Bankrupting terrorism with Best KYC and AML practices

AML compliance has been at the forefront to fight the threat of global terrorism. No wonder Governments across the world take it seriously. In 2018, U.S. Bancorp agreed to pay $613 million in penalties for a faulty KYC AML check.

According to the American Banker, U.S. Bancorp had already provided for $600 million in its books, related to expected enforcement action by regulators. Not financial loss, such non-compliance erodes customer trust and confidence, too. Many times, the reasons for non-compliance go beyond intent. It is an operational issue.

For example, OakNorth Bank had disconnected screening systems. One team handled anti-money laundering checks and another handled customer screening checks. Its screening and continuous monitoring processes to determine if customers are a Politically Exposed Person (PEP) were in place for its savings activities. OakNorth Bank did not have an option. It had to integrate its current tech stack and condense data into a single view, for compliance.

Technology has created a world of extraordinary economic opportunity. It has connected businesses and customers over traditional boundaries of language and geography. On the flip side, it has also aided the growth of global terrorism and crime. This has increased the danger and complexity of doing business around the world. 

Businesses are under pressure to identify, assess, and comprehend exactly who they’re doing business with, to battle the international threat of terrorism and financial crime. Banks and financial institutions are facing this situation for KYC AML check.

KYC is a subset of AML

It is understandable that AML and KYC are often confused. It is partly because the two acronyms are used together in the context of compliance and financial fraud. AML is a broader discipline that encompasses KYC. Here is a quick capture.

AML

AML refers to the procedures taken by financial institutions and governments. It is to prevent and combat financial crimes, including money laundering and terrorism financing. In the fight against organized crime and terrorism, anti-money laundering (AML) procedures are an important part of any financial compliance program. According to the United Nations, between $800 billion and $2 trillion (2–5% of global GDP) is laundered each year around the world.

KYC

The process of authenticating a customer’s identification is KYC, or “Know Your Customer.” To use a company’s service, each client must supply credentials such as identification documents. KYC verification procedures assist with anti-money laundering. It gives a framework for financial institutions to meet ever-changing regulations. It applies to Fintech also. Because Fintech firms provide financial services, AML regulations need them to authenticate their customers’ identities before providing their services. This ensures they are dealing with legitimate businesses.

KYC AML check best practices

What is the need for KYC AML check best practices? How do you measure success?

The clear response is that you avoid a penalty for non-compliance with regulations. It also keeps laundered funds out of the financial system. Thus, protecting civil society from crimes.

Is the above enough? Should banks stop with the minimum compliance requirements? Are there methods to improve the business while complying with? There is value to leverage best practices that are dependable, efficient, and cost-effective.

Comply 100% to the Current AML Regime

AML compliance is the least minimum banks must achieve. Slip-ups invite hefty fines. Reputation also suffers. The cost of non-compliance far exceeds the cost of compliance. Banks can add value to this ‘cost’ function by getting more business insights out of compliance. Banks can make operational improvements with technology to comply better at a lesser cost. The current AML compliance regime in the United States covers the following.

  • KYC
  • Reporting – Financial institutions file currency reports and report suspicious transactions through Suspicious Activity Reports (SAR)
  • “Follow the money” thereby maintaining a paper trail by keeping appropriate records of financial transactions.
  • Internal controls in line with the Banking Secrecy Act (BSA)

A shared Know Your Customer/Customer Due Diligence (KYC/CDD)

The Signzy blog has written at length about KYC. The need for identity verification cannot be overemphasized. Rogue identities, false identities, and misrepresented identities, all can put paid to the proper functioning of the global financial system. KYC is the first and the most critical step, to prevent the entry of rogue elements.

Banks are expected to have a robust customer identification program. Banks should demand government-issued identification. They should also examine whether extra information is required. This information could include occupation, employer, and business affiliations. For low-risk customers, simplified due diligence is enough. But, in other high-risk cases, basic and sometimes enhanced due diligence (EDD) becomes necessary. This comes at an increased cost of business to banks.

Banks are pooling resources to tackle customer due diligence (CDD) requirements. Statutory bodies like The Financial Crimes Enforcement Network (FinCEN) are also supporting these initiatives. It seems logical. If one Bank has made all the efforts to KYC, other banks can piggyback. Such a shared KYC improves risk management and financial inclusion. This shared KYC can be executed in the following ways:

  • Centralized agency approach that pools KYC across banks,
  • Multilateral information sharing across banks,
  • A combination of the above

Customer data sharing guidelines and internal compliance requirements especially for global banks might hinder such initiatives.

Reporting and Audit

Approximately, $85 trillion was the global GDP in 2020. The United States accounted for almost one-fourth of it. It is a staggering amount of money. Banks and financial institutions are instrumental to money flows that eventually contribute to the world economy.

Imagine, keeping a track of billions of transactions that make up the world economy. It is a tall task. This scale throws up the following challenges.

  • Automation – Because manual steps for this sheer scale are prone to errors of omission and commission
  • Documentation – To maintain paper-trail to help ‘follow the money.’
  • Monitoring – To ensure compliance and proactive identification of high-risk transactions

Automation

It is virtually impossible to use manual methods to meet the sheer volume of compliance reporting and audit requirements. Other than feasibility, other factors emerge too – mistakes and time. Banks use AML software to automate all their AML compliance activities. The software also prepares them to scale compliance with the change in rules and regulations. Such software is custom-built with preferred vendors. Banks also develop this internally with their technology teams. AML automation software boosts speed, efficiency, and prepares the organization to handle increasing volumes of data.

Documentation

AML compliance features are designed to enable law enforcement agencies to pursue investigations for civil and criminal penalties if warranted. The features are detailed enough to provide evidence useful in prosecuting money laundering and other financial crimes. This requires institutions to collect, store and analyze large amounts of KYC data as part of the customer onboarding process. Additionally, there is the need to store data related to transactions in line with the typologies that form part of the law/guidelines. The overall idea is that Banks should be competent to furnish necessary information via reporting, or when called for. AML Software ensures that no transaction howsoever trivial goes unnoticed and undocumented.

Monitoring

Monitoring is a nightmare. Because it isn’t just compliance that a bank has to deal with. Internal risk measures are also at play. From a regulatory perspective, the activities that Banks have to monitor are broad. It includes,

  • Illegal activities
  • Suspicious transactions
  • Transactions above financial thresholds
  • Unusual activity

AML software can address most of the hygiene ‘black and white’ monitoring requirements. It is the ambiguous ‘grey area’ activities that need more sophistication. Machine learning models (ML) can come to the rescue here. ML models can continuously learn from structured and unstructured data, thereby flagging suspicious and unusual transactions. This will ensure proactive compliance and aggressive redressal of risks.

Correct False Positives

A Dow Jones-sponsored ACAMS [CAMS (Certified Anti-Money Laundering Specialist) is the global gold standard in AML certifications] survey done a few years ago reveals that false positives are one of the most challenging aspects of KYC AML checks for bank compliance teams. False positives are a drain on a bank’s resources in its pursuit to track down money-laundering criminals. It is not difficult to understand why false positives are a problem.

Historically, rule-based models in line with regulations, flag off customer activities. It is usually based on value and frequency. Money laundering criminals are far smarter than that. Soon, bank systems tend to lag in detecting suspicious behaviors by account holders.

Continuously evolving customer risk-rating models could be one way to solve this problem. Mckinsey proposed a framework on how banks can approach building their customer risk-rating models. The best practices proposed by Mckinsey include simple ideas like data quality and simple model architecture. The best practices also include advanced ones like network science tools. Mckinsey goes on to identify the maturity level of the institutions implementing such customer risk-rating models. The maturity levels – Horizon 1,2,3 – indicate the effectiveness and efficiency of the implementing institutions. Banks would do well to reflect on how they can move up the maturity curve in identifying false positives, thus boosting productivity.

Balance Customer Experience with Compliance

AML compliance is not a trade-off. It does interfere with customer experience. But, it isn’t something banks can de-prioritize. If a high-value customer’s transactions look unusual, that will need to be screened and reported. Even during the KYC process, it is important to manage customer expectations. Proper systems and trained personnel can help. Customer drop-outs are a fallout of such measures. Banks have to identify and invest in the right kind of digital onboarding software, to minimize dropouts. At the same time, banks should prepare to accept drop-outs as the intended outcomes of a larger compliance culture.

AML will evolve

Criminal interests will undoubtedly keep anti-money laundering professionals on their toes. A certificate program in anti-money laundering is a testimony to this. Over the last two decades, right from 9/11 to the credit crisis, AML has evolved for the better. New rules and regulations have gotten added to the AML playbook year after year. Banks in the US are exploring Blockchain technologies to stay ahead of the curve to balance the ever-increasing challenge of AML compliance and associated costs. 

AML proponents have claimed that AML related restrictions have been successful in enabling the fight against terrorism since 9/11. Critics however demand more evidence. Let the debate continue.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Written by an insightful Signzian intent on learning and sharing knowledge.

Leveraging Technology & Tackling Money Laundering

Leveraging Technology & Tackling Money Laundering

Last year Forbes reported that 2% to 5% of the world’s GDP is laundered every year. This estimates to an amount between $800 billion and $2 trillion. The astounding fact about the report was that only 10% of the laundered money is detected, implying more than 90% of the laundered money is unknown to most regulatory bodies and financial institutions.

Money laundering is a major issue in the world. Governments are striving to find newer methods to tackle it. Most financial institutions and companies are accustomed to traditional methods for preventing money laundering. These include in-person verification or traditional automation.

But with the advent of advanced technologies like AI and Machine Learning, they have to adapt for better results. The latest technology integrated Suspicious Activity Reports(SARs) caused more than 31% of laundered money to be blocked.

Thus the need for technology in preventing money laundering is not a matter of if, but when. But how do we do it? What technological tool can we use? Here comes Application Programming Interfaces(APIs) for the financial industry. This article explores what AML screening solutions APIs are and how they can help in preventing money laundering.

Why Is AML Essential In The Financial Industry?

Anti-Money Laundering includes all measures taken by authorities, institutions and individuals to prevent financial criminals from disguising and hiding illegally obtained money as legitimate income. It is essential as money laundering is a financial crime that affects the economy on a microscale as well as momentous levels. The methods of money laundering are transforming with the development of technology. It is only essential that AML screening solutions up their game too.

In July 1989, many nations came together to form the Financial Action Task Force(FATF). The summit was held in Paris and aimed at analysing laundering risks and preventing them with AML measures and AML screening solutions. But after the 9/11 attacks, in October 2001 the FATF updated their agenda and mission to include modes to stop terrorist funding through money laundering. AML procedures have been made better through the decades since.

The European Union also acknowledged and implemented the first AML directive in 1990. It prevented using the flaws in the financial system for laundering. Now The Union is one of the pioneers in revising and upgrading AML measures to reduce risk and terrorist funding. The International Monetary Fund(IMF) with its 189 member states also takes initiatives for AML with compliance measures for financial institutions. Thus all governments are forced to ensure compliance and all institutions are expected to follow suit.

In 2019 the US State Department published a report stating general AML measures succeeded only 0.2% because of non-compliance and inefficient processes. More than 85% of the 11500 companies evaluated in the US were not AML compliant. 2019 also saw AML non-compliant banks paying more than $6.2 Billion in fines globally.

What Is The AML Process And Why Is Compliance Important?

Government bodies and other regulators provide guidelines and procedures that companies and financial institutions can follow to prevent money laundering.

  • One of the most important and effective processes is Know Your Customer(KYC). KYC ensures that companies know who their customer is by verifying his financial data with pre-existing credible databases. This way any suspicious activity by the customer can be red-flagged easily.
  • Customer Due Diligence(CDD) is also a relevant procedure for AML. Companies evaluate the risk involved with each customer and take necessary measures. This is the process of CDD. They categorize customers as low, moderate or high risk. For example, a Politically Exposed Person(PEP) falls under the high-risk umbrella.
  • Another measure is setting a limit for transactions to be monitored. For example, in the US any transaction of more than $10,000 is reported by the institution to the authorities for monitoring. Each country has such a limit to detect any massive fraud. Thus, monitoring and reviewing customer transactions without compromising privacy is very important to prevent AML. If any suspicious activity is detected, then an activity report is generated and transferred to the Compliance and Risk Department.

It is of incredible significance that financial companies follow all the regulatory compliance guidelines for AML. Even a single discrepancy can result in dangerous repercussions. Money Laundering is no longer just for the money. It can even be used as a wrench in the equilibrium of world peace. Besides this, if companies don’t comply they are charged heavy fines by regulatory bodies. AML fines amounted to $4.27 billion in 2018 which nearly doubled in 2019 to $8 billion. This is a collective effort and even the smallest of the financial institutions need to play their part well by following the compliance guidelines.

How Are APIs Used To Help Prevent Money Laundering?

Software connections between computer programs or even computers are called Application Programming Interfaces(APIs). It offers services to other software once it is integrated into a working system. It can be grossly described as an intermediary software that helps other applications communicate among themselves. They are used in almost all companies with a demand for any form of software technology.

AML screening solution APIs are taking over not just the financial sector, but any industry interested in innovative automation. This is because APIs offer agility and more importantly scalability for companies. Recently, after several government policy amendments, APIs are starting to play crucial roles in AML and KYC compliance. This is because the verification of tens of thousands of customers is not practical with traditional processes.

APIs are used for almost all forms of innovative verification procedures. It ensures that processing is efficient without human error. Since it can be replicated on a large scale, it becomes commercially viable. In addition to this most APIs can be procured at affordable prices. Hence, be it a large bank or a small financial institution, automation is simple and inexpensive. APIs help all businesses Combat Financial Terrorism(CFT) at a modest price.

They are in high demand among elite institutions because they offer swifter and inexpensive methods to ensure services meeting customer demands. Since they are adaptable and customizable, they do get an advantage of future-proofing. In the Financial category alone, more than 2000 types of APIs are used across the globe. This will exponentially grow with advancements in AI, Machine Learning and Blockchain technology.

APIs In AML And Regulatory Compliance

Improved user-friendly APIs are available in the industry now. But it needs to fulfil another crucial criterion for integration into any service or product- Regulatory Compliance. Across the world, there are numerous regulatory guidelines for financial institutions. A good example is the PSD2 changes in Europe. Not only are companies encouraged to accomplish more with AML screening solutions and related technologies, but are fined for any lack of compliance on their part.

Financial Institutions that wait and observe if the new technology trends will be left behind in the race. The most adaptable companies will flourish in the long run. Traditional modes of in-person verification processes and human error packed execution are outdated. APIs can automate almost the entire processes saving companies time and money. On an estimate, more than $500 million is spent by financial institutions for financial crime prevention and compliance requirements.

What Are The Benefits Of Using APIs For AML?

APIs do not merely automate the AML and regulatory processes. They enhance them. There are numerous benefits associated with using APIs for AML and verification processes. They include:

  • TAT is reduced resulting in quicker processing and better customer journey.
  • Near zero human error
  • The extremely customizable nature of APIs makes integration easy.
  • Inexpensive in the long term.
  • The human workforce can focus on discrepancies rather than regular workflow, increasing efficiency.
  • Eliminates all storage spaces as all documentation will be in soft copies.
  • The better customer onboarding experience
  • Better user interface

How Can Signzy Help You?

We offer numerous services, products and AML screening solutions APIs that are useful for your ventures. We Make sure that they are state of the art, because we do not compromise quality. Signzy’s quiver of APIs and associated products are incredibly customizable. You can select which specific APIs suit your requirement and then integrate them into the required systems.

With over 240+ microservice APIs alone, the collection is diverse and versatile. All of our products meet regulatory compliance standards without compromise. But we make sure that the user would not be troubled with inefficient customer journeys. Our systems are efficient and seamless rendering the user experience truly satisfying.

With advancing technology financial institutions and companies deem change. If you do not opt for the right changes, the entire entity’s progress would decelerate. That’s why we at Signzy ensure that you get that which suits your needs. We can make your customer’s journeys easy while making your aspirations easier.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Fighting Financial Crime With UBO — The Final FinCen CDD Rule

In 2016, FinCEN introduced a new Customer Due Diligence (CDD) rule. It consisted of specific rules on Beneficial Owners. The rule required financial institutions to comply by May 11, 2018. The Final Rule indicates new FinCEN rules with the applicability date of May 11, 2018. But before we understand the importance of the FinCEN CDD rule, let’s have a look at what these terms mean and how they impact due diligence.

What is FinCen?

The Financial Crimes Enforcement Network (FinCEN) is a government body of the United States. It maintains a network whose objective is to prevent and punish criminals and criminal networks. These are associated with money laundering and other financial crimes. FinCEN is overseen by the U.S. Department of the Treasury. It operates domestically and internationally, and has three major players —

law-enforcement agencies, the regulatory community, and the financial-services community.

  • FinCEN monitors suspicious people and activity by implicating mandatory disclosures for financial institutions.
  • The FinCEN is assigned its duties from Congress. Further, the director of the bureau is appointed by the U.S.Treasury Secretary.

What is Customer Due Diligence (CDD)?

Customer Due Diligence (CDD) is the process of determining your customers’ background. This is done in order to determine their identity and the level of risk they possess.

The application of CDD is necessary when companies with AML processes enter a business relationship. This can be with a customer/potential customer. It may be needed to assess their risk profile and verify their identity.

The above risks mainly highlight money laundering and terrorist financing. Companies may need to ‘know their customers’ for a variety of reasons:

  • to adhere to the requirements of subsequent legislation and regulation
  • to be reasonably certain that the customers are who they say they are.
  • to provide them with the products or services requested, which requires knowledge of who the customer is.
  • to guard against fraud, including impersonation and identity theft.
  • to help the organization to identify unusual events and to enable the unusual to be examined;
  • Unusual events must have a commercial or relevant rationale. Else it may involve money laundering, fraud, or handling criminal or terrorist property
  • to enable the organization to provide any required help to law enforcement.
  • information on customers being investigated subsequent to a suspicion report to the FIU.

Why The Fincen CDD Rule?

The idea behind this new rule to fortify CDD requirements. The rule establishes explicit requirements for CDD. Further, it imposes a new requirement for the FIs. This requires identifying and verifying Beneficial Owners of legal entity customers (businesses).

The CDD Rule applies to Banks, Brokers or dealers in securities, Mutual funds etc

Customer Due Diligence Best Practices

There are 4 crucial elements for due diligence as per FinCEN:

(1) Customer identification and verification,

(2) beneficial ownership identification and verification,

(3) understanding the nature and purpose of customer relationships. This can help to develop a customer risk profile,

(4) continuous monitoring for reporting malicious transactions. On a risk-basis, this can be used for maintaining and updating customer information.

 

The new rules are not retroactive. In other words, it’s not necessary to acquire beneficial ownership information on every existing client. FinCEN felt that this would be too cumbersome for the institutions.

However, it’s not just an account opening where this information is mandatory. During monitoring the account, the risk profile may change drastically. In that case, the customer information — including beneficial ownership — should be updated. For example, new transaction types or amounts may reflect the change. This can be in terms of account or new ownership. They then fall under the coverage of the new final rule.

6 Major Highlights of the Fincen CDD Rule

 

  1. Calibrating Beneficial Ownership Threshold

FinCEN has restated that the specified threshold (25%) is the base, not the apex. It is at the discretion of covered (FIs) to implement stricter thresholds. FinCEN further states that any incremental risk factors may be mitigated by other reasonable means. This includes enhanced monitoring, collection of additional non-mandatory information and recording information relating to expected account activity.

2. Highlighting Identification and Verification Procedures

Although the CDD Rule’s verification procedures are required to contain similar elements, they may not be identical. For example, a financial institution choosing to accept photocopies of identification documents. This would not meet the standard under the Customer Identification Program (CIP) rules. This derogation is expressly authorized within the CDD rule. Financial institutions should determine the documentation standards. This must pertain to the outcome of the required risk-based analysis. It will lead towards the identification and verification (ID&V) of beneficial owners.

3. Determining beneficial owners of new legal entity customer accounts

Where the individual identified as the beneficial owner must be:

(i) a pre-existing customer of the particular FI, and

(ii) is covered under the FI’s CIP,

A financial institution may recycle the information previously collected. This can be done provided the existing information is up-to-date & accurate. Further, the legal entity customer’s representative must certify or confirm the accuracy of this (verbally or in writing).

4. FinCEN Certification Template

As seen earlier, financial institutions are not mandated to use the template certification. They may use alternative formats such as the institutions’ own forms or similar means. These must comply with the substantive requirements. In the given instance, covered FIs should retain the form and refrain from filing it with FinCEN.

5. Document retention periods for ID&V records

Covered FIs must compulsorily retain all beneficial ownership information collected about a legal entity customer. Identifying information must be held for at least five years after the legal entity’s account is closed. Ex: the Certification Form or its equivalent.

6. Certification of a beneficial owner of multiple accounts

An institution may already have obtained a Certification Form (or its equivalent) for the beneficial owner(s). In such case, the FI may rely on that information to satisfy the beneficial ownership requirement for subsequent accounts. This is provided the customer certifies or confirms (verbally or in writing) that:

(i) such information is updated accurately at the time each subsequent account is opened, and

(ii) the FI is not aware of facts that would question the reliability of such information.

New Additions — FinCEN Issues New Guidance for Complying with the CDD Rule

On August 3, 2020, FinCEN introduced additional frequently-asked-questions (FAQs) r4egarding CDD requirements. These were for covered financial institutions detailed in FinCEN’s “CDD Rule”. The 2020 FAQs follow earlier FAQs from FinCEN in July 2016 and April 2018. They provide additional detail on implementing due diligence, building customer risk ratings, and updating customer data.

2020 FAQs — Question 1

Question 1 is in response to the question of whether covered FIs are required to collect information. This is with respect to expected activity on all customers at account opening, or on an ongoing or periodic basis. FinCen highlights that the CDD Rule does not require acquiring of any particular customer information. The only information necessary is to develop a customer risk profile. Others include to conduct monitoring and verify beneficial ownership (for legal entity customers). Likewise, FinCEN states that there is no categorical to conduct media screening on all customers. However, an FI can determine on a risk basis whether such information is needed. This is in order to adequately understand a particular customer relationship. It also helps to identify potentially suspicious activity.

2020 FAQs — Question 2

In Question 2, FinCEN elaborates that the CDD Rule does not require financial institutions to use a specific method. This refers to the method to establish customer risk profiles. It can also automatically categorize as “high risk” products or customer types. These can be identified in government publications as posing specific potential risks. Covered financial institutions are required to comprehend the financial crime risks of their particular customers. They should utilize risk profiles that are “sufficiently detailed. These can be used to distinguish between significant variations in the risks of its customers.

2020 FAQs — Question 3

In Question 3, FinCEN talks about how the CDD Rule does not require financial institutions to update customer information on a continuous or periodic schedule. However, they may decide to do so on a risk basis. Rather, financial institutions must update customer information when they become aware. This can be the result of normal monitoring. It can also be a change in customer information that is relevant to the risk posed by the customer. In such cases, financial institutions also may need to reassess the customer’s overall risk profile. This guidance is consistent with FinCEN’s previous statements in the preamble to the final CDD Rule as well as in the 2018 FAQs.

Practical Considerations

The 2020 FAQs do not break any major new ground with respect to the CDD Rule. It is helpful for financial institutions seeking to set risk-based limits. It helps determine when specific types of information are needed to determine customer risk. FIs should review their CDD policies and procedures. This is with respect to developing and updating customer risk profiles against the new FAQs. Doing so will help identify any areas that may need to be updated or adjusted.

On the other hand, the guidance emphasizes FinCEN’s preference against customer risk profiling that uses broad categories to assign customer risk. It is in favor of a methodology that is more individually-tailored. It focuses on a solution suitable to the characteristics of particular customers and the products and services they use. This is somewhat in contrast with FinCEN’s statement in the preamble of the Rule. It states that risk profiles in certain cases can be based on “categories of customers” or “risk categories”. The 2020 FAQs appear to allow such an approach at least where a financial institution concludes that a customer’s risk profile is low.

No matter the case, these FAQs may provide a valuable reference point for financial institutions. They explain — for example, to regulators — the risk-based decisions that have gone into their AML programs. They also shed light on why not all accounts with certain characteristics are similarly treated.

The European example

The European Union (EU) appears to be far ahead in terms of implementing the rules. They display clarity in the beneficial ownership structure of legal entities. The problem with UBO identification was on the regulatory agenda. This was as early as 2005, with the introduction of the 3rd European Directive on AML. This critical case of European AML Regulation promoted the risk-based approach. It was as a key strategy for tackling money laundering and terrorist financing. It also required obliged entities to identify the individuals controlling legal entities. This would ensure that they cannot be used for hiding asset ownership.

Guidelines for enhanced transparency on legal entities’ ownership were brought about by the 4th (2015) and 5th (2018) money laundering directives to:

 

  • Constitute National UBO registers,
  • Ensure reliable UBO information,
  • Provide public access to UBO registers.

In the UK, there exists the People with Significant Control (PSC) register. It consists of information about the owners who own or control companies. Currently, however, only a few countries have collected beneficial ownership data. This is due to the numerous challenges inherent in such an initiative. The UK parliament also decided earlier this year to accept an amendment to the sanctions. There was mention of an anti-money laundering bill that requires the UK’s overseas territories (the British Virgin Islands, Cayman Islands etc.). It would mandate to publish public registers of company ownership by the end of 2020. This reflects the will to extend the beneficial ownership disclosure to tax heavens across the Atlantic. This is sure to improve the governance of tax avoidance and corruption. It might also influence the Americas to follow a similar path.

FinCEN has initiated the journey towards the implementation of sound UBO identification requirements. EU regulations might set the path for the United States to catch up. It will be interesting to observe whether the United States follows the same path and if so, at what pace.

Conclusion

Perhaps the biggest challenge now is to meet the CDD Rule’s compliance requirements efficiently. Identifying UBOs can be a tedious and time-consuming task. it often results in individuals physically constructing the ownership tree on paper. This is highly inefficient and open to regulatory questioning.

With the new regulations hopefully, UBO will be collected digitally in the years to come. There are already many significant developments in this direction. Multiple countries are now placing measures to adopt UBO collection as part of the standard AML process.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Reach us at: www.signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

Know all about RBI’s New PPI Guidelines

Know all about RBI’s New PPI Guidelines

The RBI has recently released a revised set of directions in the PPI regulator framework. In its 20-point notification, RBI has asked all the PPIs (Prepaid Payment Instruments) to improve how they operate. With the latest regulations, in effect already, RBI will treat PPIs more or less like banks subjecting them to full compliance in the provisions like Know Your Customer (KYC), Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT), and more.

In this article, we’ll look at the most significant changes that the RBI has introduced to the PPI framework.

But before that, we’ll see how the world has fought money laundering with a powerful tool called “KYC” because the biggest change that the updated RBI regulations bring to the PPI players is a mandatory full KYC.

Fighting money laundering with KYC

The UN General Assembly declaration in 1990 (precursor to the PMLA) — which was the first constructive global step against money laundering — focused on prevention of financing to illicit drug trade. Today the objective of the legislation is to stop money earned through illegal means from coming into traditional financial system and getting converted into legitimate money. Also, the same being used to fund such illegal activities including terrorism.

In pursuance of this noble objective, regulators have defined a KYC regime for financial institutions to follow. The Financial Action Task Force (FATF) is an intergovernmental body which recommends to countries regulatory regime for prevention of money laundering. Very recently FATF has defined a more risk based approach to counter money laundering.

One of the most important functions of financial regulators is to manage the risk within the financial system. This function manifests into a massive regulatory regime of KYC, which quite literally means know your customer and in essence know if he is a fraud, a money launderer or a terrorist.

Adopting KYCs as an AML measure in India

With a view to curb money laundering, terrorist financing, and fraudulent activities, RBI introduced KYC norms for banking institutions in 2002. These norms directed banking authorities to carry out tests and audits and freeze any accounts with suspicious activities (transactions).

RBI has always stressed on strict compliance of these guidelines and several big banks like Bank of Maharashtra, Dena Bank and the Oriental Bank of Commerce faced heavy penalties (1.5 crore each) for violation and non-compliance of certain KYC regulations and Anti Money Laundering (AML) norms.

Until now, October 2017, the RBI’s KYC guidelines were only applicable to banks. However, the latest regulation brings PPI players into its ambit.

A quick note about PPIs

In 2009, RBI paved the way for a new payment instrument which would not require the two factor authentication for small payments and will help in easier acceptance of payments by merchants. These pre-paid instrument (“PPI”) could be recharged with money and then used upto the recharged amount.

The initial PPI had allowed PPI to be issued for upto Rs. 1000 by accepting any customer identity document and upto Rs. 5000 by accepting an Officially Valid Document (OVD). This went through a transformation and in 2014 was relaxed by allowing PPI upto Rs. 10,000/- (total usage in a month) by accepting “minimum details of the customer”. Which transformed the PPI industry into what it is today and led to opening of wallets through mobiles and emails. Somehow though this was a boon for the industry, it did not go down well with the regulator.

In October 2016, an RBI senior official Nanda Dave stated that PPIs have been very lax in following KYC norms: “The customer is being identified by his or her mobile number, period. And such wallets have been used for routing money which has been fraudulently taken from bank accounts,” said Dave. “When we have no details of customers with us, it is very difficult to even trace where that money has gone,” she said.

The framework for regulation, authorisation, and supervision of the PPIs are governed by RBI’s “Issuance and Operation of PPIs”. These were issued in April 2009 and thereafter amended from time to time.

Since regulations on PPIs have been very light with low entry barriers, it was necessary for RBI to impose stiff and stringent norms on them.

To address the same, RBI released a Draft Circular called the “Master Directions on Issuance and Operation of Pre-paid Payment Instruments (PPIs) in India” in March last year. The circular was issued following the growing usage of PPIs for buying goods/services and for transferring money. In the circular, RBI recognized requests from stakeholders for relaxations in certain areas and also considered aspects that would strengthen the security and safety norms, mitigate risk, and protect customers using PPIs.

RBI took inputs from the different stakeholders on the provisions of the circular, following which, in a major step forward in this direction, RBI passed fresh rules for all prepaid payment licence and wallet companies. These include improved standards for safety, security, and flexibility of online transactions, interoperability of PPIs (and banks), full KYC, and more.

Let’s now take a look at a brief summary of these regulations.

The Updated Regulation Summary

  • Mandatory full KYC: As per the new directions, PPIs have to become full KYC compliant within 12 months. “The amount loaded in such PPIs during any month shall not exceed Rs 10,000 and the total amount loaded during the financial year shall not exceed Rs 100,000,” RBI said. If the compliance is not made further credit will be disallowed.
  • Interoperability: Interoperability can be enabled in only Full KYC (banking and non-banking) PPIs. This time-consuming process will be applied in phases with the first phase (spanning across the first 6 months) bringing interoperability between wallets, and the subsequent phases working on the interoperability between wallets and bank accounts, followed by the enabling of interoperability in PPI cards.
  • New capital requirements of Rs 15 crore for non-banks: For non-banking PPIs, new capital requirement is of Rs 15 crore (5 crore at the time of application and 15 crores within the next 3 financial years).
  • Cross border inward and outward remittances: Fully KYC complaint Wallets will now be able to undertake cross-border inward remittances. However, transaction limit can’t exceed Rs 5000 per cross-border transaction and the maximum wallet limit shouldn’t exceed Rs 50,000.
  • PPI issuers need to maintain records of transactions: PPI Issuers to maintain a record of all the transactions undertaken using the PPIs issued by them. They should also file Suspicious Transaction Report (STR) to Financial Intelligence Unit — India (FIU-IND).

Along with the new guidelines, RBI has also released a new Security Framework for PPI Issuers to prevent fraudulent activities and ensure user security.

The Newly Introduced Security Framework for PPI Issuers

  • Separate login for the PPI account: PPI issuers should maintain a separate login for PPI accounts and it should not be used to access any other services offered by the PPI Issuer or its associate/parent/group company etc.
  • Timeout features: PPI issuers should prevent invalid sign-in attempts and add inactivity timeout features.
  • Capping: PPI issuers should implement customer-enforced transaction caps on their users’ wallet transactions. The users should however be allowed to increase/exceed the caps with additional authentication and validation.
  • Cooling period for funds transfer: While opening an account/ loading funds/ adding a beneficiary, PPI issuers should place a cooling period for transfer of funds to prevent the fraudulent use of PPIs.
  • Other mechanisms: Issuers should place internal and external escalation mechanisms to prevent suspicious operations, loading and reloading of funds into the PPI and also alert the customer in case of such transactions.
  • Reporting frauds: PPI issuers should report frauds on a monthly/quarterly basis to the concerned Regional Office as per the directions. They should also monitor, handle, and follow-up on cyber security incidents and breaches immediately with the concerned authorities.

These updated regulations have raised a number of challenges for the wallet companies. Here’s a quick look into the most challenging aspects of the new norms.

The Key Challenges Wallet Companies Face Because of the New Norms

1. Full KYC compliance within 60 days

Complete KYC compliance will increase acquisition costs for wallet companies as it introduces tons of documentations and the paperwork. Cost of KYC per customer is estimated at nearly 150–200 Rs per customer by the industry.

2. Mobile wallet companies are required to have a minimum net worth of Rs 5 crore, hence will need fresh funding.

As per earlier guidelines, a minimum net worth of Rs 2 crore was required for mobile wallets. This net worth is now raised to Rs 5 crore at the time of application and Rs 15 Cr within 3 financial years after getting the authorization. This means, smaller wallet companies will need fundings to comply with the directions of RBI.

3. A one-year validity of the wallets. Also, auto-closing of wallets with zero balance.

Users’ wallets will be closed automatically if they continue to have zero balance for a year. A notice, however, will be issued to all such users before closure of their wallets.

“There are a large number of inactive wallets with no money in them,” said Gupta. “By enforcing this rule, RBI is all set to weed out those numbers and bring out actual figures around how many wallets are there in the system.

4. Implementing interoperability.

At present interoperability is limited to only UPI-based banks. However, with the new requirement of interoperability, PPIs will have to deal with a lot of technical and operational requirements of safety, security, and risk mitigation. The implementation is very complicated.

How the industry is gearing up to comply with the new PPI Guidelines

From the reactions that are coming in from the different payment players, it’s clear that they’ve already begun working on their KYC.

Bhavik Vasa, chief growth officer, EbixCash says:

“ Interoperability with KYC is a great leveller and catalyst towards Collaborative Innovation for the ecosystem. We commend the RBI for its proactive stride and look forward to ongoing progressive regulations also for micro-payments use-cases with minimum or risk-based compliances. Especially if we need to transition to less-cash the digital alternatives need to be as seamless, frictionless and at par with other sectors like gold purchases which are completely anonymous up to Rs. 2 Lacs. Additionally the Finance Ministry and RBI have commissioned noteworthy committees like the Watal Committee on Digital Payments and Ramadorai Panel on Household Finance with apt findings and recommendations that as they get incorporated into regulations would fast forward in achieving the India FinTech potential.”

MobiKwik, another popular digital payments company, is also planning to increase its agent strength for the same and also trying for Aadhaar-based KYC through a one-time password.

We have set a target of achieving 20 million full KYC wallets within the next one year and we are expecting an expenditure of around Rs 50 per customer,“ said Bipin Preet Singh, founder of MobiKwik wallet. “Though we have 65 million users, KYC formalities cannot be done with all of them.”

Oxigen Services, will give incentives to it’s retailers to look after the KYC process of the customers.

The long-term approach payment wallets must take (as RBI expects bank-level preparedness from them when dealing with money laundering)

Know all about RBI’s New PPI Guidelines

Bringing at Par with Banks

The updated KYC norms for PPIs have made their KYC regime at par with banks. Therefore, there needs to be greater focus on compliance and audit. This move by RBI also indicates that wallet companies will now face KYC and AML audits like banks and may have to face heavy fines and penalties in case of non-compliance, thus necessitating more investment toward customer KYC.

The current wallet onboarding only includes email and mobile number verification. This will now have to upgrade to systems that can capture KYC documentation and data. Not only that, it will also need to have a risk and compliance check inbuilt for AML/CFT risk of the customer as well as a backend operations team to process these applications. The cost of customer onboarding for wallets will also raise as a result of this full KYC process.

The way forward for wallet providers is to find and use modern KYC solutions that will not only help them overcome this challenge but also ensure that they are able to scale operations without incurring heavy costs. Failing to do so would mean even these wallets will face the same challenges as banks face when scaling their KYC operations.

Investing in security and laundering protocols

In the long run, wallet companies, too, should aim for the same degree of security that banks offer. This includes:

Performing due diligence. Due diligence should be performed on the initiator and recipient who make/receive payments to ensure compliance of transactions with the anti-money laundering (AML) and counter-terrorism financing checks. Frequent screening that identifies accounts with unauthorised and unusual transactions should also be conducted and such accounts should be freezed.

Implementing transaction monitoring. To view transaction patterns of the customer base, machine learning models should be used. With the help of such AI, shady transactions can be detected. Moreover, transaction monitoring should be combined with AML and KYC screening to alert against suspicious financial activities of the customers. Transaction profiles should be maintained with all the account details of the customers such as cash deposits, withdrawals, transfers and payments.

User and data security- Multiple authentication factors such as passwords, OTPs, and biometric should be used to protect the users against security breaches. A mix of authentication factors goes a long way in providing an extra layer of security that helps prevent fraud instances. Read our in-depth article on how financial institutions can design safe authentication processes using the different authentication factors.

How the end-user can use wallet apps responsibly

Wallet apps have become a mainstream payment method as they offer convenience and value (by offering several coupons, membership cards, event passes, loyalty points, cashback and more) Customers can indeed save a lot of time and resources by using these wallet apps. However, instead of signing up for 10s of e-wallets with nil balances in each, users must use just one or two that support maximum apps/payments and keep them active. Also, the money transfer feature these wallets offer must also be used responsibly.

Wrapping it up…

Thanks to the growing government initiatives to push toward a cashless economy and the acceptance from the masses, the PPI space has grown exponentially in India. So there’s no doubt we need better regulation over PPIs. This update in the regulation — however strict it may seem — is needed, because even PPIs wouldn’t want their users to engage in money laundering or terror funding activities.

By bringing the PPI market tightly under the ambit of the more serious financial regulations, RBI has taken a big step toward a safer, cashless economy. So while the updated PPI norms do challenge several smaller companies in the short term, they will pave way for a safer, more user-friendly wallet experience eventually. Also, the security framework laid out by RBI is a big step toward ensuring the security of crores of Indians who are now actively opening up to the possibilities of a cashless economy.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

1 2 3