Blog and Resources

These last couple of years blockchain technology has witnessed extensive progress in terms of acceptance by the authorities. In particular, crypto companies are now conditioned as conventional Financial Institutions when it comes to Anti-Money Laundering and KYC laws and regulations. One major field that doesn't fall into the traditional asset exchange category but is being increasingly hit in such circumstances is DeFi.   

Before we dive into it,  let’s specify the meaning behind DeFi; It is short for Decentralized Finance and signifies that cryptocurrency entrepreneurs are able to at minimum recreate traditional financial instruments in a decentralized architecture, outside of companies’ and governments’ control. DeFi’s potential and breadth of use cases go way beyond CeFi (centralized finance), the topic which we will try to cover in the near future. Before that, let’s take a quick look at a brief history of DeFi: 

What does the new outlook mean for DeFi

Nowadays, data security and compliance with emerging regulations means that you, as a company, are sober to potential risks coming your way. Taking purposeful actions to contain the risks, puts you on the good side of the law. This positioning also opens room to attracting institutional and/or corporate customers, who are adamant about safeguarding themselves and their data. Demonstrating that you are following with KYC and AML compliance regulations can be used to expand your customer base. 

DeFi has managed to augment automated market making and liquidity pooling through massive decentralization and very clever algorithms, but if it wants to match CeFi’s fraud prevention and security levels, its community needs to adopt AML measures.

- David Lomiashvili, CEO of Identomat.

"DeFi is all about taking the middleman out of financial transactions. As much as decentralized, open markets with efficient capital turnaround and higher average yields are enticing, they come at a significant cost to market security. Let us not forget that traditional financial organizations that act as middleman play an important role in mitigating these risks. DeFi has managed to augment automated market making and liquidity pooling through massive decentralization and very clever algorithms, but if it wants to match CeFi’s fraud prevention and security levels, its community needs to adopt AML measures. I don’t expect this to happen, though, until we have similarly decentralized KYC solutions that live up to the values of DeFi community – creating censorship-proof  open markets that foster true financial inclusion.  That is why Identomat is working hard with our partners to kickstart this next chapter in the unstoppable DeFi revolution. " - Says David Lomiashvili, CEO of Identomat. 

Expert takes on DeFi’s potential vary significantly, however, the consensus seems to be that it is realistic to expect traditional financial markets be eventually overtaken by decentralized ones, given that government regulations are complied with. Whether DeFi breaks into larger markets (shown on the chart below) and eventually approaches $400 trillion global financial market, depends on the level of adoption of financial and security regulations including KYC/AML.

KYC shouldn’t automatically be interpreted as centralization. A DeFi app can facilitate decentralized financial transactions and simultaneously give access to verified users. 

Pitfalls of mass adoption of unregulated DeFi

Since DeFi platforms are expanding their use horizons, the FATF has an unyielding determination to disallow further operations of exchanges and DeFi platforms without KYC.

According to CipherTrace report notable DeFi hacks in 2020 included: 

• bZx
• Akropolis
• Axion Network
• Balancer
• Bancor DEX
• Bisq
• Cheese Bank
• COVER
• Finance
• Harvest Finance
• Lendf.Me
• Opyn
• OUSD
• Pickle Finance
• Uniswap
• Value DeFi
• WarpFinance
• wLEO

The same research states that "the exponential explosion of capital and lack of regulatory clarity have attracted criminal actors to DeFi, ultimately resulting in the most DeFi hacks in a year to date". To put this statement into numbers, there was $516 million in 2020 thefts, DeFi added $129 million to crypto thefts. 

The above example alone is enough to state that the field will not be able to reach commercial and legal sustainability sans KYC and AML protocols. 

But the problem lies with the ‘D’ - standing for ‘Decentralized’, which, in first, was the most attractive part for many. So, who or what can regulate a concept that in its core, shouldn’t be regulated? 

Bad Blood: Can DeFi and KYC cooperate? 

One of the main components of DeFi has been anonymity. The complication here is that FATF  has made it clear that undisclosed financial transactions open a window to criminal exploitation. Therefore, treating owners/users of a DeFi app as Virtual Asset Service Providers (VASPs) would be the way-out. This directly means that DeFi platforms will have to put into operation the KYC process or otherwise be confronted by regulatory sanctions.

Now, DeFi owners and users are facing a tough decision whether to take in KYC standards or decide how important being compliant to the regulation is at all - which may lead to a divide: DeFi that is regulated, compliant, transparent and more reliable and DeFi that is anonymous and, therefore, unregulated. The bottom line is, that at some point, DeFi will have to accept the neglect from a part of its target market. 

Identomat is working hard with our partners to kickstart this next chapter in the unstoppable DeFi revolution.

- David Lomiashvili, CEO of Identomat.

Ultimately, the process should be directed in favor of regulations if DeFi platforms wish to stay active and engaged with the bigger financial market.

With the ever-growing achievements in Artificial Intelligence and Financial Technologies, AI has tapped into yet another area - lending decisions - taking on an even more important role. Credit scoring is a process carried out by financial experts enabling institutions to accept or decline a loan application depending on the assessment of the client's ability to pay off debt.  Financial Institutions are always trying to optimize and streamline their business operations, which comes down to speeding up customers’ access to money, not turning away creditworthy clients, and reducing default rates. It seems like AI is ready to best the humans on all three fronts.

AI credit scoring decisions rely on any number of customer’s data points. These often include a person's income, transaction analysis, credit history, and other information. In fact, the more the merrier. As a result, credit scoring performed by AI provides a more intricate and individual credit score, allowing more people access to potential loans. 

Generally, financial institutions depend on a scorecard approach, which means that the borrower has to have some type of loan history to be graded as ‘scorable’. The main disadvantage of this method is that sometimes even creditworthy borrowers are denied loans because of absence of such credit history. Whereas AI credit scoring takes into consideration the ‘real-time’ indicators, for instance, current level of income, earning potential etc. Therefore, the likelihood of being included in the credit programs shoots up, while smart AI models ensure precise profit predictions bearing ‘in mind’ the potential risks. 

Let’s dive into how you may leverage integrating AI into scoring. First and foremost, precise customer targeting, meaning that AI will allow you to focus on the right segment of clients. Banks and financial institutions are given large-scale, detailed insights about their customers, which results in better and more realistic risk assessment. This directly leads to a much higher number of customers getting access to loans. Manual scoring limits companies in numerous ways, whereas AI enables making data-driven decisions and margin maximization is its focal point. As a result, companies end up with a surge of customers and, coresspondingly, profits, whilst borrowers receive a wider and faster access to loans. 

Identomat has recently introduced AI credit scoring to its system. The added new feature comes at an opportune time, considering the tendency of promoting faster, crisp and more precise services, instead of reverting to manual processes. 

‘Adding this transformative new feature to Identomat is a great milestone for us, as we focus on our main goal of further development. Machine-learning based credit scoring is truly an opportunity for businesses to shift to much more insightful and nearly-instantaneous decision-making processes. 

Our cutting-edge AI credit scoring solution has two main distinguishing features: Allowing financial intermediaries to collect, process and use massive amounts of data, therefore, unearthing hidden patterns and relations between key indicators; and secondly, outperformance of traditional ‘card’ scoring methods in predicting risks, losses and defaults. Offering AI credit scoring service along with Identomat’s Identity Verification & KYC solution enables us to aid financial companies further increase the pool of credit-worthy customers without significantly increasing their risk exposure.’ - Says CEO of Identomat, David Lomiashvili. 

Making AI part of your company’s credit scoring will become a powerful tool to gain more in-depth insights, in drastically shorter time, and into previously overlooked data sources. 

Whenever there is a new policy regarding digital identity, the whole industry is listening as it shows signs of where governments and legislators are at regarding the future of the sector. The UK Government has recently published a new framework, detailing new digital identity use cases and how people can verify their identity online, in an attempt to offer clarity on and increase public confidence in the rapidly developing sector. 

The new ‘trust framework’ includes principles, policies, procedures, and standards attempting to regulate and manage and administer the use of digital ID. More importantly, the new policy wants to clarify the way information is shared amongst public authorities and private firms.

In an official statement, Digital Infrastructure Minister, Matt Warman outlined the motivations behind this policy as following:

“Establishing trust online is absolutely essential if we are to unleash the future potential of our digital economy. Today we are publishing draft rules of the road to guide organisations using new digital identity technology and we want industry, civil society groups and the public to make their voices heard. Our aim is to help people confidently verify themselves while safeguarding their privacy so we can build back better and fairer from the pandemic.”

The document is currently in draft form and its next iteration which is believed to be enacted as law, will be published in the summer of 2021. As it currently stands, the paper proposes specific standards and requirements for organizations providing or utilizing digital identity services.

Here are its main proposals: 

• A clear data management policy outlining how data is created, obtained, disclosed, protected, and deleted
• The establishment of industry standards regarding information security and encryption 
• A transparency policy informing users about changes to their digital identity details
• A clear account recovery process 
• Guidance on how to select secure authenticators

While all of the above sounds good, what’s more interesting is that digital ID services providers will have to publish a yearly report breaking down their demographics. 

Here’s what Emma Lindley, Co-founder of Women In Identity, had to say:

“We believe that digital identity systems should be inclusive and accessible for anyone that chooses to use them.  This collaborative approach by the government in designing the trust framework is a step in the right direction towards accountability across all stakeholders who are involved, and ensures no one is left behind.” 

Another point referenced in the paper is the idea of ‘vouching,’ a practice that proposes individuals can be identified through trusted people within the community. Who are these people? The list provided by the UK Government outlines dentists, doctors and accountants amongst others. This obviously begs the question, “Does your profession ensure your trustworthiness?” which is something the government will need to address in its next iteration.  

“Products that help digitally to verify a person’s identity are becoming increasingly important as more areas of our work and home lives move online,” said Cabinet Office Minister Julia Lopez. “Creating a common trust framework will give greater clarity and certainty to organisations who want to work in this field about what is expected of them. More importantly, however, it will help to deepen users’ trust and confidence in digital identities and the standards we expect in the safeguarding of their personal data and privacy.”

Even though what has been released is still a draft, the paper does show promise for a more transparent digital identity community. The UK government recommendations are in line with the latest developments in the both perception and technology surrounding the sector. What remains to be seen is the next iteration of the framework and above all, enforcing it. 

Following the coronavirus digital boom, businesses have realised the need to find the right software to help them with customer onboarding, due diligence and anti-money laundering investigations. What are they looking to get out of this software? Decreasing onboarding times, achieving perpetual KYC, decreasing false positives, and aligning with AMLD6, the European Commission’s latest directive on AML. 

What enables a software to successfully provide these solutions is the efficient use of APIs. Application programming interfaces (APIs) are one of the main cogs in the KYC and AML tech and today we’ll have a look at 5 ways they are helping the industry develop. 

1. Onboarding Customers Instantaneously

 Customer onboarding has been troubling businesses, banks and merchants since its inception since it is a rather lengthy, tedious and unpleasant process. The problem with customer onboarding is that it is necessary and unavoidable and at the same time it is the first point of interaction between customer and business. 

Just so you get an idea of how bad the onboarding issue is, a recent report from Signicat shows abandonment rate increase by 23% compared to 2019 with one in five abandonments being attributed to a lengthy and complicated onboarding process. 

How do APIs help with this problem? APIs can speed up the onboarding process by providing aggregated and analysed global KYC data, automatically building a risk profile for new customers in a few minutes. Data APIs are crucial in gathering information, eliminating manual labour and automating the process of filling out gaps such as UBO, shareholder or directorship information.

2. Centralizing Information & Having One Single Profile

One of the most common KYC problems of the modern era is that information is divided amongst different teams, platforms and mediums. Data silos are blocking effective KYC as businesses use different softwares to gather, view and store customer data, transaction data, PEP & sanctions checks, and more. APIs can help alleviate that problem. 

APIs can unify these datasets and create one customer profile, one main location where everything and anything you need to know about the customer is there. By doing so, you immediately have clarity on the risk profile, you have a better allocation of human resources and a streamlined, polished process.

3. Establishing Automation & Eliminating Manual Tasks

Can you imagine the amount of time, effort, spreadsheets and email threads required for manual KYC and AML? It is a battle lost before the battle is fought as there is no way humans, no matter how bright and skilled they are, to manage the volume and frequency of information when it comes to building risk profiles. 

APIs are paving the path of automating many manual processes in KYC and AML. Here is an example: using Robotic Process Automation (RPA) to access data that are behind paywalls,  via scanned documents supplied by customers or even the world wide web. Artificial intelligence can even “learn” how stored information such as company registration details. The possibilities are endless but what APIs can do is automate huge parts of the process and free the hands of compliance professionals that can use their skills to make informed decisions rather than hunt for data. 

4. APIs Are Both A Product & A Foundation For Custom Solutions

When it’s time to establish your KYC process, the question of whether you outsource or build your own is often on the table. KYC is a core company need and it’s always worth questioning whether you should invest in creating something in house. 

APIs provide a middle ground between the two options since they can act as both a ready-made product you can use as well as the building blocks for building your own custom solution. For example, using KYC and AML data APIs can have an instant impact on client onboarding and building a complete risk profile but they can be the first block of a much bigger solution since their architecture and functionality can be the blueprint for more solutions such as monitoring alerts. 

5. Transparency, Manageability & Usability

APIs are easy to manage, monitor and use. It’s a technology that can scale without any additional burden and additionally, it provides the required transparency to help regulators, auditors and internal staff to understand how and why data was collected. There is a digital audit trail that allows interested parties to investigate each and every step of the way.

What’s more, APIs offer a standardised approach to collecting data, eliminating the inconsistencies of a human, DIY approach. Data is captured automatically — the same way, every single time, improving both consistency and accuracy. KYC & AML processes are by nature very sensitive and prone to error so finding technologies that can remove these elements is essential. 

One of the most underrated and painful (for the merchant) parts of the KYC process is PEP screening and sanctions checks. A mistake in the PEP and sanctions step of the process could be translated into nefarious activities such as money laundering, terrorism financing, corruption, and bribery.

Now, more than ever, merchants and organizations can’t neglect PEP and sanctions screening in order to avoid taking a hit on their reputation, revenue and capital. Just how much of a hit could they possibly suffer? Let’s look at some examples that can contextualize the damage for you.

The Cost of Disregarding Sanctions Lists Checks & PEP Screenings

• US-based watchdog Financial Industry Regulatory Authority (FINRA) fined BNP Paribas Securities and BNP Paribas Prime Brokerage $15M, for failing to provide sufficient anti-money laundering (AML) and supervisory systems.
• In 2015, Barclays PLC was fined over £72 million for poor handling of financial crime risks by the Financial Conduct Authority (FCA).
• UniCredit was fined $1.3 billion to settle U.S. sanctions probe.

The numbers are hard to swallow and even harder to digest. What’s the only way to stay away from such scary scenarios? Make the most of Artificial Intelligence (AI) solutions that can once and for all put your PEP and screening worries to bed. 

Before investigating how this technology can help you, let’s get some definitions out of the way. 

A comprehensive screening approach includes both types of checks:

• PEP screening is the process of picking out Politically Exposed People or other high-risk individuals who are eligible for Customer Due Diligence (CDD). 
• Sanctions screening is the process flagging the names of individuals who are found on sanctions lists, stopping them from making financial transactions.

What is a Politically Exposed Person (PEP)?

According to the FATF Recommendation 12, “a PEP is an individual who is or has been entrusted with prominent public functions.” That could be a President, a Prime Minister, or a government official. Due to the seniority of their position and the power associated with it, PEPs hold the keys to influencing major decisions and are therefore more prone to things like bribery, corruption and money-laundering. Due to their sensitive positions, PEPs, as well as their families and close people should be regularly checked and screened. 

What is a Sanctions List? 

A sanctions list is a record of people, businesses and countries that are wanted for or have committed illegal activities. These lists are usually published per country and/or regions and go public in order to help countries stop international financial crime. 

As an organization or a merchant, screening potential customers against sanctions lists is essential in order to eliminate the risk of doing business with entities that are flagged for illegal activities. 

We can sense what the next questions will be: 

• Where can we find these lists?
• How can we keep track of when those are updated? 

This is where technology comes into the picture. PEP and sanctions lists come from places such as Her Majesty’s Treasury, the European Union, the Office of Foreign Assets Control (OFAC), United Nations, and even more regulatory bodies. As you can imagine, doing this manually is mission impossible. Let’s see how artificial intelligence can simplify and automate this process. 

How Artificial Intelligence Is Simplifying PEP & Sanctions Checks

First and foremost, the service provider you choose to partner with will be digitally connected to the databases and external data sources of the PEP and sanctions lists. If you are thinking about a simple search, filtering the results, you are only getting the first part of the process correct. 

A traditional name search is too simplistic for the era we live in. Companies need way more than a name. They need context, they need analysis, they need conclusions and more information in order to build comprehensive risk profiles for their potential customers. 

This is where Natural Language Processing (NLP) and Artificial Intelligence (AI) technologies come in, in order to analyze unstructured data and extract the information from these lists. The tech is able to optimize and automate the process, making these lists multi-dimensional uncovering layers and layers of information that would otherwise remain undiscovered. 

Identomat PEP & Sanctions Checks

Artificial intelligence is at the core of the Identomat offering and PEP and sanctions lists is something we know very well. It is a part of our solutions and our team is always available to discuss how you can include it in your KYC process.

2021 is already underway and even though the pandemic has us all under its lethargic spell, the world of digital identity verification has not stopped moving. To make any assertions about how the year will develop would be laughable at this point, considering how last year turned out, but there is one thing we can say with confidence - companies are moving towards Zero Trust Security.

What Zero Trust Security? 

Zero Trust Security is an IT framework that calls for all people, even those employed by an organization, to be authenticated, authorized, and validated in order to access applications, files, data and other resources on a private network. This strict approach combines several technology solutions such as multi-factor authentication, identity and access management (IAM), and cutting-edge endpoint security technology to verify the user’s identity. 

Why Is Zero Trust Security Suddenly A Trend? 

Because the way we store and manage data has changed. For the longest time, organizations used to store their own data and the perception was that people on the inside could be trusted and threats could only come from the outside. Natureally, security measures and verification processes adopted a perimeter-based model, safeguarding what’s within. 

Now, applications and data have moved out and mainly exist in the public cloud which means there needs to be a revision of the security and identification approach. Let’s clarify something here; the reason organizations are moving towards the Zero Trust Security model is not based on the lack of trust for the people they employ. Zero Trust Security is a mindset, an IT culture change that takes a holistic, no exceptions type of approach to security in order to deter outside threats from even attempting to breach company security.

Verizon’s latest Data Breach Investigation Report revealed that 69% of data breaches and malicious attacks were perpetrated by outsiders while only 34% involved internal actors. What numbers clearly show is that outside perpetrators are exploiting weaknesses in perimeter-based, legacy IT security infrastructures to penetrate networks that have not adapted well to the use of the cloud. 

A recent IBM-sponsored study showcased that the average cost of a single data breach is over $3 million. These numbers are jaw-dropping and it’s easy to see why the need for a stricter security approach is now becoming a requisite as companies can’t afford to take such risks. 

Is Zero Trust Security Just A Theory Or A Realistic Solution? 

The 2020 Zero Trust Progress Report surveyed 400+ cyber security professionals including technical executives and IT security practitioners from organizations across multiple industries. The findings showed that 72% of organizations plan to assess or implement Zero Trust capabilities in some capacity in 2020 to mitigate growing cyber risk, while (47%) of partakers lack confidence applying a Zero Trust model. 

That goes to show that even though there is the appetite and willingness for implementing the new framework, companies are still unsure regarding the tech and the actual steps required to make it work. 

Gartner’s Market Guide for Zero Trust Network Access (ZTNA) is another great source of information regarding the potential of this new school of thought. Here are some interesting stats: 

• By 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through zero trust network access (ZTNA)
• By 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of ZTNA 
• By 2023, 40% of enterprises will have adopted ZTNA for other use cases described in this research 

In some of our previous posts we have discussed the role of KYC in the battle against cybercrime but as it’s becoming very clear, digital identity verification is also a cornerstone in establishing the Zero Trust Security approach. 

What Are The Main Zero Trust Security Principles & Tech?

It all starts with the fundamental philosophy behind zero trust. The framework operates on the assumption that threats exist both inside and outside of the network. Nobody is trusted and all entities are required to undergo the same verification steps and processes.

Coupled with that is the idea of least-privilege access. Least-privilege access is the principle of sharing as much access as users need, keeping them on a need-to-know basis. By doing so, people are authorized to access the specific parts of the network they need, minimizing each user’s exposure and the risk for breaches. 

Zero trust networks also make use of microsegmentation. Microsegmentation is the method of building small security zones in a network in order to create different access points. What that means is that multiple users might be operating within the same domain of a network but only have access to a specific section of the domain. 

The core breed of technology utilized by Zero Trust Security is multi-factor authentication (MFA). What MFA does is ask for more than one piece of identification proof from the user in order to authenticate them. MFA is common practice for personal account protection but is now making its transition to the enterprise and organizational world.  

Last but not least comes the strict controls on device access. The ebay way to understand this? Think of your Netflix subscription and the parameters set on how many devices are registered under one account. Similarly, Zero Trust Systems monitor the number of devices accessing their network and ensure that every device is authorized and belongs to a verified user. 

Recap

2021 might still be trying to find its way through the coronavirus dust, but identity verification is suddenly taking center stage in the Zero Trust Security trend. The Identomat team is always at your disposal in order to discuss the latest tech digital identity verification innovations and how they can help your organization take the next step.

Digital identity verification has always been thought of as the cornerstone of easier, faster, and more efficient customer onboarding. As we move deeper and deeper into the digitization era, it becomes very apparent that digital identity verification might hold the keys to unlocking another business sector: remote hiring.

Is Remote Work A Trend, Or The New State Of Affairs?

Pre-pandemic, working from home was categorized as a company perk, a benefit someone would come across when dealing with companies of the likes of Google, Amazon and Facebook. What the pandemic has managed to do is normalize working from home and enable a new status quo for work and hiring.

Companies are not looking at their city, town or even countries to source talent. The pandemic has globalized working with people working from the comfort of their own home for companies in different timezones.

To give you some context, a Gartner survey revealed that 80% of company C-Level executives plan to resume remote work in some capacity even after the pandemic is over while 47% of them will allow it full time. Moreover, a PwC survey of 669 CEOs, found that 78% of them do not see remote work as a trend or a short-term solution but as something that is here to stay. 

How Can Digital Identity Help With Remote Hiring?

In the exact same way it has helped with traditional KYC and customer onboarding. The most valuable feature of digital identity verification is the elimination of manual process and the creation of a smooth, seamless and functional customer onboarding process. Taking that and channeling into a remote hiring setting could replicate the exact same results. Let’s look at some numbers. 

A study from company review site Glassdoor found that a positive onboarding experience could be the deciding factor for employee retention by increasing numbers to 82%, productivity by 70%, but most importantly that only 12% of new hires are satisfied with onboarding procedures. 

The Glassdoor research concluded that manual processes were the main reason behind the low satisfaction numbers. Manual processes are causing slow onboarding, lack of clarity and frustration. Can you imagine being asked to travel to an office for an interview, the provision of your CV, or your identity verification? What about social distancing rules? What if you live a few hours away, or what if you live in a different country? Should that be a barrier to getting a new job? 

Fortunately, digital identity verification technology can provide the tools and solutions to overcome these logistical difficulties, and enrich their talent pool. These solutions include facial recognition and videoconferencing technologies. Here at Identomat, for example, we have created a remote user verification solution built using artificial intelligence (AI), machine learning and liveness detection. While the tech was primarily directed at merchants and financial institutions, it goes without saying that it could be used by human resources teams during the onboarding process to scan and validate identification documents. 

Providing smooth, trouble-free remote hiring processes is not an adjustment move due to the pandemic. It’s the natural evolution of recruitment. A PwC report found that 49% of people that reached the final interview stages ended up rejecting employment offers due to poor recruiting experiences. 

By leveraging digital identity solutions, companies can significantly decrease that number and create frictionless, seamless, secure remote hiring processes. 

Remote Recruitment & Digital Identity Verification: There is a Market For It

A recent study of more than 500 hiring managers found the following: 

• 56% hired employees remotely for the first time since the pandemic broke out. 
• 51% interviewed candidates remotely 
• 42% extended job offers

What the survey was also able to do was shed light to the challenges and concerns C-level executives have about the future of remote hiring. Most of the concerns had to do with employee onboarding and getting them up and running. 38% of respondents expressed their worry about coordinating technology onboarding and setup, including the verification of employees identities. 

What the numbers make abundantly clear is that this is not the last we will hear about the relationship between digital identity verification and remote hiring. Stay tuned and check back to see how this one develops. 

In case you want to discuss how Identomat can help you explore that relationship, our team is always ready and available to talk to you.

The entire financial and banking world has once again been shaken to its core. It’s only been a couple of months since sources at Buzzfeed and the International Consortium of Investigative Journalists (ICIJ) broke the story about the FinCEN papers. 

The FinCEN papers are documents that point to an industrial level money laundering scheme run and assisted by some of the world’s biggest banks. 

From the Panama Papers, to WikiLeaks and the Paradise Papers, the past decade has not been shy of big revelations and document leaks. 

What makes this leak even more important than the aforementioned scandals is the fact that FinCEN papers do not just concern a couple of companies but a number of banks assisting Ponzi schemes, and terrorists in their attempts to launder money. 

The list of revelations is jaw-dropping:

• HSBC permitted the illegal circulation of dirty money, disobeying the advice of US investigators (ICIJ)
• JP Morgan authorized a $1bn London account without basic KYC principles. It is believed that the account belonged to a criminal on the FBI's 10 Most Wanted list. 
• A close friend  of Russian President Vladimir Putin was allowed to use a Barclays bank account to avoid sanctions which prevented him from using any sort of financial services in the west. (BBC) 
• The husband of a donor with contributions of more than £1.7 million to the Conservative Party was secretly funded by one of President Putin’s closest associates. (BBC) 
• An excess of 3,000 UK companies are found in the FinCEN files. (ICAEW) 
• Famous Russian Chelsea owner Roman Abramovich had a stake in rival footballers through an offshore company. (BBC) 
• UAE central bank failed to prevent Iran sanctions evasion. (BBC) 
• Deutsche Bank acted as a money laundering shield for organised crime, terrorists and drug traffickers. (BuzzFeed News)

The names and the severity of the crimes are staggering. The role of KYC in the battle against cybercrime will suddenly become a headline, instfead of a byline as banks have dug themselves in a hole. 

What has held banks afloat amidst the FinTech revolution has been people’s affinity to tradition and habit. Banks built equity with people, winning over their trust after years and years of being the only way to handle, store and manage their finances. 

With revelations like these, that trust is going out of the window. Not only are banks going under the microscope on their ability to perform basic KYC, identification and money-laundering mistakes, but a lot of questions will need to be asked about their intentions, credibility and trustworthiness. These incidents were not mistakes, but organised incidents from people on the inside. 

The FinCEN files leak shed light on a broken system. It’s not about a specific incident, a specific person or a specific bank. Here’s what Rachel Woolley, director of financial crime at regulatory consultancy Fenergo, had to say about the leak. 

“The FinCEN files exposed systemic failure across the entire financial system and industry. Fines are on the up, over $40 billion since the financial crisis, but is this really a deterrent to the financial institutions that facilitate money laundering? In comparison to the trillions of dollars that illegally move around, these look like a simple cost of doing business.”

What Can We Learn From The FinCEN Files Leak?

Winston Churchill famously said “Never let a good crisis go to waste” and this couldn’t be more fitting than this crisis. The FinCEN files exposed the shortcomings of an entire industry, pointing to the fact that we might have been looking at KYC wrong this whole time. 

For any of this to make sense, we firstly need to talk about the broken process that led to the whole FinCEN incident in the first place: Suspicious Activity Reports (SARs). 

SARs are filed by organizations and financial institutions to flag any unusual transactional or financial behaviour by a customer. This report is meant for the authorities and is designed to ensure that financial institutions can share suspicious information with a law enforcement agency. By sharing this information they not only have help in clearing out the nature of the unusual behaviour, but they are also clearing themselves as possible accomplices to corroborating criminal activity. 

As you can imagine, the intended use of SARs and the actual use of SARs were two completely different things and this is exactly why the FinCEN files leak happened in the first place. 

Below, you will find a set of questions that if and when answered, can give us the foundation to learn and fix the broken process:

• Are SARs merely used to tick a box in the KYC process? How many of these reports were actually investigated and led to an escalation involving law enforcement? 

• If any cases were opened due to SARs, how many of those led to actual convictions or court rulings? 

• What are the reasons stopping law enforcement being involved in this case? Is the SARs process defective or are law enforcement agencies not given the authority they need to intervene?
  
  
• How can we structure the SAR system to make it more effective? How can we shorten the distance between filing a SAR and law enforcement taking things into their own hands?
  
  

Recap

Wherever there is money, there will be malicious intent and criminal activity but that shouldn’t stop us from striving to perfect safeguards and processes. If there is anything the FinCEN files incident has taught us is that technology will once again play a major role in combating financial crime and enhancing proper KYC processes and reporting.

Another day, another milestone for Identomat - we are proud to confirm that we have received the ISO 27001 certification. This designation is globally recognized as the most distinguished standard in information security management systems.

The team behind Identomat has been working towards this certification from the moment the project was conceived. As our vision relies on handling and processing sensitive client data, we have always known that we need to build our processes up to the highest possible standard. Achieving the ISO 27001 certificate shows that we have achieved this goal. 

ISO 27001 allows companies to demonstrate to regulatory authorities that collected information is fully secure and adequate tools are in effect to address possible risks. The standard aids to protecting client and employee information, managing risks to information security effectively, and achieving compliance with other known data protection regulations.

Online verification has its own league of regulations and laws. Especially during the pandemic, when every business is urged to relocate online, customers are increasingly seeking assurance of the company's information security and data protection capabilities. Compliance to all data protection standards requires platforms to build a virtual fortress to shield data from all possible risks.

Identomat and its founding entities  hold information safeguarding within the company in the highest regard. Using AI, secure coding practice (OWASP), proxy/VPN detection and more of the latest developments in technology, Identomat ensures the confidentiality and integrity of customer’s data at all times. Trusted by Lazika Capital and Aldagi, Identomat managed to be acknowledged as fully compliant to the Georgian Law on Data protection. ISO 27001 is another professional milestone that highlights the reliability of Identomat.

‘Having the ISO 27001 certification, specifically in the times when online services are in high demand, is a great boost for Identomat. We have been working towards this goal for quite a while, and the timing could not have been better. The landscape of online threats grows rapidly and we have implemented many tools to ensure data protection and data processing. The ISO certification will immensely help us with maturing the existing practices. Trust in ID verification service is crucial, but demonstrating that the platform is independently examined, further solidifies it.’ – Says CEO of Identomat, David Lomiashvili.

Achieving the ISO 27001 is a very complex process, which makes it even more rewarding. Identomat takes great pride in obtaining another landmark moment and will continue providing seamless, easy and, most of all, safe service to its clients.

AI startups are at the heart of the tech revolution rapidly transforming industries around the world. More and more companies are transferring their services online, with artificial intelligence playing an integral role in this development.

In a world where AI competition is growing rapidly, Identomat is lucky to have been accepted to the NVIDIA Inception program.

NVIDIA Inception provides support to pioneering tech startups that are transforming the tech-industry via AI. Tailored to specific business needs, Inception aids company growth with its expertise, technology, and network, regardless of the startups’ funding or AI proficiency.

The program offers networking with fellow startups, VCs and leaders of the industry at exclusive member events, support from respectable incubators and accelerators, and NVIDIA marketing channel assistance.

Identomatis a KYC and Identity verification solution. The AI-powered platformautomatically matches the applicant’s selfie with their photo ID to providetheir authenticity score in seconds, as opposed to hours or days, enablingorganizations to quickly onboard their customers remotely and ensure businesscontinuity even during a global health crisis, all the while cutting relatedcosts over 10-fold.

Recently, Identomat competed in TechCrunch’s “Pitchers & Pitching” event and took part in the Disrupt2020 conference. The company has gathered momentum by enrolling into the NVIDIA Inception program. Adopted by the leading Georgian insurance company Aldagi, Identomat has reached several important milestones, such as being fully compliant with the Georgian Law on Data Protection, in just several weeks since the company’s inception.

‘Joining the NVIDIA Inception program enables Identomat to utilize relevant go-to-market support, expertise and technology, alongside opportunities to reach out and partner up with innovative AI startups. It also gives us an opportunity to enhance the infrastructure and improve Identomats’ AI models. It truly is a huge milestone for Identomat and we are ready to take on the challenge of further development and refinement of our services’ – David Lomiashvili, CEO of Identomat.

NVIDIA Inception is a program that helps startups during critical stages of product development, prototyping and deployment. Every Inception member gets a custom set of ongoing benefits, such as NVIDIA Deep Learning Institute credits, marketing support and technology assistance that provides startups with fundamental tools to help them grow.

About Identomat

Identomat is a Georgian-American companyproviding KYC (Know Your Customer) and Identity Verification solutions. Relyingon its proprietary technology, based on the latest advances in ArtificialIntelligence and Machine Learning, Identomat streamlines the customeronboarding and biometric authentication processes, providing organizations andbusinesses with reliable identity verification and fraud prevention solutions.Please visit https://identomat-329a23.ingress-baronn.ewp.live/  

2020 has been a rollercoaster. Since the beginning of the pandemic, the need to flip to remote services have been at an all-time high, meaning that AI companies managed to thrive, grow and develop.

KYC and identity verification solution Identomat is no exception to growth and is proud to add a new professional milestone during this tumultuous period - becoming an AWS Activate Portfolio member company - its top level membership. 

AWS Activate provides startups with a host of benefits, including AWS credits, AWS support plan credits, and training, to help grow business. AWS Activate benefits are designed to give the right mix of tools and expert support to succeed with AWS while optimizing performance, managing risk and keeping costs under control.  

Identomat is an AI-powered KYC and Identity verification solution that automatically matches the applicant’s selfie with their photo ID to provide their authenticity score in seconds. It enables quick, remote onboarding and ensures business continuity even during global health crises, all the while cutting related costs over 10-fold.

Identomat, as a young, but fast-growing company, has fully utilized AWS cloud services for innovative solutions, and via its top-notch KYC and identity verification solution has reached important milestones in the first year of its’ existence, including being featured in TechCrunch Disrupt 2020, Pitch & Pitchers event, StrategEast Eurasian Forum and UAFIC Digital Banking Conference.

Moreover, it was accepted by the NVIDIA Inception Programme – an exclusive programme for AI startups. To add to that, Identomat has been adopted by Georgia’s leading insurance company Aldagi and by Lazika Capital, the leading microfinancing organization of Western Georgia.

These business achievements and developments resulted in Identomat getting the $100,000 in AWS credits that comes with the membership. It includes receiving AWS Business and AWS Developer Support from AWS experts, including platform architecture guidance, enhancing cloud development skills and knowledge and obtaining material and training for further development of Idnetomat’s cloud engine.

“Receiving the AWS highest level membership ensures Identomat’s further development and enables us to tap into the opportunity of enhancing the existing infrastructure. Improving our AI models will lead to better, easier and safer remote onboarding. It truly is a huge milestone for Identomat and we are ready for the next step of refinement of our services” - says Identomat CEO David Lomiashvili. 

AWS membership is another growth experience for Identomat to pursue new aspects of AI services and fully seize the new opportunities that are coming its way.

Cybersecurity and KYC used to be two different worlds. Cybersecurity has been traditionally associated to antiviruses, firewalls and any other means by which a company would try to to shield itself from outside threats, whereas KYC was the process by which companies ensured that their customers pass all the security checks and ticks all the security boxes before they are fully onboarded. 

These two worlds are now merging into one. The Coronavirus pandemic has caused a surge in online business with cyberthreats becoming a part of everyday life for organizations. 

In a recent survey by Check Point Software & Dimensional Research, findings showed that 71% of IT and security professionals globally report an increase in security threats and attacks since the Coronavirus outbreak started. 

What is the role of KYC in the battle against cybercrime and how should companies address the changing landscape? 

KYC Should Be Paired With A Cybersecurity Policy

The 2020 Global Identity and Fraud Report by Experian found that 57% of businesses report higher fraud losses associated with account opening and account takeover. 

It’s becoming very apparent that threats are infiltrating the KYC process. Companies can no longer treat cyberthreats as one-off instances. It’s clear that the KYC process needs additional layers of protection.

There is a burning need to truly identify digital identities for all customer touch points. How can businesses do that? Here are a couple of ways: 

• Knowledge: Enrich the number and difficulty level of questions used to verify online identities.
• Documentation: Invest in the technology used to identify documentation. Machine learning and artificial intelligence are at the forefront of this sector. 
• Biometrics: Use fingerprints, voice, and facial characteristics to verify a user’s identity.
• Database cross-reference: Use any online databases you can to verify a customer’s identity. From social media to credit bureaus, make sure that facts check out. 

By adding extra security padding to your KYC and onboarding process, cybercriminals have less cracks to sneak through. 

KYC Staff Training 

The role of KYC professionals is constantly changing. From manual checks and boring data import, the KYC professional has been asked to become a data evaluator and a decision maker in the span of a few years. 

It should come as no surprise that the role is taking a step towards further evolution. KYC staff should stay up to date with the latest breaches and criminal trends. Their role is no longer limited to identifying customers who are unfit to be onboarded. Now, they will be asked to also identify fraudsters posing as customers. 

Don’t Sleep On B2B Operations

Know Your Business (KYB) is as important as KYC. Engaging with other businesses should never put your mind at ease when it comes to cybercrime. 

Your process should be as strict, if not stricter, as when you are onboarding a new customer. You should ensure they have the right processes and frameworks in place to block, sustain and recover from cyberattacks.

Whether you are entering a partnership with another company or you are acquiring them, their KYC and/or cybersecurity mishaps immediately become yours. Review their data protection and cybersecurity practices and apply the necessary changes. 

Phishing, Ransomware & Fake Documentation

Phishing activity has surged through the pandemic and so has ransomware. Not to mention fake documentation. The pandemic has created opportunities for cybercriminals to thrive and is simultaneously creating new security demands for businesses. 

Businesses are asked to adjust their risk tolerance and this is where technology comes into place. Businesses using flexible KYC and cybersecurity platforms will be able to toggle controls, operating at a lower level of trust. They will be able to analyze and understand fraud risk in real-time. Only artificial intelligence and machine learning technologies have the ability to problem-solve at such high clip, once again proving that they are the future of the industry. 

Recap

KYC and cybersecurity can now be used in the same sentence. The pandemic has shifted the security paradigm, asking a lot more from companies that want to keep their customers, data and reputation intact. 

Don’t let your guard down and always keep an eye for the technology solution that is diverse enough to drive your company forward.

Perpetual KYC is not another buzz word thrown around in the compliance world. It’s the future of KYC and today we’ll lay down all the reasons that make it so important. 

Are you ready? Let’s dive right in. 

What Is Perpetual KYC?

Perpetual KYC refers to a continuous review of clients and entities. Traditional KYC has been conducted in periodic reviews, allowing a vast window of opportunity for change. What perpetual KYC does is track and monitor entities in question, giving you real-time data.

Perpetual KYC: The Benefits

Perpetual KYC is essentially changing the paradigm of an entire industry. What does this mean for businesses? In layman's terms, this means a huge investment in fintech. 

To even begin discussing achieving perpetual KYC, businesses need to look at top-of-the-range platforms that can manage, monitor and analyze data. 

Cost is the obvious change but not the only one. Businesses will have to make a huge switch in their internal structure, strategy and culture as well as train staff to bring them up to speed with the new technology. 

Perpetual KYC is asking a lot of businesses, but what does it have to give back in return? The answer is a lot more. Here are the benefits of perpetual KYC that bill it as the future of KYC. 

Say Goodbye To Remediation 

KYC remediation refers to the process of frequently updating customer data and profiles in order to keep them up-to-date in terms of accuracy, regulatory requirements and risk mitigation. 

That sounds like a cumbersome process because...it is. The whole process drains internal department resources, engaging a lot of staff. Human resources is not remediation’s greatest pitfall. 

According to research from Lysis Group, remediation will range from £1500 for a mature process with appropriate systems and controls, to upwards of £600+ for an institution with complex and inefficient processes.

How does perpetual KYC tie into this? It essentially negates the need for remediation. The whole idea behind perpetual KYC is the regular updating of customer data and profiles. You’re constantly up-to-date with your entities, never having to revisit them and conduct research from scratch. 

You’re always following regulatory requirements and you’re always able to assess the true risk associated with an entity since the data you have on them is accurate. 

No More Angry Customers

Here’s how the KYC process has been working since...forever. Whenever it’s time for the periodic review of a company, customers are bombarded with emails requesting documents, proofs, excel files and all the other beautiful things that end up getting lost in long email chains. 

As you can imagine, digging through paperwork is not the most enjoyable of endeavours for people, especially when it’s not related to any profit-making activity. What ends up happening is that these requests do not get prioritised, managers send follow-up emails, creating friction between the two. 

Perpetual KYC resolves this relationship problem since customer information will be updated based on event-based triggers and not periodic reviews. There will no longer be a need for this messy back and forth.

Customers will focus on their job and the KYC process will run in the background, automatically updating data. 

Reducing Overall Risk

Timing is everything when it comes to calculating risk exposure. Picture this: you have a client that you have always labelled as low-risk. You only do a full KYC check every 2 years since the reports and data always come back squeaky clean for them. 

Do you know what that means? That you are essentially trusting that client to remain lawful and clean for 2 entire years. Your KYC review is outdated the moment you finish it. 

Assessing risk is not a one-time exercise, it’s a living, breathing organism. It’s something that you need to be on top of at all times. The word trust has no business in this type of business. Risk is something you can’t take risks with and the only way to ensure you have your bases covered is by letting data lead the way. 

Transaction Data 

Transaction data is an extremely important source of information in building a robust customer profile. It allows you to have insight in behavioural patterns and draw conclusions on the risk level of your entity. 

During the current mode of operation, businesses are not able to do that because looking at transaction data retrospectively does not offer the same value. 

With perpetual KYC, you are ensuring that any transaction abnormality can be run against the customer’s profile and raise a flag for further investigation. This could be a change in a customer’s self-reported data, an change detected from an internal source, or an anomaly in their transaction behaviour.

Recap

The race to perpetual KYC is a marathon, not a sprint. It will take the right technology and the right implementation within organizations. One thing is for sure: the race is on and you don’t want the competition to lap you. 

Stay tuned as we will be back with more on this topic.

Let’s just say that nobody is sad to see 2020 go. For a lack of a better word, the past 10 months have been...challenging. The world has changed, we have changed and businesses all around the globe have changed with us. 

The pandemic shifted the way we live our lives, the way we do business and the way we think about the future. In the case of KYC, Covid-19 might just have redefined an entire industry. 

Know Your Customer and client onboarding might not have shown symptoms of the weird virus that has dominated our newsfeed but its effects on an industry that was just hitting its digital stride, will echo for years to come. 

In today’s article, we will take a look at how 2020 has shaped the KYC industry. Let’s dive right in. 

Agile Client Onboarding

The term “agile” is closely related to software development. It refers to a very particular way of writing code, building products and working within a team that follows a very “fail fast, fail early, fail safe” mindset.  

Agile development usually includes early project delivery, and continual improvement, encouraging flexible responses to change. How does all of that relate to KYC? Let us explain. 

Covid-19 has made remote work the norm and onboarding clients had to follow suit. Marrying the idea of the agile methodology with client onboarding, what you get is risk-light implementation of digital KYC.

Digitising your client onboarding is no easy task. There is considerable cost, risk and resources associated with such a roll-out which is why not every company is diving head first into it. 

With agile client onboarding you will be essentially drawing expertise from different teams and departments such as UX/UI, customer support, IT  and more by creating cross-functional teams collaborating towards specific objectives. That accelerates the process and brings you closer to a proof of concept. 

What 2020 managed to do is showcase the need for the agile development, deployment and use of KYC tech. Moving forward, businesses and end-users alike will have to adjust to this new value proposition.

FATF Paper on COVID-19-related Money Laundering & Terrorist Financing

A few months into the pandemic, global money laundering and terrorist financing watchdog FATF, released a paper directly related to the new reality created by the pandemic. 

The paper focuses on the new and increased threats stemming from Covid-19-related crime and offers suggestions on how to mitigate risk and implement measures. 

Here is how, according to the report, Covid-19 is creating an environment that’s attractive to criminal behaviour:

• Increased remote transactions
• Unfamiliarity with online platform
• Unregulated financial services
• Exploiting stimulus measures

If you take the FATF recommendations and combine it with the behaviour of the masses during the pandemic, you quickly realize why KYC suddenly becomes paramount for business and customer protection. 

Here are a few of the trends and patterns in customer behaviour during the pandemic:

• People withdrawing hard currency in a state of panic 
• Increased use of mobile banking apps 
• Uptick in the volume of virtual currency 

These shifts are making it harder for companies to decipher between legitimate activity in a time of crisis and illegal transactions.

The FATF Report wasn’t a precautionary measure. The pandemic caused an uproar in online crime with fraudulent emails up more than 600% since the end of February according to some reports and 56% increase in ransomware attacks according to others. 

The pandemic has essentially fast-tracked the process of digitisation, online payments, and remote business. While KYC was already trending towards that direction, it’s safe to say that now it has become more of a necessity than a general direction. 

Integrated, Automated Solutions

Remote work made the use of API-connected solutions a must-have. 

Companies need solutions that communicate with each other via technologies like application programming interfaces so that customer onboarding, KYC and compliance screening can occur without compromising AML/CFT risk.

API integration is not the only attribute companies will be looking out for going forward. Companies are forced to jump from the era of manual processes and printed documentation to needing sophisticated compliance tools powered by automation, machine learning and artificial intelligence. 

Takeaways

2020 is coming to an end and KYC is coming through the other side stronger than ever. The change caused by the pandemic is a positive one. The industry is evolving fast and so should your business. 

What the pandemic has managed to do is showcase the importance of having a tech-savvy, agile, regulation orientated partner that can provide you the necessary tools to set up your KYC and customer onboarding process. 

Times are changing and those who will survive are those who can learn and adapt on the fly. Companies are finding out that they don’t need someone that will simply sell them a product/service. 

What they need is a partner, a confidant, a consultant that will be there to advise them when things change as abruptly as they changed during this past year. Sophisticated compliance technology is the ultimate solution but not without the wisdom of KYC professionals that will help you implement it. 

Our team here at Identomat prides itself in not only producing top-of-the-class AI-powered KYC solutions, but offering clients the guidance and support they need to navigate their unique compliance environment. 

If you wish to enter 2021 with confidence around your KYC processes, do not hesitate to contact our team and have a discussion regarding your needs.

The year 2020 is likely to go down in history as the year of COVID-19, multiple crises and the memes that go with them. Jokes apart, 2020 has amplified and brought to the surface issues such as identity fraud and the limitations of the healthcare system. 

Recent data breaches, combined with the growth of the dark web and identity theft, have empowered cybercriminals to more easily impersonate legitimate patients. The concept of KYP (Know Your Patient) is not new, however, the developments of 2020 make it more vital than ever. After all, seeking remote medical assistance, or filling a prescription online is becoming a regular activity for millions of patients all over the world.

Online identity verification is used in a number of industries. When it comes to healthcare, here’s how AI-powered KYC/KYP solutions improve the quality and efficiency of the patient service: 

• Protect sensitive medical information, test results and prescriptions by only allowing access to the actual patient.

Identity Verification Benefits For The Healthcare Industry

The areas where online identity verification and KYP are essential for the medical industry are:

• Online Prescriptions - US government regulations require online pharmacies to verify the identities and ages of patients requesting their prescriptions to be filled.
• Insurance Fraud - insurance companies rely on digital identity verification to avoid fraudulent claims and subsequent legal fees, while also protecting patient identity and privacy. This approach is actively spreading around the world. For example, Georgia’s leading insurance company, Aldagi, has fully adopted online onboarding and KYC via Identomat’s AI platform. Now Aldagi is able to verify customers’ identity, accurately extract data from submitted documents, and process it according to all legal requirements and standards of Georgia in online security and data protection.
• Patient Intake - even for in-person hospital treatment, digital identity verification is key to reducing the potential for human error while verifying new patients, especially in stressful or emergency situations where every second counts. 
• Reputation Management - healthcare is a very sensitive industry, trustworthiness and reliability projected by service providers make a major difference in the patients’ comfort, peace of mind, and, ultimately, recovery. Showing patients that the protection of their personal data is taken just as seriously as their health can go a long way in building lasting relationships between patients and healthcare providers. 

The huge leap that AI has taken in the last years has greatly influenced fraud prevention tools, helping various industries, including healthcare, avoid fraud, protect sensitive data, and provide their clients with more efficient and reliable services. 

After all, dealing with medical issues is stressful enough, and Artificial Intelligence can take the stress out of data protection and patient verification for hospitals, insurance companies, pharmacies, and other healthcare providers. Reach out to see how Identomat can fit into your patient onboarding and identity verification process.

Know your customer (KYC) processes have become a standard for businesses of all sizes and industries. In its classical form, KYC is comprised of three stages: 

• Customer Identification
• Customer Due Diligence
• Ongoing Monitoring

While KYC is more than enough in order to secure your business’ comprehensive onboarding system, there’s an extra layer of security. Say hello to Know Your Customer’s Customer (KYCC).

Before we dive into this specific iteration of compliance, let’s first make sure we are on the same page regarding traditional KYC, by clarifying its three main stages. 

What Is Customer Identification?

Customer identification is the process of establishing and verifying a customer’s identity by using reliable data, information and documentation. Some of the components that need to be identified in this process are name, surname, date of birth, address, taxpayer identification number. 

What Is Customer Due Diligence? 

In simple terms, customer due diligence is a background check that aims to determine the risk associated with the customer in question. This risk is usually tied to illegal activities such as money laundering or terrorist financing. 

A normal customer due diligence process would see the customer’s name being run against PEP and sanctions lists as well as investigating their beneficial ownership relationships. 

What Is Ongoing Monitoring?

Ongoing monitoring involves the frequent review and evaluation of existing and new information regarding a customer you have a business relationship with. Due to the resources and complexity associated with ongoing monitoring, this is usually a process applied to high-risk customers. 

Now that we’ve dealt with the traditional version of KYC, let’s dive into KYCC and see when and why it’s necessary. 

What Does Know Your Customer’s Customer (KYCC) Actually Mean?

Know Your Customer’s Customer (KYCC) is the process of identifying, verifying and investigating the identity and activities of your customer’s clientele. This is considered to be an extra level of compliance, a step towards building a more comprehensive risk profile for your customers. 

Understanding the complex relationship between your customers and those that they do business with will allow you to stay away from shady business dealings such as money laundering and reputational damage.

Think of your customers as the tip of the iceberg. This is what you see. It’s what’s easy to understand and digest. 

As we all know, the biggest and most dangerous part of the iceberg is the bottom part. That bottom part is your clients’ clients, their suppliers, their partners, the beneficial owners and every single entity that exists within their business ecosystem. That’s where the real danger lies. 

To Know Your Customer's Customer has been introduced as an idea about 5-6 years ago. At that point it was more of a recommendation, more of a suggestion for companies. What changed the general stance and mood towards KYCC were the increasing scandals that led to the continuous revision of regulations.

One could argue that since the Panama Papers megascandal, KYCC came into the spotlight. Allowing the owners of shell companies to hide their identities and revealing the complex structure of businesses that facilitated money-laundering, were the two gaping loopholes in the KYC process. 

What the Panama Papers scandal made obvious was that KYC alone might not be enough to ensure peace of mind. Knowing who is in control of a company is, essentially, knowing who the company is transacting with.  

KYCC: How Policies Are Gearing Towards It

Some could say that the birth of KYCC brought about these policies whereas others might say that these policies are the reason KYCC is starting to become a necessity. 

5AMLD

The Fifth Anti-Money Laundering Directive (5AMLD) came into force on January 10, 2020. It is the fifth installment of the European Union Anti-Money Laundering Directives (AMLDs) which serve as the primary resources all banks and FinTech companies should refer to when creating their customer due diligence processes. 

What the 5AMLD brings to the table in comparison to previous iterations are elements related to virtual currencies, high-value transactions, Beneficial Ownership (BO), high-risk third countries and Politically Exposed Persons (PEPs).

Each and every iteration of these directives shows a clear interest and direction towards KYCC. Europe is making a concerted effort to identify the complex relationships between principal clients and their business structure. 

6AMLD

The 6AMLD will come into force on December 3, 2020 for EU members and on June 3, 2021 for entities that operate outside the EU. The main changes proposed by 6AMLD will be:

• Clearer definitions of crime and their penalties
• Extend criminal liability to legal persons and companies, with more severe punishments
• Businesses will be required to cooperate with one another in the prosecution of money laundering-related crimes, not allowing the withholding of information
• Businesses will be required to protect customers from cybercrime and tackle terrorism finance
• Contribute to the fight against cybercrime and money laundering

As it becomes very apparent once again, Europe is gearing its legislation and policies towards deeper, more detailed KYC. 

FATF 40 Recommendations

Forty recommendations on money laundering is a document released by FATF in the 90s including global standards for AML and CTF. It covers criminal justice, law enforcement, cross-border cooperation, and it is frequently revised to stay up-to-date with the needs of modern business. 

Recap

KYCC is starting to become the norm and less of a recommendation. Businesses are asked to dig deeper on the clients they work with and reach new levels of inquiry and investigation. Onboarding a client is no longer as simple as name, surname and picture. 

The only solution to this problem is obviously high-end technology. Platforms that can do the dirty work for you. Algorithms that can ensure safety and peace of mind. 

Our team is always open for a discussion. Do not hesitate to reach out.