiss financial regulatory authority that supervises banks, insurance companies, stock exchanges, etc. The authority is responsible for the thorough implementation of Swiss KYC and AML regulations in the institutions liable for regulatory compliance.
Europol is a European Union authority that works on anti-money laundering and mitigation of financial crimes like terrorist financing.
Global KYC and AML Regulations
The regulatory authorities around the globe are different in many countries, and there are some global watch dogs as well to bring the countries on one page for counter criminal activities. Most countries have their own regulatory authorities for designing and implementing KYC and AML regulations. But all the regulations have a few things in common, which are minimum requirements of KYC/AML compliance. Global and local businesses need to comply with those regulations at minimum to prevent non-compliance penalties.
Below are major KYC and AML regulations practiced in major states in the world like the USA, UK, Canada, China, etc. These regulations are practiced in other states as well with some variations.
The reporting entities are required to screen the identity of their clients before starting any relationship with them.
KYC and AML screening must be performed regularly on all customers.
Customers should be given risk rating and necessary measures of additional screening should be practiced to cater to excessive risk.
A proper record of KYC and AML screening must be maintained.
Transactions (local/international) above the minimum transaction threshold must be reported to the concerned authorities.
Penalties are charged in case of non-compliance.
For AML screening, the clients must be screened against international sanction lists, terrorist lists, PEPs lists, etc.
Some countries require the reporting entities to maintain an AML department and to hire AML officers as well for thorough compliance.
Due to global risk, businesses are required to develop some sort of global risk cover. Like KYC/AML screening software that could verify people from every corner of the world.
Major updates in Global KYC/AML Laws
Amendments in Canada’s PCMLTFA rules
Canada also changed its KYC and AML regimes to collaborate with the global regulations of FATF. It amended its PCMLTFA rules. FinTRAC, the independent regulatory body in Canada, will be responsible for the thorough implementation of these rules. Digital KYC will be possible as scanned copies of documents can be used for KYC verification of the customers. Money service businesses and virtual currency businesses will be added to reporting entities and they will have to follow KYC and AML regulations just like the typical fiat currency businesses.
The USA expanding its Counter-Terrorism Powers
The USA also changed its KYC rules to cater to increasing money laundering and terrorist financing. It expanded its counter-terrorism powers and now targets the international financial institutions around the world that aid the terrorist groups working in the U.S. Also it added three Korean groups, namely, Bluenoroff, Lazarus Group, and Andriel into sanctions lists. These groups were involved in the global cyber attacks on financial institutions.
UK MLA Amendments
The UK also amended its KYC and AML regulations and expanded the scope to an international level. The Money laundering Act (MLA-2017) of the UK was amended. The UK-based businesses will practice the MLA rules in their international affiliates operating in non-EEA states.
The EU 5AMLD and 6AMLD
The EU implemented its Fifth Anti Money Laundering Directive (5AMLD) in 2018-19. 5AMLD reduced the transaction and deposit limit on the prepaid cards. If the card holder will deposit or make a transaction of above EUR 150 the prepaid card provider will have to run KYC and AML on its customers. This limit is EUR 50 for online transactions.
6AMLD is an extended effort to harmonize AML/CFT regulations in the EU region. 22 predicate offences are provided in the official journal of 6AMLD and the new regulations are pushing reporting entities to go the extra mile in their effort to prevent financial crime in their authority area.
FINMA gave banking certificates to Crypto Banks
FINMA and Swiss regulatory authority issued banking certificates to pure-play cryptocurrency banks. Tight KYC and AML regulations are imposed on these banks.
FATF recommendations for Crypto, legal and precious metal dealers
FATF also gave some recommendations in June 2019. As per the recommendations, the member states are required to implement KYC and AML regulations on virtual currency and legal sector. These businesses will be required to follow the same regulations as financial institutions.
The above discussion shows that fraud and financial crime is a global threat that affects not only the businesses but also the economies. The rise of internet and FinTech created loopholes in the previously prevailing KYC and AML laws. Even if a business is a victim of a phishing scam it will have to bear some sort of financial loss in the form of penalties, profit loss, recovery expenses, etc.
Hence the reason why regulatory authorities around the globe are joining forces against money launderers, terrorist financiers, cybercriminals and identity thieves.
So, the businesses are obliged to exercise KYC and AML compliance for several reasons. KYC and AML compliance help businesses in multiple ways.
Benefits of KYC and AML Compliance
1- Fraud Prevention
One of the major reasons why businesses perform KYC screening on their customers is fraud prevention and risk prevention. Fake or stolen identities are used by fraudsters to conduct their illegal activities anonymously. Mostly the victim businesses and institutions are targeted for financial gain.
Some common frauds with businesses are account takeover fraud, money laundering, terrorist financing, phishing scams, etc.
KYC and AML compliance help businesses with effective risk management. Once the risk is identified, KYC verification helps in seamless and thorough implementation of fraud prevention measures. Because designing risk prevention strategies is the first step, KYC and AML screening helps in reaping the benefits of such strategies.
2- Regulatory Compliance
As mentioned above most of the businesses around the globe are liable for KYC and AML compliance. KYC and AML are not limited to developed and prosperous countries. Global regulatory authorities are expanding the scope of KYC and AML regulations to eliminate money laundering at a global level.
For instance, recently FATF, a global regulatory authority included new members in its member states. The newly added countries are not developed countries but are the ones with a high rate of financial crime. Other than that most of the countries have their own KYC and AML regulations and regulatory authorities for their thorough compliance. Some major authorities are mentioned above.
Regulatory authorities have the right to charge high penalties to the reporting entities in case of non-compliance. KYC and AML compliance practices help businesses in preventing any such penalties.
3- Secure Customer On-boarding and Customer Retention
Going KYC compliant helps businesses in developing a secure customer base. Screening the clients before onboarding shows its commitment towards securing the interest of all the stakeholders.
The research in 2018, found that 66% of the customers feel more secure on online platforms that use security protocols. Performing KYC and AML screening on clients gives a positive message to the customers that you have them covered against fraudsters. Showing your security concern through visible security protocols helps in retaining clients. The same research found that a lack of visible security is the major reason why clients abandon an online transaction, globally.
4- Credibility and Growth
KYC and AML compliance help organizations in gaining credibility and market value. Compliance with regulations help in gaining global acknowledgment, and market share. On the other hand, non-compliance with KYC regulations will leave loopholes for fraudsters that will be exploited by the fraudsters.
In case of non-compliance businesses not only face profit loss they also lose their credit rating in some cases. For example, one of the Swedish banks involved in a money-laundering scandal in 2019 lost its credit rating and market value.
So, KYC compliance helps in gaining retainable growth as KYC verification helps in onboarding only legitimate clients. Also, customers stay for a long time if the business offers good security protocols. So, it helps the business to retain and grow its market value and credit rating.
5- Real-Time KYC: An All-In-One Solution
Real-time KYC is when the customers are verified in real-time through the internet. In real-time KYC and AML screening, the customers are verified within a minute without using any physical document verification.
Identity verification is done through face verification, ID card verification, document verification, 2-factor authentication, etc. AML screening is also conducted along with KYC screening by verifying the information of the end-user with global watchlists, sanction lists, and PEPs lists, etc. So, it helps the businesses in eliminating a huge risk within a minute.
Real-time identity verification and KYC/AML screening solution can be customized according to your compliance budget. On average Shufti Pro offers a 20% low cost as compared to the market rate. Also, real-time verification is less costly as compared to manual verification. No need to hire extra employees or building new infrastructure to accommodate huge compliance department.
2- Frictionless Procedure
Real-time identity verification can be performed within 30 seconds. So it helps in attaining a frictionless KYC and AML compliance.
It helps the businesses in KYC and AML compliance as the whole process of KYC and AML screening is swift and effortless, from the API integration to the verification of the end-user. The end-users will not have to change several windows or webpages for verification.
A real-time identity verification solution provides high precision in results. Although the verification process is completed within a minute but it does not affect the verification results. Shufti Pro delivers a 98.67% precision rate in its identity roofing results.
4- Global Coverage
KYC and AML screening done through AI-based solutions deliver global coverage in risk prevention. The software verifies the information with global databases and screens the information written in all major languages used in Identity documents.
KYC and AML compliance is a global phenomenon, businesses need a compact KYC and AML screening solution to comply with global regulations. Developing an in-house KYC/AML screening solution is not suitable because it is a huge investment. It requires top-notch resources and global coverage for thorough compliance. Hence the reason why most of the businesses around the globe, especially those with a global clientele are using outsourced KYC/AML compliance solutions.
API integration is very easy and swift. All major programming languages are supported and integration can be done with a website and online portal or an app. So, outsourcing proves to be feasible for businesses in all aspects.
Process of Real-Time KYC
First of all you will design your KYC/AML screening solution as per your budget and adds the services that you wish to receive as part of your KYC or AML screening solution. Then comes the integration of your business platform (website, app, online portal) with that of Shufti Pro’s system through API integration. On completion of the integration, the verification process starts. Either the new customers are verified or the previous ones are also verified through batch screening.
For verification, the customer enters the data, and shows its ID card along with its face. So the verification is performed in real-time. After verification the results are shown on the screen and updated in the back office provided to the customer.
Security breaches are increasing in number with every passing day. This keeps on happening. It would seem like every company should be taking their data security very seriously. After all, a data breach typically costs millions of dollars and tarnishes the company’s reputation.
According to Bitdefender, six in every ten businesses have experienced a data breach at some point during the last three years. Infosec professionals are acutely aware of the risks their organizations face with more than 58% worried about the organization in the face of a global cyberattack. In fact, the rest 49% confessed that they were losing sleep over it.
Human error can be a cause of 90% of data breaches
According to research half of the businesses around the world suffered a data breach
Data breach experience makes them more employable according to chief information security officer (CISO)
DoorDash Suffers Major Data Breach:
DoorDash a food delivery company confirmed a huge data breach a few days back, almost 5 months after it occurred. It was almost a year that users started complaining about their accounts being compromised inexplicably. The company confessed that 4.9 million customers, delivery workers, and merchants had their information stolen by hackers.
The breach took place on May 4 but users who made accounts after April 5, 2018 were safe by this breach. Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen. Both delivery workers and merchants had the last four digits of their bank account numbers stolen. The cherry on top is that around 100,000 delivery workers also had their driver’s license information stolen in the breach. Doordash was unable to explain the breach at that time but later said that the incident occurred through a third-party service.
The Damage a Data Breach Can Do
A data breach can drastically affect an organization’s reputation and financial bottom line. No one has forgotten about devastating data breaches of Yahoo which reported two major data breaches of user account data to hackers during the second half of 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Other organisations such as Equifax and Target have also been a victim of a data breach. Today, many people associate those companies with a data breach only instead of their actual business operations. So a data breach can make business loss not only their reputation but also identity.
Different Types of Data Breaches and the Sources:
Different sources define different types of data breaches. Here, I group them by the root cause:
Hackers use malware, phishing, social engineering, skimming and related techniques to gain access to protected information.
Theft or loss of devices
Laptops, smartphones, thumb drives, and other data storage media can be lost, stolen or disposed of improperly. If they contain protected information and it ends up in the wrong hands, that’s a data breach.
Employee data theft or data leak
Employees, especially those who are leaving soon, might deliberately access protected information without authorization with malicious intent. This can be major reason for the data leak.
Mistakes happen, and people are negligent. Employees may accidentally send proprietary data to the wrong person, upload it to public shares or misconfigure servers where it is stored. Not having any good method for ID verification can also make company data to fall prey to cybercriminals.
Tips to Prevent Data Breaches:
To prevent loss of millions and the company’s reputation due to data breaches, following preventive measure should be taken:
Limited Access to Valuable data
Previously data access was given to all the employees. Companies are learning the hard way now and limiting access to crucial data. This narrows the pool of employees who might click on the harmful link. Only those who actually need access will be given, this is the common-sense solution companies probably should have been doing all along.
Know Third-party vendors
Every company does business with a wide array of third-party vendors. It’s more important than ever to know who these people are. What if the guy who delivers office supplies just got out of prison? It’s something to think about. So always adhere to KYC regulations not only for your clients but also for third party businesses you are going to take services from. Verify who you are dealing with. In addition, be sure to provide limited access to the types of documents these vendors can view.
Though precautions like this can be a hassle for the IT department, the alternative could be a multi-million-dollar data breach. Demand transparency for those companies that are allowed to view your important data. Make sure they are complying with privacy laws; don’t just assume. Ask for background checks for third-party vendors who must enter your company on a regular basis.
Conduct Employee Security Awareness
Studies revealed that employees are the weakest in the data security chain In spite of training, employees open suspicious emails every day that have the potential to download viruses. One class of training is never enough. Regular classes should be conducted to safeguard important data once a month or more frequently.
Update Software Regularly
Regularly update all your software applications and operating system. Professional recommendation is to install patches whenever possible otherwise network is vulnerable. Microsoft has launched a product in this regard which is known as Baseline Security Analyzer that can check and ensure all programs are patched and updated.
Cryptocurrency was the talk of the day in the months and even years leading up to the present weeks. Very recently, we have seen a drop in the mentions of cryptocurrency in online world. In early 2018, the value of cryptocurrency and tokens in the market was above $800 billion. This number has dipped below $180 billion, showing a fall of more than 75% in the previous 5 months.
Lack of Compliance to Regulations in ID Verification
The non-compliance to the laws set forth by national and international watchdogs with regards to AML compliances and KYC regulations has definitely been a major push for the downfall of the use of cryptocurrency, globally. There were high risks associated with the crypto trading because the KYC and AML regulations during the ID verification process were not being complied with, majorly. One reason may be the lack of awareness for the need of an automated identity verification system when trading cryptocurrency. Whatever the case may be, the crypto market has not proved to be safe enough for blockchain businesses and online platforms due to the increased rate of scams and frauds.
Another reason was the irreversible nature of the cryptocurrency transactions. This made it an easy target for people looking for a perfect means of money laundering – an ungoverned method of money transfer, i.e. cryptocurrency. Online and blockchain businesses found this to be a major issue. They found it tedious and cumbersome to take necessary steps for KYC and AML compliance for ID verification. Some of the countries had a specific set of rules that needed to be followed by the companies under their jurisdiction, in addition to the basic KYC and AML regulations. This put a lot of unwanted burden on businesses, which lead them to drop the idea or usage of cryptos and blockchain for their ventures, be it for a token sale or general payment transactions.
An American Economist, Mr. Rogoff said,
“I think bitcoin will be worth a tiny fraction of what it is now if we’re headed out ten years from now. Basically, if you take away the possibility of money laundering, tax evasion, its actual uses as a transaction vehicle are very small.”
(An interview with CNBC, quoted by express.co.uk)
This has proved to be surprisingly true as the situation stands today.
Stabilizing cryptocurrency through conventional Financial Regulations
The KYC and AML regulations are enforced by the FATF, an international organization responsible for the fight against terrorism and criminal activities. Their major regulation with regards to the cryptocurrency is centered around the idea that a money trail needs to be left behind, because if that is done, then money laundering can be prevented by tracing it back to the origins.
This can be done by the successful integration of KYC and AML solution in the systems at the banks, financial institutions, online businesses, payment processing platforms, blockchain businesses, etc. All the transactions in the crypto space are through wallet addresses and do not require personal details of the sender or the receiver, like name, DoB, etc. This further leads to the anonymity of transactions, and the laundered money is even harder to trace back to the source.
With KYC and AML services installed in the system, before every transaction is processed or the money is received by an individual, they would be required to go through an identity verification process, which would act as a record of their involvement in the process.
The Shift of Physical and Online Businesses to Blockchain
Another solution to stabilizing the cryptocurrency can be shifting the digital businesses to blockchain technology. The blockchain is a ledger that keeps a record of all transactions that occur. Even though with blockchain we can trace the transactions back to their original source, that alone is not enough to make exchanges secure. There are a lot of ways to dupe the blockchain system without the integration of KYC and AML integration in the ID verification system.
Merely recording the details of transactions does not ensure that the person performing the exchange is the same as the one whose credentials, account or identity are being used. In order to makes sure that the sender and the receiver are who they say they are, there needs to be an identity verification system in place. This system should be able to identify a person based on their ID documents and facial features. Many AML softwares also run the sender’s credentials against sanctions lists, watchlists and global government databases to screen for PEPs in criminal and terrorism lists.
If the person clears all the checks, only then can the transaction be processed. This not only leaves a proof in the form of images or videos but also helps the businesses keep a track of where their exchange went sideways. All in all, it will suffice to say that inclusion of KYC and AML in the ID verification process, along with a more controlled, and governed blockchain-based businesses can definitely help bring cryptocurrency back.