14 May 2021
The basic principles of anti-money laundering (AML) and know your customer (KYC) requirements are to ensure that banks and financial institutions know who they are doing business with, including those who really wield the power in client organisations, as well as to monitor these accounts and report any suspicious activity. Striving to meet all of your compliance goals while keeping track of the AML know your customer requirements takes up a lot of resources. But it is a great risk not to do it.
The UN estimates that money laundering costs around US$2 trillion every year and many financial institutions have suffered the consequences. A 2018 report shows 18 of 20 biggest banks in Europe had been hit with AML-related sanctions in the previous decade. Statistics like this one show that AML compliance is not just important. It is vital.
At the same time, Forbes found that banks were now taking an average of 24 days to onboard new customers due to the current AML regulations. In this age of instant access to everything, it is clear to see how such a delay could lead to customers abandoning the process and lost revenue.
Implementing compliance technology is the answer. But around half of the financial institutions say that insufficient or outdated AML tech was a major compliance challenge for them. With that in mind, finding the most up-to-date, efficient and effective technological solutions for electronic identification (eID), e-signatures and other means of verifying who you are doing business with is essential.
Anti-money laundering measures today are shaped by international standards set by the Financial Action Task Force (FATF). The EU’s regulatory framework for preventing money laundering and terrorist financing is based on these standards, but is also constantly developing “to keep pace with the increasing integration of financial flows in the internal market, the evolving trends, technological developments and the ingenuity of criminals to exploit any gaps or loopholes in the system.”
These measures seek to prevent criminals using the financial sector to ‘clean’ funds gained through illegal activities.
The latest AML legislation to come into force in the European Union is Directive 2019/1153, which must be adopted by member states by August 2021. This directive allows competent authorities to access financial and bank account information in order to prevent this criminal activity, as well as letting Financial Intelligence Units (FIUs) access law enforcement information that could help institutions improve their processes for establishing a customer’s risk profile. It also allows FIUs in different member states to collaborate more easily.
Know your customer requirements are also sometimes called know your client requirements. This is a key element of customer due diligence and involves discovering as much as possible about the individual or entity you are doing business with. This is needed to form a comprehensive analysis of the risk they pose in terms of money laundering and terrorism financing.
Within KYC, there are a number of different elements that are also important to bear in mind.
Stands for ‘know your customer’s customer’. It is no longer adequate just to investigate the propriety of your customer, you also need to look into the second-tier business dealings. Which companies do they work with and do any of them pose a risk that could affect your institution? The problem with KYCC is that, rather than investigating just one organisation, you now have to analyse a large number of businesses. This is where AI, Robotic Process Automation (RPA) and electronic identification technology, such as ID Proof can help to speed up the workflow.
Means ‘know your business’. It is effectively an enhanced KYC that can root out shell companies and other fake businesses, as well as checking businesses that you work with to see if they are on any blacklists for illegal activity. It can also help you uncover the ultimate beneficial owner (UBO) of the entity and whether they pose a money laundering or terrorist financing risk.
This is ‘electronic know your customer’, which utilises technology to verify the identity of the customer. For example, Signhost is an e-signature solution that can be utilised for eKYC. It not only speeds up the process but is also fully compliant with the eIDAS regulation and allows customers to sign documents remotely with the same legal force as a traditional handwritten signature.
The difference between AML and KYC is essentially that AML is the overarching concept of fighting money laundering and KYC is one of the tools used to achieve that aim. KYC provides a risk-based assessment of a customer by verifying their true identity, their control structure and other important information from trusted, independent sources.
KYC also provides an important function for your AML program in that it involves ongoing monitoring of the customer’s activities. Not only do you need to understand your client, but you should also do so at the very beginning of the customer onboarding process and constantly analyse transactions after that.
As an example of the constantly developing anti-money laundering ecosystem, the European Union has now issued six directives, each one amending the last.
AMLD 4 aligned EU AML laws with the FATF framework and added the requirement to check UBO details. It also expanded the definition of politically exposed persons (PEPs), who are people who hold office and could be at greater risk of blackmail and other criminal activities. A customer with a PEP involved would be deemed high risk.
AMLD 5 strengthened the rules, added legislation for cryptocurrencies and made registers of UBOs publicly available.
The most recent, the Sixth Anti-Money Laundering Directive, was adopted into national laws across the union in December 2020. It standardised the definition of the crime of money laundering, as well as clearly defining liability and sanctions for those involved in these activities.
Since FATF is a global watchdog, the FATF Recommendations provide the framework for the EU’s AML and KYC requirements. They lay out guidelines for increasing transparency in the financial markets and put into force the requirement to carry out customer due diligence.
PSD2 is a regulation that helps financial institutions adapt to the challenges of new technologies for making electronic payments more secure across the European Union. It introduced a requirement for secure customer authentication (SCA), which means customers must undergo two-factor verification before making electronic payments. This is part of the AML program. Merchants are, however, allowed to use risk-based judgements over which transactions require this treatment. Lower value transactions, for example, can be exempt.
GDPR is the EU legislation covering data protection within the union. For institutions running an AML program, there are a number of considerations to make relating to compliance with GDPR. Due diligence is a major component of AML and involves holding a great deal of data on customers, which could cause issues when trying to comply with both requirements.
Thankfully, GDPR allows the collection and processing of personal data from customer information for lawful purposes. There is a Right to be Forgotten within GDPR. However, the legal requirements of AML legislation override this and allow institutions to hold due diligence and financial transaction information for five years without the individual or entity being able to request its deletion.
The first step in your KYC procedures is to identify the customer. This is a process that is most effectively performed electronically. For example, ID Proof is a tool that can be part of your online KYC procedures. It can be used to identify clients via electronic identity, NFC chip reader or a Passport/National ID card selfie check in whichever territory they are based. At Evidos, we constantly update our eID processes to ensure you can do business with confidence with customers in all major markets, even if their local government changes its rules and processes.
With ID Proof, you receive an identification file based on independent and trusted evidence so you can be sure the customer is who they say they are.
Customer due diligence requirements involve looking into the potential customer and checking them against black and grey lists for potentially criminal behaviour. In addition, you check their ultimate beneficial ownership as well as a number of other risk factors.
You should also check all publicly available information, including the media, for reputational issues and monitor transactions on an ongoing basis.
If they prove to be low risk, according to your analysts, you can perform simplified due diligence, although most clients require standard CDD. However, those high-risk customers should undergo enhanced due diligence (EDD).
Enhanced due diligence can be sparked by a number of factors. It could be that the UBO of the organisation is a PEP, the firm deals with persons or entities in high-risk third countries, the client has a history of complex or unusual transactions or another troubling finding.
In such cases, you should:
This requires a lot of manual work, which is why the use of AI and RPA is increasing in AML programs around the world.
It is vitally important for financial institutions to comply with KYC requirements. Without identifying their clients, it is impossible to run CDD and, therefore, a successful AML program. The identity of the customer through your KYC policies is key to understanding the risk they pose which is important for AML compliance.
KYC is not mandatory by itself, but it forms an essential part of CDD and AML, which are mandatory for financial institutions. This makes it as good as mandatory, as you can’t perform CDD and AML programs without it.
AML and KYC processes are so important to the prevention of criminality and terrorist funding in the financial sector, they should be a high priority for any organisation. They are time-consuming and require significant resources, but the penalties and sanctions for not complying are serious enough. Besides, the consequences of allowing money laundering, fraud and other financial crime to occur are not just financial. They are also reputational.
Understanding the AML know your customer requirements is the first step to more manageable customer relationships. The next step is making these processes more effective by employing technological solutions such as ID Proof for client identity verification. To find out more, contact our sales team today.