Your Complete Guide to KYC Compliance in 2021 - The biggest trends, changes and challenges defining the Know Your Customer (KYC), Anti-Money ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Your Complete Guide to KYC Compliance in 2021 The biggest trends, changes and challenges defining the Know Your Customer (KYC), Anti-Money Laundering (AML) and fraud scene in 2021.
Index Foreword 3 KYC in the digital era. What’s changing? 4 Highlights of the new AML 6th Directive 6 Frauds that might be a threat to your company in 2021 8 Identity fraud manipulations businesses should be aware of 12 A new wave of biometric crimes invading the digital space 14 Professional compliance services and benefits they bring 16 Staying fully compliant in 2021 19 Endnotes 20
Foreword
2020 has been quite an eventful year in terms of Know Your Customer (KYC) changes
and new Anti Money Laundering (AML) initiatives. Now, several months into 2021,
more profound compliance transformations are heading our way.
Major trends that had been in the making for years (digitalization included) combined
with the circumstances surrounding the Covid-19 pandemic spawned organizational
and structural changes in compliance at many institutions all over the globe.
What are these changes, and how to keep track of them to successfully meet the
challenges of the present and seize the opportunities of the future?
From the latest AML 6th directive to the new types of fraud, we offer to take a look at
some of the biggest trends, changes and challenges that have been defining the Know
Your Customer (KYC), Anti-Money Laundering (AML) and fraud scene in 2020 and
2021.
Liudas Kanapienis,
CEO and Founder of OndatoKYC in the digital era. What’s changing?
With the beginning of the pandemic, the companies that had digital transition on their
long-term agenda were forced to implement digital solutions in a few months or even
weeks. From a “nice to have” element planned for the future, digitalization became a
must for many companies here and now to resume their operations.
The pandemic dramatically transformed everything – our everyday lives, economies,
the way companies operate. Organizations had to embrace digital solutions to have
greater resilience, and the share of digital products in the portfolios of many
international companies accelerated by a shocking seven years, according to the
McKinsey Global Survey of Executives in 2020. 1
Even compliance, traditionally one of the last sectors in financial services to step into
the digital realm, was forced to reflect new requirements and adapt to the new normal.
However, the process that has been accelerated by the pandemic still looks like it is
going to be a long journey towards complete transformation.
In fact, a recent study by Ondato, conducted in 2021, shows that 41% of compliance
specialists still use a manual customer onboarding and KYC process. 58% of
respondents say they have a compliance team instead of using ready digital
compliance solutions.
41% of companies still use
manual compliance solutions.
1 McKinsey Global Survey of Executives. McKinsey & Company, 2020.
https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/how-covid-19-has-pushed-companies-
over-the-technology-tipping-point-and-transformed-business-forever#For many companies, the inability to simplify old-fashioned paper-based processes
has been making compliance an utterly manual process. And even with some
elements of compliance being digital, it has still largely been based on a traditional
manual system of manual checks.
58% of companies prefer having a compliance team to
ready digital solutions.
Before the Covid-19 hit, compliance teams at companies were mostly office-based.
Now that compliance professionals have to work from home, a new set of problems
emerges, including the growth of potential online threats. This is causing companies
to invest in new technologies to automate mundane KYC tasks, while analysts can
focus on more complex problems requiring human intelligence.
Speaking of a profound shift, in 2020, major financial institutions switched from
indifference to enthusiasm regarding the digitalization of KYC and AML processes. A
2020 report on COVID-19-related Money Laundering and Terrorist Financing Risks and
Policy Responses published by the Financial Action Task Force (FATF) specified that
national regulators had already started to drive the use of digital identity and other
innovative solutions for customer identification at onboarding. 2
The encouragement of establishing a stronger digital presence was also supported by
the 6th AML Directive against money laundering transposed into its regional legal
systems on December 3, 2020, to expand the possibilities for better digital
relationships between people and companies.
Overall, companies that choose to adopt digital solutions have better resilience — and
clearly win in the competition that will let them recover faster and turn from survival
mode to managing stable growth.
2 Guidance on Digital Identity. Financial Action Task Force (FATF).
https://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/Guidance-on-Digital-Identity-report.pdfHighlights of the new AML 6th Directive
The 6th European Union AML Directive that came to effect on December 3, 2020, set
the deadline for EU-based companies to enhance their internal KYC procedures by
June 3, 2021 . The new regulation sets the steps to be followed by institutions closely
3
to avoid non-compliance and penalties.
Following the 5th AML Directive that allowed for remote customer identification and
online onboarding, helping businesses reduce time and costs while enhancing the
user experience, the 6th Directive expands the scope of regulations.
What changes does it bring?
Closer attention to cybercrimes
The first time cybercrime as a specific amendment emerged in the AML law
framework, this update outlines 22 predicate offences for money laundering,
providing explicit descriptions of each illegal act. The amendment comes with an
extended list of predicate money laundering offences (parts of a bigger crime
that may be subject to money laundering, such as bribery, fraud, tax crimes, and
many more).
Criminal liability applies to businesses
Now, not only individuals can be sentenced for financial crimes. The new rules
extend criminal liability to legal entities, placing the responsibility for money
laundering on management and the company. The legal entity then can get either
a temporary ban or a shut-down.
3 The 6th AML Directive. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2018.284.01.0022.01.ENGMore penalties
If older directives mainly concentrated on the initiators of money laundering, the
6th Directive extends the penalties to those who accomplice the money
laundering processes. This adjustment doesn't make it easier for EU businesses
that now need to pay more attention to timely prevention of less typical fraud
activities and detect such enabling actions. The 6th Directive also affects
penalties, increasing the maximum prison sentence term from one to four years
and adds financial fines to the prison sentence.
Cross-border cooperation in cases of dual criminality
As the 6th Directive intends to create more effective cross-country collaboration
between authorities in situations of dual criminality, now jurisdictions of both
countries have to take part in the prosecution and work together to organize
legal proceedings.
What does it mean for companies?
Ensuring complete transparency of KYC and AML processes is as critical as ever.
In case it turns out that businesses have been involved in money laundering, even if
accidentally, they will have almost no reasonable justifications. Thus, companies that
haven't yet implemented automated compliance KYC and KYB solutions should invest
their time to restructure their processes in order to remain compliant with the latest
regulations.Frauds that might be a threat to your company in 2021 The days when secure client verification was only a headache for business giants are long gone. With more companies moving their services into the digital realm and their employees to the full-time “work from home” mode, fraudsters are figuring out new ways to take advantage of the world of conference calls and remote onboarding. What identity frauds shall businesses be aware of in 2021 and how to stay fully compliant? There are a lot of new scammers out there, and they work to improve their schemes to deceive the identification systems and steal funds or data. With cyber fraud on the rise, it is time to give extra security some serious thought. We offer to take a look at some of the most notable frauds that might be looming over remote operations in 2021.
Half-fake half-human: synthetic identity fraud
One of the most prevalent types of fraud in 2020, synthetic identity fraud is likely to
stay the number one cyber threat in 2021 and beyond.
To create synthetic identity fraudsters combine existing and false information. They
can use the new identity for a range of purposes, like opening a new bank account
and making fraudulent purchases. Once the theft has occurred, it is almost impossible
to identify and quickly catch the attackers.
Some researchers, however, believe that in 2021 synthetic identity fraud will be
decreasing for businesses, targeting individual customers instead. According to a
study , published by TransUnion, in 2020 many financial institutions improved their
4
security levels well enough to tackle synthetic fraud. On the flip side, statistics
collected by Ondato indicate that the majority of businesses still don’t deploy
automated solutions to set decent protection from this type of fraud.
Deepfakes and AI-generated faces
The world witnessed the rise of deepfakes as a method of stealing identities in 2020,
and this form of fraud will only evolve in 2021. AI-powered synthetic compilations of
audio or video materials that imitate a real person’s behaviour were originally used to
mock politicians and celebrities using these “recordings” for blackmail and fake news
purposes.
Its capacities were quickly picked up by scammers who started to use it for identity
theft: creating fake accounts, hacking devices and, ultimately, stealing data. And
although the losses associated with this type of fraud were not dramatic in 2020,
some analysts predict new forms of deepfake deception to be emerging in the
following years.
4 Synthetic Identity Fraud Part One: These numbers will surprise you. TransUnion
https://www.transunion.com/blog/synthetic-identity-fraud-part-oneA slightly more worrying threat, AI-generated faces is another fraud method that
creates new identity merging faces of different people into one synthetic face. These
manipulations are often enough to trick the facial recognition technology businesses
The 6th European Union AML Directive that came to effect on December 3, 2020, set
use for safe clients onboarding. And only more advanced tools are able to identify and
the deadline for EU-based companies to enhance their internal KYC procedures by
counter the attacks.
June 3, 2021 . The new regulation sets the steps to be followed by institutions closely to
avoid non-compliance and penalties.
Key target? Economics and finance
Following the 5th AML Directive that allowed for remote customer identification and
5
A recent
online study, published
onboarding, helpingby Juniper Research,
businesses indicates
reduce time that businesses
and costs mightthe
while enhancing loseuser
over $200 billion
experience, to Directive
the 6th online fraud in 2020-2024
expands if they
the scope don’t bolster their security
of regulations.
measures. And it is no surprise that the financial sector will be the key target for cyber
attackers
What and their
changes does identity-theft
it bring? schemes.
“Businesses might lose over $200 billion to online
fraud in 2020-2024 if they don’t bolster their
security measures”.
The majority of cyber frauds were associated with the European region, which was
recently announced as a “fraud-hub” of 2020, becoming the top target for fraud
attacks. Despite this, several countries across Europe have improved their fraud
prevention performance in 2020, according to a data analytics company Fico.
6
The United Kingdom demonstrated a 7% reduction of £46M (approximately €70M of
relative value), while Denmark also reported a reduction of €21M of relative value.
Nevertheless, fraud increases in Germany, France, Poland and Norway have led to an
additional €33M of fraud losses in 2020, leaving Europe with total losses of around
€62M.
5 Online Payment Fraud Losses to Exceed $200 Billion over Next Five Years. Juniper Research (February 25, 2020)
https://www.juniperresearch.com/press/press-releases/online-payment-fraud-losses-to-exceed-200-billion
6 In a Pandemic, UK Led European Fraud Reduction. Fico, 2020. https://www.fico.com/europeanfraud/ID Theft in European Countries
Online ID theft Credit Card Scams
3% 3% 3% 7% 6% 5%
Malta United Kingdom Switzerland United Kingdom Denmark France
Percentage of people with at least one incident
66% 54% 50% 50% 46%
Norway Switzerland Denmark United Kingdom France
Source: Eurostat
Countering threats: trends in identity protection
As the number of large-scale scams disturbing financial operations keeps growing,
financial organizations will need to rethink many of their verification processes to be
able to tackle potential threats.
Integrated solutions and document-centric approach seem to be the latest notable
trends in business security. According to predictions , by 2022 80% of all 7
organizations will have to switch to a fully document-centric identity as opposed to a
data-centric one for their remote onboarding.
7 Key Priorities for UAM Leaders in 2021. Gartner.
https://www.gartner.com/smarterwithgartner/key-priorities-for-iam-leaders-in-2021/“By 2022, 80% of all organizations will have
to switch to a fully document-centric identity
as opposed to a data-centric one for their remote
onboarding.”
An entire verification recording of a new client’s onboarding can be a dealbreaker in
achieving better security. This method uses automated photo verification to gather
information about each customer making sure their identities are accurate, and then
saves a complete recording of the process, which minimizes the risk of attacks.
What are other easy steps companies can take to avoid scams? Talking to employees
about the importance of security is a step not to be overlooked. Myriads of data
breaches occur for simple reasons that start with opening a phishing e-mail. This is
especially true in times of the pandemic: all employees should know how to securely
access and use the company’s systems remotely.
To keep fraudsters deterred, businesses need to adapt quickly and rely on the newest
sophisticated methods of biometric authentication. Scammers will find another target
once they realize that the attempt to attack costs them too much to try.Identity fraud manipulations businesses
should be aware of
Even before the pandemic hit, financial markets had seen a 15% rise in frauds,
reaching $16,9 billion in 2019, as alleged by the research advisory firm “Javelin
Strategy and Research”. The number of attacks is only growing, as fraudsters make up
new attack patterns in search of new soft spots opened up by a pandemic.
There are threats associated with the Know Your Customer (KYC) procedure, even on
its very first step – customer identification. We have lined up the main schemes cyber
attackers use to forge data during the remote client identification procedure.
Synthetic identity fraud.
Fraudsters combine real and false information to create a new identity and
then use it for a range of purposes, like opening a bank account and making
fraudulent purchases.
Photo manipulation.
To create fake identity fraudsters insert a photo of themselves or a person who
bears a resemblance to them into a document of a stranger.
Forged information.
Sometimes, scammers try to modify or cover part of the information in the
document. The expiration date is probably the most popular field to get
forged, although the name or other details can be falsified too.
8 Identity fraud increases 15 percent as consumer out-of-pocket costs more than double, according to 2020 Identity Fraud Report.
Javelin Strategy, 2020.
https://www.javelinstrategy.com/press-release/identity-fraud-losses-increase-15-percent-consumer-out-pocket-costs-more-doubleCounterfeit documents.
A high-quality counterfeit document with forged or partially falsified
information can be extremely hard to identify. It looks the same as the actual
document because it is produced using professional materials and
technologies.
Appropriated documents.
Submitted information is real, but it is not a personal document. How is that
possible? Forged documents are often purchased and involve a photo of a real
person combined with a stranger’s data.
Fake document photos from personal devices.
After creating a high-quality photo of a document on their laptop or other
device, fraudsters use it to forge an ID during the verification process.
The list goes on. After the initial remote submission process is complete, the
companies often ask onboarding customers for a selfie using facial recognition
software. Unfortunately, fraudsters found a way to spoof this system, too, using 3D
face masks, cut-outs and fake videos.
What can companies do to reduce the risk of identity theft?
Numerous identity checks and thorough verification of data across different registers
and databases proved to be the most successful mechanisms helping to detect and
prevent threats. It also makes sense to opt for complex cost-effective tools, based on
advanced recognition technologies to ensure that operations are transparent and
immune to fraud.A new wave of biometric crimes
invading the digital space
Over the last few years, fraudsters have discovered an astonishing number of
vulnerabilities in what was believed to be a reliable method of identity data protection –
biometric authentication. Now, a new set of ways to spoof biometric authentication
videos is emerging in a fraud that uses stolen data.
In March 2021, a group of crooks hacked the official facial recognition service of the
Chinese government. The government found two suspects who, in less than two years of
fraudulent operations, managed to steal over $76 million by sending fake tax invoices to
companies and their customers, reported South China Morning Post.
During the interrogation, the suspects confessed using manipulated personal data and
high-definition photos purchased on the black market. Next, they hijacked a camera of a
mobile phone to deceive the facial authentication process. When the camera would not
work, the system received the pre-made falsified video and, as simple as that,
certification was completed. The fraudsters got the green light and started to issue tax
invoices on behalf of the shell company.
Even before the Chinese case made a splash, we have already witnessed biometric fraud
repeating itself in a few typical variations. According to the research carried out by a
global consultancy agency Accenture back in 2012, there are basic biometric fraud
patterns that hackers exploit systematically. Roughly classified into two categories –
obfuscation and impersonation – these are two primary attack schemes that the classic
biometric fraud is based on.
Obfuscation means altering biometric traits to trick recognition systems. A case in point
seen in the news recently is fake fingerprints created with a 3D printer. Even though the
production can be extremely challenging and time-consuming, they are often enough to
deceive biometric scanners. 9
There are more tough examples of obfuscation out there, as well. In January 2019, the
police in Madrid, Spain, detained a drug trafficker who cut and burnt his fingers to alter
fingerprints with injected micro-implants of skin. Distressing as it is, he managed to
avoid detention and was found only 15 years later. 10
9 Researchers: Fake Fingerprints Can Bypass Biometric Sensors.
https://www.bankinfosecurity.com/researchers-fake-fingerprints-bypass-biometric-sensors-a-14122
10 Man evades capture for 15 years by using fingerprint implants.
https://www.theguardian.com/world/2019/jan/31/drug-trafficker-evades-capture-15-years-fingerprint-implantsImpersonation seems to be a more prevalent and easier to implement method used to
spoof biometric authentication. Cybercriminals deploying other people's data or
synthetic ID in attempts to pass as legitimate users is a vivid impersonation example. In
fact, the Chinese case mentioned earlier is a variation of impersonation, albeit an
increasingly hard one to detect.
The damage caused by this threat can go beyond control, well illustrated by the financial
losses running into millions of dollars and being an additional blow to each affected
business's development.
Avoiding biometric fraud – mission possible?
Biometric fraud is a pretty serious threat, but several ways can help companies fend off
unwanted attacks. Multi-level deepfake analysis is a method that proved remarkably
effective in curbing biometric fraud.
It is necessary to conduct multiple checks of each potential client across different
registers. This crucial step goes a long way to preventing all sorts of malicious attacks,
proving the company is dealing with a legitimate user, not a scammer.
Although it is vital to check the data across various databases such as population
registers, this measure alone is not enough. Companies also should take time to
evaluate all information and identify the overall context. The location, device
information, IP address, and customer activity – everything should be consistent. Every
little detail must correspond with the previously mentioned data, older actions, and a
completed questionnaire.
“Including human verification as an additional protection
level is also a solid choice for raising spoof detection
capabilities. Used in combination with other layers of
protection (artificial intelligence included), human
verification techniques are incredibly effective. Frauds are
constantly evolving, and since no method can be sufficient
to stop them forever, companies should always keep your
finger on the pulse of the identity protection landscape.”
Liudas Kanapienis,
CEO and Founder of OndatoProfessional compliance services and benefits they bring For institutions, compliance regulations maintain the safety and integrity of data. For businesses, compliance is necessary to protect customers, control risk management, prevent money laundering and terrorist financing. On both accounts, automated compliance can facilitate processes, give broader coverage and more control. Here are a couple more reasons why professional compliance services are a solid choice. To meet the highest standards and avoid fines Keeping up with professional and global compliance requirements makes a strong and reliable industry player. Unfortunately, most inefficiencies and non-compliance cases companies face are the end product of manual compliance processes. Automated compliance software is a sort of an extra pair of eyes on everything employees do manually: register checks, sanction lists, keeping track of the latest regulations, etc. Harnessing the power of data analytics, compliance tools make it easier to detect and mitigate risks before they cause legal or financial damage. Nowadays, every business that works with money must meet the highest standards of compliance and security. Manual KYC procedures do the job but require a lot of human labour, often accompanied by errors and tons of unsystematic documentation. Across the globe, automated compliance gradually takes over manual processes by offering a comprehensive approach to all KYC, AML, and CFT processes managed continuously and systematically in one place. Using ready compliance tools, companies successfully avert mistakes that could cost them millions of dollars.
To optimize processes and get more conversions
A staggering number of business opportunities get lost during client verification, with
numerous companies reporting financial losses stemming from the poor conversion of
their onboarding process. It is clear that businesses should prioritize making user
verification simple, fast and frictionless.
Advanced compliance platforms can drive outstanding results in terms of conversion.
User-friendly interface, reliable and quick checks and transparent requirements make
onboarding hassle-free, which means more customers complete the process without
dropping it midway.
Businesses that choose compliance solutions admit that the rates of their internal and
external user satisfaction spike. They also report better performance, more conversions
and higher return on investment than the companies that prefer manual KYC processes.
~ 39% of customers will drop off due to the
process taking too long.
To stay one step ahead of fraudsters
Combating fraud is an exhausting process and staying alert can take a lot of time. With
identity fraud evolving, and cybercriminals inventing new attack patterns faster than
companies find ways to mitigate old ones, how to make sure compliance teams keep
up?
Although manual processes can do a pretty good job blocking fraud attempts, they can
hardly cover systematic and automated fraud management. Here, compliance platforms
offer more cutting-edge fraud prevention methods that are automated and
standardized, overall showing a better performance in detecting and tackling fraud.To simplify the whole process Each year, supervisory requirements are getting more complicated, and troublesome for businesses to follow. The lack of common standards to measure performance often leads to uncertainty. To avoid any sort of confusion, compliance software brings timely and professional execution and consistency throughout all business operations. Most management suites to KYC procedure facilitate all processes, letting users easily navigate the already sorted information gathered in one place. To get effective data monitoring and screening in place In various industries, especially finance, it is essential not only to identify customers or perform data screening but also to establish periodic data monitoring, as the situation may change. For example, a person may be included in sanction lists already being a registered customer. Integrated solutions work best to track changes, prevent financial crimes, bribery and corruption. The system automatically checks data across international lists of sanctions, politically motivated persons, various registers, and in media, collects information and issues alerts. With the stakes of sanction, losses and cyberattacks being as high as ever, the extension of new compliance technologies seems more than reasonable. New integrated solutions based on artificial intelligence intertwining with the human element and machine learning are here to stay, and they will keep companies well ahead of the compliance challenges.
Staying fully compliant in 2021
As KYC regulations are becoming stricter and the growing customer expectations are
harder to meet, the world needs complex KYC compliance solutions that can verify
customers, onboard them fast and ensure effective compliance with the laws.
How to keep up with the change and
stay compliant even when regulations
are not getting easier?
With multiple solutions for smooth and risk-free regulatory compliance, Ondato has got
your back on everything compliance: from identity verification and case management to
due-diligence and screening.
Ondato saves up to 90% of what companies usually
spend on compliance.
A must-have for any business operating in the digital space, Ondato reduces risks of
fines, has 0% fraud tolerance and saves up to 90% of what companies usually spend on
compliance and data management.
Ondato offers a simple, secure and cost-effective way to verify clients in compliance with
international Anti Money Laundering (AML) and Know Your Customer (KYC) regulations.
Today, Ondato has over 15 effective KYC and AML solutions, including photo and live
video identity verification, SMS signature, data monitoring, screening, due diligence and
case management. From the very first days, Ondato worked to ensure smooth, simple
and completely immune to fraud processes within a single and easy-to-use platform.We are experts in:
Photo and live video identity verification
Data monitoring
Screening
Due-dilligence
Risk scoring
Case management
Learn more: sales@ondato.com www.ondato.comEndnotes 1. McKinsey Global Survey of Executives. McKinsey & Company, 2020. https://www.mckinsey.com/business-functions/strategy-and-cor- porate-finance/our-insights/how-covid-19-has-pushed-companies-over-the-technology-tipping -point-and-transformed-business-forever# 2. Guidance on Digital Identity. Financial Action Task Force (FATF). https://www.fatf-gafi.org/media/fatf/documents/recommenda- tions/pdfs/Guidance-on-Digital-Identity-report.pdf 3. Synthetic Identity Fraud Part One: These numbers will surprise you. TransUnion https://www.transunion.com/blog/synthetic-identity-fraud-part-one 4. Online Payment Fraud Losses to Exceed $200 Billion over Next Five Years. Juni- per Research (Feb 25, 2020) https://www.juniperresearch.com/press/press-releases/on- line-payment-fraud-losses-to-exceed-200-billion 5. Uncovering the connection between digital maturity and financial performance. Deloitte Insights, 2020. https://www2.deloitte.com/us/en/insights/topics/digi- tal-transformation/digital-transformation-survey.html 6. Identity fraud increases 15 percent as consumer out-of-pocket costs more than double, according to 2020 Identity Fraud Report. Javelin Strategy, 2020. https://www.javelinstrategy.com/press-release/identi- ty-fraud-losses-increase-15-percent-consumer-out-pocket-costs-more-double 7. Key Priorities for UAM Leaders in 2021. Gartner. https://www.gartner.com/smarterwithgartner/key-priorities-for-iam-leaders-in-2021/
You can also read
