• International AML-CFT Standards
• The U.S. Bank Secrecy and PATRIOT Acts
• The U.K. POCA Act and FCA Compliance
• The EU AMLDs and eIDAS Guidelines
• COAF and BCB Identity Verification Compliance in Brazil

In the past two decades, the concepts like global AML regulations and identity verification compliance have begun to gain much attention, mostly in the wake of the 2001 United States terror attacks that brought in laws such as the US PATRIOT Act, making the identity verification of individuals and businesses compulsory as part of AML-CFT measures.

This article spotlights how international organizations like FATF, EU AMLD, and sanctions bodies like OFAC eventually became prominent with important overhauls in identity verification requirements for banks and regulated sectors to combat the growing nuisance of money laundering and terrorism financing.

International AML-CFT Standards

The Financial Action Task Force (FATF) is an international AML-CFT policy-making body that sets global AML regulations. The 40 FATF AML and 9 CFT Recommendations are the pillars of international AML CFT standards. The 40 FATF AML Recommendations comprise guidelines on customer identity verification, risk-based KYC, Sanctions, PEP, and confiscating of assets.

Alongside verification of individuals and entities, FATF underscores the gravity of transaction monitoring and setting up Financial Intelligence Units (FIUs) by each FATF member nation. The financial and obligated institutions must monitor their customer transactions in real-time and submit Suspicious Activity Reports (SARs) and Suspicious Transaction Reports (STRs) to the state FIU for advanced scrutiny.

To combat the growing money laundering threats at the onset of virtual assets/cryptocurrencies, FATF has set forth Crypto Travel Rule to ensure the origins and movements of virtual currencies/tokens are monitored to combat money laundering predicate crimes linked to anonymous crypto transactions.

In addition to FATF, other international identity verification compliance-setting bodies observe identity verification requirements in banking and financial institutions. These institutions are the Wolfsberg Principles, Egmont Group of Financial Intelligent Units, Basel Committee on Banking Supervision, and FATF local chapters known as FATF Style Regional Bodies (FSRBs).

The U.S. Bank Secrecy and PATRIOT Acts

In the United States, the 1970 Bank Secrecy Act (BSA) forms the core of AML-KYC compliance; over the years, the BSA Act has evolved from time to time. The two most important thresholds for AML reporting under the BSA mandate are the Currency Transaction Report (CTR) and Suspicious Transaction Report (STR).

In the United States, the US PATRIOT Act 2001 mentions the state’s identity verification requirements, such as the Customer Identification Program (CIP), Customer Due Diligence (CDD), and Enhanced Due Diligence (EDD) for individuals and organizations.

The Bank Secrecy Act (BSA) authorities work with the Office of Foreign Assets and Control (OFAC) to impose various domestic and international sanctions on individuals, trade, and organizations. On the other hand, the Financial Crimes Enforcement Network (FinCEN) acts strategically with the U.S. AML authorities to disseminate BSA regulations.

The U.K. POCA Act and FCA Compliance

In the United Kingdom, KYC, CDD, and Transaction Monitoring measures are the three-core AML compliance that regulated businesses must follow. Proceeds of Crime Act, POCA 2002 defines all money laundering predicate crimes in the country. Additionally, the Sanctions and Anti Money Laundering Act, SAMLA 2018, gives the U.K. AML authorities the right to impose prompt sanctions against non-abiding entities and potential high-risk individuals.

The Financial Conduct Authority (FCA) is an important regulatory body that sets and examines the banking and financial sector’s AML compliance program in the U.K. The FCA works with Her Majesty’s Revenue and Customs (HMRC) to set AML-CFT standards for all the non-financial regulated sectors in the U.K.

The EU AMLDs and eIDAS Guidelines

Within Europe, the European Union (EU) Anti-Money Laundering Directives (AMLDs) are followed by the member states. The EU AMLD sets shared AML regulations based on regional typologies, and these guidelines are mandatory for the member nations to comply. The EU AMLDs recommend important AML-CFT guidelines, including risk-based intelligence, virtual assets rules, Politically Exposed Persons (PEPs), bribery, and corruption measures.

The EU adopted eIDAS guidelines in 2014 to homogenize digital identification and electronic signature and to ease inter-European business processes. The electronic IDentification, Authentication and Trust Services (eIDAS) brings remote video identification compliance for digital reforms in the EU and establish the region as a ‘Digital Single Market’.

COAF and BCB Identity Verification Compliance in Brazil

Money Laundering crimes linked to narcotics trafficking have been extensively prevalent in Latin American nations. The Brazilian Central Bank (BCB) works with the Conselho de Controle de Actividades Financieras (COAF) in Brazil, the largest South American economy, to bring AML reforms. The COAF is the main AML-CFT authority in Brazil that guides identity verification requirements, sanctions, PEP, adverse media, and transaction monitoring compliances to the financial and obligated sectors.

To learn more about international AML-CFT standards and your industry identity verification compliance, you may contact our IDMerit AML-KYC compliance officer. Thousands of businesses worldwide use IDMerit products and services; we ensure our clients always keep up with the global AML regulations and remain AML regulatory compliant with national and international standards.

The post Major Global AML Regulations and Identity Verification Compliance appeared first on IDMERIT.

Trade-Based Money Laundering (TBML) exploits international trade and trade finance systems for laundering illicit proceeds. It involves a series of schemes for TBML, including falsifying invoices, commodity misclassification, forming shell companies, forging trade documents, etc., for illegally moving funds across the continents.

Currently, international financial institutions estimate $2 trillion worth of trade, out of around $20 trillion, to get laundered annually in the form of Trade-Based Money Laundering. Customs fraud is mainly synonymous with Trade-Based Money Laundering. Customs manipulations like price, quantity, and quality alterations in the import/export of the goods are involved in the TBML of illicit bulk cash across nations. This blog sheds light on the TBML methodologies, TBML red-flag indicators, and its regulatory compliance policies.

Widespread TBML Methodologies Exploited by Money Launderers

Over Invoicing, Under Invoicing – When an exporter receives more money than the value of goods sold to an importer, it’s over-invoicing. On the other side, when an importer receives more money while selling the goods in the local market after buying them at an unvalued price from an exporter, it’s under-invoicing. Both the instances trigger an extra value transferred via trade between the parties as money laundering.

Multiple Invoicing or Carousel Transactions – A money launderer misuses the legal system to produce multiple invoices for the same shipment by complicating the payments with more than one financial institution. It’s a typical multiple-invoicing method for legitimizing one payment more than once and integrating illicit money into the financial system.

Over Shipment, Under Shipment – The trade involves misrepresenting the number of goods; the over and understatement of items give the money launderers a scope to process excessive payments of illicit money.

Inferior Shipment – It involves exporting cheaper quality goods with falsified invoices and submitting bills for relatively costly goods to customs.

Front Fake Commodities – The shipment of commodities does not match with the business classification, and the trade is made to transfer the illicit money value rather than the actual goods.

Shell Companies – Offshore companies, acting as front or shell companies for organizations involved in sending excessive funds across the continents. For years, law-breakers have preferred shell companies as camouflage to facilitate TBML activities. At times, it may so happen that established companies make their foray into an entirely distinct market segment to divert their income via shell operations.

Phantom Shipment – There may be no shipment at times, and the invoices are still generated and bills passed in the customs.

Major TBML Red-Flag Checks for Customs and Financial Institutions

A joint effort of Egmont Group and Financial Action Task Force (FATF) to combat the worldwide TBML activities has set-forth imperative red-flag checks on this trade-based financial crime.

Common Anomalies – International trade-related activities involve a lot of paperwork. All the more challenging is that the financial institutions are only exposed to the official documents and not the commodities in trade. So, on the face of it, common TBML red flags involve finding anomalies in product pricing, irregular product description, and price matching with the product quantity and quality standards.

Unnatural Transactions – Financial institutions must keep a regular Transaction Monitoring on the trade activities of the parties involved; the monitoring includes the nature of transactions, business locations, background checks, the characteristics of the traded goods, etc. Unusual transactions also consist of substantial below-threshold cash payments and inexplicable third-party payments.

High-Risk Jurisdictions – Businesses set up in jurisdictions with weak AML-CFT regulations, suspicious addresses, with an indistinct online presence. All the mentioned red flags give a clear indication of out-of-sync business activity. Such entities generally have unstructured business operations with no proper payroll, marketing, advertisement, or accounting reports.

Free-Trade-Zones (FTZs) – The customs-free nature for bringing liberalization in global economic activities has paved the way for acceleration in the TBML activities as criminals are continually exploiting the eased-up trade barriers in around 3500 ports worldwide. Trade activities at the FTZs are more vulnerable to being misused for laundering money.

How Regulated Institutions Must Remain AML-CFT Complaint

Risk-Based Model – Financial Institutions (FI) must follow regulatory Customer Due Diligence (CDD) and keep their Know-Your-Customer (KYC) records updated. It is on the part of the FI to conduct proactive Enhanced Due Diligence (EDD) on the potential high-risk clients with stringent identity checks and transaction monitoring. In addition, the records must be kept updated and presented to the Financial Intelligence Unit (FIU) authorities on suspecting unusual trade activities.

Transaction Monitoring – The financial institutions that handle large trade-related activities must monitor their clients in real-time. All Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) must put the financial authorities to alarm. A series of SARs and STRs trade datasets also help establish emerging TBML typologies for predictive analysis.

AI-Based Machine Learning Algorithms – All leading financial institutions utilize the best-in-class data analytics technology to monitor transactions. The Artificial Intelligence-based rule engine algorithms instantly trigger unusual events to discover trade-related suspicious activities occurring across the businesses in real-time.

Know-Your-Business (KYB) – The financial and other regulated institutions must regularly check on the businesses they are doing business with. Know-Your-Business (KYB) involves business identity verifications for genuine business onboarding. At the same time, the regulated financial institutions must authenticate the Ultimate Beneficial Ownership (UBO) for both individuals and businesses involved in trade transactions.

Sanctions, PEPs and Adverse Media – The compliance officers must screen businesses and individuals against Sanctions and PEP lists. In addition, adverse news about the owners and entities across the press and online media indicates brewing illicit activities somewhere down the line.

Conclusion 

Given the scope plus volume of today’s trade, masking illicit gains with trade-based activities has become easier for the launderers. Furthermore, there are fewer initiatives taken in the TBML AML-CFT methods than in other money laundering methods. It has been believed that the global trade system is so complex – involving many deterrents and regulatory sluggishness – that it has made laundering money for criminals and terrorists more convenient via global merchandising activities.

The unrestrained threat of Trade-Based Money Laundering has given this financial crime an Advanced Persistent Threats (APTs) risk status, which is otherwise mostly used for cybercrimes. If you are a financial or regulated institution seeking AI-Based client behavior tracking, document verification, and suspicious transaction reporting solutions to fulfil your business compliance, schedule a call with the IDMerit AML solution advisor. We offer best-in-class Fraud Protection and KYC-KYB Compliance solutions to businesses worldwide.

The post Important AML-CFT Procedures to Combat the Unrelenting Threat of Trade-Based Money Laundering (TBML) appeared first on IDMERIT.

1. The Wolfsberg Principles
2. The Egmont Group of Financial Intelligent Units
3. Basel Committee on Banking Supervision
4. Transparency International
5. Economic Sanctions

The Wolfsberg Principles

Wolfsberg gained prominence in the AML Compliance domain after its publication of ‘Global Anti-Money-Laundering Guidelines for Private Banking’ in October 2000. In 2002, the organization added important measures to its standards against the rising threat of terrorism financing; the Wolfsberg publication had been marked as a ‘gold standard for the Know-Your-Customer (KYC) regulations to countercheck ML-TF risks across the global financial institutions.

Over time, the Wolfsberg chapter brought together the 13 dominant private banks, drafting their mutual Customer Due Diligence (CDD) values, followed by the Due Diligence Registry. These 13 global banks are

1. Bank of America,

2. Banco Santander,

3. Barclays,

4. Citigroup,

5. Credit Suisse,

6. Deutsche Bank,

7. Goldman Sachs,

8. HSBC,

9. J.P. Morgan Chase,

10. MUFG Bank,

11. Société Générale,

12. Standard Chartered Bank, and

13. UBS.

The Wolfsberg CDD measures are cited alongside the FATF, Basel Committee, and Transparency International CDD standards. Though it’s voluntary for any private banking organization to adopt Wolfsberg Principles, the risk measurement, screening, and monitoring strategies mentioned in its guidelines are highly recommended for the global banks to check ML-TF threats within the financial systems. In addition, the organization conducts periodical meetings on policies and action plans with financial bodies like the New York Clearing House, the European Banking Federation, International Banking Federation, and SWIFT. These mutual interactions have been able to control crimes and corruption tremendously in the financial sector.

Notable Wolfsberg’s publication and standard measures are on the following subjects. –

The Egmont Group of Financial Intelligent Units

The Egmont Group of Financial Intelligent Units was founded in 1995 in Belgium, Brussels. The Egmont Group is an international body that ensures that different state Financial Intelligence Units (FIUs) align with the FATF recommendations to combat money laundering, terrorism finance, and proliferation of weapons of mass destruction. In addition, Egmont Group bridges the communication amongst various FIUs with its technical expertise like Egmont Secure Web (ESW), that foster secure and transparent sharing of AML-CFT information. Currently, this international body has over 150 member nations and up to 22 observers.

Various intra-governing groups within the Egmont Group are — The Heads of FIUs (HoFIUs), the Egmont Group Secretariat, the Egmont Committee, and the Regional Groups and the Working Groups. In addition, the internal groups have a delegation of activities, including Legal Working Group (LWG), Training and Communication, Outreach, Operational Working Group (OpWG), and IT Working Group (ITWG).

The Egmont Group is most known for its AML-CFT measures to control Suspicious Transaction Reporting (STR) and Trade-Based Money Laundering (TBML).

The post International Standards and Guidelines on AML, KYC, CDD, Sanctions, and Customer Identification Programs appeared first on IDMERIT.

1. What is KYC Compliance?
2. Laws Governing KYC Compliance
3. Requirements for a Client-Centric approach to KYC Verification Process
4. Components of a Client-Centric approach to KYC Verification Process
5. How IDmerit can help with its KYC Compliance Solutions?

The concepts behind Know Your Customer or Know Your Client (KYC) has been around since the early 90’s as the finance industry in different parts of the world attempted various methods to validate ID. As technology grew and ease of doing business became more mainstream, fraud rose and the financial industry reached out to governments for a more definitive identity verification solution. Many governmental regimes answered the call and began issuing regulations, but there were always the issues of increased friction in the customer onboarding process and lack of effective ID validation systems.

At the onset of KYC verification, e-commerce, Business to Business (B2B), and other industries were not taken into account. KYC compliance mainly dealt with the financial industry, but luckily for regulators, the KYC creators left room for adjustment and growth. And with the focus being shifted to Anti-Money Laundering (AML), KYC became part of AML compliance. Doing this strengthened the need for KYC verification, but drowned out its importance, customer awareness and still didn’t rectify the issues of friction or digital identity management.

What is KYC Compliance?

In the beginning, Know Your Customer (KYC) consisted of guidelines that only required financial services (e.g. banks, brokerage companies, insurance, mortgage houses, etc.) to verify the identity, exercise due diligence, and possible risks involved in doing business with an individual. Now, KYC compliance laws encompass a wide range of businesses from different industries. Including Fintech (cryptocurrencies, online payment providers, and SaaS), Real Estate, Health Care, Gaming (e-gaming platforms like poker, lottery, etc.), legal and precious metal, and art dealers.

KYC is now part of the regulatory AML compliance obligations of financial and non-financial organizations. Obligated entities develop their customer identification processes and verify their customers according to the regulatory guidelines. Achieving KYC compliance helps businesses prevent penalties, fight fraud, and mitigate financial crimes such as money laundering and terrorist financing.

Laws Governing KYC Compliance

Separating KYC from AML compliance laws at this stage isn’t plausible because the objective of KYC isn’t just to validate ID, but to prevent fraud. Basic customer due diligence sometimes isn’t enough to combat or even deter fraudsters. Therefore KYC often needs the backing of AML compliance which requires sterner measures, penalties and enhanced due diligence.

Despite the introduction of regulations, the KYC verification process isn’t standard across the globe. This is mainly due to the loophole that gives banks and other financial institutions the right to adjust for due diligence according to their needs and not every country’s law covers all aspects of digital identity management. Due to the ambiguity in the law and execution by financial institutions, automated KYC isn’t even a requirement in a few countries, making the entire KYC verification process overbearing for the customer.

Because KYC compliance laws are a part of AML compliance regulations they are influenced by the recommendations of the intergovernmental organization, Financial Action Task Force (FATF) or its French name, Groupe d’action financière (GAFI). Below is a list of some KYC governing agencies and the laws implemented around the globe.

Financial Crimes Enforcement Network (FinCEN) – As part of its mandate given by the US Department of the Treasury, FinCEN serves as the Financial Intelligence Unit (FIU) in the US with the mission to safeguard the financial system from illicit use. Through the provisions of the US Patriot Act, the Bank Secrecy Act (BSA) requires the reporting entities (primarily banks) to take necessary measures for ID validation and to report suspicious activities to FinCEN.

Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) – Represents Canada’s FIU and is responsible for the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). The PCMLTFA Act of Canada sets the KYC verification requirements, global money handling, and processes and regulations for any industry that receives legal tender transacts goods or handles cryptocurrencies and other digital forms of payment. All suspicious activities and potential breaches are to be reported by participating entities.

KYC Compliance and Money-Laundering Act

The Money Laundering Act – 2017 (MLA) of the UK falls directly under the jurisdiction of FATF and the Sanctions and Money Laundering Act and defines customer verification regulations for reporting entities. Within MLA there are exemptions for transaction amount limits, account balances, and repeat business. These exemptions assist in the ease of doing business within the United Kingdom but are not hard and fast for all foreign investors as financial institutions have the final say.

Autorité des Marchés Financiers (AMF) is the anti-money laundering regulator in France and under its remit sanctioned by the FATF and the European Union (EU) allows them to require to regulate, authorize, monitor, and where necessary, inspect, investigate and enforce the customer identity verification laws for financial businesses. Under the Anti-Money Laundering Directive of 2020 (AMLD5), Financial Markets Authority (AMF) strengthens the fight against terrorism financing.

Australian Transaction Report and Analysis Centre (AUSTRAC) implemented the amended Anti-Money Laundering Counter-Terrorism Financing (AML/CTF) Act of Australia in 2020 under the guidance of the FATF. Aside from counter-terrorism financing measures like monitoring the cross-border movement of money, the AML/CTF requires all parties involved in financial activity must follow AML and KYC compliance guidelines.

Notwithstanding the countries and regulators listed here, the implementation of more stringent AML/ KYC compliance requirements are a global affair. There are only a few detractors of mainly sanctioned countries that haven’t fully implemented either AML and/or KYC compliance laws. Under FATF and FinCEN, digital identity, global ID verification, e-KYC, corporate KYC, and automated KYC began taking center stage in KYC verification systems.

For customers, with the right digital identity management systems in place, this could mean the introduction of a more client centric approach to KYC verification and improved customer onboarding processes. However, all good things come at a cost, and banks, businesses, and entire industries need to re-educate their customers on the importance of KYC, refrain from reducing the process to a customer onboarding checklist, and invest in a secure Client centric approach to KYC verification process.

Requirements for a Client Centric approach to KYC Verification Process

Customer due diligence plays a key role in the KYC verification process. To understand how KYC works, comprehension of what constitutes due diligence and the varying levels of customer due diligence is needed. Different levels of assumed risk require different levels of due diligence.

There are three main types of customer due diligence that are based on a customer’s level of risk.

Simplified Customer Due Diligence

At the simplified level of customer due diligence, checks are performed for the initial stages of customer onboarding and do not require in-depth screening.

Basic Customer Due Diligence

Basic Customer Due Diligence or Standard Due Diligence (SDD) is carried out on all customers categorized as low or medium risk. Except in the case of Politically Exposed Persons (PEP) or famous entities, these individuals or entities are considered normal account holders with minimum level transactions.

Enhanced Due Diligence

Enhanced Due Diligence (EDD) is used for high-risk customers and these customers go through extensive screening, monitoring, and background checks for money laundering, terrorism financing, and corruption. Effective enhanced due diligence exposes the nature of the business and delves into Know Your Customer’s Customer (KYCC).

During customer due diligence, individuals and entities involved with sanction countries and on global watchlists are automatically reported to the relevant regulatory bodies, beneficiaries, and sources of income are identified. Due diligence is an important step in the KYC verification process and by performing extra checks, businesses and banks can keep themselves safe from bad actors and money laundering activities.

The KYC compliance process varies around the globe, but there are some common aspects of a great KYC verification process. Once your KYC verification system eliminates bad actors, reduces pain points in the customer onboarding process, and effectively handles digital identity management, it’s a success.

Components of a Client Centric approach to KYC Verification Process

This is not a customer onboarding checklist for KYC compliance. The goal of each of these components is to streamline the KYC verification process and make it easier for businesses to put KYC policies into practice. There will still be room for risk assessment and ID validation without lengthy processes or complex systems. In essence, all the components of basic customer due diligence still apply as well as robust features for enhanced due diligence and automated KYC.

Mobile Identity Verification for Customer Onboarding

Banks and other financial institutions seem to be holding up progress when it comes to mobile identity verification. Many businesses, especially those online, have begun the transition to mobile identity verification. Customers are mobile-ready and verifying identity using built-in smartphone biometrics to check age and account ownership and auto-complete forms with IDMautofill should be a normal part of KYC verification.

Knowledge-Based Assessment (KBA) only goes so far and in this internet and social media age, the answers can be readily found online. It is time the banks embraced biometric technology for their customer base. They don’t even have to own the hardware or software. Through a third-party digital identity management company, they can verify customers via mobile without drastic budget allocations or installing a new KYC verification system.

Behavior Monitoring During Transaction Screening

Do you think it’s normal to sweat profusely during a loan transaction? Of course not! But not every behavior red flag will be this obvious. When dealing with online customers, behavior monitoring gets a bit complicated. Add in synthetic identity fraud and it may be difficult to guess why this person is interacting with your business.

Ongoing behavior monitoring during transaction screening and monitoring can help you piece together the actions of your online user. At IDMERIT, we use a multi-layered approach monitoring various aspects of biometric behavior such as signature analysis and finger movements to validate ID. Biometric behavior monitoring isn’t standard KYC practice and its use can put you ahead of KYC compliance and bad actors.

Enhanced Due Diligence for Payment Services Providers

It was only recently in 2020 that payment gateways were getting the necessary regulatory overhaul to bring them into AML/ KYC compliance. Card issuers and customers were tired of holding their breath during every online transaction and so the revised Payment Services Directive (PSD2) was rolled out. As welcome as the change was for merchants and customers alike, not every payment gateway has taken the necessary steps to maintain global ID verification or tight customer onboarding measures.

Strong Customer Authentication (SCA) was meant to be a simple 3-step checklist to fulfill PSD2 directives. Using two-factor authentication, payment services providers can validate ID, however, like KBA, SCA has exemptions and loopholes. This provides way too many gaps for fraudsters plus there aren’t any heavy fines for non-compliance. That means businesses should treat payment services providers as high risk and enact enhanced due diligence for their own protection.

Retain Video and Document Verification Services

Document verification is one of the pet peeves of customers during the customer onboarding process. Without digitalization, it can be an outright nightmare. Video and document verification services should be a part of digital identity management to make customer onboarding faster and easier.

Customers are willing to forgo long lines in both banks and utility companies collecting and verifying identity through their official documents. Not only does IDMconnect help validate ID using utility documents, but the use of IDMlive also reduces the unnecessary health risk and exposure for vulnerable citizens. Using our document verification services which have access to government databases can provide clear, visual, and documental proof for KYC verification.

Automated KYC for Global Industries

In 2021, one should not still be making a call for automated KYC or e-KYC practices. At the cusp of 2022 automated KYC should be part of standard industry practices across the board for all industries. In a global technological era, where cars have started to fly, e-KYC should not still be waiting on international corporations to get on board.

The holdup on e-KYC is that large corporations are trying to figure out how to do it in the house when the financial industry and governments have already outsourced their KYC verification services. Granted, it is understandable that corporate entities wish to protect their stakeholders’ data and interests, the damage of improper KYC verification is far worse and can cost more in testing and financial damages in the long run.

Sadly, where large corporations lead, small to medium enterprises follow. It’s easier to seek out a digital identity management company that has experience in global ID verification and can verify corporate company records and CEO addresses. With automated KYC and biometric behavior monitoring included, the entire KYC verification process can be simplified yet effective against bad actors.

Using a third-party KYC verification service doesn’t mean you can’t maintain your risk profiles of high-risk customers nor will you lose access to key data. When KYC verification works it empowers businesses to fulfill their AML compliance and eliminate fraud across industries while offering a frictionless customer experience. Therefore execution and enforcement of KYC processes and policies is the key behind a successful KYC verification process and that’s what we provide at IDMERIT.

How IDmerit can help with its KYC Compliance Solutions?

Digital identity management was not something banks and other financial institutions were equipped to handle. Though the government had the information, their databases were sometimes incomplete, too spread out, or had limited access that would create nightmares in the customer onboarding process. The easier solution was to let third-party entities provide document verification services, global ID verification and assist in automating the KYC verification process.

This is where IDMERIT comes in and because of digital identity management companies like ours, you now have an easier route to KYC verification. We helped set the industry standards in KYC verification services through our IDMkyX platform. We perform mobile identity verification with device fingerprinting through smart devices and biometric behavior monitoring for the most impactful risk assessment process and onboarding experience.

Let’s prove how we can help you create a successful client centric KYC verification process. Contact IDMERIT today!

The post The Client Centric Approach to KYC Compliance – Know Your Customer appeared first on IDMERIT.

However, most individuals fail to determine the comparative distinctions between KYC and KYB. To start, KYB (Know Your Business) compliance shares each one of the major requirements found in KYC (Know Your Customer) compliance. They both share the same core objective and that is to follow AML/CTF regulations to make financial interactions safe and protected.

Both of the verification checks are stringent and meet compliance guidelines and, at the same time, they share a unique distinction. The distinction between both is the target that is being analyzed or attributes of that person or organization’s identity . 

What Does KYB Mean?

Also known as Know Your Business, KYB compliance checks seek to identify the veracity of businesses, companies, organizations and, in extended due diligence, monitor their financial transactions over time. These stringent checks verify a  business’ attributes, ownership, and other identifiable information to protect organizations from falling victim to any type of financial fraud. KYB compliance includes business verification which is followed by the submission of the verification data and some monitoring stages that are very similar to the KYC compliance process. The verification information is checked against data pulled from public archives and automated AML databases.

What Does KYC Mean?

Anti-money laundering compliance focuses on individuals who apply to open accounts at banks, financial institutions, or crypto exchanges to verify their financial backgrounds and past histories against any financial fraud/illicit activity to determine a risk score. These risk scores and profiles are extremely useful to banks and financial institutions and are meant to comply with stringent, and growing, AML legislation. 

The compliance and identity industries first focused on KYC, and as regulations increased, the industry pivoted to KYB and business attribute verification. KYC  digitization is more advanced than KYB. As technology and cloud computing became more prevalent, KYC became known as eKYC since its shift into the cloud and SaaS improved efficiency, lessened compliance costs, and took out the manual labor that used to slow down the verification process.

KYC To KYB: A Brief Background

Back before the introduction of KYB or KYC or their digitization, the financial fraud levels reached an epic proportion of total crime. According to the UN’s Office of Drugs and Crime, the global money-laundering rate was 2-5%, annually. There was no legitimate way to control individuals or businesses’ illegal financial interactions and major fraud cases despite the adoption of a few pieces of AML legislation.

In an effort to regulate and control financial crimes, the Bank Secrecy Act of 1970 introduced new AML guidelines, which were later incorporated into the 2001 USA Patriot Act. These guidelines were then embraced in 2003 and the term KYC was born. These guidelines were built to check the financial progression and transactions of individuals. They required financial institutions like banks to keep a diligent eye on all of their customers and follow specific regulatory requirements. KYC compliance proved to be successful however it left a loophole.

This loophole aided businesses’ UBOs and corporate owners. Banks weren’t required to check and verify the partners and representatives of the businesses they worked for so this left a huge opportunity for fraud and illicit activities to go unnoticed. Therefore, this implied that businesses could protect the personal information of financial criminals associated with them and perform illicit exchanges and activities and go unpunished. A famous incident that required an update in KYC compliance laws was the Panama Papers Scandal, which in 2016 eventually led to the birth of KYB compliance.

KYB & KYC: What Is The Distinctive Factor?

KYB and KYC compliance both follow the same causes, that is to regulate financial transactions and keep an eye on any potential financial crimes. However, the factor that sets them apart is their target scope.

● KYB: The regulatory guidelines in KYB compliance are followed by almost every industry as a massive fraud and Ponzi schemes have led to a crackdown on anonymous ownerships or shell corporations. KYB incorporates all business types and structures (S or C Corp) and is well-established throughout most industries including virtual service providers, money service providers, online businesses, the health and wellness industry, non-profit associations, and especially financial institutions/banks.

Business and Ownership Verification

In the standard KYB compliance procedure, businesses and companies are required to verify themselves as legitimate businesses by providing their own information and incorporating documents. Financial activities are then verified along with the identities of the business’ unique beneficial owners or their representatives.

● KYC: KYC compliance regulations require a more thorough verification of identity (depending on the new customers’ risk profile or geographical location). Banks are required to verify all new customers’ identities. Banks and financial institutions of all sizes have become huge proponents of eKYC regulations because it has led to the arrest and recovery of millions of dollars due to fraud and illicit activities.

Fundamental Requirements For KYB & KYC

Since KYB and KYC target different client types, data attributes that are verified are different. To register for verification, the core focus data remains the same, that is financial information and records.

For KYB

Since KYB targets businesses and organizations, its verification process requires information that includes a character report of the unique beneficial owner of the organization and that of all investors that hold a quarter share, each. The verification requirement includes:

●      Business Address

●      Recruitment Reports

●      Business Licence and Registration

●      Identification Documents of UBOs (directors and representatives)

For KYC

KYC focuses on individual customers of a bank that need to verify themselves by submitting identity and address records. These records solidify the financial character of the individual and help the bank to estimate the level of diligence they may require. The verification requirement includes:

●      A PAN (Permanent Account Number) card with a picture.

●      An ID card issued by the State.

●      Any Debit or Credit card issued by a bank.

●      A copy of utility bills such as electric bills with an address

●      Visa/Driver’s License with a digital picture.

KYB & KYC: The Digitization

After their introduction, KYC and KYB both had to go through several stages of experimentation by the financial institutions that employed them. They customized and altered the verification process to their needs but still, KYC and KYB remained labor extensive. To improve compliance, digitization was introduced to lessen manual labor and eliminate the chances of human error.

The digitization of KYB and KYC compliance includes the utilization of new advanced features such as Identity Verification, Virtual Verification, Online submission of verification records, Online Database, and AI-based Diligence. This digitization could undoubtedly forestall any slip-ups and improve the diligence procedure.

The progression in the digitization of KYB and KYC compliance is improving with each passing year as AI continues to get smarter. For instance, AI-based questionnaires aid in the process of business verification and take out the shortcomings and slip-ups that occur when registering new clients. The key elements of KYB and KYC compliance that have permanently been improved due to their digitization are:

AI KYB & KYC Registration

It is now customary for a renowned bank to employ an AI-based verification system that expands the proficiency of the registration process. It additionally decreases the expense that may involve hiring manual labor and cuts down the whole process and speeds things up.

This AI-based verification was first used for KYC compliance only, with the process requiring 25-30 days. Now, the same process is used for KYB compliance as well with the registration and verification procedure cut down to 5 minutes.

E-Archives For Business Registries

Before the digitization of KYC and KYB compliance, the records that were used to verify against the customers and businesses were physical and took up days to get through. Now banks utilize online archives that can store and protect the verification records of up to thousands of customers. This is an improvement that makes the compliance process faster and more efficient.

Advanced Due Diligence

The AI used for KYB and KYC diligence is sharp and precise, therefore improving the process of vigilance. This feature can monitor thousands of customers while efficiently providing information whenever the investigation officer looks it up by a couple of keywords. For instance, a business’s license number can be used to look up the database for that business.

Advanced diligence also includes microservices such as special APIs that can separate and check the information of a unique beneficial owner very quickly instead of taking days. These APIs are equipped for cross-referring to information across different data sets and public records that are filled in.

Virtual Identification For KYC & KYB

One of the major reasons that are causing banks and financial institutions to employ digitized KYB and KYC compliance is the efficiency that they provide. What first required in-person registration, now takes a single virtual call to accomplish. The virtual identification process has also encouraged individuals to register since they are aware of the efficient process.

The whole process can be finished in only 2–3 minutes, depending on how fast the identification software is. This virtual identification process can permit authorities to save and check the authenticity of the information provided by the individual. This process has reduced the potential of human error and cut down the hiring costs for banks.

Key Takeaways

KYB and KYC guidelines are carried out to infiltrate any individual whether alone or related to a business that is indulging in illegal tax avoidance and money laundering activities, while a side benefit for KYB includes the verification of businesses as well.

Financial fraud continues to grow with each passing day, therefore it is necessary for banks to monitor their clients. While they target different scopes of individuals, KYB and KYC follow the same cause. Other than detecting extortion these compliances strive together to make financial interactions, all around the globe more safe and smooth, while diminishing the rate of financial crimes. 

Follow our LinkedIn and Facebook pages for Anti-money laundering news and significant regulatory changes.

About IDMERIT

Headquartered in San Diego, California, IDMERIT provides an ecosystem of identity verification solutions designed to help its customers prevent fraud, meet regulatory compliance and deliver frictionless user experiences. The company is committed to the ongoing development and delivery of offerings that are more cost-effective and comprehensive than other solution providers. IDMERIT was funded by experts who have been sourcing data on personal and business identities across the globe for over a decade. This access to official and trusted data throughout the world has become increasingly important as companies find themselves completing transactions across borders as a standard course of business. www.idmerit.com

The post What is KYB and KYC? How does its compliance impact organizations? appeared first on IDMERIT.

 KYC, or Know Your Customer, is the process of verifying a customer’s identity to ensure they are providing accurate personally identifiable information (PII) as well as in order to understand their past financial behavior with previous institutions or money service providers. This process helps to ensure that the financial institution’s services are not misused for identity theft, money laundering, and the funding of criminal organizations. kYC ensures that organizations are both compliant and that customers with a suspicious financial background are not approved for an account at the bank or financial institution. 

It is now mandatory for all financial institutions or banks to administer identity verification as part of their KYC compliance. This quick KYC compliance checklist will assist your institution in developing a KYC compliance program.

What Is KYC Compliance?  

A KYC verification is conducted by a bank’s system, or through IDMerit’s identity verification system, whenever a customer applies to open an account. To have a smooth transaction process, they must verify themselves by going through an identity verification process. This process entails the customer submitting certain verification documents that authenticate their identity and financial background. This identity verification process brings to light any risk of potential financial crimes and assists banks and financial institutions with taking the appropriate action depending on the risk profile.  

How Does Proper KYC Help In Protecting Financial Institutions? 

The biggest approach to commit financial fraud and extortion is identity theft. People get away with committing these financial crimes by using a false or a fake customer background. This is where a robust Know Your Customer compliance program  severely limits the potential for fraud at the outset. During most KYC compliance programs, customers are asked to submit authentic documents such as passports, a UID (Unique Identification Number), or a copy of their most up-to-date utility bills or insurance plan. 

These documents act as identity and address proof and help the banks and financial institutions calculate the customer’s financial activities and any potential scale of risk they may pose. KYC compliance programs (which include ongoing monitoring) ensure banks and financial institutions remain alert about their customers’ risk profiles and is a process that segments suspicious customers or risky transactions. Banking is an industry with an innate danger of monetary fraud, so it is critical to perform a screening on customers to control and eliminate the potential of thefts. 

The Updated 2021 KYC Compliance Checklist 

These verification documents construct a customer’s financial profile for a bank and proper identity validation and verification processes can root out fraudulent ID cards, utility documents that have been tampered with, or all together forged documents. 

Every bank and financial institution follows different customer verification procedures, some require online identity verification while some require physical submission, therefore the documents required for identity verification are different. However, the essential documentation required per the 2021 KYC compliance checklist are as follows: 

(POI) Proof Of Identity: 

• A UID/passport, driver’s license, or a voter’s ID card. 
• A PAN (Permanent Account Number) card with a picture matching the customer. 
• A current ID card issued by the State. 
• Any valid Debit or Credit card issued by a bank. 

(POA) Proof Of Address:  

• A copy of utility bills such as electric bills with a verifiable address  
• Visa/Driver’s License with a digital picture. 
• A copy of a registered sale agreement or lease for residence. 
• Any identification document in the name of one’s spouse. 

What Are Various Types of KYC Verification? 

To make the process more convenient, there are two types of KYC verification that many banks and financial institutions follow: 

Online or eKYC Submission

The primary type of KYC verification follows an online identity verification where the customer submits their required documents online. This is fast and the most digitally modern way of document submission. This process typically uses OCR (Optical Character Recognition) technology that banks and financial institutions use to sort and extract verification data from the submitted documents. Typically, IDMerit also includes advanced security measures to identify fraudulent documents including identifying biometrics and verifying the existence of specialized features specific to each type of identification (passport, ID card, etc.). 

In-Person Submission 

This KYC verification process takes place when a customer submits their identification documents to the bank in-person. A copy of all documents is required which need to match both the image on the identification card for in-person submission. Some banks and financial institutions also require document submission for KYC through video where the customer’s presence is needed in order to verify their identity and address. This is typically done through a process known as liveness detection which removes the potential for impersonation or fraud. 

3 Fundamental Components For A KYC Compliance Process 

The process of Know Your Customer compliance is based on three components or steps. Depending on a customer’s risk level or past transaction history, there can be changes in the manner of the screening’s intensity. While a basic KYC compliance program will work exceptionally well for a customer with minimal to average transactions, a more moderate screening will be required for someone with business-level transactions. This is also true with on-going monitoring which is scaled up for customers with a higher risk profile or who are Politically Exposed Persons (PEP).  

1. CIP (Customer Identification Program) 

The first and foremost step to conducting a KYC compliance process is identifying the customer and their financial background. This is a defining component in any KYC process that is necessary for all banks and financial institutions to carry out. It is part of the law presented in the Patriot Act, 2001 that requires all individuals with bank accounts to undergo a CIP to have their backgrounds recorded and examined. 

Since the latest 2021 KYC compliance is approved by the FATF (Financial Action Task Force), a CIP is made mandatory for all banks and financial institutions to administer against their customers. Not only does this program help these financial institutions identify their customers but also assists in monitoring their financial activities of the next steps in a KYC compliance process.  

While it is approved by FATF to conduct a CIP, it falls under the banks and financial institutions to decide its level of verification — deciding upon the proof documentation to ask from their customers. However, the essential prerequisites that any bank must ask from its customers to open an account follow:  

• Customer name  
• Date of birth  
• Permanent address  
• A UID 
• Copy of utility bills 

To ensure a CIP’s success, the bank must conduct a thorough examination of these documents in terms of validity, authentication, and relevance. Such prerequisites are also required when conducting an AML (Anti-Money Laundering) procedure. 

2. CDD (Customer Due Diligence) 

Perhaps the most cumbersome part of a Know Your Customer process for banks in determining the reliability of their customers. It is crucial for banks to decide whether they can trust a customer. This process of determination connects with the CIP conducted before to ensure a potential customer is trustworthy. CDD helps the banks and financial institutions stray clear from dealing with thieves and possible frauds. There are three levels of the Customer Due Diligence process that depends upon the customer: 

• SDD (Standard Due Diligence) is initial information required by customers that usually indicates any initial risks. If the chances of financial fraud or tax evasion are low then a full CDD isn’t required here.  

• CDD (Customer Due Diligence) is compulsory information that all customers must submit to undergo a financial activity examination that assesses any further potential risks related to the customers.  

• EDD (Enhanced Due Diligence) is any extra information that a bank may decide is compulsory for their respective KYC process. This information is usually asked by customers with higher-risk profiles to give a more profound insight into their financial activities.  

Some pragmatic steps that may assist banks and financial institutions to conduct their CDD process include: 

• Banks may inquire about the nature of a customer’s business and their scale of transactions to gain an insight into their business financial activities.  
• While confirming or checking a customer, banks can classify their risk-profiles and characterize what kind of customer they are. 
• If dealing with a higher-scale customer, banks can ask them to submit any business verification records they find necessary to keep the CDD process updated. 

Because this is such a detailed process, the identification of any suspicious financial activity can be pointed out easily even if it is subtle. Tracking all the CDD and EDD performed on every customer is essential to ensure the KYC compliance process’s success.  

3. Continuous Customer Monitoring  

Once all is said and done, a Know Your Customer compliance process keeps on its vigilance until a customer suspends their bank account.  It’s insufficient to simply check a customer once, hence banks use a vigilante program to screen their customers continuously. This continuous screening allows the bank to keep an eye on customer’s every single financial transaction and alerts the bank when it senses something suspicious. 

Once again, every bank or financial institution follows a different program of this conscious monitoring, however the variables they look out for remain the same, such as:  

• Elevation in transactions 
• Frequent offshore or out of region transactions. 
• Any transactions made to the account by an unidentified party.  

Continuous Customer Monitoring is a tedious part of a KYC compliance process, however, due to its constant surveillance, even a little spike of financial activity that can lead up to financial theft is detected. This continuous monitoring is all digitized and provides uninterrupted vigilance to each customer, hence the reason why a KYC compliance process remains a successful counteractive solution to all types of financial fraud.  

Final Thoughts : KYC Now & Looking Towards The Future

As banks and financial institutions shift their services online, it is becoming easier and easier for online hackers and thieves to find better approaches to commit financial fraud. Because of that, financial specialists felt the need to discharge new procedures to resist these fraudulent approaches. A KYC procedure works both ways, not only does it protect the bank’s services from getting misused, but it also protects the customer’s financial health. 

As 2021 is progressing, it has now become a high priority for financial institutions and banks to have a viable KYC compliance program to remain consistent with their customers and alleviate the danger of financial extortion. While every financial institution is different, the above-mentioned KYC compliance program and checklist remain the essential vigilance process that will assist them with conducting a proper identity verification program just the same.

Follow our LinkedIn and Facebook pages for anti-money laundering news and significant regulatory changes.

About IDMERIT

Headquartered in San Diego, California, IDMERIT provides an ecosystem of identity verification solutions designed to help its customers prevent fraud, meet regulatory compliance and deliver frictionless user experiences. The company is committed to the on-going development and delivery of offerings that are more cost-effective and comprehensive than other solution providers. IDMERIT was funded by experts who have been sourcing data on personal and business identities across the globe for over a decade. This access to official and trusted data throughout the world has become increasingly important as companies find themselves completing transactions across borders as a standard course of business. www.idmerit.com

The post An ultimate Checklist for KYC Compliance to protect financial institutions appeared first on IDMERIT.

Anti-money laundering regulations become more stringent every year as do the associated fines. On January 1, 2021, Congress passed the National Defense Authorization Act for Fiscal Year 2021 (the NDAA), which includes the most substantial and sweeping improvements surrounding AML legislation. This omnibus bill includes amendments to the USA Patriot Act which address a wide range of gaps in previous legislation.  The US’ AML Act 2020 (AMLA) was designed to address changes in the technological landscape and the lack of motivation (monetary or otherwise) for whistleblowers to share AML information with authorities.

Key Provisions of the AMLA 2020

The AMLA 2020 brought forth major changes and amendments which strengthened the penalties for non-compliant banks and financial service organizations. Major changes include:

• Stringent AML Enforcement Through Improved Compensation For Whistleblowers
•  AMLA 2020 Expands Existing BSA/AML Violation Penalties
• AMLA 2020 Legislation Allocates More Government Resources Committed to Address Money Laundering 
• AMLA Provides Additional Statutory Authority for DOJ to Seek Documents from Foreign Banks & Financial Institutions
• The AMLA References a Pilot Program To Share SAR (Suspicious Activity Report) Data Across International Borders
• The AMLA Extends the BSA’s Reach To Cryptocurrency (Nontraditional Value Transfers)

7 Anti-money laundering Compliance Fines You May Have Missed

“Financial institutions have been hit with $10.4 billion in global fines and penalties related to Anti-money laundering (AML), Know Your Customer (KYC), data privacy, and MiFID (Markets in Financial Instruments Directive) regulations in 2020, bringing the total to $46.4 billion for those types of breaches since 2008,” ComplianceWeek reports. Failure to comply with Anti-money laundering laws and regulations brought heavy fines in 2020 and continues to increase. Below are seven of the largest fines levied on banking & financial institutions:  

1. 2019 Data Breach leads to Capital One fine of $80 Million 

The US Office of the Comptroller of the Currency (OCC) levied an $80 million civil fine against Capital One in August for its mismanagement and inadequate security systems. According to Fortune Magazine, “the bank’s own internal audit failed to identify “numerous weaknesses” in its management of the cloud environment and ‘engaged in unsafe or unsound practices that were part of a pattern of misconduct.’”  The breach compromised over 140,000 Social Security numbers and 80,000 bank account numbers. Paige Thompson, a former Amazon Software Engineer, stands accused of stealing personal identifiable information (PII). Charges include computer fraud and “abuse for an intrusion on the stored data.”

Large gaps in information security and Anti-money laundering regulations influenced the adoption of the most recent AML legislation which helps support previous computer security and fraud legislation. While Thompson’s motives may still be under investigation, proper employee vetting through background checks and PII security policies are paramount to ensuring these types of breaches do not occur. Banks and corporations are required to follow stringent information security guidelines to avoid large fines and public scrutiny. 

2. OCC Issues $85 Million Penalty To Usaa Federal Savings Bank

The OCC slapped USAA Federal Savings Bank with an $85 million fine for risk management inadequacies in October. This is the second fine this San Antonio bank has been levied with. According to the Office of the Comptroller of the Currency (OCC), “bank’s failure to implement and maintain an effective compliance risk management program and an effective information technology risk governance program.”

Risk management and compliance programs including Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) are mandated by the Bank Secrecy Act and recently passed Anti-money laundering (AML) legislation. Large fines and penalties are being levied around the globe as banks and covered financial institutions (and cryptocurrency exchanges) fail to build proper compliance programs.  

3. Swedish Bank SEB Fined $107 Million by Regulator For Baltic AML Failures

Skandinaviska Enskilda Banken (SEB) received a $107 million fine in June for Anti-money laundering (AML) failures. SEB, the second largest bank in Sweden, has been fined for failing to  , Swedish Financial Supervisory Authority (FSA), the regulatory authority, charged the bank in early June of 2020 and levied the fine which highlights the global issues revolving around Anti-money laundering compliance in the financial services industry, “Despite the elevated risk of money laundering in the Baltics, the bank has done too little, too late,” says FSA director general Erik Thedéen.

Basic AML due diligence includes identity verification, validation, and age verification (to name a few). Not only are AML violations on the rise, victims of complex schemes and fraud are rampant within money service provider industries. 

4. Western Union Refunds $153 Million For Scam Victims

“Western Union turned a blind eye to the fraudulent payments made through its money transfer system,” says Andrew Smith, director of the FTC’s Bureau of Consumer Protection. Western Union began refunding defrauded customers in March after they were ordered to by theFederal Trade Commission (FTC). The lack of Know Your Customer (KYC) compliance can severely damage an organization and harm millions of account holders. 

According to the United States Federal Bureau of Investigations, “The FTC’s complaint against Western Union alleged that for many years, Western Union was aware that fraudsters around the world used the company’s money transfer system to bilk consumers, and that some Western Union agents were complicit in the frauds. The FTC’s complaint alleged that Western Union failed to put in place effective anti-fraud policies and procedures and to act promptly against problem agents.” While in this case, Western Union is said by Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, to have “turned a blind eye,” more banks and Money Service Providers (MSP’s) are unaware of the mandatory KYC/AML regulations that can protect them from these types of horrible situations.  

5. Citi To Pay $400 Million Occ Fine For Risk Management Failures

One of the world’s largest financial institutions, Citi Bank, has been ordered to pay $400M in a case that brings to light severe risk management issues. The South Dakota bank was found to have been lacking internal controls and financial safeguards including those relating to AML and data governance. According to the consent order, Citibank needs to complete a “thorough redesign of data architecture, re-engineering of processes, and modernisation of system applications and information technology infrastructure.” This is the second fine in which Citi has been hit with in recent years showing its glaring need to update and comply with regulatory mandates and internal financial controls. 

6. Westpac Agrees To Record Aud 1.3 Billion Fine For Aml Failures

Westpac, one of Australia’s largest banks, agreed to pay a record AUD 1.3 billion ($959m) fine for money laundering breaches in September. According to court filings and Fintech Futures, the financial institution, “failed to keep records related to the origin of the transactions, or carry out “appropriate customer due diligence.” These are major lapses in AML compliance procedures and this underscores the need for both proper, and timely, Know Your Customer compliance as well as ongoing transaction monitoring. 

Westpac admitted to 76,000 additional violations including, “failures to reasonably monitor customers for transactions related to possible child exploitation”, and “further failures to assess money laundering and terrorism financing risks.” Compliance officers should take note of the challenges that exist for large banks and reevaluate their preparedness in order to avoid fines and penalties such as those seen in the above cases. 

7. Compliance Lapses & Fraudulent Accounts Generate Billions In FInes For Wells Fargo

Wells Fargo bank, the fourth-largest in the US, will pay a hefty fine of $3 billion for its failure in security procedures. The Security and Exchange Commission will receive $500 million of the total and plans to use the funds to offer restitution to those customers who were defrauded by Wells Fargo. According to Fintech Futures, the bank “pressured employees to cross-sell products and services, leading them to create millions of fake accounts using forged and fraudulent customer signatures.” Proper Know Your Customer compliance procedures and fraud weren’t incorporated into the account opening process as internal documents showed that, “[e]mployees of the bank were found to be using their own contact details on application forms, so as to ensure that the real customer was never informed about the accounts opened in their name.” 

Follow our LinkedIn and Facebook pages for Anti-money laundering news and significant regulatory changes. 

About IDMERIT: Headquartered in San Diego, California, IDMERIT provides an ecosystem of identity verification solutions designed to help its customers prevent fraud, meet regulatory compliance and deliver frictionless user experiences. The company is committed to the on-going development and delivery of offerings that are more cost-effective and comprehensive than other solution providers. IDMERIT was funded by experts who have been sourcing data on personal and business identities across the globe for over a decade. This access to official and trusted data throughout the world has become increasingly important as companies find themselves completing transactions across borders as a standard course of business. www.idmerit.com

The post 7 Anti-Money Laundering Fines You May Have Missed: Multinational Banks Held Accountable By Regulators For Compliance Missteps appeared first on IDMERIT.

Know Your Customer (KYC), which can also be called Know Your Client, is mandatory for banks, money service providers, and cryptocurrency exchanges. KYC allows for a crypto exchange or money service provider (MSP) to identify risk levels of new customers and protect against fraud, theft, and otherwise suspicious or illicit activity. Both traditional stock exchanges such as the Dow Jones and nontraditional money exchanges such as in the crypto space are required to engage in Ongoing Monitoring of their customers. 

Risk Profiles (which are identified at the onset of a customer’s relationship with the bank or exchange) are monitored and updated at varying points in a customer’s relationship with the institution (one year, three years, or every time a significant transaction is completed). According to Dow Jones, “[c]ustomer profiles will change over time and firms must conduct ongoing monitoring of their business relationships to ensure risk profiles haven’t changed in a way that would expose the firm to non-compliance and reputational damage.” Know Your Customer (KYC) is standard practice for any compliance program and necessary to ensure clients are who they say they are.  

What is Blockchain?

Blockchain is a distributed ledger framework that cryptographically stores data on an open or private network. Blockchain is a technology that aims to transform the backend systems that most businesses run on. It aims to become a lower cost, more efficient way to share information and data between open and private networks.

Blockchain is useful as a tool in new Anti-money laundering solutions for fraud and risk departments across financial institutions. This is because the data that is stored on the framework is immutable. Within a blockchain system, data entries cannot be edited or modified.. Instead, they can only be appended after entering the system. This is particularly useful in AML transaction monitoring because it prevents criminals from trying to mask their transactions to prevent detection. The transactions will always be on the blockchain, no matter what a criminal does to attempt to modify them.

This will help banks save money in the long run. For example, Deutsche bank recently was fined over $700 million in 2017 because of accusations that it helped launder money out of Russia. Earlier this month, USB was fined over $5 billion by French regulators for money laundering and tax evasion. With blockchain technology in place, it would be more difficult for associates to evade the AML process and cause damage to a financial institution’s overall reputation.

An Anti-money laundering solution built on the blockchain could leverage the inherent qualities of the blockchain in order to identify and prevent illicit transactions. If the software used to monitor transactions is an AI with machine learning functionality, it could effectively run through strings of data to determine if money laundering activity is occurring. The reason this would work is because AI will be able to detect patterns in large volumes of data while adapting to changes in criminal activity over time with its machine learning capabilities.

Blockchain for AML Compliance

These tools would automate the transaction monitoring process and make it much more efficient and effective than current processes are today. Plus, if suspicious activity is detected, it could be highlighted, flagged and stopped for further investigation. All this activity would be immutably stored on the blockchain as well.

$1.4bn Stolen by Cyber Criminals as the Cryptocurrency Industry Faces New Round of Compliance/AML Failures

Major cryptocurrency exchanges are on the alert as 2020 brought another round of hacks, thefts, and decimating losses. Despite more stringent regulations being adopted across the European Union (EU), billions of dollars are being lost due to banks and exchanges failing to implement these new compliance hurdles.

EU Enforces Compliance as Fifth Anti-money laundering Directive Shakes Industry

As the EU’s Fifth Anti-money Laundering directive came into force on January 10, 2020, organizations operating in the crypto space are being challenged to update their compliance programs. Most notably, Bitcoin.com notes that the EU law will, “oblige digital asset exchanges as well as providers of crypto payment and custodian services to apply for licenses from the Federal Financial Supervisory Authority (Bafin).”   

The Fifth Directive states, “Recent terrorist attacks have brought to light emerging new trends, in particular regarding the way terrorist groups finance and conduct their operations. Certain modern technology services are becoming increasingly popular as alternative financial systems, whereas they remain outside the scope of Union law or benefit from exemptions from legal requirements, which might no longer be justified.” 

Major Risks For Non-Compliant Organizations Operating in the Crypto Space 

Risks Surrounding Client Anonymity: The Fifth Anti-money Laundering Directive’s 9th section points out that, “anonymity of virtual currencies allows their potential misuse for criminal purposes. The inclusion of providers engaged in exchange services between virtual currencies and fiat currencies and custodian wallet providers will not entirely address the issue of anonymity attached to virtual currency transactions, as a large part of the virtual currency environment will remain anonymous because users can also transact without such providers.” It goes on to note that in order to combat this loophole, “national Financial Intelligence Units (FIUs) should be able to obtain information allowing them to associate virtual currency addresses to the identity of the owner of virtual currency.” In the United States, financial institutions are required to identify and report suspicious activity reports (SAPs|. 

The Fifth Directive also discusses the idea of self-declaration and that FIUs, “should be able to obtain information allowing them to associate virtual currency addresses to the identity of the owner of virtual currency.” Despite growing regulations, there still exist major challenges which have led to billions in scams, ponzi schemes, digital currency theft and extortion. 

PlusToken, WuToken, & KuCoin Just To Name a Few Highlight Need For KYC in Crypto Space

Boxmining, a leading technology and fintech asset media property and FinTech trends outlet states, “Plus Token” was a cryptocurrency Ponzi scheme disguised as a high-yield investment program. Platform administrators closed down the operation in June of 2019. Fraudsters abandoned the scheme by withdrawing over $3 Billion dollars in Cryptocurrencies (Bitcoin, Ethereum, and EOS) and leaving the message “sorry we have run“. This has led to an international manhunt for the platform administrators and creators of Plus Token. Plus token has been blamed for causing Bitcoin prices to fall in 2019 as stolen funds were sold via Bitcoin OTCs.” The need for proper KYC and transaction monitoring is especially apparent in the case of PlusToken. 

WuToken Hack: $281M Gone In An Instant

Cryptocurrency exchange KuCoin was instantly decimated with losses of over $281M in 2020. COO Insights reports that, “[o]n September 26, cryptocurrency exchange KuCoin issued a statement that it experienced a ‘security incident’. At that point, some USD 150 million in BTC (bitcoin), ERC-20 (ethereum-based tokens), and other cryptocurrencies were estimated to be stolen. 

Over the next couple of days, that amount had grown to USD 280 million, effectively making the KuCoin hack the third-largest crypto hack. Only Coincheck, which suffered a USD 534.8 million hack in 2018, and Mt. Gox, which lost USD 460 million in 2014 to another hack, were ahead in terms of loss.” 

Hacks and Ponzi schemes like these are rampant but organizations that build strong compliance programs, including AML risk profiling and KYC and Extended Due Diligence (EDD) processes will face a much less risky foray into the crypto space. 

About IDMERIT

Headquartered in San Diego, California, IDMERIT provides an ecosystem of identity verification solutions designed to help its customers prevent fraud, meet regulatory compliance and deliver frictionless user experiences. The company is committed to the on-going development and delivery of offerings that are more cost-effective and comprehensive than other solution providers. IDMERIT was funded by experts who have been sourcing data on personal and business identities across the globe for over a decade. This access to official and trusted data throughout the world has become increasingly important as companies find themselves completing transactions across borders as a standard course of business. www.idmerit.com

The post Theft, Ponzi Schemes, & KYC Challenges Rampant in the Crypto Space appeared first on IDMERIT.

For online gambling companies, this shift in policy should be no surprise. At IDMERIT, we believe that the online gambling industry will become more regulated in the digital age. These new developments in the UK support our assertion. In this article, we will discuss what new rules are going into effect and how identity verification will change for UK gambling customers.

Age Verification Becomes More Stringent

Currently, in the UK online gambling operations have 72 hours to perform age verification checks on their customers. This is not ideal because it has created an environment where underage players are able to gamble. According to the new rules proposed by the UKGC, age verification will now take place during the onboarding process. Companies will have to perform customer identity verification to verify user’s age before depositing funds into an account or being allowed to gamble in paid or free gaming environments. This is all in an effort to minimize children from gambling. It will create a better online environment for children as well as preventing a gateway to gambling-related harm.

Identity Verification is Standard

Gaming operators in the United Kingdom previously did not have to follow KYC best practices with their customers. It was common for many operators to perform KYC checks after a player had gambled. This is not in line with customer due diligence protocols and is being changed. The new UKGC rules outline that operators must implement KYC checks before a player has gambled. At a minimum, gambling companies must verify customer names, addresses and date of births during these checks. These checks are aimed at helping prevent harm on gaming platforms and stop crime.

Creating Better Gambling Practices

The changes being implemented by the UKGC will help gaming companies detect criminal activity and mitigate fraud on their platforms more effectively. This is because they will have more access to information about their customers through ID authentication and other verification methods. The changes by the UKGC also will stop the questionable practice of demanding identification during the cash out process, because players will have submitted that information earlier—presumably during onboarding. Currently, about 15% of the complaints the UKGC receives are about identity verification demands from gambling operators to customers during cash out. These new rules should eliminate this dubious practice. Plus, the new rules will increase the likelihood of a player being identified if they try to gamble while self-excluded. All these changes will create a better gambling environment for all players.

A Secure Identity Verification Process

The UKGC has not outlined exactly how gambling operators should perform age verification and customer identity verification checks. Nevertheless, they expect gambling companies to perform due diligence. Companies must carefully assess how they will meet these requirements, or risk facing severe fines from the commission.

IDMERIT can assist gambling operators in the UK in performing these KYC and AML checks. Our proprietary solutions offer the ability to perform near-instant, fully-automated customer identity verification checks in conjunction with age verification. Our solution IDMscan would perform ID authentication on a player’s identity document, check the authenticity of the personally identifiable information on the document and then confirm that they are who they say they are. During this process, age verification would take place right after identity verification. The date of birth on the identity document would be extracted and used in this process.

Conclusion

Gambling operators must comply with the new rules set forth by the UKGC. This will ensure compliant operations and create a safer online gaming environment. Performing customer due diligence will protect users and operators from fraud, underage gambling and dubious online casino scams. Employing identity verification solutions can assist in meeting the new UKGC regulation standards that will come into effect on May 7, 2019.

Please contact IDMERIT for more information about its proprietary identity verification solutions and how they can assist your gambling operation.

The post UK Regulation: New Customer Identity Verification Rules appeared first on IDMERIT.