Could KYC technology finally clean up the ‘dirty money capital of the world’? IDnow investigates.
As London is one of the largest financial centers in the world, it is no surprise that the UK continues to be a progressive adopter of new innovations in AML and KYC, and a global leader in promoting corporate transparency.
Unfortunately, London is also known as the “dirty money capital of the world,” with good reason as the National Crime Agency believes money laundering costs the UK over £100 billion every single year.
Money laundering, identity fraud, and other types of financial crime pose a significant threat to the stability of not only the UK’s, but the global economy. In fact, the United Nations reports that financial crime accounts for 2-5% of the global GDP (around US$800 billion to US$2 trillion).
In a bid to prevent financial crime, regulations and AML programs are regularly updated to reflect new techniques and changes in criminal behavior. However, AML and KYC compliance is not just a legal obligation. Adhering to regulations helps protect banks and fintechs, and their customers from harm. It can even enhance the reputation and trustworthiness of an organization.
AML and KYC obligations for a financial institution or fintech in the UK
AML is enacted in UK law through several legal acts, principally:
- The Proceeds of Crime Act 2002.
- The Electronic Identification and Trust Services for Electronic Transactions Regulations (2019).
- The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
Compliance is monitored by the government regulator, the Financial Conduct Authority (FCA), which regulates both financial institutions and fintechs.
In general, the FCA is regarded as one of the most open and forward-thinking regulatory bodies in the world. It adopts standard global AML procedures, regulations and coverage (largely in line with guidance from the Financial Act Task Force [FATF]). It has also introduced several new concepts, such as RegTech, launched a separate regulatory sandbox environment, extended regulatory coverage to cryptocurrencies, and introduced or approved several automated verification techniques.
What changes were made to the AML framework after Brexit?
The UK left the European Union on 31st January 2020, and the transition period ended on 31st December 2020.
Since then, there have been no major changes to UK AML law, as it was mostly introduced before Brexit. Regulations from the European Parliament’s Anti-Money Laundering Directives, 5AMLD (introduced in Europe in 2020) are fully covered by UK law, while the relevant parts of 6AMLD (introduced in Europe in 2021) were already covered by UK law.
There have been some small post-Brexit changes to UK AML law though, including:
- EU countries are now classified as “third countries”, so are treated with different risk factors.
- The list of high-risk third countries is managed by the UK, while previously it was managed by the EU. The only EU country currently included on the EU list is Malta.
- The Trade and Cooperation Agreement (TCA) regulates the EU-UK relationship and has several provisions for information sharing and common AML standards. This includes maintaining central registers of beneficial ownership.
How to perform KYC, AML checks as a financial institution or fintech in the UK
While UK laws and regulations do not prescribe the exact technologies or method of implementation, they do define the essential parts of a KYC process. In general, there are three main stages, or components:
Identity Verification, or the Customer Identification Program (CIP). The first step in the KYC process is to prove that the customer is who they claim to be. This includes both individual and corporate customers.
Identity verification involves collecting identity documents and checking their authenticity by ensuring the customer and document identity match. In processes that are fully or partially automated, this is increasingly taking place online.
Customer Due Diligence (CDD). This takes verification one step further and aims to prove whether the financial institution can trust the customer. CDD is about defining a customer’s risk level, and to what extent they can be trusted.
CDD includes AML screening to check that the potential client isn’t on any sanctions or Politically Exposed Persons (PEP) lists. Customer addresses can also be checked. Customers deemed to be of higher risk will undergo further checks under Enhanced Due Diligence, which can include PEP screening, checking sanctions and watchlists, and monitoring adverse media.
Ongoing Monitoring. AML and KYC compliance is not just about checking new customers during onboarding. Financial institutions must have a program in place for ongoing KYC checks and monitoring. This can include further sanction and PEP checking, and regular monitoring of transactions.
The rising use of automated techniques in verification
Increasing numbers of services have become automated in recent years, especially in the financial services sector. In fact, global consultancy firm, McKinsey & Company believes that companies are now seven years ahead in digital transformation efforts, with the acceleration partly explained by the sudden demand caused by the pandemic.
AML and KYC are areas that are also rapidly changing. Although eKYC, which refers to the digitalization and automation of KYC processing, began by simply moving documentation collection and verification online, it now involves many automated processes and technologies, including video-based verification, followed by artificial intelligence-based techniques.
Advanced KYC technologies include:
- Automated validation of identity documents, including checking built-in security features
- Biometric and liveness checks to match the user with the identity document
- Reading and processing NFC data from cards
- Automated AML screening checks, including PEP, sanction list checks and watchlists
The use of automated techniques in verification varies around the world, with regulators taking different views on whether it is acceptable. As one of the most forward-looking regulators, the FCA generally permits fully automated verification, but this view is not necessarily shared throughout Europe, where only some countries (including Belgium, France, Netherlands, and Spain) allow full automation.
Automation has many benefits. As it is primarily faster and more secure, it can lead to lower costs, improved customer experience, and increased conversion rates (vital for any bank or fintech). The recognition of improved security is a leading reason for its growing acceptance by the FATF and national regulators.
What trends and challenges for KYC & AML are coming up in the UK?
While there have been some operational changes to AML since Brexit, there has certainly been no let-up in the attempted monitoring of money laundering in the UK. Indeed, in 2021 the FCA issued 400% more fines than the previous year (£577 million in total). Over half of which were for AML compliance failures.
The UK’s strict regulatory oversight is likely to continue, as is the trend for new techniques and applications of technology. Read our blog to discover how KYC and AML solutions are playing an increasing role in tackling money laundering in Germany.
As technology develops, changes to regulation will also certainly follow. Many recent changes have focused on enhanced customer checking (including the concept of PEPs), corporate risk and ultimate beneficial owners, and the rising use of cryptocurrency. Future changes are likely to address the increasing use of technology in areas like customer onboarding and automated verification.
Other trends, such as growing privacy concerns, will undoubtedly affect AML and KYC in the UK, and elsewhere. Changes to processes, data collection and storage for customer due diligence, as well as data sourcing for more advanced checks, are likely on the way.
Existing KYC processes will, of course, continue to develop and improve in tandem. Ongoing monitoring, for example, is already making a significant difference to AML, as monitoring and analysis becomes increasingly automated.
Use IDnow for fully automated KYC and enhanced AML screening
As a market leader in the identity verification industry, IDnow offers a range of innovative solutions that have evolved alongside the development of eKYC and automated verification techniques.
IDnow’s main product for customer onboarding and verification, AutoIdent has been designed to meet regulatory requirements in the UK and throughout Europe. It offers fully automated verification of identity documents, and biometric verification and video liveness checks to confirm user identity. AutoIdent also supports hybrid verification, or manual review, when required.
Additional functionality, including proof of address capture and verification, PEP screening, and checking of sanction lists, watchlists, and adverse media, can also be added for AML screening.
For now, and the future, IDnow offers a feature-rich and future-proof solution for all your onboarding and verification needs — in the UK and elsewhere.
Still want to learn more about AML and KYC? Have a look at our overview page on AML & KYC.
Discover how AutoIdent can revolutionize AML by downloading our free AML Fact Sheet.
Content Manager at IDnow
Connect with Jody on LinkedIn