KYC INSIDER – September 2023
Topics covered in this issue:
- The EU’s AML package.
- MiCA implementation on track.
- The UK’s new fraud strategy.
- Protecting minors online: New regulations in the works in the UK and France.
- News from Italy.
KYC INSIDER – September 2023
The EU is faced with the complex task of increasing compliance requirements of Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) controls within the banking and finance sectors and beyond. In recent years, there has been an increased need for digital services, and this has been accompanied by a rise in market abuses of the global financial sector.
The EU’s intense regulatory scrutiny of traditional and decentralized finance is a direct response to increased criminal activity, threats, and global geopolitical challenges, as well as significant changes to technology, new expectations in services, and products in this space.
As a result of the developments of the past several years, the EU has put together a comprehensive set of legislative proposals and goals. This AML package includes:
The proposed legislation will come into legal effect in 2024.
However, even after this, there is a long way to go before harmonization is fully reached. Only continued collaboration will ensure greater trust in this space. Ultimately, the goal is to enhance market offerings that enable citizens to enjoy cross-border services and products freely with the expectation that their data, privacy, and their investments remain protected.
The Market in Crypto Asset Regulation, MiCA, entered into force this past June and the technical requirements for implementation were made official under the package 1 obligations this July. The regulation includes other technical requirements (package 2 and 3) for development to be on track for its final implementation. The timeline is as follows:
In the coming months, the finalization for package 2-3 requirements to MiCA will involve the European Banking Authority (EBA), European Securities and Markets Authority (ESMA), European Insurance and Occupational Pensions Authority (EIOPA), and the European Central Bank (ECB). Two consultation packages will be made available for comment by October 2023 and early 2024.
MiCA regulation that is tied with the Transfer in Funds Rule (TFR) and national Anti-Money Laundering Know Your Customer (KYC) requirements solidifies a more complete registration, licensing, and operations scheme. This is significant for Europe and other geographic regions that are in the process of tightening regulatory requirements around this sector.
For example, the UK Joint Money Laundering Steering Group (JMLSG) is proposing amendments that tighten any transfer of cryptoassets to be accompanied by information on the originator and the beneficiary. Cryptoasset businesses are encouraged to implement the Transfer Rule in an effort to minimize existing gaps due to a delay in implementation that enables verification and data transfer. (See JMLSG amendments to Sector 22).
These requirements aim to deliver a more harmonized framework within Europe and one that enables cross-border recognition and greater protection for service providers and end users. The EU has introduced these stringent measures as a way to increase crypto activities and enhance greater protections – the proof and effectiveness lie with all stakeholders – public and private.
For a long time, the UK has been ranked as the fraud capital of Europe, with Britons nearly nine times more likely to be victims of scams than their counterparts in Germany. The newly introduced fraud strategy from the UK government is looking to fix that and will be supported by three key pillars:
The UK government is also calling on the tech community to do their part in blocking fraud at an industrial scale. Some of the steps include:
While there is no silver bullet for fighting fraud, as it is something that manifests at every step of the customer journey online, KYC processes can be crucial for businesses to protect their end customers – and themselves – from fraudsters. KYC can ensure that the power of identity is put back in the hands of the people it belongs to and the businesses they are trying to interact with.
For as long as the internet has existed, there have been corners of the web with content that children should not see, and products that they should not buy. While identity verification or KYC solutions can successfully restrict the access of online gambling or the purchase of alcohol and tobacco for underage users, online barriers can also prevent minors from viewing harmful online content.
The UK government is therefore proposing the introduction of age verification systems on all pornographic websites in the latest proposed amendments to the much discussed Online Safety Bill. The bill has been a long time coming, as more and more clauses have been added, causing delays that are expected to last until the fall of 2023. After the bill has been passed, all pornographic websites will have six months to implement age verification solutions. Methods that are currently being discussed around the bill include uploading details of an ID or credit card, or using AI-based age estimation or verification technology.
In parallel to the bill passing through the House of Commons and the House of Lords in the UK, France, too, has been grappling with protecting their minors from pornographic content online. In early July, a new law for the digital protection of minors was passed by the Senate after Jean-Noël Barrot, Minister for Digital Transition and Telecommunications, announced the arrival of a new digital law back in February 2023.
The draft bill is intended to give greater sanction power to The Regulatory Authority for Audiovisual and Digital Communication (Autorité de régulation de la communication audiovisuelle et numérique, Arcom, formerly CSA), and to the National Commission on Informatics and Liberty (Commission nationale de l’informatique et des libertés, Cnil).
Today, the law of July 2020 (article 227-24 of the French penal code, amended by the law on domestic violence), requires sites with pornographic content to verify the age of visitors, which is often done via self-declaration. Users are simply asked to tick a box answering “Are you or are you not of age?”.
To enforce stricter rules and control of age verification, the French government, alongside Arcom and Cnil, are now studying the most appropriate age verification solutions in the markets. Based on these discussions, either database or credit card checks, more traditional KYC solutions or new technologies such as digital identity wallets will become the law of the land.
This summer, the Bank of Italy announced its intention to comply with the European Banking Authority (EBA) Guidelines on the use of remote customer onboarding solutions. Italy will amend its national AML rules on remote identity identification, and existing Regulation on Customer Due Diligence of 30 July 2019.
As of today, the Bank of Italy allows remote KYC and recognizes: remote video identification, electronic signature, and national SPID digital identity. The EBA intends to repeal its existing video identification process in consideration for updated EBA guidelines to satisfy AML requirements.
Two important facts:
1. New obliged entities: The Guidelines extend to new obliged entities which were not concerned up to this point, such as Italian regulated intermediaries, financial intermediaries, fiduciary companies, micro-credit providers, etc.
2. The calendar: The compliance deadline is set on October 2, 2024, with respect to all the remote onboarding solutions adopted, though, the Guidelines will apply as soon as October 2, 2023, on new or amended remote onboarding solutions adopted by obliged entities and on the applicability of such solutions to new clients.
Published at the end of 2022 and put into application in the course of 2023, the EBA Guidelines on the use of remote customer onboarding solutions set out a common understanding of safe and effective remote onboarding practices for the financial sector, in line with applicable AML/CFT regulation.
IDnow was closely involved in the elaboration of these guidelines, as we were part of a select group that produced ETSI TS 119 461 on remote identity proofing and trust services. The TS is a compliant remote identification method across Europe, and is supported through the EBA Guidelines to meet AML Know Your Customer (KYC) requirements.
All in all, we are looking at a very busy third and fourth quarter in terms of regulations in Europe.
If you want to stay up-to-date, watch this space and sign up to our KYC Insider newsletter if you haven’t already.
IDnow is a leading identity proofing platform provider in Europe with a vision to make the connected world a safer place. The IDnow platform provides a broad portfolio of identity verification solutions, ranging from automated to human-assisted from purely online to point-of-sale, each of them optimized for user conversion rates and security.
In order to make the complex world of regulation more accessible, IDnow presents KYC Insider, a free information service on regulatory changes related to Know Your Customer and Digital Identities in Europe. The lead author is Rayissa Armata, Senior Head of Regulatory Affairs at IDnow, and a long-standing expert in the field of regulatory affairs.