What refers to Anti Money Laundering and what are the last regulatory requirements
Anti Money Laundering becomes a widely used term in the financial industry and moreover becomes a term that is making headaches for the financial institutions itself. AML as a function gets high attention due to the scandals that arise from the biggest financial institutions and the amounts of imposed penalties. For maintaining compliance with the regulations, often there are certain measures that an entity needs to implement.
Money laundering is the process of converting the proceeds of illegal activities into funds that originate from seemingly legal sources without identifying their true source, nature or ownership, i.e. the process of legalizing assets originating from criminal activities by incorporating them into the channels of the financial system.
But let’s start from the beginning. What is Anti Money Laundering in banks and financial institutions? What needs to be done for avoiding being fined and remain in compliance with the applicable regulations? FATF, MAS, GDPR, FINMA, FCA, CySEC – huge amount of legislation needs to be complied with.
Anti Money Laundering Function is a function that identifies, prevents and decreases the risk of being used as a financial institution in the process of laundering the illegally gained assets. The function is responsible for implementing processes and procedures that will mitigate the risk of money laundering such as implementing Know Your Customer (KYC) process, performing customer due diligence (CDD), enhanced due diligence (EDD), filing reports to the FIUs etc. The purpose of KYC in the financial sector is to prevent the usage of entities for money laundering. Considering that all the financial institutions, not only banks and fintech companies, but also casinos and online gambling entities are subject to the requirements of the AML Laws and regulations, almost every financial institution is obliged to establish this function. The KYC process must be in compliance with AML requirements and mitigate the risk of facing fraud, penalties from the regulator and damaging company’s reputation.
The Fifth AML Directive (AMLD 5) entered into force on the 10th of January 2020. With the AMLD 5, Initial Coin Offering and e-wallets falls under the scope of the obliged AML/ CTF entities.Moreover, the gaming sector in whole is included.
What does that mean for those types of companies?
When we have in mind all the necessary actions that need to be implemented for being in compliance with the Directive, and the size of those types of companies, we have to recognize the importance of performing adequate measures. On the other hand increased regulatory and supervisory focus alone will not be enough to successfully fight money laundering and terrorist financing in the financial sector. In this regard, institutions play the leading role. Institutions are the first who need to ensure that they are not used for these purposes and that ALM/CFT issues attract proper management attention.
In order to establish a risk profile of a customer, performing an adequate KYC process is the basics. Know Your Customer (KYC) includes the process of customers identification and verification of his/her identity, identification of the beneficial owner/ beneficiary and confirmation of his / her identity using reliable, independent source documents, data or information. Also it includes providing data and information on the purpose and purpose of the business relationship and constant monitoring of the business relationship with the customer to identify the risk profile of the customer. The KYC analysts face with different types of customers and along with customers from different jurisdictions. The rise of the fintech industry lead to huge amount of cross-border customers for financial institutions, that also includes the companies that utilize the blockchain technology, platforms that trade with cryptocurrencies, and online gambling providers. Also, banks and other traditional financial institutions want to keep up, so they go digital. The process of “know your customer” becomes huge challenge for the analysts within the companies. The processes for onboarding a customer have to be in compliance with the AML regulation, which has never been so prudent. Gathering all the required documentation and providing audit trail is a must. BASIS ID does all that processes, instead of doing it manually. That means that onboarding can be quick, that enriches the customers experience, satisfies the requirements of the regulators, cuts on the costs and in the end increases the profit of the company.
More recently, regulations have been amended and the regulatory scrutiny grows. The governments and intergovernmental bodies have made changes in the regulations so they can keep up with the rise of the fintech industry, and fraud in it. In January 2020, the Financial Stability Institute within the Bank for International Settlements (BIS) have introduced “Policy responses to fintech: a cross-country overview” . The aforementioned document is good base for the regulators and a good starting point for an entity that provides financial services to foresee what requirements are to expect from the regulators in the future. Also, the document provides information for the current situation within the fintech industry, including Verification of the identity of the customers online (eID systems). Providing financial services without physical presence is regulated in most of the European countries (for example Austria, UK, Germany, Luxembourg, Portugal, Spain), as well as in most of the modern business hubs, such as Hong Kong SAR, Saudi Arabia and Singapore.
BASIS ID uses AI for document proofing, address validation and biometric facial recognition.
Risk-based approach is expected to be implemented, so the companies apply different level of customer due diligence and to place the customers in different categories. Enhanced due diligence is expected to be performed for the high risk customers. Enhanced due diligence (EDD) of customer type and activity will take place wherever an increased risk is assessed in relation to that customer. This also applies where a customer is assessed as being of a higher risk due to geography or their position of being a Politically Exposed Person (PEP). Some countries are suspected to be at a higher risk for money laundering activities and customers may have connections with such countries as a result of their, country of business, country of residence, etc. BASIS ID includes triggers for performing enhanced due diligence, mandatory for customers identified as high risk. The software includes identity verification, biometrics and screening.
The verification of the documents is done automatically, that allows the customers to get access to the service faster. The software provides full stack of KYC measures and verifies passports, identity cards, email addresses, phone number, proof of address and proof of income documents. The verification of the documents is also supported with biometric analysis, 3D face modeling, facial expressions and comparison with the portrait on the identity document.
Other demanding action that needs to be undertaken in order to avoid fines from the regulatory authorities and even bans of doing business is doing the sanctions checks. Governments and financial authorities issue sanctions lists from time to time for the purpose of maintaining the international peace, security, respect of the human rights, democracy and rule of law. Sanctions lists cover natural person and/ or legal entities that are, or have been involved in criminal activities including money laundering and terrorist financing. Usually, sanctions lists cover illegal activities such as, narcotics trafficking, proliferation of weapons, tax offences, money laundering, terrorist financing or terrorism etc. The sanction checks include PEP screening, Adverse Media & Watchlist Screening. BASIS ID enables your company to utilize a comprehensive sanction list coverage monitored in real-time – 230 countries and 42820 sources. Tailor your screening to your needs: configure your acceptance threshold settings, risk score (4 risk stages), matching and acceptance criteria. Since the system works in real-time, the company can be notified immediately if matching occurs. By covering various sanction lists BASIS ID is applicable to different jurisdictions and complies with different sanction regimes.
Sanction screening systems usually have one issue that needs to be resolved. That’s the issuing of false-positives. If a sanction screening system is not properly set up – the number of false-positives can grow, to the number that the business is no more effective. BASIS IDs KYC software provides the so called “Fuzzy Matching” search capability. That means the software can be optimized for reduction of false positives in line with the risk-based approach of the company.
Undertaking measures for compliance with the regulations that govern the prevention of money laundering and terrorist financing is a task that demands long period and certain investments. Also, maintaining the human resources that need to be engaged in the process is a serious and time consuming task. at the end, costs for the business can grow and eventually the business itself can be slowed.
BASIS IDs product can be set up easily. It demands no special knowledge and no need of further investments in personnel. The software allows great flexibility and customization for the specific need of businesses. BASIS ID is offered as a whitelabel solution with implementation of the elements and functions, required for the collection and processing of the personal data. The integration can be done via API – collect the data, import and export the elements of the data and processing, or as a Web-and-mobile-ready widget integration – simply embed the contemporary web and mobile widget with a friendly user interface and observe the verifications inside the convenient BASIS ID panel.
One issue that companies have is the need of record keeping and keeping audit trail for all the information gathered and the manner of the KYC carried out. We at BASIS ID will document the verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process. That will offer your company having records containing a description of any document that verifies a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date.
Since entering into it’s force, GDPR made certain rules for retention of personal data for the customers. All services provided by BASIS ID that require data processing will request your clients to give a specific consent to use of the provided data in an obvious form and with the links to the necessary documentation. Also, we have created a convenient widget, which is also available for our clients, that lets users practice their legal rights regarding their personal data. A user fills a simple form which will categorize their request, accordingly to the rights given by the GDPR, in order to effectively react to any kind of inquiries.
Satisfying the more and more prudential regulations that cover all the types of financial entities including the online gambling companies can be a serious task. All financial institutions covered by the legislation have the same obligations for establishing a system that will ensure compliance with the AML Laws. Whereas huge financial corporations have the necessary financial and human resources, the rise in the cost of customer onboarding defined by the need of high-end software solutions and the need for high-qualified personnel can have a serious impact to startup companies in the area of fintech, companies with limited budgets and limited access to personnel. BASIS ID provides solution that keeps up with the regulatory standards and best prudential practices in order to offer complete solution with acceptable costs. Also, the solution provides your company with added value, in events of unsuccessful verification attempt, the customers are not rejected – but a request is sent for uploading or amending necessary information. We believe that in that way we turn the compliance with the regulations from costs to benefit for the business, prevent the business of losing profits and investments.
At the end, companies consider compliance as a very expensive hurdle that adds no value for the business. But, looking at the bigger picture, we believe that even a single company involved in criminal activities – money laundering or breaching the personal data protection laws, greatly increases the general level of risk, and thus the stability of the financial system in whole can be seriously impaired. The company involved in such activities always faces the risk of regulatory sanctions and reputational risk that may threaten the stability of the company. But more importantly, involvement of companies in such activities harms the reputation of a specific geographical market, industry niche, as it provides space for unhealthy competition among the financial companies and eventually bring scandals out.