Identity Verification Blog- Signzy

The Common Factors Of Global Privacy Framework — A Brief Overview On GDPR, CCPA & DEPA

Posted on December 22, 2020 | by Signzian

“India needs a paradigm shift in personal data management” — stated in the NITI Aayog draft on DEPA architecture. With the introduction of the PDP Bill, the argument holds rightfully so. We already have the blueprint, so isn’t it time we get started on the building architecture itself? So the DEPA was just a matter of time.

The DEPA framework is robust and unique to Indian data privacy laws. Anyone who goes through the proposal will agree that it overlays some areas which are not unique. These areas can be found in the data privacy framework of other nations as well. Let us take examples of the two prominent ones — Europe’s GDPR and California’s CCPA.

CCPA — Popularity Of Privacy In California

There is no single authority for oversight on data privacy in the U.S.

Instead, the country maintains a sectoral approach. It is dependent on a collective of sector-specific laws and state laws.

There are almost 20 industry — or sector-specific federal laws. on the state level, more than 100 privacy laws exist (in fact, there are 25 privacy-related laws in California alone) .

The California Consumer Privacy Act (CCPA) provides citizens of California with 4 rights for power over personal data:

– right to notice

– right to access

– right to opt-in (or out) and

– right to equal services.

Any organization which gathers the personal data of California residents must adhere to CCPA.

Personal Data Classification in CCPA

The CCPA defines personal information as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” In other words, the State recognizes a “broad list of characteristics and behaviors, personal and commercial, as well as inferences drawn from this information” that can be used to identify an individual. Examples of covered personal information include:

Personally identifiable information (PII) . This can be name, address, phone number, email address, social security number, driver’s license number, etc.
Biometric information, such as DNA or fingerprints.
Internet or similar electronic network-based activity information. This can be browsing history, search history, and information regarding a consumer’s Internet activity.
Geolocation data
Audio, electronic, visual, thermal, olfactory, data or similar format of data.
Professional or employment-related information.
Education information, defined as information not readily available for the public.
Inferences drawn from any of the above examples that can create a profile about a consumer. This reflects the consumer’s preferences, characteristics, psychological trends. It also displays predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

GDPR — The European Breakthrough In Privacy

GDPR is an EU regulation that has been designed to protect user’s personally identifiable information (PII). It also enables businesses to hold a higher standard in terms of how they collect, store, and use this data.

Similar to CCPA above, GDPR gives EU citizens control over their personal data. It also assists in changing the data privacy approach of global organizations.

Key Highlights

GDPR is applicable to all who process “personal data”. Most obviously, these are names, email addresses, and other types of PII
It creates significant new responsibilities. Processing personal data makes you responsible and accountable for its security and use.
It has a global reach. Despite being an EU law, it applies to all, regardless of their location.
It doesn’t just apply to traditional businesses. The principles are concerned with what you do with other people’s data, not who you are or why you do it;
There are hefty fines for non-compliance. These can go up to €20 million ($24m) or 4% of global revenue, whichever is higher.

What are the common denominators?

The CCPA is about increasing transparency for California residents. It allows them to discover and change how their data is collected and transacted. Meanwhile, the GDPR is a binding regulation. It monitors data privacy across the E.U., replacing dozens of national privacy laws with a single framework. However, GDPR does have implications for businesses in the US, despite originating in Europe.

Side by side, here’s how they compare:

Both regulations arose to protect people in a world of increasing global interconnectivity. This is in a world where international transfers of personal data are more frequent and elaborate. Regrettably, advances in technology have resulted in data misuse scandals & sophisticated cyber attacks.

CCPA and GDPR apply to individual organizations in different ways. While there are some nuances in scope that distinguish both sets of legislation, they share similar goals.

How do the laws define personal information?

Personal information (CCPA) vs. personal data (GDPR)

CCPA deals with the collection and sale of personal information. GDPR on the other hand addresses personal data processing.

The CCPA defines personal information as any information that identifies, describes, relates to, or can be linked with a consumer or household. This includes PII as previously discussed.

Under the GDPR, personal data refers to any information that directly or indirectly identifies someone. While this doesn’t include household identifiers, any identifying personal data that is not anonymized falls under the GDPR. The CCPA, however, exempts specific categories of medical and personal information from its scope.

Contributions of CCPA & GDPR:

The two regulations overlap when it comes to some rights — so if you’re already compliant with GDPR, you’re well on your way to meeting CCPA requirements.

Here’s what the CCPA and GDPR have in common:

The right to know: Under the CCPA, businesses must disclose to consumers (upon request) the information that is collected, used, disclosed, and sold. Organizations under the GDPR must notify individuals at the time of collection and inform them of the purpose. They must also inform how long they’ll retain this data, and who it will be shared with.
The right to access: Individuals are entitled to access their personal data. They can request copies of their personal information verbally or in writing. Businesses have a month to respond to requests under the GDPR and — most of the time — can’t charge fees to deal with them.
The right to portability: Individuals protected by the CCPA and GDPR have the right to request their personal information. This can be inaccessible, machine-readable formats such as CSV, XML, and JSON.
The right to erasure: Consumers have the right to request the deletion of any personal information. This can be to an organization has collected or stored under a variety of circumstances.

DEPA — How Laws Like GDPR and CCPA laid the groundwork?

The PDP Bill introduces the construct of consent managers. They are data fiduciaries registered with the DPA. They provide interoperable platforms that aggregate consent from a data principal. This is similar in many ways to the GDPR Data Controllers. As mentioned above, personal data identification is also similarly reflected by the CCPA. The assigning of key stakeholders is also the same here.

Data principals may provide their consent to these consent managers. The consent is for the purpose of sharing their information with various data fiduciaries. They may even withdraw their consent through these consent managers. This is a unique construct. This concept has been introduced to support the Data Empowerment and Protection Architecture (DEPA) for financial and telecom data. This currently powers the Account Aggregators licensed by the RBI.

DEPA — Building From The Data Privacy Blueprint

NITI Aayog has presented a draft policy highlighting DEPA. DEPA stands for Data Empowerement and Protection Architecture. It allows individuals to “seamlessly and securely access their data. This can be shared with third-party institutions.

The report looks into assisting organizations with sharing the personal data of an individual with one another. This can be done through the concept of “consent managers”. They will manage people’s consent for data sharing.

The policy constitutes this new data governance model in light of ‘individual empowerment’. This is done by enabling the seamless exchange of personal data among institutions. The process is secure and minimizes privacy harms.

This draft policy follows the myriad of other data-related policies in India. These include the Non-Personal Data Governance Framework and the National Digital Health Mission. NITI Aayog has stated that the policy will be publicly launched and operationalized in 2020 itself.

Features:

DEPA will authorize individuals with control over their personal data. This will be done by implementing a regulatory, institutional, and technology design for secure data sharing.
DEPA is designed as an evolvable and agile framework for good data governance.
DEPA empowers people to seamlessly and securely access their data. It can be shared with third-party institutions.
The consent given under DEPA will be free, informed, specific, clear, and revocable.
Consent Managers: DEPA will involve the introduction of new stakeholders — User Consent Managers. They will ensure that individuals can provide consent for all data shared. These Consent Managers will also work to protect data rights.
Account Aggregators: Reserve Bank of India (RBI) had earlier issued a Master Directive for creating Consent Managers in the financial sector. They are to be known as Account Aggregators (AAs). A non-profit collective or grouping of these stakeholders form the DigiSahamati Foundation.
Open APIs: These enable the seamless and encrypted flow of data between data providers and data users through a consent manager.
Implementation: RBI, SEBI, IRDAI, PFRDA, and the Ministry of Finance are set to adopt and execute this model. This regulatory foundation will eventually evolve with the onset of new legislation (eg. with the forthcoming Data Protection Authority envisaged under Personal Data Protection Bill, 2019).

Background:

The regulatory direction on data privacy, protection, consent, and the new financial institutions required for DEPA’s application in the financial sector was provided through the following sequence of events:

Supreme Court Judgement on the Fundamental Right to Privacy in 2017.
Personal Data Protection Bill (PDP), 2019.
Justice Srikrishna Committee Report, 2018.
RBI Master Direction on NBFC-Account Aggregators, 2016 (for the financial sector).

Impact On Financial sector:

Individuals and Micro, Small and Medium Enterprises (MSMEs) can use their digital footprints with DEPA. They can also access not affordable loans. Other amenities include insurance, savings, and better financial management products.
The framework is expected to become functional for the financial sector starting fall 2020.
It will help in greater financial inclusion and economic growth.
Flow-based lending: DEPA can provide portability and control of data. This could allow an MSME owner to digitally share proof of the business’ regular tax (GST) payments or receivables invoices easily. On the other hand, a bank could design and offer working capital loans. This can be based on the demonstrated ability to repay. (This is known as flow-based lending). This is suitable for offering bank loans backed by assets or collateral.

Conclusion

This is the beginning of a new uniquely Indian journey on data empowerment and financial inclusion. An open and vibrant data democracy can be created. But this is only if we can enable a billion individuals to thrive in an increasingly digital economy.

The digital economy should comprise digital public goods. These should be designed to scale to meet the needs of a diverse population. Moreover, the technology standards constituting DEPA are open and publicly available. This also means that the technical and institutional architecture can also be applied to other countries. An institutional body could even be designed to help globalize this standard. This will help apply it to other nations facing similar challenges as appropriate.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Reach us at: www.signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Fighting Financial Crime With UBO — The Final FinCen CDD Rule

Posted on December 21, 2020 | by Signzian

In 2016, FinCEN introduced a new Customer Due Diligence (CDD) rule. It consisted of specific rules on Beneficial Owners. The rule required financial institutions to comply by May 11, 2018. The Final Rule indicates new FinCEN rules with the applicability date of May 11, 2018. But before we understand the importance of the FinCEN CDD rule, let’s have a look at what these terms mean and how they impact due diligence.

What is FinCen?

The Financial Crimes Enforcement Network (FinCEN) is a government body of the United States. It maintains a network whose objective is to prevent and punish criminals and criminal networks. These are associated with money laundering and other financial crimes. FinCEN is overseen by the U.S. Department of the Treasury. It operates domestically and internationally, and has three major players —

law-enforcement agencies, the regulatory community, and the financial-services community.

FinCEN monitors suspicious people and activity by implicating mandatory disclosures for financial institutions.
The FinCEN is assigned its duties from Congress. Further, the director of the bureau is appointed by the U.S.Treasury Secretary.

What is Customer Due Diligence (CDD)?

Customer Due Diligence (CDD) is the process of determining your customers’ background. This is done in order to determine their identity and the level of risk they possess.

The application of CDD is necessary when companies with AML processes enter a business relationship. This can be with a customer/potential customer. It may be needed to assess their risk profile and verify their identity.

The above risks mainly highlight money laundering and terrorist financing. Companies may need to ‘know their customers’ for a variety of reasons:

to adhere to the requirements of subsequent legislation and regulation
to be reasonably certain that the customers are who they say they are.
to provide them with the products or services requested, which requires knowledge of who the customer is.
to guard against fraud, including impersonation and identity theft.
to help the organization to identify unusual events and to enable the unusual to be examined;
Unusual events must have a commercial or relevant rationale. Else it may involve money laundering, fraud, or handling criminal or terrorist property
to enable the organization to provide any required help to law enforcement.
information on customers being investigated subsequent to a suspicion report to the FIU.

Why The Fincen CDD Rule?

The idea behind this new rule to fortify CDD requirements. The rule establishes explicit requirements for CDD. Further, it imposes a new requirement for the FIs. This requires identifying and verifying Beneficial Owners of legal entity customers (businesses).

The CDD Rule applies to Banks, Brokers or dealers in securities, Mutual funds etc

Customer Due Diligence Best Practices

There are 4 crucial elements for due diligence as per FinCEN:

(1) Customer identification and verification,

(2) beneficial ownership identification and verification,

(3) understanding the nature and purpose of customer relationships. This can help to develop a customer risk profile,

(4) continuous monitoring for reporting malicious transactions. On a risk-basis, this can be used for maintaining and updating customer information.

The new rules are not retroactive. In other words, it’s not necessary to acquire beneficial ownership information on every existing client. FinCEN felt that this would be too cumbersome for the institutions.

However, it’s not just an account opening where this information is mandatory. During monitoring the account, the risk profile may change drastically. In that case, the customer information — including beneficial ownership — should be updated. For example, new transaction types or amounts may reflect the change. This can be in terms of account or new ownership. They then fall under the coverage of the new final rule.

6 Major Highlights of the Fincen CDD Rule

Calibrating Beneficial Ownership Threshold

FinCEN has restated that the specified threshold (25%) is the base, not the apex. It is at the discretion of covered (FIs) to implement stricter thresholds. FinCEN further states that any incremental risk factors may be mitigated by other reasonable means. This includes enhanced monitoring, collection of additional non-mandatory information and recording information relating to expected account activity.

2. Highlighting Identification and Verification Procedures

Although the CDD Rule’s verification procedures are required to contain similar elements, they may not be identical. For example, a financial institution choosing to accept photocopies of identification documents. This would not meet the standard under the Customer Identification Program (CIP) rules. This derogation is expressly authorized within the CDD rule. Financial institutions should determine the documentation standards. This must pertain to the outcome of the required risk-based analysis. It will lead towards the identification and verification (ID&V) of beneficial owners.

3. Determining beneficial owners of new legal entity customer accounts

Where the individual identified as the beneficial owner must be:

(i) a pre-existing customer of the particular FI, and

(ii) is covered under the FI’s CIP,

A financial institution may recycle the information previously collected. This can be done provided the existing information is up-to-date & accurate. Further, the legal entity customer’s representative must certify or confirm the accuracy of this (verbally or in writing).

4. FinCEN Certification Template

As seen earlier, financial institutions are not mandated to use the template certification. They may use alternative formats such as the institutions’ own forms or similar means. These must comply with the substantive requirements. In the given instance, covered FIs should retain the form and refrain from filing it with FinCEN.

5. Document retention periods for ID&V records

Covered FIs must compulsorily retain all beneficial ownership information collected about a legal entity customer. Identifying information must be held for at least five years after the legal entity’s account is closed. Ex: the Certification Form or its equivalent.

6. Certification of a beneficial owner of multiple accounts

An institution may already have obtained a Certification Form (or its equivalent) for the beneficial owner(s). In such case, the FI may rely on that information to satisfy the beneficial ownership requirement for subsequent accounts. This is provided the customer certifies or confirms (verbally or in writing) that:

(i) such information is updated accurately at the time each subsequent account is opened, and

(ii) the FI is not aware of facts that would question the reliability of such information.

New Additions — FinCEN Issues New Guidance for Complying with the CDD Rule

On August 3, 2020, FinCEN introduced additional frequently-asked-questions (FAQs) r4egarding CDD requirements. These were for covered financial institutions detailed in FinCEN’s “CDD Rule”. The 2020 FAQs follow earlier FAQs from FinCEN in July 2016 and April 2018. They provide additional detail on implementing due diligence, building customer risk ratings, and updating customer data.

2020 FAQs — Question 1

Question 1 is in response to the question of whether covered FIs are required to collect information. This is with respect to expected activity on all customers at account opening, or on an ongoing or periodic basis. FinCen highlights that the CDD Rule does not require acquiring of any particular customer information. The only information necessary is to develop a customer risk profile. Others include to conduct monitoring and verify beneficial ownership (for legal entity customers). Likewise, FinCEN states that there is no categorical to conduct media screening on all customers. However, an FI can determine on a risk basis whether such information is needed. This is in order to adequately understand a particular customer relationship. It also helps to identify potentially suspicious activity.

2020 FAQs — Question 2

In Question 2, FinCEN elaborates that the CDD Rule does not require financial institutions to use a specific method. This refers to the method to establish customer risk profiles. It can also automatically categorize as “high risk” products or customer types. These can be identified in government publications as posing specific potential risks. Covered financial institutions are required to comprehend the financial crime risks of their particular customers. They should utilize risk profiles that are “sufficiently detailed. These can be used to distinguish between significant variations in the risks of its customers.

2020 FAQs — Question 3

In Question 3, FinCEN talks about how the CDD Rule does not require financial institutions to update customer information on a continuous or periodic schedule. However, they may decide to do so on a risk basis. Rather, financial institutions must update customer information when they become aware. This can be the result of normal monitoring. It can also be a change in customer information that is relevant to the risk posed by the customer. In such cases, financial institutions also may need to reassess the customer’s overall risk profile. This guidance is consistent with FinCEN’s previous statements in the preamble to the final CDD Rule as well as in the 2018 FAQs.

Practical Considerations

The 2020 FAQs do not break any major new ground with respect to the CDD Rule. It is helpful for financial institutions seeking to set risk-based limits. It helps determine when specific types of information are needed to determine customer risk. FIs should review their CDD policies and procedures. This is with respect to developing and updating customer risk profiles against the new FAQs. Doing so will help identify any areas that may need to be updated or adjusted.

On the other hand, the guidance emphasizes FinCEN’s preference against customer risk profiling that uses broad categories to assign customer risk. It is in favor of a methodology that is more individually-tailored. It focuses on a solution suitable to the characteristics of particular customers and the products and services they use. This is somewhat in contrast with FinCEN’s statement in the preamble of the Rule. It states that risk profiles in certain cases can be based on “categories of customers” or “risk categories”. The 2020 FAQs appear to allow such an approach at least where a financial institution concludes that a customer’s risk profile is low.

No matter the case, these FAQs may provide a valuable reference point for financial institutions. They explain — for example, to regulators — the risk-based decisions that have gone into their AML programs. They also shed light on why not all accounts with certain characteristics are similarly treated.

The European example

The European Union (EU) appears to be far ahead in terms of implementing the rules. They display clarity in the beneficial ownership structure of legal entities. The problem with UBO identification was on the regulatory agenda. This was as early as 2005, with the introduction of the 3rd European Directive on AML. This critical case of European AML Regulation promoted the risk-based approach. It was as a key strategy for tackling money laundering and terrorist financing. It also required obliged entities to identify the individuals controlling legal entities. This would ensure that they cannot be used for hiding asset ownership.

Guidelines for enhanced transparency on legal entities’ ownership were brought about by the 4th (2015) and 5th (2018) money laundering directives to:

Constitute National UBO registers,
Ensure reliable UBO information,
Provide public access to UBO registers.

In the UK, there exists the People with Significant Control (PSC) register. It consists of information about the owners who own or control companies. Currently, however, only a few countries have collected beneficial ownership data. This is due to the numerous challenges inherent in such an initiative. The UK parliament also decided earlier this year to accept an amendment to the sanctions. There was mention of an anti-money laundering bill that requires the UK’s overseas territories (the British Virgin Islands, Cayman Islands etc.). It would mandate to publish public registers of company ownership by the end of 2020. This reflects the will to extend the beneficial ownership disclosure to tax heavens across the Atlantic. This is sure to improve the governance of tax avoidance and corruption. It might also influence the Americas to follow a similar path.

FinCEN has initiated the journey towards the implementation of sound UBO identification requirements. EU regulations might set the path for the United States to catch up. It will be interesting to observe whether the United States follows the same path and if so, at what pace.

Conclusion

Perhaps the biggest challenge now is to meet the CDD Rule’s compliance requirements efficiently. Identifying UBOs can be a tedious and time-consuming task. it often results in individuals physically constructing the ownership tree on paper. This is highly inefficient and open to regulatory questioning.

With the new regulations hopefully, UBO will be collected digitally in the years to come. There are already many significant developments in this direction. Multiple countries are now placing measures to adopt UBO collection as part of the standard AML process.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Reach us at: www.signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

How Will Unified Data Protection Regulations Affect State, National, And International Banks In The USA?

Posted on December 4, 2020 | by Signzian

Introduction

Consumers’ personal data is used by companies to sell their products and services, but when this data is personal or private, discretion and safety are essential. In some of the US states, there are personal data regulations that keep an eye on companies processing and using consumers’ data. A good example of this is the California Consumer Privacy Act(CCPA). A relatively new law, CCPA came into effect on June 28, 2018, as part of the California Civil Code. It has been praised as a step in the right direction for data regulations by industry pundits, as it solidly defines how data can be protected and how its misuse will result in dire consequences.

But one of the questions that returned to the spotlight after it’s introduction was, ‘Why isn’t there a federal body like this to regulate data privacy all over the country?’ This is where the US can benefit from a step for Unified Data Protection, a central regulation from the Federal Government that oversees and regulates all handling of consumer data. It will give control to the consumers over their personal data while unifying data privacy laws for all states in the US and simplify regulations for international companies. A Unified Data Protection Regulation will have provisions to process US consumer’s data regardless of the location of the company.

Such a body will force the companies to disclose how the data is processed making the purpose, tenure, and sharing of data transparent to the consumer. The Government will impose heavy fines on companies that violate the regulations making the consent of the consumer irrevocably mandatory. This article focuses on how such a unified regulation would impact the different levels of banking and the types of banks in the US.

What Is The Current System Of Banking In The US And How Does It Handle Data Privacy?

Unlike most countries, banking in the US is regulated at state and federal levels, and depending on the class of the bank it is subject to state or federal regulations. The central banking system which regulates all other banks is called the Federal Reserve and was established in 1913.

Duties of the Federal Reserve include:

Conduct the national monetary policy
Regulate and supervise banking institutions
Sustain the stability of the financial system
Financial services to the U.S. government, depository institutions, and foreign official institutions.

Banks in the US are regulated by the Federal Reserve and overseen by the Federal Deposit Insurance Corporation(FDIC) and the Office of the Comptroller of the Currency(OCC). The banks are classified into:

National Banks
It includes all federally chartered banks and has permission to operate in any part of the country. It is not subject to state laws barring a few exceptions. Even though these banks fall under federal jurisdiction, they must comply with state regulations too, if there are any making it a burden for them.

Depending on the type of charter and structural organization, a bank may be subject to many federal and state regulations and is specifically supervised by the OCC. It is important to note that not all national banks possess nationwide operations as some of them have operations in only one city, county, or state. A common misconception is that the Federal Reserve is a national bank, but this is untrue as it is a system of institutions chartered by Congress for financial oversight.

Banks from other countries that have established a presence in the US are called International Banks. Even though they fall under the category of National Banks, It is noteworthy to consider them as a third category for easier understanding. Some of them have exceptions with the national status and a few of them already follow protocols from other countries’ financial regulatory bodies. Many of these banks are European and already follow GDPR regulations even in the US. Sometimes these are not direct implementations.

State banks
State banks are state-chartered and are permitted to operate within the state where they are chartered. They can acquire customers from other states, but they can not open branches in other states unless they acquire the respective state’s charter or a national charter from the federal government. It is also mandatory for them not to have “National” or “Federal” in their names and nomenclature.

Is Data Privacy Safe in This System of Banking?

Information security and banking privacy in the US is not protected through a singular law rendering the regulation of privacy sector-based. Thus regulations are different in different states and all states do not possess sufficient research data or machinery for good regulation. This leads to risk and data breaches.

Gramm-Leach-Bliley Act (GLB) regulates the collection, disclosure, and use of personal /non-public information by banks. Federal Trade Commission (FTC) with guidelines from GLB act as the primary protector of banking privacy. It fines violators of state and federal banking privacy laws and these violations are treated as civil offenses in contradiction to other countries where they are usually considered criminal offenses. Nonetheless, there are too many discrepancies and contradictions in these laws that create loopholes and increase risk.

Cyber attacks cost an average of $18.3 million annually per company in 2019 making the total cost $164.6 million. This was through more than 1,473 cyberattacks over the year. The risk is clear from this data and a change for the better is inevitable.

How Has Unified Data Protection Been Implemented In Other Regions?

The most relevant implementation of Unified Data Protection regulation is in the European Union which is the General Data Protection Regulation(GDPR). It sets the guidelines for the collation and processing of personal data, exclusive for consumers from the EU. GDPR instructs companies to give proper data disclosures to their consumers while not compromising any privacy and protection they are entitled to. For example, timely notification of any personal data breach to the consumer is mandatory while making sure this information can not be misused by any third parties.

GDPR succeeded the first Unified Data Protection initiative in Europe, Data Protection Directive 95/46/EC which was created on 24 October 1995. Major banks in the EU encouraged it because it brought more security and credibility for the financial sector. But with advancing technology it became outdated by the late 2000s forcing the EU to consider a new unified data protection framework for 4 years before sanctioning it on 14 April 2016. GDPR came into complete effect on 25 May 2018.

Even though GDPR is for consumers and companies in Europe it affects international entities too. Any company which uses the personal data of a consumer from the EU must follow the regulations which strictly include overseas companies. A bank from the US will have to reframe their process to comply with the regulation. This is important because international US banks already have to comply with data protection regulations rendering them more preferable for consumers.

Notable privileges prescribed for consumers:

Right to Access
Consumers have the right to access their personal data and information. They should be aware of how this personal data is processed and who all will have access to it. Data must be treated as a resource that belongs to its respective owner, the consumer.

Right to Erasure/Be Forgotten
Consumers or customers have the right to request the erasure of personal data. This can be on any one of a number of grounds prescribed. This has certain regulations provided by GDPR, but it still lets the option to be forgotten open to the customer.

Right to Object and Automated Decisions
This allows a consumer to object to processing personal information for non-service related reasons. This includes marketing or sales. Data controllers must allow a consumer the right to stop controllers from processing their data any time they prefer.

Notable guidelines to companies:

Data Controller and Processor
The processing of data has two entities involved- a data controller and a data processor. A data controller is an entity (person, organization, etc. that establishes the why and the how of processing data). A data processor is an entity that performs the data processing overseen by the controller.

Pseudonymization
Pseudonymisation is a needed process for stored data that transforms personal data. The resulting data is not attributed to a subject without the use of additional information. Examples include encryption, tokenization, etc. This renders the consumer data accessible while keeping it partially anonymous.

Notification
The data controller must notify the supervisory authority without delay, especially in cases of discrepancies and malpractices. In Normal functioning, there is an exception if the breach is unlikely to compromise the rights and freedoms of the consumers.

Data Protection Officer
The companies must appoint a data protection officer to oversee the processes.

Penalties to Companies
Penalties will be charged from companies for not sticking to the regulations. a fine up to €10 million or 2% of the annual turnover of the company is issued This may go as high as the authority deems necessary under a set guideline.

How Will Unified Data Protection Affect The Us Banking Sector?

The US is a considerable volatile environment for financial data privacy. 71% of all data breaches in the country are financially motivated which means that almost every 3 in 4 data breaches in the US is in the financial sector. The FBI reported that the amount lost to financial scammers is nearly $1 billion per year and the primary reason for this is the easy access scammers have to private data. Banks do not commercialize and misuse personal data like IT giants, but they do overuse it at times. There have been instances where financial institutions sold consumer data to third parties. Such practices need to be stopped, or at the least regulated.

In 2018 more than 67% of financial institutions reported increased cyber attacks. It was also noted that these cyber attacks are 300 times more likely to hit the banking sector than others. 65% of the top-ranked 100 banks failed web security testing in 2017. This was reported by Carbon Black; Markets Insider, Independent, and IBS Intelligence.

A Unified Data Protection Regulation will bring more clarity to the industry and other regulatory bodies will get defined guidelines and protocols. Banks will have a better understanding of consumer databases while maintaining privacy. Overall, the Unified Data Protection Regulation will have a major impact on the financial sector. Let’s look at how it will affect the three different tiers of the 5,177 banks and savings institutions in the country.

How Will It Affect State Chartered Banks?
Relatively, state banks will have to adapt more to the new mechanics. This is especially for banks in states with undefined regulations as they will need additional machinery and manpower. They will also have to dive deeper into automation banking and advanced technology, prima facie making this seem cumbersome. But in the long run, this will help the bank dwell in an advancing industry, and more importantly, this will give the consumer immeasurable authority over her personal data. That is the primary objective of Unified Data Protection.

The overall functioning level of state banks will upgrade with an exceptional increase in the standard of services. This includes more user-friendly online services, on-time notifications, and reduced delays.

Study shows 5,400 banks in the U.S. compete to sustain customer satisfaction. They need to attract new deposits. Local banks must exhibit their advantages in the fields of accessibility, customer service, and financial advice. To an extent, this would level the playing field.

How Will It Affect Federally Chartered Banks (National Banks)?
The capital to be spent on implementation for NationalBanks will be high but in the long term, it will help them establish an international standard in banking. It would make it easier for them to attain international bank status and branching out to Europe will be much easier as they will not have too many regulatory novelties from GDPR.

The biggest relief for National Banks is that they do not have to satisfy multiple regulatory bodies. JPMorgan Chase had reported the extra work going into adjusting data privacy regulation depending on each state. This is reduced with the introduction of a federal system.

How Will It Affect International Banks?
Most International Banks operating in the USA have a considerable presence in Europe and many of them are already following GDPR protocols. A similar system in the US would benefit them. As they have the most number of customers they will contribute the most to changing the financial landscape. International data breaches are most likely to occur and data protection at this level will reduce that risk. Even more dangerous aspects like money laundering and terrorist funding can be limited with such steps.

Banks will be aware of consumer information and will process it with better care as they are not allowed to provide data to third parties. This will give privacy to the consumer while maintaining a keen eye for malpractices. This is essential as the international economy is a sandbox for financial scams and regulations will reduce this.

Banks like HSBC and Deutsche Bank will have a more even battleground while competing with other National banks as they are already under the scrutiny of other international bodies of regulation. With a unified regulatory body, all banks will have to stick to the same rules and compete on the same track. This will benefit the consumer with better options and opportunities.

What Are The Boons And Banes That Follow?

Significant advantages of Unified Data Privacy include:

Improved Cybersecurity- It will directly impact data privacy and security improvements encourage banks to develop better security measures reducing risk.
Standardization of Data Protection– Its compliance will be assessed by state wise agencies cementing the credibility of each bank as they must stick to the same rule book.
Sustainable Reputation- The banks will have a better reputation as a single breach can bring down a financial Goliath. Regulations will render safety not just for the customer, but for the bank too.
Enhanced Trust- It will encourage consumers to genuinely share their data with the bank. They are aware of how safe their data will be handled giving them a sense of satisfaction to be in control.
Loyal Customers- The trust built fuels the customers’ loyalty making them prefer the services of the banks that provide the best service. Sustained credibility enhances loyalty.

Significant concerns may include:

Non-Compliance Penalties- Severe penalties are imposed on non-compliant participants because, without strong consequences, compliance will not be effective. Sometimes the magnitude of fines would be overwhelming but this is an avoidable responsibility for the banks. A good example of this is the fines imposed by GDPR for non-compliance. Google was imposed a fine of €50 million for breach of GDPR protocols by the French regulator CNIl.
The Cost of Compliance- The capital and machinery required for implementation will be considerable for banks. Especially for small banks. Though long term benefits outweigh this, it is still a concern.
Overregulation- If not properly implemented, it will backfire. Overregulation will add more complications to the banking process as too many formalities will tire the consumer and the bank. A delay in time could also occur due to the extra steps added for regulation. All of this is avoided with apt regulatory sanctions. Nonetheless, it is difficult to define them.

Conclusion

There is no doubt in saying that data has become a resource and companies are selling their customer’s data for profit. In such times it is necessary to keep personal data secure. In this perspective, the banking sector to data is what the judiciary is to governance- something that can never be tainted or compromised.

Banks contain a plethora of sensitive information and strict regulation on this is inevitable and precedent. As we are moving towards a global economy, it is only sensible to unify scattered sectors. The innovators in the financial sector should always keep in mind that all the short term discomforts will breed greater benefits for the industry and consumers.

Unified Data Protection regulations will enhance the safety of the consumers’ data. It will build the trust people are losing in companies and their handling of personal data. But furthermore, the significant aspect is that Unified Data Protection is merely the embracing of the coming. We are accelerating our advancements to the future where there is no doubt it holds multitudes of data resources. We are simply trying to protect that future with such strides.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

What Is Automation In Banking And How Has USA Used It To Grow Its Economy?

Posted on December 3, 2020 | by Signzian

Introduction

The banking industry has always tried to stay ahead of the curve in being adaptive to modernization. It was one of the early adopters in the age of information and understood how much technology would incurve into people’s lives. This has enabled its growth as a pioneer and led it to become one of the largest consumers of Information Technology. Automation and AI are the next logical steps.

Automation in banking is the system of utilizing technology to operate banking processes through highly automatic means rendering human intervention to a minimum.

Gartner reported that the estimated expense on IT applications in the banking sector was $487 Billion in 2018. Lion’s share of this expense was for outsourced external companies which primarily constituted Business Process Outsourcing(BPO) companies. This added up to an approximate of $63 Billion being paid to these BPOs. Such precedent expenses can be avoided by evolving with the technology and the easiest way to minimize it is automation.

How has Automation Evolved Through the Ages?

Traditional Automation

Traditional Automation permits and processes machinery to perform tasks. It uses primarily APIs and other methods to integrate systems and developers must be well versed in the functionality of the target system. This may include steps in operational processes and methods.

Traditional automation is limited in some aspects as in application customization due to insufficient software source code. It is also affected by the limitations of APIs. Most of its methods are rather primitive for today’s digital transformation. Nonetheless, it is still prevalent in many places.

RPA

Robotic Process Automation(RPA) focuses on front-end activities and doesn’t need any shifts for backend operations as RPA works across different applications. RPA bots function at UI(User Interface) level and within the system like humans and provide better personalization and easy customization than traditional automation for users.

Some major features of RPA include:

Reliance on easy to program functionality with reduced TAT
Bots execute individual functions- email responses,data extraction,etc.
Works from UI comprehending user actions.

It’s used for data collation, analysis, invoicing, email management, and other customer service functions. Implementing RPA will cut costs for banks on many levels of these spheres as RPA & traditional automation relieve Individuals from tedious tasks.

RPA- Market Revenues Worldwide (2016–2022)-Statista– Source

We must understand that RPA doesn’t replace any existing technology but works in tandem with the prevalent framework. In a nutshell, RPA handles repetitive, rule-based, and monotonous tasks and actions.

A common example of an RPA bot is the ubiquitous Chatbot. As RPA doesn’t have any AI involved, its scope to improve is limited. It doesn’t learn but helps the user. Here we discuss primarily RPA applications and Implementations.

Artificial intelligence

Artificial Intelligence is the latest technology for automation and mimics basic human intelligence, further advancing it. Such AI-enabled systems comprehend, evaluate, and respond to complex problems and situations efficiently by using Machine Learning algorithms. Some good examples of AI applications are NLP (Natural language processing) powered voice assistants such as Alexa, Google Assistant, and Siri.

Approximately 32% of service providers in the industry use AI technology to better customer experience and ease processing. They use technology like voice recognition, analytics, etc. This was reported in a joint research by Narrative Science and National Business Research Institute.

AI has expanded to such an extent that all the previous technologies used now fall under its own umbrella. Even then AI is met with some skepticism as it will completely take over the processing procedures and traditionalists may raise questions on dependability.

What Benefits Does Automation Offer that Makes Banking Better?

Automation provides the process of banking with versatile features that makes the entire procedure easier for banks and customers. Not only does it bring the safety and privacy of the customers to a higher standard, but also does it provide them with a fulfilling experience. Some of the features include:

Better Customer Service- Data management becomes easier with RPA implementation. These include Daily inquiries, information transfer, application status, balance information, and others. This will free employee time for more critical decisions and tasks. An example is the functionality of a Chatbot which saves every involved party’s time.
Improved Compliance- Banks are regulated by legislatures and other government bodies that prescribe many strict compliance guidelines. Accenture conducted a survey in 2016 in which 73% of respondents expected RPA to be a key enabler in compliance. This was because it increased productivity by being available 24 hours a day with immense accuracy.
Accounts Payable- It requires vendor information extraction, validation, and payment processing. OCR(Optical Character Recognition) technology is used to obtain data from any physical form and transfers it for RPA where the rest of the processing occurs, thus making the process far more efficient than manual methods.
Faster Credit Card Processing- Banks process credit cards within hours using RPA which used to take days with traditional methods. Proper data of transactions can be maintained and better evaluations of credit scores can also be done.
Faster Mortgage Loan- Even a minor error can impede loan processing. RPA can accelerate the process by avoiding unnecessary errors and implementing proper checks which would reduce the processing time to minutes from days.
Vigilant Fraud Detection- RPA tracks all transactions that may give out a red alert and recognises any fraud transaction pattern in real-time. This brings a considerable reduction in response time and can block and prevent fraud to a great extent.
More Credible KYC Process- Know Your Customer (KYC) is mandatory for banks for each customer. KYC process compliance alone costs banks more than $384 million per year(Thomson Reuters). RPA can reduce this along with the time the customer would have to wait for a response.
Data Report Automation- RPA helps generate reports without any error for stakeholders providing data in many formats. They can create a report by auto-filling the available report format with minimal errors and time.
Easier Account Closure Process- Customers benefit Faster account closing process. This increases their affinity to the bank.

How is Automation Boosting The US Banking Sector?

Valued at USD 167.1 million in 2018 and anticipated to register a CAGR of 31.3% from 2019 to 2025, the global robotic process automation in the BFSI market size was rather unprecedented.

The advent of advanced technologies and a need for increased productivity of operations in the United States of America lead to the entire BFSI sector in the country to significantly boost its demand for RPA. Since the USA has a rich inventory of legacy systems, the incorporation and advancements of RPA were upstanding. This increased the agility and precision of processing.

Even casual users can check their accounts and set up automatic payments of their bills. Even KYC verification and other numerous functions are also possible in a much easier fashion. Numerous other back-end and front-end processes are automated using RPA.

Source: www.grandviewresearch.com

In the US a considerable level of RPA has been integrated as alternatives for services such as BPO, robot deployments at the enterprise level, etc which otherwise would have been tremendously expensive. Further, the initiative eliminated repetitive and time expending tasks which have been automated. It reduces the cost of such tasks from 25% to 50% and the TAT to a minimal amount.

Artificial Intelligence and RPA funding spent in the banking and finance industry in the United States increased at 82.9% during 2018 to reach US$ 696.3 million. Over the forecast period (2019–2025), spend on AI is expected to reach a CAGR of 28.4%, increasing from US$ 1,094.9 million in 2019 to reach US$ 6,289.1 million by 2025.

USA and Canada dominated the market for RPA in 2018 in the Banking industry. On average, a U.S. bank with USD 10+ billion assets spends approximately USD 50 million per year on CDD, KYC compliance, and onboarding. The increased expense of KYC and AML compliance coupled with the steep fines over regulatory scrutiny are necessitating financial institutions to adopt new technology and automation. This prevents identity theft, financial fraud, terrorist funding, and money laundering.

The USA and Canada are set to dominate the financial market with RPAs for at least the next half of the decade. Banks are targeting to preserve patrons and reduce customer attrition and RPA helps them as the customer data is strategized and used to contact the customer as required. North America valued at $376.2 billion in 2019 is projected to reach $721.3 billion by 2027. The digital payment segment being the largest service segment in the industry is expected to head the market with the increase in banking products and sales through online portals is also a helpful factor. In 2019 the digital sales sector was valued at $609.4 billion.

Top Banks in US Taking Automation to The Next Level

JPMorgan Chase
The biggest bank in the US, JPMorgan Chase, always stood in the first place when it came to technology investments. A tremendous investment of $11.4 billion in AI technology by the bank proves its enthusiasm for innovation and far-sighted outlook(Source-JPMorgan Chase Annual report 2019). The Bank uses it for improving their databases, search optimization, and Contract Intelligence (COiN)- a Machine Learning technology that uses chatbot systems to build vast databases of legal documents in a short time.
Bank of America
They primarily focus on fraud detection, trading functions, and chatbots. The Bank’s AI-enabled chatbot named Erica(Introduced in late 2017) understands texts and speeches. It not only acts as an inquiry bot but advises the user on suitable financial decisions he could take. Erica approximates 6 million users/customers as of March 2019. The $35 billion lender has invested in the past ten years more than $1 billion in mobile banking which is the simplest area of automation for customers. Their own study revealed that mobile customers have increased to 10% annually.
CitiBank
With an agenda to avoid money laundering and fraud actions, the bank is heavily investing in automation in general and AI technology in particular. They even partnered with Feedzai(2016) for detecting fraudulent transactions. They recognize patterns of multiple transactions from multiple locations where the customer usually doesn’t travel to. The bank has a global network of tech giants that take part in its 6 Citi Global Innovation Labs. With multiple advances in automation and technology, $600 million is expected to be saved per year by the bank.
Wells Fargo
Their chatbot system primarily focuses on clarifying the queries of customers without consuming too much time or requiring physical presence. They also developed a mobile app through predictive analytics. It alerts the customers on issues like exceeded bill payments, etc. It even guides the user with their travel plan and to buy flight tickets. In the year 2019 alone Wells Fargo had nearly spent $9 billion on technology and automation.

Conclusion

The global adoption of a digital era is inevitable making Banking and Automation essentially complementary to each other. The automation of the banking industry with the use of Traditional Automation, RPA, and AI have led developed nations like the USA to develop a more efficient and sustainable economy.

The reason why banks and financial institutions swiftly adopted IT is that their operations, when executed manually, consume immense time and effort from their employees as well as making them perform routine duties and actions, and in the process, missing the opportunity to move up the value pyramid. Automation produces a standardized audit trail, ensuring the right people have access to the proper systems and making sure that financial institutions stick to industry standards while decreasing expenses involved.

The necessity of Automation in Banking is precedented. Its implementation has been mostly successful, but as all things do, it too requires betterment. At the end of the day, the adoption of Automation for banks and other financial industries is a matter of ‘When’ rather than If’.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

How KYB Would Have Stopped The Laundromat Movie From Happening

Posted on November 28, 2020 | by Signzian

The Panama Papers incident highlights one of the most significant financial leaks in the last decade. It refers to the 11.5 million leaked encrypted confidential documents of Panama-based law firm Mossack Fonseca. These files were made public on April 3, 2016 by the German newspaper Süddeutsche Zeitung (SZ). They had christened the name as the “Panama Papers.”

The documents revealed the active network of more than 214,000 tax havens. These involved people and entities across 200 different nations. A joint effort was made by SZ and the International Consortium of Investigative Journalists (ICIJ) for a year to decipher the encrypted files. The files furnish detailed information about thousands of offshore “shell” companies. These were used by some of the world’s most influential people to conceal wealth or avoid paying taxes.

Mossack Fonseca was established in 1977 by Jurgen Mossack and Ramon Fonseca. The firm was one of the top offshore legal services providers until April 2016.

The Panama Papers allegedly reveal a global system of undisclosed offshore accounts, money laundering and tax evasion. They displayed how influential people around the world use shell companies to conceal assets. They can also be involved in possible illegal activity.

The Source of the Name “Panama Papers”

The files have been given the moniker “Panama Papers” due to the country of origin. However, the government of Panama has vehemently objected to the name. This is because it seems to put some blame or negative association on the country itself. This is despite any involvement of the government in the actions of Mossack Fonseca. Nonetheless, the nickname has become widespread. However, some media outlets that have covered the story have designated them as the “Mossack Fonseca Papers.”

The incident is the greatest disclosed data breach around a law firm. After the incident, founding partner Ramon Fonseca and other public sources stated that the firm’s network had been jeopardized by hackers sometime in 2015. Security researchers identified numerous unpatched vulnerabilities in Mossack’s website and email server. These could have been very easily compromised by hackers. A total of 2.6 terabytes of data — including 4.8 million emails, 3 million database files, and 2.1 million.pdf files — were leaked. including client documents dating back to the 1970s.

Main Highlights

The Panama Papers were a massive leak of financial files from the database of Mossack Fonseca. This firm was the fourth-biggest offshore law firm in the world.
The documents were leaked anonymously to German newspaper Süddeutsche Zeitung (SZ), which released them on April 3, 2016.
The files date back to as far as the 1970s. They shed light on a network of 214,000 tax-havens. These involve wealthy people, public officials, and entities across 200 nations.
The confidential documents were made public by the International Consortium of Investigative Journalists (ICIJ). The body is a non-profit organization based in Washington. It said that the documents contain details of both current and former world leaders. Other important people include businessmen, criminals, celebrities and sportsmen.
A majority of the files showed no illegal activity. However, some of the shell corporations were for fraud, tax evasion, or avoiding international sanctions.
The ICIJ’s website lists banks including HSBC, UBS, Credit Suisse, Deutsche Bank who have utilized Mossack Fonseca. They used the firm to create offshore accounts.

The Truth In Netflix — How The Story Goes Hollywood

The Panama Papers scandal had a multifold impact on nations. It enhanced the national and global focus on the overall harm of money laundering, tax evasion, and terrorist financing. The incident also helped propel the international critique of USA as a potential haven for money laundering and tax evasion. This is mainly due to provisions in the U.S. to form legal entities. Such entities are formed without having to disclose the identity of true beneficial owners. It also showed the world how lawyers can facilitate their clients’ money laundering.

The somber reality sure caught the attention of Steven Soderbergh. he soon went on to direct the recently launched Netflix-original “The Laundromat”. The movie revolves around the main protagonists of the Panama Papers incident

– Jurgen Mossack (portrayed by Gary Oldman)

and Ramon Fonseca (illustrated by Antonio Banderas).

“How do 15 million millionaires in 200 countries stay rich? With lawyers like these — “ The trailer of the movie “The Laundromat” itself hints to a satirical flavor and adds to the point we mentioned earlier. Many people may find knowledge through humor in the movie. But the original characters certainly don’t share that perspective. The movie has been subject to an extensive lawsuit by the original duo. They have cited the grounds of the movie as “defamatory”

The incident and resulting scandal also illustrates another looming threat. The growing frequency, ease, and potentially devastating consequences of data breaches are concerning. Cyber attacks can threaten even the richest and most powerful people. The breach of client confidential information held by a law firm can have serious potential legal consequences. This applies to both the firm and its affected clients.

The Impact On The Indian Subcontinent

The Indian Express was the partner of the ICIJ project on the Panama Paper Leaks. They had revealed the names of over 500 Indians in its report. This came after 8 months of an extensive investigation of over 36,000 files.

The list publishes the names of corporate figures like the DLF owner K P Singh and nine of his family members. Other names include the Indiabulls Sameer Gehlaut, Vinod Adani who is also a businessman and the elder brother of Gautam Adani. India-born Dutch businessman Ratan Chadha who is the founder of Mexx clothing is also mentioned in the list.

The list provides details of big businessmen to celebrities of Bollywood and politicians. Top names from Bollywood include Amitabh Bachchan & Aishwarya Rai Bachchan.
Mohan Lal Lohia, Abdul Rashid and others are also named among others in this context. The list also shows the addresses of businessmen in Panchkula, Dehradun, Vadodara and Mandsaur. It also includes cricket franchise deals. The files indicate linkages of those people who are already under the scrutiny of the CBI and Income Tax department.
The main accusation against Indians is that they propped up their offshore companies long before the rules were changed in 2013. it was with the intention to place foreign exchange in a tax haven.

Violations of Indian Laws Under Panama Papers Leak

There are mainly laws which are being violated in the Panama Papers case which have been found under the investigation,

The Incorporation of Companies Overseas.
Acquisition of the majority shares of overseas companies in contravention of FEMA rules.
Violation of RBI’s Liberalised Remittance Scheme.

According to Indian legislation, Indians could not incorporate companies outside India. This is because remittances to foreign countries were not allowed before 2004. RBI in 2004 introduced a scheme called as Liberalised Remittance Scheme. This permitted individuals to remit upto $250,000 in phases. These remittances could be utilized for different reasons. Examples — medical, gifting, buying shares, etc.

The people were facing a lot of confusion on this issue. So, the RBI issued a notification in the year 2010. This stated that though the Liberalised Remittance Scheme, Indians are allowed to buy shares. However, it specifically prohibits the setting up of companies abroad by individuals.

RBI issued another notice in 2013. It allowed resident Indians to invest in joint ventures through the Overseas Direct Investment route. So, any company overseas by an Indian can be considered legal only if it was established after 2013.

Insurance Swindles, Shares Fraud and Money Laundering — The Stark Realities Of The Panama Papers

Take One (Insurance Fraud):

The Laundromat portrays the impact on individual lives with respect to the business handled by Mossack Fonseca. The first incident revolves around Ellen Martin (portrayed by Meryl Streep) and her husband (played by James Cromwell). Ellen Martin and her husband Joe are on a pleasure boat at Lake George, New York when it capsizes, drowning Joe. Ellen tries to get compensation from the boating company for Joe’s death. But she could not do so. The reinsurance company that the boat company’s owner and son Matthew bought their policy from was sold to another company based out of Nevis. The Nevis-based company is actually a trust of one of Mossack’s shell companies. It was under investigation by the Internal Revenue Service (IRS) for fraud. Several attempts to contact Mossack and the Nevis-based company were unsuccessful. Ellen travels to Nevis to confront Malchus Boncamper, the manager of the trust. Malchus tricks Ellen and escapes to Miami. But on the way he is caught and arrested by IRS-CI Special Agents at a Miami airport.

Take Two (Shell Shock — Bogus Shares)

The second story is about Simone, who is the daughter of Charles, an African billionaire. Simone discovers her best friend is having an affair with Charles. He offers her shares (supposedly worth $20 million) in one of his investment companies to keep her silent. She accepts his offer. But when she with her mother travels to Mossack’s offices in Panama City to claim the shares, they turn out to be worthless. This is because they are actually part of a shell company under Mossack that only exists on paper. The companies individual values turn out to be $100 and $27 each!!

Take Three (Money Laundering)

The third story is a dramatization of the death of Neil Heywood, part of the Wang Lijun incident. Heywood (renamed “Maywood” in the film), is an intermediary for wealthy Chinese looking to funnel money abroad. He visits a Chongqing hotel to meet Gu Kailai. Maywood demands and pressures Gu for a much higher price. This is if she wants him to continue laundering money for her family through a shell company Mossack owns. Gu responds by poisoning Maywood’s drinks. Gu discloses the incident and reports Maywood to Chongqing police chief Wang Lijun. He secretly records the conversation; he then reports her to the Chinese government.

The story ends with the arrest of Gu and her husband Bo Xilai for Maywood’s murder and for corruption in connection to The Wang Lijun incident. It was a major Chinese political scandal which began in February 2012. This was when Wang Lijun, vice-mayor of Chongqing, was abruptly demoted. He had revealed the details of British businessman Neil Heywood’s murder and subsequent cover-up to the US Consulate.

Interestingly, Neil Haywood, was depicted as a shark in the shell company game through the movie but not much details were provided about him. A point to be noted here is that the film is vague about the reasons why the offshore world thrives. It bludgeons its message home as a “haves vs have-nots” narrative. The particular focus is on tax evasion. This misses some of the other reasons that AML practitioners should be concerned about offshore companies.

KYB — Why It Would Have Been The Anti-Laundromat?

Besides legal considerations, there are also social and ethical responsibilities for knowing UBO. It means the ultimate beneficial owners (UBO) of companies you are doing business with. The Panama Papers disclosed over 200,000 shell companies that hid billions of dollars from lawful taxation. These hidden funds go into the hands of already influential people . In turn, it creates a larger tax burden for society.

Implementing Know Your Business (KYB) requires investigating the UBO structure by law. This is part of the customer due diligence (CDD) process.

KYB in Europe

For example the 4th AML Directive is already in effect in Europe and requires:

identifying the beneficial owner and taking reasonable measures to verify that person’s identity. In this way, the obliged entity is satisfied that it knows who the beneficial owner is. UBO includes legal persons, trusts, companies, foundations and similar legal arrangements. KYB takes reasonable measures to understand the ownership and control structure of the customer.

A beneficial owner in the EU is an entity/individual who owns more than 25% of the corporate entity. Currently the EU customer due diligence requirements are:

(a) identifying the customer and verifying the customer’s identity. This can be done on the basis of documents, data or information procured from a reliable and independent source.

(b) identifying the beneficial owner to the extent that the obliged entity is satisfied. It knows who the beneficial owner is.

(d) monitoring of the business relationship including scrutiny of transactions. This includes all transactions undertaken throughout the course of that relationship. It ensures that the transactions being conducted are consistent with the obliged entity’s knowledge of the customer, the business and risk profile.

KYB in the US

In the US, the Customer Due Diligence (CDD) Final Rule went into full effect May 11, 2018. It states that all covered financial institutions must identify and verify the identity of the beneficial owners of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted). Financial institutions (FIs) includes banks; brokers or dealers in securities, mutual funds; and futures commission merchants and introducing brokers in commodities.

Unfortunately, different jurisdictions have different requirements. Even within the same jurisdictions different regulations are applicable. For example, besides the Bank Secrecy Act (BSA), which covers the CDD rules, US FIs also have to consider Dodd-Frank, SEC disclosure rules, OFAC (Office of Foreign Assets Control), and FACTA (Foreign Account Tax Compliance Act).

Conclusion

The Laundromat may appear entertaining to many a Netflix enthusiast, but the mortifying part is that it is based on true events. Previously we have encountered movies like The Big Short, The Wolf Of Wall Street and many such titles. These have been entertaining and devastating at the same time. You often love to see and hear about the ways that con man take money, but we often forget that in many cases, its YOUR money that is getting taken and it is YOU that gets scammed.

But there is hope — once KYB comes into full sway. The enforcement and regulatory authorities will finally have the trail to follow fake organizations and prevent hundreds of millions of dollars worth of economic offenses in the form of financial fraud. Yes, you might not have an original classic like The Laundromat, but at least your money will be safe — and then you can always turn to Ocean’s Trilogy for a similar experience, only fictional.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Reach us at: www.signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

How NBFC-Account Aggregators Ease Financial Processes And Protect Privacy

Posted on November 25, 2020 | by Signzian

Account Aggregators(AA) are financial entities belonging to a new class of NBFCs introduced by the Reserve Bank of India(RBI) in 2016. With consent, NBFC-AAs consolidate, organize, and retrieve customers’ financial data when required by Financial Information Users(FIU) constituted mostly of NBFCs for a fee or otherwise. The mechanism must mandatorily follow consent architecture as prescribed by RBI. In a far simplified tone,

NBFC-AAs make a requirement like a loan application easier for customers by providing financial access to their data with consent.

Even though the introduction of NBFC-AA was in 2016, the concept existed prior as well. Account aggregators like Perfios and Yodlee were engaged in consolidating financial data and analysing it for customers or institutions. Recently the Government decided to bring into effect entities that keep track of scattered financial data. These entities are scrutinised by multiple financial regulators(like RBI, SEBI, IRDAI). This was an official statement of transparency.

Why are Account Aggregators needed?

Most of an individual’s financial data is scattered due to accessing multiple financial products from multiple financial institutions. The customer herself would be confused about her financial data.

Another significant factor relates to data security. For the customers, there is no way to provision data securely to distinct entities. Current modes include:

Account credentials are shared through third-parties.
Data is provided as hard copies.
Limited exchange of data through paperless transactions.

These modes are highly volatile as secure data acquirement and privacy can be compromised to a greater extent.

Thus the purpose of an NBFC-AA becomes to give a collective idea of the customers’ holdings and products. It provides information on multiple accounts held by the customer in a consolidated, organised and retrievable format. This will be exclusively voluntary and would not be done without the consent of the customer.

An NBFC is usually associated with transactions in financial assets by the customer. But An NBFC-AA does not have such a role in the process. It’s the only role is in account aggregation avoiding all financial transaction-oriented involvement.

NBFC-AA’s services are backed by necessary authorisations among customer, aggregator and financial service provider(FIP). This restriction along with most others have been introduced by the Financial Stability and Development Council (FSDC). This is where the part of an NBFC-AA covers not just the sphere of financial data but extends into other domains.

How does NBFC-AAs ease financial transactions?

NBFC-AAs can retrieve financial data of a customer from any financial regulator. This is consolidated and organised in a single portal. It can be shared with an FIU(Financial Information User), who must be regulated by a financial sector regulator like RBI, SEBI, IRDAI, etc. All data transfers should be consented by the customer without which no action will occur. For this, a detailed ‘Consent Architecture’ is to be implemented by the NBFC-AA.

In the pragmatic speech, this plethora of information is a gold mine for the FIUs(NBFCs) as it allows them to retrieve, with consent the customer’s data from the NBFC-AA. But, RBI had ruled that account aggregators can access customer data, but not store them.

The process is explained with the following illustration –[reference. Image 1]

Source- http://vinodkothari.com/2020/02/nbfc-aa-consent-gateways/

Some aspects of the process:

If a customer’s loan application is through a digital lending app, the NBFC requires the applicant’s financial data to execute a credit evaluation and determine its approval or denial.
NBFC-AAs would ease the process by not demanding all financial holdings data individually and in hard copy. Instead, the customer can provide consent allowing data to be revealed from the NBFC-AA to the NBFC involved(customer can even determine to what extent in time this data is to be shared). This process takes a minuscule period, usually merely seconds.
More than the time this saves, the information sharing impedances are considerably reduced while not compromising security.

What about when the Fintech Company is involved?

There are two partners and an entity in the process:

The Sourcing Partner- a fintech company
The Funding Partner- Usually an NBFC that provides the funds
The Third entity- Account Aggregators(NBFC-AA) that provide the information required with consent.

The role of a fintech entity in the triangle would be its capacity to apply for an NBFC-AA license by itself or incorporate a new entity who has applied for the license and is capable of carrying out the role of an NBFC-AA in the proceedings. The former option will require the fintech company to maintain Rs. 2 crores as Net Owned Fund (NOF) for eligibility and registration.

This image illustrates the process with a fintech entity — [reference. Image 2]

Source- http://vinodkothari.com/2020/02/nbfc-aa-consent-gateways/

Why is Consent Architecture the most important aspect of NBFC-AAs?

It is the most significant part of an NBFC-AA. An absence of customer’s consent will render the NBFC-AA’s capacity void. The obtainment, submission and managing of consent should strictly be consonant with the Master Directions offered by the RBI. The prescription has specifically denoted the consent to be a standardized consent artefact containing:

Customer’s identity.
Contact information.
Requested financial information’s nature.
Specified purpose of obtaining such information.
The identity of information recipients.
URL or other address to be notified every time the consent artefact is utilised to access the information
Consent creation date and expiry date.
Account Aggregator’s identity and signature/ digital signature.
Any other attributes prescribed by RBI.

The artefact can also be in an electronic form capable of being logged, audited and verified.

The customer can revoke the consent any time she desires rendering the artefact utility null. Once revoked, a fresh consent artefact is shared with the FIP.

Which are The Prevalent NBFC-AAs

RBI provided operating licenses to four AAs in 2016:

CAMS FinServ
Cookiejar Technologies Pvt Ltd. (Product titled Finvu)
FinSec AA Solutions Private Limited (The Product titled OneMoney)
NESL Asset Data Limited

RBI provided in-principle approvals to three AAs in 2016:

Jio Information Solutions Limited
Perfios Account Aggregation Services Pvt Ltd
Yodlee Finsoft Pvt Limited

Sahamati, a collective of the AA ecosystem has reported that currently, Axis Bank, Bajaj Finserv, Bank, Kotak Mahindra Bank, ICICI Bank, IDFC First Bank, HDFC Bank, and State Bank of India are developing their FIP/FIU implementation. Of these, Indusind Bank has already gone live. The reluctance exhibited by FIPs to share data with consent is considerably reducing with the evolving account aggregation domain.

BG Mahesh (Co-founder of Sahamati) said that AA platforms are in the final stage of the ‘wave one marathon. They passed the proof-of-concept stage last year. State Bank of India and a few big private banks are in the pre-production stage. In the next month, they will go into production,”

FIPs like GST, CBDT and TRAI are expected to join the ecosystem once the framework is implemented to success. The total AAs are expected to increase in number in the coming years with tech giants keeping a close eye to join in on the next wave of this evolution.

What is Sahamati and how does it further help NBFC-AAs?

DigiSahamati Foundation (Sahamati) is a not-for-profit collective of account aggregators established as a private limited company under Section 8 (of the new Companies Act of India). Sahamati came into existence as a response to the massively scattered financial data of customers and its need to be consolidated and organised.

Sahamati seeks to bring together people with versatile backgrounds in finance and technology to determine and achieve India’s Account Aggregator network, Protection Architecture and Data Empowerment. These goals and actions include examples such as ensuring banks implement proper consent architecture, FIP certifications to be robust or design novel methods for data sharing without compromise.

How do we register an AA license from RBI?

Companies with Net Owned Fund (NOF) more than 2 crores are eligible to apply for an AA license. AAs regulated by other sector regulators can not obtain a license from RBI if they are aggregating accounts and consolidating information on customers of only that sector.

Procedure for obtaining the NBFC-AA license — [reference. Image 3]

How NBFC-AAs Led to The Formation of DEPA

After the establishment of NBFC-AAs, an entity for a collective of Account Aggregators was expected. DigiSahamati Foundation(Sahamati) fulfilled this. Started as a private non-profit organisation, with the advice of RBI and other regulatory bodies, Sahamati was also one of the pioneers of new data architecture. This led to a more tight-knit and secure form of data architecture to be developed. This was later strategized and formulated as DEPA(Data Empowerment and Protection Architecture) in 2020.

DEPA, introduced as a draft policy by NITI Aayog is an approach or paradigm shift in managing personal data. It proposes a framework for consent approval that permits users to access and share data with third-party institutions. The policy involves RBI, SEBI, IRDAI, PFRDA and the Ministry of Finance operating together for implementation.

DEPA puts forth the concept of User Consent Managers in the data architecture. They are entities that manage consent for data sharing. They work to protect data rights. They obtain selected data from FIPs and deliver it to FIUs for a specified time. What data is to be shared and for what time it is to be shared is determined by the customer. Without the customer’s consent, no process will start.

Under DEPA, the individual, potential user and the institution holding the individual’s data will interact through consent managers. These consent managers are ‘data blind’ and can not view or use the individuals’ data themselves. All information is encrypted.

How Will NBFC-AA Help Users and Their Privacy?

The idea to collate and transfer data with strict consent architecture will help a data-rich country like India towards becoming more economically rich. As interactions like verification and lending become quicker and simpler with the help of Account Aggregators, the economy with increased motion will be churned to an essence.

The major concern regarding NBFC-AAs was the issue of privacy. How safe were we with transferring data through a data manager? Once the proper structure of DEPA and how the privacy will be protected was elaborate, more companies and organizations have initiated their FIU plans. The real trust comes from the fact that none of the NBFC-AAs can breach the privacy of the user even if they collate and transfer user data. This is because:

No action can be initiated without the consent of the customer.
Customers can determine the specific data to be transferred.
Customer can determine the Specified time for the data to be transferred( be it a week, a month or the time he prefers).
The content is not revealed to NBFC-AAs.
The transfer is directly from FIP to FIU and NBFC-AA merely organises the interaction for a specified fee or otherwise.
With the help of Collectives like Sahamati grievances of all parties can be swiftly addressed.
Oversight by regulators provides superintendence.

The Verdict

Most modern NBFCs prefer to acquire the license or avail the services of an NBFC-AA as this would enable them to provide easier and quicker services for the customer and help themselves cut down on the expenses and manpower required, otherwise. The customer not requiring to even exit an app on her phone increases her affinity towards an institution that provides such a facility.

Nonetheless, it must be ensured that the revenue model should be constructed for the NBFC-AA to benefit from the services it would provide to other NBFCs. This would include easier approval and sanction methodology for lending.

The recent steep increase in interest for acquiring an NBFC-AA license provides sufficient evidence as to how this relatively new entity would change the financial transactions in this era.

The concerns of privacy being breached and other malpractices occurring due to the easy accessibility of personal financial data need to be considered. But one must keep in mind that the data is accessed easily, the operative word being ‘Easily’. This does not imply that it will be accessible unsafely or irresponsibly. With an impeccable consent architecture, the data accessibility is exclusive for selected entities for a selected time. The final call for all of this is for the customer.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Digital Transformation of 5 Cs of Credit Analysis — New Trends in Lending

Posted on November 6, 2020 | by Signzian

Digitization has become a marvel of technological innovation. It is dramatically changing credit markets around the world. It is also creating opportunities for consumers and new market participants. However, there remain challenges for traditional financial institutions and regulators.

What are the 5cs Of Credit

Credit analysis determines the risk involved with a loan and its borrower. A bank or lending institution will check your business & personal financial details. This comes regardless of the type of financing needed. Credit analysis can be broken into the “5 Cs:” character, capacity, condition, capital and collateral.

Character: This assures lenders about the honesty and integrity of the borrower and guarantors. The lender needs to be confident about other aspects of the applicant. This includes the background, education, industry knowledge and experience which is essential for successfully managing the business. Lenders may need a certain amount of management and/or ownership experience. One can assume the past is the best predictor for the future. On that note, a lender will examine the personal credit of all borrowers and guarantors as a precaution.

Capacity (Cash flow): The lender will obviously want to check if your business is capable of loan repayment. The business should have a consistent cash flow to support expenses and debts. Verifying the payment history of existing loans and expenses is crucial. This is because it acts as an indicator to the borrower’s reliability to make loan payments.

Condition: The lender must identify the condition of the business, the industry, and the economy. This is why it is essential for lenders to know the industry. The lender will also verify the current conditions of the business/individual. The check involves knowing whether the condition will continue, improve, or deteriorate. In addition, the lender will want to know how the loan proceeds will be used. This can be towards working capital, renovations, additional equipment, etc.

Capital: Lenders need to check for personal investments that the borrower plans to make in the business. Investing personal capital reduces the chance of default. Investing in personal assets also indicates that you are willing to take a personal risk for the sake of your business.

Collateral: A lender will evaluate the assets (both business and personal) of the guarantors. This is because they can act as a secondary source of repayment. Collateral is vital, however, its significance depends on the type of loan. A lender will provide details on the types of collateral needed depending upon the type of loan.

The above five components constitute an effective way of credit analysis. It also helps the lender understand the borrower and the business. By knowing each of the “5 Cs,” a better understanding of the loan application process and its requirements can be gained.

Need For Technology In Credit Analysis

In today’s digital environment, customers require excellence in terms of service. The demands are cumbersome when it comes to hassle-free and timely service rendition. Banking and financial services are one of the highest demand sectors in this regard.

Modern lending institutions are Constantly competing to win clients over. Utilizing software solutions can help meet those lofty demands. It can simultaneously mitigate credit risks as well.

The need for an improved credit management process

The traditional lending industry is adopting automated credit underwriting as the accepted norm. This shortens the wait time for clients. It also helps banks improve customer experience through a competitive environment. According to an article by Monja, the automated credit underwriting market stood globally at USD 2,615.8 million in 2017. It is predicted to grow up to USD 5,579.4 million by 2024. This will reflect a CAGR of 11.6% over the forecast period. The traditional lending industry is adopting automated credit underwriting as the accepted norm. This shortens the wait time for clients. It also helps banks improve customer experience through a competitive environment. According to an article by Monja, the automated credit underwriting market stood globally at USD 2,615.8 million in 2017. It is predicted to grow up to USD 5,579.4 million by 2024. This will reflect a CAGR of 11.6% over the forecast period.

The paper-based process causes delays in credit estimation, loan approval and releases. Time, as well as the cost of processing each loan application, can be reduced drastically. This requires a streamlined credit management process to replace legacy methods.

Hence, only automation can be the messiah to deliver an immense improvement in the current practice of extending loans. Lending firms that continue to be cynical about the efficiency of automation would be losing a lot. This includes clients, business opportunities, and more importantly revenue.

6 Reasons Why Digitization Is The Need Of The Hour

Customer expectations. Banks traditionally depend upon physical distribution methods. Recently, it has been challenging to meet changing customer needs for speed and simplicity. Demands like fast online credit approvals are growing. A Report by Mckinsey highlights how the customer needs for online and mobile experience will grow 4X by the end of 2020.

Reduce back and forth client interactions

The current process requires scanning, emailing, and faxing financial information and supporting documentation, . This can be a strenuous back-and-forth process. Customer-facing interactive portals and APIs can easily enable the digital capture of such information.

Eliminate unnecessary manual work: The amount of unnecessary manual data entry can be easily reduced. Leveraging a portal that connects to the borrower’s financial accounting package is the answer. It should also support the technology to read tax forms digitally,

Make quicker and smarter decisions: The time required to generate financial spreads can be reduced. The application of innovative machine-learning technology is perfect for this.

Improved risk mitigation: Risk reduction is the main goal of any lender. Automation technology using AI can easily help in this area. The system will use the rules you define and analyze entire credit applications in seconds. It also reports reporting every error it detects. AI can handle redundant tasks at a higher speed and with lower error chances.

Pressure on cost and returns. The new players in the market are challenging incumbents’ revenues and their cost models. The conventional form of banking operations, branch networks, and legacy IT systems can be cumbersome. Fintech companies can operate at much lower cost-to-income ratios. This is approximately 40 percent lower according to a report by McKinsey.

How Automation Can Transform The Credit Analysis & Lending Landscape

The operational problems present in a manual paper-based solution can be complicated. The automation of credit analysis and the digitization of the key steps can provide savings of up to 50%. The benefits extend well beyond even improvements. Digitization can also protect bank revenue from harm. The potential of reducing leakage can be up to 5–10%.

1.Improved accuracy, zero paperwork

Sifting through voluminous data has been the inevitable cause of delays in loan processing. The front-end data flow requires extensive man-hours. But in a paper-less setting, the complications in the process are reduced. This can be seen from the initiation stage until the approval phase.

An automated lending system can manage the heavy volume of data. It can delegate transactions without missing a step. Signzy’s complete onboarding solutions can help in this regard. With AI-based proprietary technology, higher efficiency is easily guaranteed. Using computer vision, our solution is capable of processing almost 3.5 million documents in 1 day.

2. Greater Savings With Lesser Cost

Automation greatly reduces processing time. Thus the cost of doing business or processing a loan application will automatically drop. Credit and loan officers can utilize time to process more accounts.

Most importantly, lending firms can exempt the cost of hiring and training of additional personnel. Overall operating costs are greatly reduced. Automation can help reduce the cost of risk mitigation by 10–25%. Additionally, the overall costs are lowered by about 20%.

3. Optimize lending operations through APIs

A lending software solution can optimize all segments of the lending operation. However, the primary point of focus is always on the risk-assessment aspect.

Signzy uses proprietary APIs that our decision-making engine can use. These APIs can cross-check credit scores against EXPERIAN data. The checks are conducted against the Consumer Bureau database as well. The system checks for accurately retrieving the credit score of the borrower. This allows for a faster decision-making process.

4. Clients are the ultimate beneficiaries

The best customer experience is ultimately desirable in a streamlined credit management process. The processing of consumer, commercial or industrial loans is not a time-consuming affair. Automation can easily satisfy customer expectations.

Clients are not really concerned with the internal mechanism of the process. When all loan requirements ae fulfilled, the timer begins to count down. Most borrowers expect the processing of their loan applications to be timely.

New Trends In Lending — How Organizations Are Adopting To Automation

The onset of Covid-19 has set an inflection point for a spike in demand for contact-less and paper-less lending. This has fast-tracked digital transformation in the lending industry. This is similar to how demonetization catapulted digital payments in India.

NBFC’s have traditionally designed digital capabilities to drive cost-efficiencies and manage risks. However, the Fintech industry has shown digital prowess for improving customer experience.

Digital Analytics For Credit Analysis

FinTech’s have largely managed collections via data analytics led sms/phone/email communication. They have also employed limited on-ground collection teams. As a result, an increase in on-ground collections is viable. This can be either through in-house teams or collection-agency outsourcing.

There has also been a spike in partnerships with payment banks. The purpose of this is to enable customers to deposit cash at kirana outlets. It also entices the proliferation of awareness campaigns for customers to pay using UPI and similar methods.

Fintechs Play A Crucial Role In Digital Lending

In McKinsey’s Future of Risk Management Survey, data shows that 85% of risk managers believe legacy IT infrastructure to be the main challenge in digitization. To resolve this, many large financial institutions have collaborated with fintechs. For example, ING with Kabbage and BBVA Compass Bancshares with OnDeck.

The report also highlights new lending approaches. This includes automating SME credit decisions through the use of alternative data sources. Ex: e-commerce-transaction data from Amazon, PayPal, and eBay. Other examples include: cloud-accounting data from Xero and banking-transaction data via APIs. These are collected from financial-data aggregators such as Yodlee and Finicity). From these findings, it can be inferred that fintechs can play a key role for innovations in digital lending.

Conclusion

Traditional lenders seem to have a notion. They feel that an automated lending system is overrated. For them, a complex process like credit management is impossible to automate. They fear for the weakening of the lending process. On the other hand, sticking to the manual process poses bigger risks.

Moreover, a lending firm that processes loans at a turtle pace will not merit attention. Times have changed and credit risk processes are turning digital. Every player in the lending space needs a lending software solution.

Automation is essential in this day and age. Lenders can hit volume targets, increase profits while managing delinquencies and mitigating risks. It’s the new backbone of any lending business.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Image Forgery: Innovations In Technology By Signzy

Posted on October 23, 2020 | by Signzian

Image forgery has long been a pressing issue in the realms of digital media, cybersecurity, and even legal proceedings. As technology advances, so do the techniques for creating increasingly convincing forgeries. This raises critical concerns for the integrity of digital information and calls for innovative solutions to detect and prevent fraudulent manipulations.

While Facebook, Microsoft, and many others are banding together to help make machine learning capable of detecting deepfakes in videos, we at Signzy are trying to solve a similar problem, detecting fakes in documents. In the journey of building the global digital trust system, we at Signzy had to solve this major challenge of detecting image manipulations in identity documents.

Fig 1.0 Example of our forgery detection in action

In this blog, I will try to explain our approach in building an innovative image manipulation detection approach using deep learning.

The above images are examples of the advancements in image manipulation techniques. It takes a considerable effort for a human to find out that the image is forged. The features which distinguish real and fake are less, which makes it difficult to detect with human eyes.

Our objective was to build a system which could detect image manipulated documents.

Our first step was to create a dataset of forged documents to test the algorithm. With our expertise and domain knowledge in this field we came up with various scenarios on how an intruder would forge a document. The corresponding data for these scenarios was prepared by photoshop experts.

The forged documents were of mostly two categories.

Copy paste : A region of the image copied from a particular document and pasted into a different document.
Copy move : A region of the image copied from a particular document and pasted into the same document.

Copy paste

This is the type of forgery when a fraudster tries to copy a face from one document into another document. Our goal was to detect these forged regions and to classify the document as fake or real.

The dataset that we created manually using photoshop experts was not enough to train any deep learning solution around it. So we developed image processing algorithms which could generate synthetic forged data. Now all set for the experimentation.

For forged region detection, our approach was to first start off with the state of the object detection methods. We tried with FRCNN to predict the bounding boxes of the forged region along with the class information. FRCNN uses convolution nets to extract feature maps from the input image. These maps are then passed on to a Region Proposal Network which will give proposals for bounding boxes. These proposals are passed on to the ROI pooling layer which converts all the proposals to the same size. Finally, they are passed on to a fully connected layer to predict bounding boxes and classes. This method did not give us better results because the forged regions were of very small size.

Our second approach was to train a patch-based classifier which could classify between real and forged patches. The idea was on the assumption that if the copied image region has a different compression footprint when compared to the region to which its copied to, there would be a strong shift in the way that the pixels are grouped. This method proved to be very efficient.

It almost gave us around 97% accuracy. We did a lot of ablation studies to find the right configurations which I can’t reveal due to IP issues.

Copy Move

This is the type of forgery when a fraudster tries to change any text in an image by copying a similar text from the same image. For example, changing dates. Our goal was to detect these forged regions and to classify the document as fake or real.

There is a lot of literature related to detection of this type of forgery. The popular one is DCT based feature matching. In this method, DCT followed by quantization is performed on a 16×16 patch extracted from the image. The similar operation is performed throughout the entire image and all the matrices are sorted. Then for each row in the matrix the corresponding shift vector is calculated. If two regions are copied the shift vector of those regions would match. A very powerful algorithm that works well in most scenarios. But in our use case, since a document has many regions that have the same DCT values this method couldn’t be applied.

Our method involved two parallel networks. First, an encoder-decoder network predicts pixel-wise forged regions. A second network runs in parallel that finds feature maps which are in correlation with forged region predicted by the first network. Both networks are trained together with a cumulative loss function. I regret as I can’t reveal the full solution due to IP issues.

To summarize this blog, I had explained the two major types of forgeries which can be done in documents. Also, I had tried to explain the approaches we took to solve this challenging problem. Hope you had a nice read.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

A B Sarvanan

Tech Lead — AI Team (Signzy)

KYB Vs KYC — The What, The How and The Where

Posted on October 17, 2020 | by Signzian

Know Your Business (KYB) process is not so different from the most widely known and standardized Know Your Customer (KYC) process. The difference lies in the purpose and intentionality of the process. The focus is on identifying companies and suppliers in the first case. It changes to consumers or customers in the second one.

KYB (Know Your Business) process shares all the features we have seen in defining KYC processes. The difference lies in the user to identify. In the standard process, potential clients or users are identified to register them in a company. KYB process involves identifying the person responsible or legal representative of a business.

Most B2B (Business-to-Business) companies need to carry out due diligence to identify the businesses they work with. This is to fight money laundering and other tax crimes. It also ensures that they work with organizations with security and guarantees. Even so, in the great majority of occasions, as in the financial sector, it is a mandatory requirement of legal compliance.

For example, companies that offer professional services to other companies must establish KYB. This is to identify the legal representatives of these businesses. It also verifies their connection with the client company.

As with the KYC process, digital solutions in KYB help

– reduce costs

– eliminate bureaucracy

– develop control methods that are safer and more reliable than traditional methods.

KYC To KYB — How One Led To The Other

The US Banking Act of 1970, laid the foundation for the Anti Money laundering (AML) regulations. Customer Due Diligence (CDD) was deemed essential to the financial sector. The term assigned to CDD at the earlier stages was Know Your Customer or KYC.

However, in June 2016, a loophole was found in KYC compliance regulations in the US. These regulations ensured the identity of the customers while assesing the risk factors associated with them. The loophole is that financial institutes weren’t required to identify or verify the stakeholders and beneficiaries of the businesses and entities they are serving. This meant that legitimate firms could unknowingly shelter bad entities or shell companies. These entities could perform illegal and high-value transactions on their behalf. To verify the identity of businesses, the need for KYB was born.

Talking About KYB Terminology

Ultimate Beneficial Owner | UBO

A UBO or Ultimate Beneficial Owner denotes the person or entity that is the ultimate beneficiary of an organization that initiates a transaction. A UBO of a legal entity is a person who possesses:

An interest of at least 25% capital of the business.

At least 25% voting rights at the common meeting of shareholders

A minimum receipt of 25% of said organization’s capital as a beneficiary

Customer Due Diligence | CDD

Customer Due Diligence is a KYC process. It involves conducting background checks on clients. This helps in risk mitigation before further dealings. Business relationship risks may root from many factors in the finance factor. These may have financial crime, creditworthiness and inefficient AML/CFT policies.

Enhanced Due Diligence | EDD

Enhanced Due Diligence is a KYB process having a greater level of scrutiny of potential business partnerships. It also highlights risks that evade Customer Due Diligence.

Simplified Due Diligence | SDD

This is the simplest level of due diligence that can be carried out on a customer. This is appropriate where there is nil to moderate risk of money laundering or terrorist financing. Under such criteria, products and services fall into simplified due diligence criteria. The only requirement is to identify your customer.

AMLD5 Guidelines — Role In KYB Compliance

Recently, two major regulatory global directives were updated. These are the 2nd Payment Services Directive (PSD2) and the Fifth Anti-Money Laundering Directive (AMLD5). The PSD2 requires financial institutions to share data with other institutions. This can be done through the use of APIs (Application Programming Interfaces). On the other hand, AMLD5 compels financial businesses to keep checks on personal information online.

Some key takeaways of AMLD5 –

Obliged entities should assess the information available in KYB records. Then they can proceed with the data process to mitigate any gaps in the Ultimate Beneficial Ownership (UBO) data. There may be gaps or new requirements to obtain information. KYB periodic reviews can be used to obtain or confirm existing beneficial ownership information. This way, the necessary information is available for updating relevant beneficial ownership registers.

The following are the requirements for a robust KYB process:

1. Collect information on the customer, UBOs and intended nature of the business relationship.

2. Gather data on the source of funds and wealth of the customer and UBOs. The reasons for the intended or performed transactions can also be procured.

3. Gain consent of senior management for establishing or continuing the business relationship.

Need For KYB In Businesses

KYB checks are most relevant in the context of AML compliance currently. In India, the major reason for introducing KYB is fraud. Despite advancements in KYC, frauds at the organizational level continue to occur in India. Here are some examples:

Money Laundering Through Shell Companies

A common method of money laundering is through the establishment of fake companies. These are also called shell companies. Most of these appear compliant with the Government of India. However, these companies do not really exist. Shell companies sell no goods or services. They exist only on paper, not in reality.

In a recent crackdown on Chinese companies in India, the Income Tax Department conducted a series of search operations. A scant number of Chinese individuals and their Indian counterparts were found. They were engaged in money laundering and hawala transactions through shell entities. Above 40 bank accounts were created in various dummy entities. These were used in the transactions of over Rs 1,000 crore. With KYB, these shell companies could have been easily investigated and identified faster.

Chit Fund Scams

In India, chit fund scams go back to several decades. In such cases, a registered organization looks authentic. But it mainly just cheats people with lucrative offers. The customers end up providing money. Then the company disappears without a trace.

In Himachal Pradesh, a recent scam was run under the name of Sarv Manglam Cooperative Society Non-Trading Company. This organization was registered in Dharamshala. The members were been accused and arrested for cheating people of Rs 2.75 Cr. With KYB, this could easily have been prevented as the UBO information would have appeared as bogus or fraud.

Bank Loan Frauds

These kinds of fraud involve a bogus organization. It registers as a genuine service company. The objective is to scheme people into providing payments by cash or through fraud accounts. Recently this has become a pain point in multiple states.

The Anti-Bank Fraud Wing of the Central Crime Branch on 6th Feb 2020 arrested six persons. The accused were running a call center in Pazhavanthangal (Chennai). They cheated several persons who sought loans online. In a similar incident this year, 4 fraudsters were arrested in connection to fraud of Rs 2 crore from more than five banks. This was done by pledging forged land documents. With KYB, the business information could have been traced early on.

Challenges associated with manual business verification

Businesses are required to verify customers, corporate clients, and other critical information under the KYB guidelines. Some of the major challenges for this process are are:

Time taking manual onboarding process

Normally, KYB verification for customer onboarding can be a hectic manual process. This is because it requires extensive efforts. In a 2019 Survey Report by Thomson Reuters on AML Insights, 47% of respondents used manual document scanning during client onboarding. This ensured a robust digital identity verification at the expense of laborious effort. The report further states that 4/10 companies employ no digital verification at account opening.

The conventional method leads to a frustrating customer experience. Customers are probable to abandon the account creation process. Moreover, the chances of errors and mistakes when done manually are higher.

High compliance cost

In the Thomson Reuters report, 95 % of respondents reported that data accuracy was very important. 93% cited both well-structured data and company reputation/credibility were also crucial. High costs are required for manually retrieving UBO information. These other factors also drive up the cost for manual KYB verification.

Complex ownership structure

KYC/KYB regulatory directives such as AMLD5 and PSD2 CDD rules make it necessary to verify and identify the business entities. This becomes a mandatory regulatory requirement. Financial institutions rely on gathering business details from clients. This is done with a manual process of filling in forms and verifying the information manually. There exists a high probability of data discrepancies to occur in this process.

Data inconsistencies

Companies can afford manual data retrieval. But the problem of data verification remains. There are multiple sources for collecting companies’ data. Sometimes the information can be defunct or invalid.

Technology To The Rescue — Areas To Address For Automating KYB

With an increase in regulatory requirements, the above points clearly state the need to automate the current process. Here are some solutions that could help businesses:

Automated KYB onboarding

AI-powered verification opens an opportunity to increase the efficiency of the onboarding process. It also reduces the cost and speeds up the process.

The manual method for retrieving UBO information can be achieved in a fashion similar to KYC process. What used to take 24–30 days for manual KYC has been reduced to 2–3 minutes by Signzy’s VideoKYC solution.

Access to authentic business registries

Companies must have access to the properly updated business registries. This is valuable and will make business compliance an easy task. Signzy’s proprietary APIs that can easily retrieve company information. This can be done from reliable sources like from the Registrar Of Companies (ROC) database

API integrated KYB solutions

Advanced API integrated solutions can be designed to aggregate data from various sources. Businesses only need to enter the required details to retrieve data. For ex, business registration number and the jurisdiction code where the business is operating.

Signzy provides a host of microservices involve unique APIs that can extract and verify the UBO data in a matter of hours as opposed to days. Our APIs are also capable of cross referencing data across multiple govt. Databases and sanction lists.

Virtual Identification Using VideoKYC

Businesses are now turning towards automated software. This is due to increasing compliance costs. Software helps conduct checks for everything. This includes from basic forgery attempts to advanced negative checks. The data is cross-referenced against sanction lists across the world.

With Signzy’s VideoKYC, the entire process can be completed in a matter of 2–3 minutes. Our unique video conferencing tool can also allow officials to interact and verify the credibility of the data. This is done while maintaining KYB compliance as well as data accuracy.

Scope Of The KYB Market

The market for KYB includes multiple services. Ex: business verification, beneficial ownership identification, and risk assessment and so on. This market is projected to grow to $11.8 billion by 2022. This projection comes from OWI Labs in their recent report

The total global KYB addressable market, as of 2017, the value of the market is estimated at

$5.6 billion with an annual growth rate estimated at 16 percent, adding up to a market size of $11.8 billion in 2022

KYB in Europe

In Europe, the AMLD5 has already been implemented. It facilitates the businesses to know about the UBOs. This is to enable trust between foundations. It also ensures legality of the entities to comprehend the structure of the business and customers.

Devoid of commitment to KYB and other related AML activities can have extreme consequences. For example, Deutsche Bank was fined $16.6 million last year by Frankfurt prosecutors. This was due to failure to observe suspicious transactions. This came as a direct result from their poor management of their AML processes. Previously, a £163 million fine from the UK’s Financial Conduct Authority. This was again due to effective AML oversight. Criminal activity associated with a business can also harm credibility and reputation. It can also cause other business disruptions.

Therefore, KYB is an essential element of anti-fraud frameworks and requirements. This includes Anti-Money Laundering regulations. An extension of KYC and regular due diligence is having a proper KYB process within your organisation. This protects against potential clients and vendors who intend to commit money laundering activities or other financial crimes. By establishing and understanding risk levels during onboarding, organisations can manage potential vulnerabilities. They can also respond effectively to indications of fraud or crime.

KYB in the US

The Customer Due Diligence (CDD) Final Rule is active from May 2018 in the US. This rule states as:

“Beginning on the Applicability Date, covered financial institutions must identify and verify the identity of the beneficial proprietors of all legal entity customers (other than those that are excluded) at the time of opening a new account (other than exempted accounts)”

The financial institutions constitute banks, dealers and brokers, mutual funds and futures commission merchants. However, different jurisdictions constitute different requirements. For example, the US financial institutes, in addition to the Bank Secrecy Act (BSA), are also liable to OFAC (Office of Foreign Assets Control), FACTA (Foreign Account Tax Compliance Act) and SEC disclosure rules.

KYB In India

The newly developed concept of KYB is still in its infancy and yet to be fully applicable across all business sectors. While the regulatory authorities have to take the developments of KYB under consideration, the need for KYB is clear in certain business sectors, particularly in financial space as listed below:

Banking

With money coming in from all corners of the globe, banks must be able to perform Know Your Business (KYB) checks on a client base that may be moving money all around the world. In addition, a “beneficiary owner”, which is a derivative of KYC, must be a present as a priority before financial transactions take place.

A recent article by Times Of India has brought to light how certain “fake” branches have been operating in major Indian states. These are Tamil Nadu’s Cuddalore district as an SBI branch, as well as a false branch of Karnataka Bank which was discovered in Phephna in Ballia district. The culprits behind the 2nd incident swindled almost Rs. 17 lakh in terms of new accounts and fixed deposits. With such fraudulent methods in full sway, KYB in banking is now necessary more than ever.

Lending

India’s lending market is one of the largest in the world, particularly with the advent of digital platforms. Digital lending to micro, small and medium enterprises (MSME) in India can grow upto 7 lakh crore by 2023, a 15x increase in annual disbursements. This is based on a joint report by Omidyar Network and Boston Consulting Group (BCG).

Assessing the integrity and ability of a borrower can be difficult — despite assets backing the loan, making it rock-solid. Unfortunately, there is no stereotypical “fraudster”. There is no scam artist who can be profiled or categorized. A polished CEO with an impressive background can look the same as every other swindler. Lenders need to be particularly mindful of who the borrower is and this means conducting proper due diligence. KYB in lending can help assess:

The background of the directors and the organization
Past offences/lawsuits/ criminal cases registered
Any other controversial data which may harm future business

SMEs/Merchant Onboarding

KYB (know your business) checks are crucial to help businesses verify customer identification by gathering and verifying important documents. It should be mandatory for most financial companies to conduct KYB on their customers/businesses to protect against money laundering, identity theft and fraud. KYB can be incorporated at the time of onboarding to minimize risks as well as mitigate potential frauds.

A lot of companies adhere the use of time-consuming manual KYB processes due to:

Need for complete checks and collect signatures from multiple directors
The applicant is not always the director
The application can quickly become a complex journey if there is overseas ownership or beneficial ownership

Insurance

India does not have an effective insurance fraud law against insurance frauds. According to an article in Business Today, frauds burnt a Rs 45,000-crore hole in the Indian insurance industry’s pocket in 2019. Most of these are due to bogus or fraud claims passed. In many cases, insurance companies, their intermediaries or those pretending to be either of them may also perpetrate frauds.

As India’s insurance industry continues to grow, fraud management is now a major concern for insurers and business leaders. Fraud risk in the insurance value chain can originate from internal as well as external factors. There is also the risk of employees misusing confidential information. Colluding with fraudsters is on the rise. Insurers must install internal checks and balances to rectify such issues.

KYB can also contribute by providing the list of people who have access to sensitive client information as well as conduct checks against the background and history of the organization as well as the people involved.

Conclusion

The global business markets are growing at a rapid pace. Companies must tighten customer due diligence for clients. The KYB processes and checks defined above can take hours to days without a platform with automation capabilities. However, cutting corners to achieve faster onboarding without proper controls increases the risk. It exposes the business to fraudulent actors and their illicit activities. Therefore while complete automation remains a challenge, care must be taken to improve KYB to match the levels of KYC automation that has already been achieved.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

How Video KYC Can Stop KYC-Led Financial Fraud In India

Posted on October 13, 2020 | by Signzian

In recent times, wallets and UPI have taken over the Indian digital payment ecosystem. Since its introduction in 2016 by the National Payments Corporation of India (NPCI), UPI has changed the payments paradigm.

But even as the reduction of friction in payments is driving the growth of new businesses, it is also orchestrating fraud. And with a likely influx into new-age payments platforms in the aftermath of the coronavirus outbreak, things may only get worse.

KYC is basically the collection and collation of customer data which is the most effective way of fraud mitigation. Newer and faster ways of getting KYC done are being implemented with the advent of AI and ML gradually taking over the legacy systems. So instead of having an agent visit the customer to manually check the details, more efficient ways like;

Aadhaar Offline KYC (Processing KYC without the use of biometrics)
Electronic KYC (Accessible to only customers with Aadhaar number)
Central KYC
Video KYC. This involves capturing all details and identification via a video.

Types Of KYC Related Frauds In India

Fake/Emergency Re-KYC

Usually, a re-KYC is required, to ensure an updated database of the customer in areas where they might have been a change. For instance, address or marital status or in case there was a minor mistake in the data.

This is the most common attempt of KYC fraud in India where the fraudster places a forged phone call pretending to be a bank/company representative. He/she asks you to provide your KYC information on an emergency basis otherwise the account will be “blocked”.

They will collect your information from social networking sites like Facebook, Linkedin, Twitter and so on. Once they have enough information, they will call you to talk to you about an ‘emergency’. Once they are confident that you are sold on the idea, they will ask you about your personal account details citing those ‘emergency’ reasons. Once you provide the details, he/she will further transfer the money from your account to some other account.

Vishing

Vishing (voice phishing) is an attempt where fraudsters try to seek personal information like Paytm Bank PIN, Paytm OTP, Card expiry date, CVV etc. via a phone call. The miscreant acts as an employee from Paytm, the government or a bank. He/she asks you for your KYC details. They will state various reasons like reward points, free cashback, reactivation of account, etc for this. These details are then used for accessing your account without your knowledge.

Smishing

Smishing (SMS phishing) is when a SMS/Email/WhatsApp message is used to lure you for calling back on a fraudulent phone number, visiting fraud websites or downloading malicious content via your phone. Fraudsters will send you SMS/Facebook Requests/WhatsApp messages to inform you that you’ve won some prize money, cashback offer or the like. They’ll ask you to share your Paytm account/Paytm Payments Bank account details. Unaware of what might happen, once you do that, they will initiate fraudulent transactions using your account details.

Identity Theft

Identity Theft occurs when someone uses your KYC information to obtain a Credit Card, Loan and other services in your name. Then those will be used for fraudulent transactions. They try to gain access to your details through any of the measures stated above. They contact you and try to collect KYC details pretending to be a Paytm employee!

Common KYC Frauds In India

According to CNBC, The Government of India has announced many beneficial schemes to help small businesses. Example: interest/EMI waive-off for MSME, microloan for unorganized vendors, a moratorium of EMI for various loans up to 6-months. But in most cases, common people might find it challenging to avail of these schemes. This is due to the amount of paperwork and the general complexities involved in dealing with banks. There is also a possibility of many bogus agents approaching small business owners. They provide fake offers of support in exchange for money. These fraudsters may use fake KYC documents to avail such benefits or could run a racket of fund diversion.

Some examples :

In a May report by Times of India, A 70-year-old retired government employee from Hyderabad lost Rs 4.2 lakh in a KYC (know your customer) fraud case. An unidentified man, posing as a Paytm employee, lured him into completing the fake KYC process and the customer provided all bank account details for fear of account termination.
In a Hindustan Times report, a senior citizen (67) from Borivali, Mumbai was duped by a cyber fraudster of Rs 3.18 lakh. The fraudster posed as an executive from a popular e-wallet service provider and under the pretext of updating his KYC (Know Your Customer) details he ricked him into sharing his bank details, including OTPs (one-time passwords). The accused used these details and fraudulently transferred money to another bank account. The complainant is a retired government employee and lives in a Borivali (West) housing complex, the police said,
In July, as per a report by Hindustan Times, a 38-year-old woman from Kothrud, Pune had been duped of Rs 14.49 lakh in a KYC (know your customer) fraud. According to the police, the complainant owns a business in the city.
The cybercrime wing of Maharashtra Police has received a number of complaints against eSIM swapping scams. In this, people have lost large sums of money in cases reported across the country. A July article by Indian Express mentions how the target user initially receives a call from a person posing as a customer care representative of the service provider, who, under various pretexts, deceives the user into forwarding an email sent to the user’s registered mail address with the service provider. In many cases, the user is contacted under the pretext of updating Know Your Customer (KYC) details.
Earlier this January, reports by Times Of India indicated that frauds through KYC were on the rise in Chandigarh with over 50 complaints in just 15 days. According to the Cyber Crime Investigating Cell, complainants have lost amounts ranging between Rs 10000 to Rs 45000.
In June of this year, a resident of Ballygunge, Kolkata was duped by an unknown fraudster who called the wife of the complainant on the pretext of KYC update. The caller convinced her to click on a link shared with her and enter OTPs multiple times after login. The complainant has lost Rs. 48000 in this process.

The Right Way To KYC For Banks & Financial Institutions

In order to clarify and strengthen KYC in the financial sector, the four minimum elements needed for an effective program are:

However, none of these processes require customer bank account information. The data rests with the organization itself while the customer account is created. Most organizations tend to offer to warn their customer channels on the same.

Video KYC — Fighting Financial Fraud

To prevent fraud and money laundering, the BFSI sector needs to comply with KYC norms. These were introduced by RBI and are based on the Government of India’s (GOI) PMLA Law of 2002. Aadhaar-based KYC verification had simplified the process. It also reduced the time taken by the BFSI sector to on-board customers drastically.

But, things changed with the Supreme Court order dated September 26, 2018, made the use of Aadhaar-based KYC by private players as unconstitutional. To overcome this hurdle, RBI brought Video KYC as an alternate tech-driven mode of KYC in its notification on January 9, 2020. It is based on the Aadhaar and Other Laws (Amendment) Bill, 2019, which was introduced by the government on June 24, 2019.

The process involves

Information about the user is received via API
User can opt for authentication using their smartphone/computer
Document details are captured on live video: screenshots of PAN Card, other identity documents, selfies etc.
Documents are scanned and data is automatically extracted and authenticated.
Facial recognition between the picture on document and person showing it is done
Liveliness and fraud prevention checks are conducted
The whole process is recorded on live video
The outcome of the verification process is assigned
The data retrieved during the procedure is automatically forwarded to the client via API

Conclusion

While most people will tell you that being cautious and aware is the best way to fight fraud, the modern age is no longer just a battle of wits but of technology. If fraudsters can use advanced software and hardware to hoodwink your judgment, it is only fair that technology should come to the rescue. Besides, with novel ideas like Video KYC, ven users with minimum knowledge about frauds and cyber threats can secure their accounts. After all, what might escape the human vision cannot defy computer vision.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

« Previous 1 … 18 19 20 21 22 … 26 Next »

CCPA — Popularity Of Privacy In California

GDPR — The European Breakthrough In Privacy

What are the common denominators?

DEPA — How Laws Like GDPR and CCPA laid the groundwork?

DEPA — Building From The Data Privacy Blueprint

Conclusion

About Signzy

What is FinCen?

What is Customer Due Diligence (CDD)?

Why The Fincen CDD Rule?

6 Major Highlights of the Fincen CDD Rule

New Additions — FinCEN Issues New Guidance for Complying with the CDD Rule

The European example

Conclusion

About Signzy

Introduction

What Is The Current System Of Banking In The US And How Does It Handle Data Privacy?

Is Data Privacy Safe in This System of Banking?

How Has Unified Data Protection Been Implemented In Other Regions?

How Will Unified Data Protection Affect The Us Banking Sector?

What Are The Boons And Banes That Follow?

Conclusion

About Signzy

Written By:

About Signzy

Written By:

The Source of the Name “Panama Papers”

The Truth In Netflix — How The Story Goes Hollywood

The Impact On The Indian Subcontinent

Insurance Swindles, Shares Fraud and Money Laundering — The Stark Realities Of The Panama Papers

KYB — Why It Would Have Been The Anti-Laundromat?

Conclusion

About Signzy

Why is Consent Architecture the most important aspect of NBFC-AAs?

About Signzy

Written By:

Need For Technology In Credit Analysis

How Automation Can Transform The Credit Analysis & Lending Landscape

New Trends In Lending — How Organizations Are Adopting To Automation

About Signzy

Copy paste

Copy Move

About Signzy

KYC To KYB — How One Led To The Other

Talking About KYB Terminology

AMLD5 Guidelines — Role In KYB Compliance

Need For KYB In Businesses

Challenges associated with manual business verification

Technology To The Rescue — Areas To Address For Automating KYB

Scope Of The KYB Market

Conclusion

About Signzy

Written By:

Connect with us