KYC Insider - September 2024 -

KYC INSIDER – September 2024

Topics covered in this issue:

Official publication of EU AMLR, AMLD6 and AMLA
NIS2 is approaching fast across the EU
VideoIdent consultation process in Germany closed – and now?
More effective Money Laundering Regulations in the UK on the horizon?
New mandatory fraud reimbursement requirements in the UK
eIDAS2 and EUDI W Standards

Official publication of EU AMLR, AMLD6 and AMLA

On June 19, 2024, the first European Anti-Money Laundering Regulation (AMLR), its accompanying Directive – AML Directive 6 (AMLD 6), and the Regulation establishing the AML Authority (AMLA), were published in the Official Journal of the European Union.

As Part of the Union’s goal to harmonize and strengthen Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT), the EU proposed its AML Package in 2021. As a reminder, these new laws include:

AMLD 6: Outlines comprehensive measures for supervisory bodies that oversee obliged entities, including banks, crypto asset service providers, etc. The Directive will strengthen the role of financial intelligence units (FIU) to monitor money laundering and terrorist financing cases.

AML Authority: Operational as of 2025 in Frankfurt, the newly established AML Authority will centrally coordinate the Union’s AML/CFT efforts across the EU. It will oversee and support national supervisory authorities and directly supervise certain high-risk financial institutions.

AMLR: The Union’s very first AML Regulation will establish a harmonized framework and standards, ensuring consistency and enhancing cooperation between member states, including KYC requirements across Europe.

Transfer of Funds Regulation (TFR): The Markets in Crypto Assets (MiCA) and the accompanying Travel Rule, offer a comprehensive licensing regime for the crypto market along with requirements on crypto transactions to include personal identification data regardless of threshold.

NIS2 is approaching fast across the EU

To enhance the EU’s response to money laundering and countering the financing of terrorism, a package consisting of three focus measures was decided upon:

NIS2 (The Network and Information Security Directive) is a legislative act with new requirements for financial entities and other stakeholders required to reach higher levels of cybersecurity and resilience across the EU.

Affected stakeholders include:

Critical infrastructure operators

Trust service providers

EU member states must adopt and publish the measures necessary to comply with the NIS2 Directive by October 2024. For example, it was not until July 2024 that the German government was able to pass the “Act on the Implementation of EU NIS2 and to Strengthen Cybersecurity”. In France, the ANSSI organized a series of consultations related to the implementation of NIS2. A draft law was submitted to the legislative authorities in May 2024, accompanied by about twenty implementing decrees. The final version of the security requirements should be specified in one of these decrees.

VideoIdent consultation process in Germany closed – and now?

In April 2024, the German ministries of Finance and the Interior (BMF/BMI) published a draft to change remote identification procedures in Germany from the BaFin Video Ident Circular to a new regulation. The draft contained innovative ideas introducing semi-automated and fully-automated means for KYC applications in the German GwG/AML sector.

Following the paper’s publication, industry stakeholders had the chance to submit feedback during a call for public contributions. These contributions have since been published and are under evaluation. One of their main concerns? The stricter measures that were introduced would limit a significant number of admissible ID documents for remote KYC processes. Currently, there is no concrete timeline for further legislative procedures or next steps.

More effective Money Laundering Regulations in the UK on the horizon?

HM Treasury published a consultation on improving the effectiveness of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the ‘MLRs’), which place requirements onto a range of businesses to identify and prevent money laundering and

terrorist financing. This consultation ran from 11 March 2024 to 9 June 2024. The industry is now eagerly awaiting the results of the consultation.

New mandatory fraud reimbursement requirements in the UK

From October 7, UK payment service providers will have to compensate victims of Authorized Push Payment (APP) fraud under new rules from the government’s payments regulator up to a limit of £415,000. The new rules, first published by the Payment Services Regulator (PSR) on June 7, 2023, will require all British banks, fintechs, and payment companies to refund all in-scope customers who fall victim to APP fraud, with limited exceptions.

Essentially, the new regulations will have two major outcomes for the UK finance and payments sector:

PSPs will need to reimburse consumers who fall victim to APP fraud. This has two caveats: they will not be reimbursed if they are involved in the fraud themselves or have acted with gross negligence.

The sending and receiving PSP will share the cost of reimbursing victims 50:50. PSR hopes that this will provide more incentives for both parties to detect and prevent fraud.

The new requirements have seen major pushback from UK payment providers and associations, criticizing the timeline of these requirements and the content of the regulation. While the limit of the reimbursement has recently come under review, the deadline for the introduction stands.

eIDAS2 and EUDI W Standards

The EU shared updates on the implementation of the European Digital Identity Wallet (EUDI W) and its associated standards, which is expected to take effect by May 2025. The implementing acts will define the reference standards and procedures for critical components of eID and the EUDI W. This first set includes:

Verification of QEAAs:

Sets out requirements for issuing and validating electronic attestation of attributes (eAAs)

Cross-border identity matching:

Sets out provisions on identity matching when using electronic identification means or European Digital Identity Wallets.

List of certified wallets:

Sets out rules to submit to the EC information on certified wallet solutions and their associated electronic identification schemes by EU countries.

Security breaches:

Sets out rules for EU countries to have mechanisms in place to ensure the suspension and, where applicable, withdrawal of European Digital Identity Wallets.

Registration of relying parties:

Sets out provisions on the process for registering relying parties in EU countries.

The specific technical requirements and standards for these components should further ensure interoperability and security requirements for the rollout of the Digital Identity Wallets. Further acts will also specify privacy-preserving techniques and standards for user onboarding, including remote identity verification procedures that must meet high assurance levels of security. These updates support future standardized digital identity interactions and their management in and across the EU.

If you want to stay up-to-date, watch this space and sign up to our KYC Insider newsletter if you haven’t already.

IDnow and Who We Are.

IDnow is a leading identity verification platform provider in Europe with a vision to make the connected world a safer place. The IDnow platform provides a broad portfolio of identity verification solutions, ranging from automated to human-assisted from purely online to point-of-sale, each of them optimized for user conversion rates and security.

In order to make the complex world of regulation more accessible, IDnow presents KYC Insider, a free information service on regulatory changes related to Know Your Customer and Digital Identities in Europe. The lead author is Rayissa Armata, Director Global Regulatory & Government Affairs at IDnow, and a long-standing expert in the field of regulatory affairs.

Who is Rayissa Armata?

Rayissa Manning Armata, a native of the San Francisco Bay Area, has more than 15 years experience driving business and regulatory initiatives in a global context. She has represented companies up to Fortune 125 as well as the United Nations. She helped companies drive significant revenue growth – in diverse areas such as fintech, telecommunications, defense, airlines and real estate.

In her role as Director Global Regulatory & Government Affairs with identity verification provider IDnow, Rayissa is in close touch with regulators throughout Europe. On KYC Insider she shares this first-hand knowledge with an exclusive network of professionals, who need to stay on top of things in the complex world of regulatory.

Get all information from our previous issues and benefit from our deep knowledge and stay up-to-date on all regulatory changes within financial services, gaming and gambling, telecommunications and many more by subscribing to KYC Insider.

Check out previous issues