What the burgeoning sector could learn from the grown-up incumbent banks.
Day-to-day operations for fintechs may vary, but the ethos is often the same: disrupt, break things, and seek forgiveness instead of permission.
But there comes a point where a small business, if it wants to become a big business, must mature. The price of entry to the blue-chip club is cast iron systems and controls, and with billions of dollars in revenue and reputational value at stake there can be no margin for error.
Technology will always outstrip the pace of regulation, and so every company in a heavily supervised industry such as financial services will eventually face questions of how to proceed through uncertainty.
Unfortunately, we see time and time again how compliance is an afterthought, particularly for start-ups who can grow at an incredible pace. Putting systems in after-the-fact rarely ends well, as regulators increasingly take a dim view of any business that ignores risk or puts customers in jeopardy for any period.
The new breed of challenger and digital banks has experienced both the good and bad rub of incredible growth. The speed at which they can onboard customers and provide access to services, often in minutes despite having no physical branches, has left the incumbent high street stalwarts in the dust.
It has also changed customer expectations. Mobile channels, chatbots, instant help, instant access 24/7/365 are all a far cry from the days of business banking, where entrepreneurs would have to work around bank opening hours, and often wait weeks for accounts to be opened.
“Money laundering enforcement and regulation have been in the spotlight in many regions around the world,” said Abi Hollinger, AML and due diligence expert at law firm Miller & Chevalier. “Signs point to this trend continuing and we are likely to see money laundering prosecutions employed for specific US policy aims as well, including in the context of efforts against Russia and Belarus in the wake of Russia’s invasion of Ukraine.”
The US Financial Crimes Enforcement Network (FinCEN) continues to be an active global regulator, most notably regarding the implementation of the Corporate Transparency Act and Anti-Money Laundering Act of 2020 (AMLA). Cryptocurrency businesses are also likely to face extended pressure and an increased focus from enforcement officials on their KYC processes, Hollinger said.
It’s the same story across Europe, where the most recent updates to the 5th Anti-Money Laundering Directive added a renewed focus on sources of finance, including pre-paid cards and cryptocurrencies. Prior regulations introduced the concept of beneficial ownership, where the ultimate owners of legal entities are recorded centrally.
A global leader in financial regulation, Britain recently enacted tougher economic crime laws that will force companies to improve their identity verification processes or risk criminal prosecution for failure.
Identity crisis? The future of digital IDs in the UK.
Blurred lines and flashing red lights.
However, the incredible speed at which fintechs are growing, with valuations to match, has already caught the eye of enforcement teams. In April, the UK’s Financial Conduct Authority (FCA) warned of inadequate due diligence procedures evident in the customer acquisition and identity screening departments of digital banks.
“Where these challenger banks promote the ability to open accounts very quickly to attract customers, there is a risk that information gathered at the account opening stage is insufficient to identify higher risk customers,” the FCA said in a note to money-laundering officers.
After conducting a sweep of the sector, the regulator found most of the firms hadn’t obtained customer income and occupation details, “resulting in an incomplete assessment of the purpose and intended nature of a customer’s relationship with the bank.”
The regulator warned digital bank CEOs that there were too many examples of lines becoming blurred across compliance departments, as individuals took on too many jobs, or tasks that could be executed faster and more accurately with technology.
“The implications of this are that first line employees often do not own or fully understand the financial crime risk faced by the firm, impacting their ability to identify and tackle potentially suspicious activity,” the FCA said.
The reliance on manual processes also restricts the ability of compliance personnel to independently monitor and test the control framework, which can lead to gaps in the understanding of risk exposure.
Beyond the smaller, more nimble digital challengers, many of these deficiencies have plagued the systemically important global banking sector for many years. NatWest and HSBC have both endured heavy enforcement action from the FCA, while Credit Suisse was found guilty in a Swiss court of laundering a Bulgarian drug dealers’ cash.
UK regulators handed down a record level of AML penalties to banks in 2021, and experts expect this trend to continue as the FCA increasingly pursues criminal prosecutions. Cases inflated UK anti-money laundering fines to $672 million in 2021, more than tripling from $206 million in 2020, according to research.
The times of quiet warnings or small penalties are well and truly over. It is simply not worth the risk to have inadequate KYC controls in place. Firms may be unaware of the actual risk they’re managing, but without that understanding they cannot apply appropriate controls. Forewarned is forearmed, if you’re a fintech and want to protect your business and customers, read our ‘3 regulatory risks every fintech should have on their radar’ blog.
Next generation financial crime controls.
KYC is one of the most important regulatory and compliance obligations a fintech must meet. Key steps in the process involve establishing and validating customer identity, understanding the nature of customers’ activities, and where funds originated. With this information, a firm can assess potential money laundering and terrorist financing risks.
For traditional banks, this process would have been undertaken by accounts managers, and would involve the customer handing over various forms of ID and other bits of proof, usually in person.
Many of the weaknesses in the financial crime controls identified by regulators begin with KYC data failures, and how high-risk customer due diligence is managed manually. These slow, error-strewn processes are hindering efforts to protect data and keep customers safe.
Regulators have been keen to stress that weaknesses in the onboarding stage will undermine everything else that follows. Some firms previously relied on their transaction monitoring capabilities to spot red flags and high-risk customers, until enforcement officials stepped in.
“No matter how good a transaction monitoring system is, firms must still comply with the relevant customer due diligence [CDD] requirements,” the FCA said. “Moreover, inadequate CDD will mean a less effective transaction monitoring system.”
Another industry problem is the reliance on siloed data and other manual processes, which is a hangover from the pre-cloud computing days of legacy technology.
“We often identify instances where CDD measures are not adequately performed or recorded. This includes seeking information on the purpose and intended nature of a customer relationship (where appropriate) and assessments of that information,” the FCA said in 2021.
As remote verification processes have historically been easier to bypass with fake documents, a business must tackle the problem by implementing technology that uses additional layers of authentication like NFC chip authentication and/or hologram detection and biometric verification, such as facial recognition or video verification to their onboarding process.
The future of KYC.
A reliance on spreadsheets to track clients for AML and KYC purposes is setting the business, whether fintech or incumbent, up to fail.
Over the last decade, financial technology has turned this process on its head. Identify verification has become a digitized process that can be executed in minutes, via a smartphone, using artificial intelligence and machine learning tools.
“Automated, intelligent and API-based solutions are creating new opportunities to dramatically streamline and enhance KYC monitoring and compliance.
Regulated firms that are serious about compliance need to be aware of the risk certain customers may carry, and many financial institutions have been fined for not completing periodic high-risk customer (or politically exposed person) reviews. High-risk customers are typically reviewed every year, compared to medium-risk customers reviewed every three years, and low-risk customers every five years.
With such pressure on financial institutions to do more, the traditional periodic reviews process is making way for a more dynamic, continuous KYC approach.
Automating aspects of the process, such as around customer profiles or risk ratings, reduce the burden on legacy systems and can pinpoint problems faster, thereby reducing the window for criminals to attempt to launder funds.
“We expect to see more firms adopt continuous KYC and move away from static one, three, and five-year review cycles,” said Mandell.
Fintech firms looking to streamline their identity verification process can now implement fully digitized and AML-compliant software underpinned by a global network of identity and fraud specialists to identify users. This digital onboarding process can be used across a variety of formats, from opening a bank account to mortgage loan agreements or onboarding gamers.
When combined with AML screening and monitoring, it can slash implementation time alongside efficiency gains in the onboarding process.
Intelligent solutions such as AutoIdent meet these KYC and data collection requirements head on, without risk of human error creeping into the process. AI-powered solutions also offer multijurisdictional coverage, which will crucially enable UK-based companies to continue operating in the EU without concern.
IDnow provides the most powerful, configurable, and secure platform for identity proofing. Whether automated or expert-assisted, our identity-proofing methods have been optimized to meet the strictest security standards and regulatory requirements without compromising on customer conversions or the consumer experience.
“It is vital for UK fintech firms to invest in the right AML/ KYC technology in order to protect themselves and their customers from fraud, thereby saving potentially billions in fines and reputational damage,” added Kiely.
2022 has witnessed record growth for fintechs, but wherever there are opportunities, there is increased competition, and greater scrutiny from regulators. Read more in our blog, Fintechs, fraud, fines.
Interested in what fintech trends are likely to shape 2023? Check out our interview with David Gyori, CEO of Banking Reports.
Content Manager at IDnow
Connect with Jody on LinkedIn