AML measures for non-face-to-face customers: Combatting money laundering threats

AML measures for non-face-to-face customers: Combatting money laundering threats

Regulated Entities such as Financial Institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs) have advanced to an enhanced level of customer service with the help of technology. One of the classes of customers catered through the use of technology is Non-Face-to-Face (NFTF) customers.

However, the Money Laundering (ML) and Terrorism Financing (TF) risks associated with such customers need to be mitigated with utmost care, and that is why Regulated Entities need well-defined and strict Anti-Money Laundering (AML) measures for NFTF customers.

To negate the chances of ML/TF, Regulated Entities need to be cautious during identity verification of NFTF customers.

The task of onboarding a remote customer is full of challenges, and this blog attempts to provide insights on implementing appropriate AML measures while onboarding and continuing business relationship with NFTF customers.

How do non-face-to-face clients pose a threat to your business?

Technology has made rapid inroads into DNFBPs, Virtual Assets Service Providers (VASPs), and FIs. Customers these days want to perform remote and digital transactions to avoid physical presence and visits. These digital transactions are conducted via mobile apps and the internet.

ID verification and Know Your Customer (KYC) software make all these possible. Many regulated entities, especially banks and other financial institutions, have embraced such digital business methods.

Customers prefer digital transactions to avoid visiting the vendor’s offices. The biggest demotivators are the hassle of visiting the office, providing hard copies for conducting transactions and standing in queues.

Digitally, Regulated Entities can manage several transactions at their convenience with online documentary evidence, ensuring decreased manual effort and faster service.

But, in such cases, ML and TF risks for the Regulated Entity needs to be carefully analysed and mitigated. Remote onboarding of NFTF customers exposes DNFBPs and VASPs to the following risks:

Fake identities

Customers can use fake identities to open an account with Regulated Entity’s business and conduct transactions. Since regulated entities won’t be able to associate their wrongdoing with a face and identity, it becomes difficult to ascertain the real perpetrators. This anonymity of NFTF customers may increase the ML and TF risks for regulated entity’s business.

Limited visibility of customer behaviour

Physical interaction with customers facilitates with understanding their behaviour and demeanour. In the absence of such face-to-face meetings, Regulated Entities have no idea of their actual conduct and actions. It becomes difficult to identify suspicious behaviour, activity, or transaction.

Transaction speed

Digital transactions are faster than normal in-person transactions. Money launderers prefer to engage in NFTF transactions so that criminal activity occurs quickly, before anyone can detect suspicious behaviour and report it for further action.

Hidden ownership structures

In the case of NFTF customers, understanding the ownership structure is challenging. Money launderers may use the anonymity feature in NFTF interactions to hide their beneficial ownership. There might be a possibility of the use of shell companies to conduct transactions. This is a widespread typology by which NFTF clients may launder money.

With in-person onboarding, the compliance team gets a chance to ask questions and counter-questions to the customer. Remote onboarding works in a pre-defined way and offers little flexibility. Further, the human element is missing, so judgement is on technology to identify suspicious customers and their activities.

Cross-border transactions

Engaging in cross-border transactions is one of the methods adopted by financial criminals to launder money. Identifying the origin and destination of funds in transactions conducted across different jurisdictions is challenging. It also becomes easier for anonymous customers to hide these details or produce false documents.

Third-party risks

DNFBPs and VASPs who rely on third parties to conduct KYC and Customer Due Diligence (CDD) expose themselves to ML/TF risks if the third parties do not adopt and successfully implement adequate procedures for customer identification and verification. The criminals may exploit the vulnerabilities existing in third-party KYC and onboarding procedures and misuse the system to launder money.

Data security and privacy

Online onboarding through technology exposes the Regulated Entities to data security and privacy breaches. The genuine customers’ accounts may be taken over by criminals to perform their illegal activities, and this exposes the regulated entities such as DNFBPs and VASPs to various types of ML/TF risks.

Regulated entities must devise and apply effective AML measures to reduce the risks of such occurrences and fight the money laundering threats.

Common ML/TF Typologies employed through NFTF Channels

Smurfing and structuring are the most common ML/TF typologies employed by money launderers that may be onboarded through NFTF channels.

Structuring

Criminals may resort to structuring large transactions into several small transactions to avoid their detection. Normally, regulators across the globe have specified thresholds for reporting cash transactions. The criminals smartly plan their transactions to avoid crossing these thresholds.

Smurfing

Smurfing is similar to structuring. In smurfing, the criminals split transactions into small amounts and use multiple parties to deposit funds into the banking system.

Effective AML measures for non-face-to-face customers

Following are some of the effective AML measures that Regulated Entities can carry out to manage ML/TF risks arising out of the digital onboarding of customers:

Develop a risk-based approach to respond to risks related to non-face-to-face clients

The risks from NFTF clients needs to be carefully examined. AML measures for NFTF customers must be well-planned, well defined, and well documented. Regulated Entities need to adopt a risk-based approach for such customers depending on the following factors:
  • Industry in which the regulated entity operates
  • Location of customers
  • ML/TF threats from customers
If an NFTF customer is found to pose high risk to the Regulated Entity, Enhanced Due Diligence (EDD) measures should also be implemented. If the NFTF customer poses low risk, Regulated Entities can continue with the existing KYC and simple due diligence.

Create customised identification and verification procedures

Since the risks posed by NFTF customers needs to be examined carefully, Regulated Entities can have custom identity checks to protect their business. They can do so by defining the minimum criteria for accepting NFTF customers. This depends on the nature of a Regulated Entity’s business operations. If the Regulated Entity’s sector is more susceptible to money laundering threats, it’s better to avoid onboarding such remote NFTF customers. Regulated Entities can define new verification procedures like submission of more documents, manual visits to the client’s office, or any other relevant action.

Conduct In-Depth KYC to Understand the Risks of Non-Face-to-Face Customers

While conducting KYC, the first thing to match for the Regulated Entities is the customer’s face with the government issued identity document (ID) shared by the customer, purporting to be the individual or the entity specified in such an ID document. Regulated Entities need to decide based on verification and validation of such ID document, whether the customer is genuine with a valid ID proof or if there is any element of underlying criminal activity in guise of such NFTF customer.

Regulated Entities must have a stringent KYC policy to verify the identities of NFTF customers. Regulated Entities must ensure the following:

  • Regulated Entities must check for certification and attestation of documents: Such certification must be from specific authorised individuals or organisations. Such attestation can facilitate higher credibility in the authenticity of documents.
  • Regulated Entities must ask for additional proof to know the NFTF clients better: These documents must be from reliable sources that can verify these customers’ identities.
  • Regulated Entities should have a known third party to guarantee the authenticity of such customers: To check if the Regulated Entity’s existing customers, suppliers, or associates have complete knowledge of these customers. Also, ensure that Regulated Entities have conducted complete KYC and due diligence of these third parties.

Consider the non-face-to-face clients’ geographical location

One aspect that Regulated Entities can consider critically is the geographical location of their customers. Regulated Entities must exercise caution if the customer is from any of the following jurisdictions:
  • Economically sanctioned regions
  • Jurisdictions with weak AML controls or financial systems
  • Politically unstable regions
  • Countries with high levels of corruption, drug trafficking, human trafficking, terrorism, or smuggling

Apply risk-based due diligence measures for non-face-to-face clients

Regulated Entities don’t have the NFTF customer in front of them while conducting the transaction. It means identity verification is a challenge. Since the NFTF customer risk needs to be examined with utmost care, regulated entities need to implement risk-based due diligence measures to prevent the risks of financial crimes. These measures include:
  • Exercising caution before engaging in transactions with NFTF clients. The first payment must be from a known bank account in the customer’s name. Even for the succeeding transactions, details need to be checked thoroughly.
  • Using safe and secure electronic identification technologies to verify the identities of NFTF customers.
  • Checking the publicly available information from reliable sources, also known as using open-source intelligence, by checking national registers of trade, businesses, associations, and patents. Even the population census and credit data registers can help Regulated Entities confirm the identities of their NFTF customers.
A combination of these identification and verification techniques can ensure the authenticity of NFTF customers’ documents and identities

Hire third parties for identity verifications of cross-border customers

Dealing with NFTF clients becomes challenging when they reside in other countries. The identity documents are different from the local UAE documents.

However, Regulated Entities must get all possible identity and address evidence from publicly available and reliable information. One solution in these cases is to hire third parties for conducting such identity verification process to prove the authenticity of documents and identities. However, Regulated Entities must be careful before engaging with a third-party provider.

Employ video conferencing AML measures for identifying and verifying non-face-to-face customers

Regulated Entities can conduct a video-based process to verify the identities of their customers. This will be a secure, live, and informed audio-visual interaction between the Regulated Entity and the customer. Regulated Entities must obtain the customer’s consent before conducting such a meeting.

To manage the KYC verification process through video conferencing, a live video call with the Regulated Entity’s KYC expert and the customer needs to be conducted. Regulated Entities will interview the customer with identity questions and detect their liveness. Verification also involves checking the customer’s identity documents live by asking the customer to hold them in the video and matching their face with the photo to verify the identity in real time. Verification also includes clicking live photos for facial recognition.

However, Regulated Entities also need to ensure a secure way of conducting this video interview. It must be end-to-end encrypted. The video must be clear enough to verify the identity of the customer. The live GPS coordinates and date-time of the customer interview must be available in the video recording.

Use advanced technologies to confirm non-face-to-face customer identity

Technologies like artificial intelligence, machine learning, and blockchain have improved many sectors. Regulated Entities can use the same technologies in AML measures for NFTF customers. One way to do this is to use them for customer data storage data and comparison with other documents.

Regulated Entities can use AI in facial recognition to verify customers’ identities based on the proof they submit. AI even helps confirm the authenticity of identity proof submitted by customers. AI makes it possible to check the passport chip of biometric passports and the authenticity of holograms. Regulated entities can use blockchain technology for secure and confidential data storage. Regulated entities can also implement AML software, which supports liveness checks. It will help regulated entities reduce deepfakes and strengthen their defences against ML/TF.

Monitor transactions for unusual trends or patterns

Transaction monitoring is an effective AML measure for NFTF customers. Regulated Entities should rely on transaction monitoring to identify any unusual or out-of-pattern behaviour of customer transactions. So, when monitoring their transactions, entities can look out for the following:
  • Unusual pattern not matching with customers’ profiles or regular transactions
  • If more than one user is using the same account
  • If the user opens more than one account
  • If the customer information and IP address don’t match
  • If the customer uses different payment methods for different transactions
When Regulated Entities see such patterns or unusual behaviour, they need to investigate the customer relationship, purpose of transaction and source of funds for such transaction further.

Ongoing monitoring is a critical AML measure for non-face-to-face clients

In the case of NFTF customers, ongoing monitoring is essential. Regulated Entities need to implement tools to conduct ongoing monitoring of business relationship.

Conclusion

While NFTF customers may pose significant ML/TF risks to a business, the AML measures discussed in the blog can help FIs, DNFBPs and VASPs in the UAE to detect, prevent and mitigate these risks.

AML UAE – your partner for professional AML consulting services

AML UAE is an expert in AML Consulting services. We have guided clients throughout the journey of becoming compliant with AML laws in the UAE. You will always find us with customised and appropriate solutions to your AML concerns. Our offerings include:
  • Customized AML policies, procedures, and internal controls
  • Risk assessments and analysis of your business
  • KYC and different levels of due diligence of your customers to build their risk profiles
  • Monitoring transactions and customers to detect suspicious ones and take respective actions
  • Personalized training solutions for your AML needs and industry requirements
  • Regular health checks and audits of your AML compliance
Likewise, we also help you deal with non-face-to-face customers with appropriate AML measures. We take all possible steps to prevent money laundering and terrorism financing threats from such customers. So, don’t worry about remote, digital customers; we have the right AML measures for you.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik