It’s no longer financial institutions, real estate, art dealers, casinos, lawyers, and accountants who are the main targets for financial crimes online. Criminals are finding it harder to use them for money laundering due to rigorous regulations and effective know your customer (KYC) processes. To go undetected, they have set their sights on online multiplayer gaming, online marketplaces, FinTech, online gambling and many more small and medium businesses.
Lawbreakers are attracted to these platforms because they have little to no anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. For example, multiplayer online gaming platforms have experienced a rise in illicit activities on platforms. According to Newzoo’s report, 35 per cent of UK gamers have had a negative experience when paying online, and 18 per cent have experienced fraud while paying for games.
Criminals can purchase in-game content or credit (often through prepaid cards), sell these to other users (possibly at a discount) and then receive cash credited to their account from that legitimate source.
It’s a type of money laundering that can go undetected by a customer and by you, but its impact hasn’t gone unnoticed by the Financial Action Task Force (FAFT). Recommendations issued by the FATF define criminal justice and regulatory measures that should be implemented to counter this problem. They recently published guidance on virtual assets and virtual asset service providers (VASPs), explaining that these industries should come under anti-money laundering regulatory guidelines. Necessary measures are set to increase in the coming years.
However, it will be an entirely new process for many online service providers to follow in order to protect their business and customers. For experienced industries, it’s challenging enough to be compliant.
Suppose your industry is one of the businesses providing innovative ways consumers’ access entertainment, gaming, shopping, gambling, banking, and more. To be proactive in protecting them and your business, here’s our quick guide to help you prepare for the changes and hit the ground running to smash those requirements.
What is Know Your Customer?
Know your customer (KYC) is a set of processes that gather personally identifiable information to understand if a customer is genuine and will not attempt to use your services for illicit activities. The best place to do KYC checks is during the customer onboarding process, as it is the first step with every new customer.
Otherwise, you could unwittingly facilitate fraud, leave your services vulnerable to costly reputation damage, and risk losing genuine customers’ trust. Last year, 198 fines, totalling 10.4 billion dollars, were issued globally against financial institutions for non-compliance with AML, KYC, data privacy and MiFID (Markets in Financial Instruments Directive) regulations.
What is the difference between AML and KYC?
AML is a broader framework that refers to a range of the policies, regulations and procedures businesses must have to identify, monitor and report any illicit activities. KYC is the first line of defence in an AML program. It ensures your customer is who they say they are. Plus, it helps you assess the level of money laundering risk a customer might present.
What is Customer Due Diligence (CDD)?
Customer due diligence (CDD) is various components of the identification collection of data. CDD is effective at managing any potential risk to your business. The process of gathering customer data about their identity, background and activities to evaluate what level of potential risk (high or low) a customer falls under. Once your business has a payment processor, it’s your responsibility to check the source of the funds. Your industry and business needs will predetermine the risk criteria and when to apply them.
The Law Society explains that Under regulation 27 of the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017), you must carry out CDD measures when:
- establishing a business relationship
- carrying out an occasional transaction that amounts to 15,000€ or more
- you suspect money laundering or terrorist financing
- you doubt the accuracy or adequacy of documents or information previously obtained for CDD
We will cover when you are required to carry out CDD below.
How does the KYC process work?
Firstly, there are three critical best practices to KYC that you must ensure to:
- Establish the customer’s identity
- Understand the nature of the customer’s activities (means to satisfy that the customer’s funds are from a legitimate source)
- Evaluate what level of money laundering risk they could pose
Here is how those key elements work within your customer onboarding process.
1. Establish the customer’s identity
It starts with collecting basic information about your customer, which is done using digital identity verification technology (we’ll dive into its role in more detail later). In America and some other jurisdictions, it is referred to as a customer identification program (CIP). It follows the same method of collecting basic data to confirm your potential user’s details and identity are genuine, so you’re sure they are who they say they are.
The basic information needed is their name, address, date of birth, requested identification documents such as a passport or driving licence, and documents confirming proof of address.
The FAFT currently recommends a risk-based approach for industries experienced in complying with AML -This will differ for every industry. Therefore, you would be required to assess the potential risk to your business to understand the level of KYC or the amount of information your business will need to collect.
2. Assess the risk by practising Due Diligence
There are three recommended due diligence practices you could add to your KYC process:
- Simplified Due Diligence (SDD): This involves identifying your customer and making sure they are who they say they are. As mentioned above, this is performed on all customers during onboarding using digital identity verification. It’s you being confident that the user has zero to no intent of misusing your platform.
- Customer Due Diligence (CDD): This is commonly referred to as standard due diligence (SDD). It’s used for customers and transactions that present a low risk, where you’re satisfied that the business relationship or transaction presents a low risk of money laundering or terrorist financing. At this level, you must continue to monitor low-risk accounts to spot any red flags or suspicious activity.
- Enhanced Due Diligence (EDD): EDD occurs when the risk for money laundering or terrorist financing through the services you provide is high. It requires you to carry out deeper additional checks to verify your customer’s identity and understand their activity in order to mitigate any risks.
There are many circumstances and factors where the risk of money laundering is high, and you’ll need to carry out EDD measures. Risk factors include customer, country, product or services.
For example, customer risk factors can affect gaming industries in the gambling sector because it is a cash-intensive business. The risk of illegal activity by customers is considered high.
Things to note:
- It is a business’s responsibility to put policies in place that define when EDD should be triggered. To provide guidance around this, it could trigger when the customer is a foreign national, resident in a high risk or high secrecy jurisdiction, involved in a high-risk industry (as defined by FATF), a high-value transaction (thresholds are set by JMLSG, FATF, regulators), politically exposed or just doesn’t smell right.
- EDD must also include looking for publicly available information from reliable sources for adverse information, media or allegations of criminality. Satisfying the source of funds and source of wealth is also part of the EDD.
3. Ongoing monitoring: Evaluate the money laundering risk
Identification and screening of customers are vital to the onboarding process. To protect businesses from becoming vulnerable to illicit activities later on, they must monitor customers on an ongoing basis and keep an auditable record of all checks. This is to spot if there are any changes in customer activities that pose a risk.
The role of digital identity verification solutions in KYC
Regulations are constantly changing and evolving as new vulnerabilities pop up. As online access grows, experienced industries are using digital identity verification solutions more regularly to maintain compliance and manage the identity process. In fact, it is encouraged by the FAFT to use artificial intelligence (AI) and machine learning to improve how you do those KYC checks.
AI and machine learning help to improve the accuracy of KYC checks, reducing the possibility of criminals using false or stolen identities from entering your platform. It gives you a better quality of data and helps to manage customer identification efficiently. Not to mention, an identity verification solution makes requesting and verifying an ID match to a real person more straightforward for the customer. It uses a customer’s biometrics to correctly match it to their ID (passport/driving licence), along with checking that the document is an authentic one.
How Yoti can support you
We help you proactively carry out KYC checks without affecting the customer onboarding experience while accurately identifying potential risks. The verification system fits within your current user flow without disrupting your customers.
Our identity verification solution is a hybrid of AI technology enhanced by a team of expertly-trained identity verification specialists. Working together, using AI and fraud experts allows you to detect potential risk and misuse accurately.
To ensure only genuine users get through your identity checks, we can do necessary identity checks and enhanced checks as per your industry requirements. We can verify proof of address documents, check your customer’s name, date of birth, or address against an official database and screen against AML watchlist using global databases (Sanctions and watchlist, PEP, adverse media, and ongoing monitoring).
How do your customers prove who they are?
For your customers, it’s as easy as capturing an image of their ID document and a biometric selfie.
Robust identity verification in 3 steps:
- Select the issuing country and type of ID, such as passport, ePassport, or driving license
- Take a photo of the front and back of the document via a mobile phone or computer camera
- Take a selfie using a phone or computer camera
See how we make it hassle-free to verify your customer’s identity.