Sanctions, scams, and the elusive KYC silver bullet: FinTech Spotlight Interview with Vivek Mishra.

We sit down with Vivek Mishra, Senior Manager at Hana Bank to talk about the banking services most susceptible to financial crime, the increasing role of machine learning, and the impact of ‘the world’s largest biometric ID system’, Aadhaar on AML/KYC procedures in India.

What are some of the most common areas of weakness, or common failings, in a financial institution’s financial crime prevention strategy?

It is mandatory for financial institutions to implement an Anti-Money Laundering / Counter Terrorism Financing program to detect and deter financial crime. However, many struggle to keep AML programs updated and fail to review them on a regular basis. I believe there are five major or critical common areas of weakness:

  1. Regular review of regulatory changes: Financial crime regulation is very dynamic and keeps on changing as per the latest trends and scenarios. Many institutions fail to keep up with the latest regulatory changes, which can result in non-compliance and legal and reputational risks. It’s important for financial institutions to have a robust compliance management system in place that allows them to stay informed about the latest regulatory changes and ensure that their AML and CFT programs are up to date.
  1. Inadequate Customer Due Diligence: CDD is one of the most important tasks for financial institutions to undertake to identify and verify customers and understand the nature of the relationship. However, many institutions do not have adequate CDD procedures in place or conduct CDD on a regular basis.

Financial institutions must have adequate technology to detect and prevent financial crime. This includes transaction monitoring systems, customer data management systems, and sanctions screening systems. Without appropriate technology, institutions will be unable to detect suspicious activity, which can be a significant compliance risk. 

Vivek Mishra, Senior Manager at Hana Bank.
  1. Improper risk assessment: Risk assessment is one of the most critical tasks of every financial institution’s AML/CTF program. Although financial institutions must conduct a risk assessment of the money laundering and terrorist financing risks they face, many institutions do not have a proper understanding of the risks. This can lead to a failure to identify and mitigate risks, and to implement appropriate controls.
  1. Shortage or lack of training: Financial institutions are required to provide AML and CFT training for their employees, but many institutions fail to do so, or the training is inadequate. This can lead to employees not understanding their responsibilities and being unable to identify and report suspicious activity. Training is important and must be provided to every employee of a financial institution.

Are there any banking use cases that are considered more perilous, or susceptible to financial crime than others? 

The below are banking use cases considered more susceptible to financial crime: 

  • Cryptocurrency/NFTs: Cryptocurrencies are decentralized digital assets that can be used to facilitate financial transactions, so are particularly susceptible to financial crime because of their anonymity and lack of regulation, which makes it easier for criminals to launder money and finance terrorism. Of course, there have been many recent cases where regulators have cracked down on cryptocurrency organizations with inadequate controls.
  • Private banking: Private banking is an extremely lucrative and competitive global industry. Private banking provides highly personalized and confidential products and services to wealthy clients. They are susceptible to financial crime because of the availability of limited customer information compared to retail banking clients.  Private banking services may also be subject to less regulatory oversight than retail banking services, which can make it easier for criminals to launder money through these services.  
  • Remittance and money transfer services: As remittance and money transfer services are often used by criminals to move money across borders, they can be particularly susceptible to money laundering and terrorist financing because of the lack of transparency in transactions. 
  • Correspondent/Nested Banking: This type of banking can be particularly susceptible to financial crime because the correspondent bank may not have the same level of information about the respondent bank’s customers as it would for its own customers. 

Preparing for the known: Operating in a world of crypto regulation.

Download to discover how crypto exchanges can prepare for the brave new world of crypto regulation.
Get your free copy

What role does technology (and especially machine learning) play in combatting financial crime? Are there any innovative uses of technology that Hana Bank is using/ looking to use in the coming years?  

In my opinion, machine learning can be used in various ways to combat financial crime like: 

  • Transaction monitoring: Technology plays a critical role in analyzing the amounts of transaction data to detect suspicious activity and identify potential money laundering or terrorist financing. Almost every financial institution and nonbanking financial institution is using some kind of technology to analyze transactions, such as unusual transaction amounts, frequency, and location, to identify potentially suspicious activity. 
  • Fraud detection: Machine learning can be used to detect fraudulent activity by analyzing transaction data and identifying patterns or anomalies that indicate fraud. 
  • CDD & Risk Assessment: Machine learning can be used to assess the risk of money laundering and terrorist financing by analyzing large amounts of data, such as customer demographics and transaction history to identify patterns and anomalies that indicate high-risk activity. Machine learning can also assist in compliance and risk management by identifying potential compliance breaches and helping to prioritize risk management activities. 
  • Sanctions screening: Before a financial organization starts doing business with a new customer or engages in certain transactions (e.g., international wire payments), it should review the various country sanctions program requirements, as well as published lists of known or suspected terrorists, narcotics traffickers, and other criminals, for potential matches. Machine learning can be used to screen customers and transactions against sanctions lists to identify individuals or entities that are prohibited from conducting financial transactions.  

It’s important to note that machine learning is not a silver bullet; the quality of the model and the data from which it learns is crucial for its performance. Additionally, machine learning models must be tested, monitored and maintained to ensure they are functioning as intended and are not producing biased or inaccurate results. 

Are there any new or different fraud signals that you would like to see incorporated in the future of traditional identity verification providers’ tools? 

I’d like to see organizations use artificial intelligence and machine learning algorithms to detect and prevent fraud signals in real time. A more advanced system should be capable of continuously updating and adapting to new fraud patterns, as well as cross-referencing multiple sources of data to verify a user’s identity. In addition, I would like to see the integration of biometric authentication methods, such as facial recognition or fingerprint scanning, to provide a more secure and efficient verification process.  

Location-based verification could also be used to identify fraud by analysing an individual’s location, such as their IP address, GPS coordinates, and Wi-Fi signal, to confirm their identity.

Vivek Mishra, Senior Manager at Hana Bank

These are just some examples of new or different fraud signals that could be incorporated into identity verification providers’ tools in the future. It’s important to note that new or different fraud signals should be carefully evaluated for their effectiveness and compliance with regulations before being incorporated and implemented into existing technology. 

Do you think a one stop shop platform-based approach is of importance to financial institutions when choosing AML/KYC or identity verification providers?  

A one stop shop platform-based approach can be important for financial institutions when choosing AML/KYC or identity verification providers because it allows them to access multiple services through a single interface, which can simplify the process of onboarding new customers and monitoring existing ones.  

Additionally, a one stop shop platform can also offer a more comprehensive solution that integrates various compliance checks, such as identity verification, fraud detection, and sanctions screening, which can help financial institutions more effectively mitigate risks and comply with regulations. There are several advantages of choosing a one stop shop platform-based approach, such as improved data quality, cost effectiveness, and enhanced risk management etc.  

However, it’s important to note that a one stop shop platform approach should not be the only criteria to consider when choosing providers. Financial institutions should also evaluate the provider’s reputation, reliability, and compliance with regulations, as well as their ability to meet the specific needs of the financial institution. Additionally, a one-stop shop platform should be regularly monitored and updated to ensure it remains compliant with regulations and the latest best practices in AML/KYC and identity verification. 

The KYC stage is often seen as the box-ticking part of the onboarding process. For organizations that have this opinion, what are they missing out on? 

Organizations that think the KYC stage is a box-ticking part of the onboarding process are likely missing out on several key benefits like: 

  • Risk management: By only completing the minimum requirements for KYC, organizations may miss important information that could help to identify and manage these risks. 
  • Fraud prevention: Organizations may miss important information that could help prevent fraud. 
  • Reputation: The KYC stage is an opportunity for organizations to build trust and establish a positive reputation with their customers. By only completing the minimum requirements for KYC, organizations may miss the opportunity to build a stronger relationship with their customers. 
  • Data quality: A thorough KYC process can provide a more efficient onboarding process and improve the customer experience by reducing the number of times a customer is required to provide the same information. 

The KYC stage is not just a box-ticking exercise, but a critical part of the onboarding process that can help to prevent financial crime, improve compliance, and establish a positive reputation with customers. Organizations should implement a robust and thorough KYC process that meets the regulatory requirements and is tailored to the specific risks and needs of the organization. 

Terrorist financing appears to be becoming an increasingly prevalent problem in financial services. Are there any specific signals, or behaviors that an organization should be mindful of? Are there certain preventative steps they can take to better protect themselves against instances of terrorist financing? 

Terrorist financing is a serious problem in financial services and organizations should be mindful of specific signals or behaviors that may indicate terrorist financing. These can include transactions to-from high-risk jurisdiction, charitable donations, using front companies for cash transactions, transactions through virtual-currencies or prepaid cards etc.  

Preventive steps include: 

  • Developing a robust compliance program 
  • Enhanced transaction monitoring 
  • Conduct Enhanced Due Diligence on high-risk customers 
  • Conduct risk-based monitoring 
  • Implement Know Your Customer policies 
  • Information sharing 

As the prevention of terrorist financing is a continuous process, organizations should regularly review and update their AML/CFT compliance programs to ensure they remain effective and compliant with regulations. 

What impact has the recent Dewan Housing Finance Corporation Limited (DHFL) scam had on the reputation of the Indian banking system? How do regulations regarding KYC and AML in India fare against other nations?  

The recent DHFL scam has raised concerns about the overall integrity of the Indian banking system and the effectiveness of regulations in preventing financial crimes. 

Regulations regarding KYC and AML in India are governed by the Reserve Bank of India (RBI) and the Financial Intelligence Unit (FIU).  

KYC and AML regulations in India are considered to be comprehensive and in line with international standards. The Indian government has also taken steps to strengthen regulations in recent years, such as the implementation of the Prevention of Money Laundering Act (PMLA) in 2002 and the introduction of the Financial Action Task Force (FATF) recommendations in 2012. 

However, the effectiveness of the regulations in preventing financial crimes has been called into question by the DHFL scam, and other recent fraud cases. It has been reported that the regulators failed to detect and prevent the fraud and money laundering activities in DHFL and several other scams. This has led to calls for stricter enforcement of regulations and greater oversight of the financial sector. 

Has the world’s largest biometric ID system, Aadhaar, had a positive or negative impact on AML/KYC procedures; improved effectiveness of KYC processes and decreased financial fraud? 

It has had a great impact on AML/KYC procedures in India. The Aadhaar card, which is issued by the Unique Identification Authority of India, serves as a government-validated proof of identity and address for individuals in India. This has made the KYC process more efficient and effective as it eliminates the need for multiple forms of identification and allows for the easy verification of customer information. It also helps in reducing financial fraud by providing a secure and tamper-proof way to store and transmit identification information.  

The use of biometric authentication in Aadhaar has also made it more difficult for criminals to impersonate others. However, as it is not mandatory for financial institutions to use Aadhaar-based eKYC, this can lead to variation in the quality and effectiveness of the process. 

Identity crisis? The future of digital IDs in the UK.

Download to discover all about the UK’s past, present and likely future usage of digital IDs.
Get your free copy
digital identity in the UK

If you’re interested in more insights from industry insiders and thought leaders, check out one of our interviews from our Fintech Spotlight Interview series below.


Sanctions, scams, and the elusive KYC silver bullet: FinTech Spotlight Interview with Vivek Mishra. 1

Jody Houton
Content Manager at IDnow
Connect with Jody on LinkedIn


Let's talk!