Due to the rising rate of financial crimes and fraud, banks and financial institutions are now being required to conduct in-depth customer due diligence and AML verification on new customers during the onboarding process. The challenge for compliance officers and large banks in terms of meeting KYC obligations is to balance the need for fast customer onboarding while also managing a robust AML verification program. Global identity verification services are continuously tasked with helping clients who lag behind with the development of their compliance programs.
Many countries around the world have adopted different sets of laws and regulations for banks and financial institutions. If they don’t adhere to these rules, they face severe penalties and fines. For example, the UAE classifies banks as licensed financial institutions (LFI’s) and provides recurring guidance on what they are required to furnish or what personally identifiable information (PII) is required to be encrypted and/or retained.
Know Your Customer (KYC) Obligations For Banks in the US
The United States led the way with the Bank Secrecy Act which set out standards that banks and financial institutions were required to follow and put in place anti-money laundering programs and required risk profiling. On January 1, 2021, Congress passed the National Defense Authorization Act for Fiscal Year 2021 (the NDAA), which includes the most substantial and sweeping improvements surrounding AML legislation.
This omnibus bill includes amendments to the USA Patriot Act which address a wide range of gaps in previous legislation. The US’ AML Act 2020 (AMLA) was designed to address changes in the technological landscape and the lack of motivation (monetary or otherwise) for whistleblowers to share AML information with authorities. The legislation above is the reason that identity verification services exist and why every bank must require AML verification for its new customers during onboarding.
US FinCEN Offers Guidance On The Final Customer Due Diligence (CDD) Rule
The Financial Crimes Enforcement Network (FinCEN) recently released guidance in the form of answers to frequently asked questions regarding the recently adopted Final CDD Rule.
In the Frequently Asked Questions guidance, FinCEN clarified how covered financial institutions (such as banks) should conduct customer due diligence should occur beyond the initial customer onboarding process. In its guidance, FinCEN clarified that, “[c]overed financial institutions must establish policies, procedures, and processes for determining whether and when, on the basis of risk, to update customer information to ensure that customer information is current and accurate.
Information collected throughout the relationship is critical in understanding the customer’s transactions in order to assist the financial institution in determining when transactions are potentially suspicious.” The answers to these questions clarified the roles and responsibilities banks have to further develop, and integrate, ongoing customer due diligence and information programs to lower the risk of anti-money laundering and terrorist financing.
The CDD rule requires banks to:
- Identify and verify the identity of customers
- Identify and verify the identity of the beneficial owners of companies opening accounts
- Understand the nature and purpose of customer relationships to develop customer risk profiles
- Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information
Digital ID & AML Verification: Understanding the Ins & Outs of Remote KYC & Document Verification
There are currently multiple methods you can verify the identity of your bank customers during the onboarding process and which requirements, and safeguards bank employees follow will depend on whether your customer is visiting your bank branch or opening an account remotely. This is commonly referred to as in-person identity verification or remote (eKYC) know your customer verification. There are several issues when it comes to digital id verification that remote identity verification must overcome, including identity spoofing and tampering.
AML Verification Key To Onboarding Success
AML verification is a process by which new bank customers have their identity document data compared with independent databases to verify their identities and classify their risk level to the bank. Identity documents must be correct and valid to allow for this process to be successful. Identity document validation is a challenging task as bad actors and criminals are becoming more ingenious and often fly under the radar due to the simple nature of this crime.
When onboarding is completed remotely (online) because there are several ingenious ways to fraudulently mask or change one’s appearance. All digital id verifications should have the corresponding biographical data run through watchlists and AML verification databases to guarantee bad actors or fraudsters aren’t provided access to your bank.
Liveness Detection in Remote Know Your Customer Process
LIveness detection uses texture and motion analysis in addition to sophisticated facial recognition software to prevent fraud. Identity verification services integrate tools like these during their remote KYC processes to comply with AML/CFT regulations.
These tools scan the visible area of an applicant’s face to detect specific “nodal points” which helps the software determine if a facial spoof attempt is in progress. Liveness detection algorithms determine whether in fact there is a live person standing or sitting in front of the camera.
Nodal points are then used to create a mathematical number which is then compared to the data found in independent databases to which identity verification solutions like IDMERIT have access to. Liveness detection often thwarts fraudsters’ use of Presentation Attack Instruments (PAIs) such as the following list used in face spoofing attempts:
- “2D static attacks are made with high-definition face pictures on flat paper, simple flat paper masks with holes.
- 2D dynamic hacks are carried out with multiple photographs to be used in a sequence or a video replay via a low or high-quality (4K) screen. The high-definition screen is used to spoof low-resolution cameras. A video sequence with pictures can be used to answer basic challenge/response methods. The holes, in particular, allow for the eyes to blink. These 2D attacks are well documented.
- More recent 2D dynamic potential attacks can include 3D digital doubles or avatars (on a 2D screen) and deepfake puppets so-named because they leverage deep learning processes.
- In 3D static attacks, impersonators use 3D prints, wax heads, or sculptures.
- IN 3D dynamic attacks, fraudsters can use masks in resin, latex, or silicone with holes for the eyes and other specific areas such as the mouth, lips, and eyebrows.”(Thales)
AML verification cannot occur if documents are not genuine. If you have questions about identity document validation, contact IDMERIT today.
Identity Document Tampering Threatens Banks’ Customer Due Diligence Programs
Banks that offer remote KYC when verifying customer identities should be aware of specific security risks which include identity document tampering. Bad actors and fraudsters will use any means they can to achieve their final goals without regard to the cost involved or the security safeguards they must overcome. This is seen both in online and in-person fraud attempts. Global identity verification service IDMERIT specializes in assisting banks with complying to customer due diligence requirements and in helping them detect identity document tampering.
Methods typically used in identity document tampering to evade digital id verification systems are:
- scratching
- dissolving
- cutting
- opening using heat, solvents, and tools
- adding a foil on top of the card with the impostor’s data
In addition to the United States, countries around the world continue to develop new frameworks for both identity and aml verification. It is mandated by regulators that banks verify the identity of each customer during the onboarding process to protect the bank and financial system.
Know Your Customer (KYC) Obligations For Banks in the UAE
Know Your Customer (KYC) laws and regulations in the UAE follow some of the same basic requirements as other developed countries like the US and Canada. This includes the requirements to engage in customer identity verification at onboarding and to adhere to strict data privacy laws such as the GDPR.
The challenge for compliance officers and large banks in terms of meeting KYC obligations is to balance the need for fast customer onboarding while also managing a robust AML compliance program. The UAE classifies banks as licensed financial institutions (LFI’s) and provides guidance on when it is necessary to report suspicious transactions.
Emirates NBD, one of the leading banking groups in the MENA region, allows online submission of customer identification documents for easy onboarding and Know Your Customer (KYC) compliance. Emirates NBD also conducts digital id verification during onboarding of its new customers.
Acceptable documents for identity verification for individuals opening UAE bank accounts include:
- Visa
- Passport
- Latest Emirates ID
- FATCA self-declaration Form
- Proof of Residential Address in UAE (Ejari, utility bill, or other bank statement from the last 3 months)
Specific KYC and AML verification requirements vary depending on which jurisdiction your bank is located in.
PEPs: Enhanced Identification During Onboarding By Global identity verification service IDMERIT
Watchlists are databases kept on government or international levels containing records of fraudsters, money launderers, PEPs, and terrorists. These individuals may exist with jobs in industries ranging anywhere from agriculture and finance to health and politics. Watchlists are compiled by law enforcement, financial institutions, and regulatory agencies to ensure that criminals are not hiding in the system or using it to further an illegal agenda. Therefore, watchlist screening enables institutions and corporations to check their customer compliance to avoid being used by criminals to commit crimes. Global identity verification service IDMERIT has access to specific watchlists that can enhance your customer due diligence in obscure countries and territories around the world.
A “PEP” is any person who holds public office who is at risk for bribes or corruption offenses and/or has connections to groups or persons who may commit said offenses. This category of the customer may also be susceptible to being influenced to commit money laundering offenses or engage in terrorist financing.
Contact one of IDMerit’s identity specialists to learn more about our aml solutions for banks.
Eleven Banks Fined Total of $12.5M by UAE Central Bank Due To AML/CFT Compliance Deficiencies
Global Trade Review reports that the UAE’s central bank has fined 11 banks a combined total of US$12.5m for anti-money laundering (AML). Although the banks that were fined weren’t named, the fines arising from the financial institutions having inadequate AML and sanctions controls at the end of 2019. Many banks still fail to meet the standard of digital id verification and thus face additional fines even beyond the first offense.
Additional fines include:
- Unnamed Exchange House: Dh500,000 ($136,000) for failing to achieve appropriate levels of compliance with anti-money laundering regulations
- Bank of Baroda Fined: 6.8 million UAE dirhams on Bank of Baroda’s GCC operations in Dubai over deficiencies in AML/CFT compliance
Contact one of our identity specialists to Schedule a Demo of our anti-money laundering solutions for banks including IDMaml and learn how you can improve your KYC/EDD compliance programs.
Adhere to Global AML and KYC Compliance Obligations with IDMaml
IDMaml is designed to help minimize the risks associated with money laundering and other illicit activities. Our platform and risk-mitigation solutions will help your organization build a robust compliance program while substantially reducing fraud and loss.
Our anti-money laundering solution, IDMaml will help you:
- Comply with Anti-Money Laundering Directives in the EU: 4AMLD, 5AMLD, and 6AMLD
- Level 1 Compliance Screening
- US Laws & Regulations: FINRA Rule 3310, the Bank Secrecy Act, and FinCEN guidance notices that dictate the laws and compliance regulations in your region
- Meet Anti-Money Laundering (AML) and Know Your Customer 2+2 (KYC 2+2) requirements
IDMaml Gives You Access To PEP, Counter-Terrorist, & Adverse Media Watchlists
- PEP and OFAC Sanction lists
- Global identity verification service
- UN, HMT, EU, and DFAT Sanction lists
- FBI and police/law enforcement databases
- Interpol, foreign federal and state government agencies
Contact one of our identity specialists to Schedule a Demo of IDMaml today.
About IDMERIT
Headquartered in San Diego, California, IDMERIT provides an ecosystem of identity verification solutions designed to help its customers prevent fraud, meet regulatory compliance and deliver frictionless user experiences. The company is committed to the ongoing development and delivery of offerings that are more cost-effective and comprehensive than other solution providers. IDMERIT was funded by experts who have been sourcing data on personal and business identities across the globe for over a decade. This access to official and trusted data throughout the world has become increasingly important as companies find themselves completing transactions across borders as a standard course of business. www.idmerit.com
References
Cdd final rule. CDD Final Rule | FinCEN.gov. (n.d.). https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule.
See FIN-2020-G002, Frequently Asked Questions Regarding Customer Due Diligence (CDD) Requirements for Covered Financial Institutions (Aug. 3, 2020), at 2.