Compliance is not simple. Businesses have to meet KYC requirements, perform an AML screening (PEP, OFAC, UN, HMT, EU, DFAT sanctions lists, watchlists and adverse media), conduct transaction and ongoing client monitoring, taking preventive measures against fraud and risks.
Here we’ve gathered the core information on compliance and onboarding for fintech based on years of experience with financial companies from different sectors.
Fintech compliance intricacies
The specific nature of fintech industry doesn’t help either. It requires you to onboard clients and clear payments swiftly and safely, while protecting banking relationships with confidence. These are some of the many points to implement and consider:
- Onboarding clients and clearing payments swiftly and safely
Fintech is becoming an increasingly competitive market with traditional institutions, tech giants, and startups all aiming to take the dominant position. According to Deloitte fintech growth estimates around 500-300 companies (banks, insurers, and investment management firms) founded every year, with 1.3k companies opened since 2015.
For that, companies progress in their new ways of maintaining client loyalty. And although compliance and client verification don’t lose their importance, industries, and especially fintech, have to do everything to reduce the timespan and make the verification process more engaging and attractive for users. Frauds that conspire to obtain bonuses and practice phishing is another factor that renders fintech companies vigilant of working with suspicious customers.
- Protecting banking relationships with confidence
As one of the elements of the financial chain, fintech has to win partner’s trust and take a respectable position on the market. The same rules go for compliance. To protect their reputation, companies use tools such as payments and transactions monitoring according to global regulations and changing global laws, screenings against real-time databases of sanctions, PEPs and adverse media data.
So, let’s get more into the details of how companies can satisfy all of these requirements without spending too much time, money and energy.
The foundation: what makes up a company’s compliance
In fintech, KYC is not the only important procedure in Anti-Money Laundering. It has to work as a wholesome solution together with anti-fraud, KYB, KYT, EDD for high-risk clients and extended data for CTF/AML screening. And there is also a recently imposed PSD2, that can put more requirements and pressure on the way you do business. Besides, if a company is involved in cryptocurrency business, it have to implement a Cryptocurrency Analytics.
KYC fintech solutions are familiar to most of the readers, but hardly anybody heard of steps that contribute to anti-fraud — an important part of AML.
Even if you are one of those who are proficient on the topic, read on till the end — we might have something more to add to what you already know.
Anti-fraud and KYC/AML fintech procedures people often forget about
Anti-fraud is a burning issue that frequently comes up in fintech industry and receives a lot of publicity. It is something everybody is aware of and have to be dealt with on many levels with several preventive measures.
Businesses, that are aware of the problem are actively implementing different fraud preventive approaches to help them:
- Gather data on user behaviour to compare it with suspicious patterns and fight phishing, chargebacks, etc.;
- Implement ongoing monitoring of suspicious activities;
- Access document databases and criminal profile blacklists;
- Practice anti-spoofing (IP address spoofing, phishing, email spoofing, caller ID spoofing and facial spoof attacks);
- Monitor transactions to fight chargeback fraud;
- Expose fake photos, identities and any other documents submitted online by an imposter using anti-photoshop or AI.
Even if frauds don’t launder money through a certain business, they might be using previously laundered money to perform transactions with the company, which is still company’s responsibility to prevent such occurrences.
Know your business
Compliance can’t be complete without an end-to-end screening of corporate clients, beneficial owners and individuals concerned in monetary transactions. KYC fintech solutions expose shell companies, trusts and complex paperwork that obscure information.
Know your transactions
Transaction monitoring — a requirement that many businesses consider unnecessary, but, in fact, regulators often demand it from companies. KYT helps out companies to understand the source of incoming funds, gives more clarity involved around party’s purpose of payment, enhancing trust between affiliate financial institutions and correspondent banks.
More to account for: Payment Service Directive 2 impact on fintech companies
PSD2 has greatly influenced fintech and banking, encouraging financial actors to employ Third Party Payment Service Providers (TPPs), that had to be compliant with Regulatory Technical Standards (RTS) to perform any transactions.
Thus, PSD2 reinforced KYC security measures, demanding stronger customer authentication, or SCA. For each unique transaction there is an authentication code based on generated cryptographically underpinned validity assertion (one-time passwords, digital signatures) that links each transaction to the user and creates a safer business environment and more demands for fintech firms.
Three levels of fintech AML compliance: SDD, CDD and EDD
To answer the question on how companies structure compliance checks — there are roughly three levels. They vary depending on the risks that a certain client poses. Let’s gain a perspective on how to build a reliable system, without additional costs and scaring off potential users.
- SDD — Simplified Due Diligence
A basic identification procedure fintech companies adopt for very low risk situations with only one document that bears necessary evidential quality (official identity documents such as ID cards or passports for example).
To recognise lower risk of money laundering or terrorist financing companies must consult the jurisdiction they are under. Depending on the case SDD can be applied if a customer is a resident in a geographical area of lower risk, a public administrator or a publicly owned enterprise, a company listed on a regulated market and the location of the regulated market, etc.
Following the basic SDD analysis CDD takes it further to a more detailed check focusing on risk assessment and looking into transaction habits. CDD is something all clients require. For individuals it is KYC, for companies — KYB.
If the verification goes smoothly and the individual/entity has nothing to hide, the company can work with them. CDD that results in exposure of a high-risk client must be either: blocked if there is certain proof of malintent or moved forward to the EDD level for further information inquiry and checks.
Enhanced Due diligence is a process that provides a greater level of scrutiny of potential business partnerships and highlights risk that cannot be detected by Customer Due Diligence. Compliance officers collect additional data on client’s identity, analyze the source of funds/wealth and ultimate beneficial ownership, perform ongoing transactions monitoring, etc.
The result of the check must be the likelihood of them to be involved in fraud, identity theft or something different but nonetheless illegal, which, based on their AML fintech policy, indicates on whether the company will work with the client or not.
Other factors that influence KYC and onboarding in fintech industry
KYC is important and together with it there are some other criteria that influence whether the growth of a company will be achieved successfully. As registration and KYC/AML check is the first time a client encounters with your platform, it is vital to make that experience frictionless and engaging.
Here are some other major drawbacks that negatively influence onboarding:
- Unprocessed user-flow that slows down the routine;
- Multiple verification stages with no possibility of unmotivated users to come through;
- Manual fill of multiple data fields;
- Failing to filter out fuzzy matching;
- Lack of AML screening skill to process PEPs, watchlists and adverse media.
Regardless of company’s jurisdiction and the size of transactions fintech compliance laws have roughly the same specifics for the industry. The key is to choose and implement the right procedures (KYC, KYB, Anti-fraud), and steps to compliance (CIP, CDD, EDD) that satisfy regulations and suit the business perfectly.