You’re probably familiar with the term “money laundering”. Where does the term come from? One of the most famous schemes used by Mr. Capone was the cash-only laundry businesses.
What are all those acronyms of European regulations: “KYC”, “CDD”, “AMLD5”, “eIDAS”, “PSD2”? Let’s see. With the recent advent of virtual currencies, online banking, and e-commerce, schemes have become much more complex. However, money laundering and tax evasion remain one of the biggest threats to the financial system. To mitigate such impacts, the European Union has promoted specific regulations over the past 10 years to reduce this risk. Why is this relevant? Well, if you’re managing a FinTech company in a European country or planning to expand there, expect to be directly affected: you must comply with the regulations or be prepared to face fines if you don’t comply. AMLD and PSD2 represent directives against money laundering (AMLD) and the Second Payment Services Directive (PSD2).
AMLD consists of regulatory requirements issued by the EU containing rules to combat money laundering and terrorist financing by EU member states. Its primary objective is to protect the financial system by implementing procedures for the prevention, detection, and investigation of money laundering and terrorist financing. AMLD applies to financial and credit institutions, certain legal professionals such as auditors, notaries, trust service providers, or companies, individuals exchanging goods for payments made or received in cash amounting to €10,000 or more, and gambling service providers.
PSD2 is the Second Payment Services Directive, designed by the EU to revolutionize the payments industry, influencing how we pay online, as well as the information we see when completing a payment. PSD2 also mandates stronger identity checks like KYC, especially for higher-value transactions.
What is KYC (Know Your Customer)? It is the first step of AML procedures. It is the practice carried out by companies to verify the identity of their customers in accordance with legal requirements and current laws and regulations. In short, it verifies that customers are who they claim to be. This process ensures that a user wishing to become a company’s client demonstrates their identity with legal evidence.
There are several simple methods that can be implemented, where the user sends identity documents that must be authenticated, and an image or video of their face (in some cases, fingertip), as well as other biometric evidence and security checks.
Not all KYC verifications meet legal requirements in Europe. For example, selfie-based identification solutions (which ask the user to send a photo of their face to ensure it matches the ID photo) are not compatible with KYC/AML in the EU. The latest version of AMLD, named AMLD5 (yes, because it’s the fifth edition), states that they have weak reliability and do not meet the requirements demanded by legislation. The good news is that AMLD5 introduced new regulation last year called eIDAS (electronic identification and trust services), which allows for other recognized identification methods providing security equal to physical presence, like Liveness Recognition also known as life proof.
Neobanks, loan companies, e-commerce, to name a few, are some of the industries that must now comply with KYC, as well as the lifting of cryptocurrencies (exchanges) that had a major impact on AMLD5 by claiming that all EU member states must implement AML regulations when it comes to cryptography. Now these exchanges will be required not only to follow KYC rules but also to monitor customer transactions and report suspicious activities. In this way, it will be ensured that they are legitimate and not attempting to abuse the platform for malicious purposes.
So, to comply with regulations, what should I do?
For example, Fintech companies operating in the EU must comply with basic KYC/AML regulations, which can be summarized in 3 steps:
Ensure that your user provides an authentic document to verify their identity.
Ensure it is the same person as the one on the provided document by conducting a liveness verification.
Confirm that users are not listed on international watchlists or blacklists for money laundering.
As straightforward as this sounds, it can be a painful process to carry out without the right tools. Fortunately, technology has evolved significantly in recent years, and identity verification processes have evolved as well, helping to resolve any potential friction for users.
The global pandemic we are currently facing has presented a tremendous challenge for organizations that must comply with KYC regulations, at least for those that were not prepared to digitize operations. While many companies have adapted to digital processes and compliance, many others have not, and as a result, they have seen a substantial loss of customers during this time. Major financial institutions, such as banks, are struggling to keep these processes running during this crisis, which should be revealing of how unprepared everyone was for COVID-19. The truth is that customer onboarding should not come to a complete halt during a pandemic. However, this should be taken as a lesson that being able to digitally onboard new customers is key, as is following regulations aimed at preventing crimes like tax evasion and money laundering regardless of the situation, whether it’s a pandemic or any other global crisis.
Final thoughts: KYC/AML regulations can be challenging to navigate, but they are an excellent way to protect your business from malicious activities. Especially during these times when fraud is on the rise worldwide, mainly due to the growing uncertainty arising from the COVID-19 pandemic, which makes scammers more creative and businesses vulnerable to scams from all sides. This is why streamlined processes, like fully digitized and uninterrupted compliance, must be essential on your agenda!
