How to: Grow a Forex Platform by Sustainable Customer Acquisition, KYC and Compliance

A practical guide to efficient client conversion and full compliance with jurisdictional laws for forex businesses.
How to: Grow a Forex Platform by Sustainable Customer Acquisition, KYC and Compliance

From criminal activity to ever-increasing regulatory pressure, there are plenty of risks associated with forex platforms that can lead to substantial losses—leaving many traders extremely vulnerable. To stay safe and while keeping revenues high, many FX businesses need to balance customer onboarding, AML/CTF compliance, and fraud prevention. Here’s our comprehensive guide to making all this possible.

Why should you read this?

Forex trading is more popular than ever. With a traded volume level of more than $4 trillion a day, forex has also become a lucrative target for financial criminals. To deal with this growing threat, regulations are tightening considerably.

A West London-based forex firm was hit with £7.8 million ($10,8m) in fines after failing to meet AML obligations. This comes as part of a wider crackdown on money laundering and those organizations which fail to adequately detect it. “This record fine shows we mean business, so get your house in order before we come knocking”— regulators warn.

Forex platforms have no time to hesitate on regulatory compliance—and we’re here to help. With this article, we’ll guide you through the latest regulations and present professional KYC/AML practices for forex platforms, helping maximize efficiency and avoid harsh penalties for non-compliance.

The highlights

  1. How regulations impact forex platforms
  2. The importance of CDD and KYC
  3. Key regulatory requirements
  4. The new anti-money laundering directive
  5. How Sumsub can help
  6. Steps you can take to generate growth
 

How regulations impact forex platforms

As FX trading is a global activity, there isn’t one set of regulations that applies to all forex platforms (there is a FATF Risk-based Approach Guidance for the Securities Sector, but it does not have the force of law). Instead, there are multiple types of regulations, which vary depending on where forex platforms operate. Nevertheless, some of these regulations overlap across multiple jurisdictions—particularly those related to anti-money laundering (AML) and countering the financing of terrorism (CTF).

To stay in line with AML/CTF regulations, forex platforms need to enact policies and procedures that combat all forms of financial crime. This includes setting up adequate internal systems for spotting suspicious activities and reporting them to authorities. In addition, robust Customer Due Diligence (CDD) and Know Your Customer (KYC) procedures should be applied to verify customers and take precautions against money laundering and terrorist financing risks.

 

The importance of CDD and KYC

CDD applies to all procedures that AML-obligated entities use to verify customer identities, background information, and risk levels. When performed correctly, CDD measures identify high-risk individuals at an early stage, preventing companies from being exposed to money laundering, fraud, terrorist funding, and other financial crimes.

When establishing a business relationship with a client, the first (and most important) CDD measure is to perform KYC. This is to ensure that the clients are who they say they are. In order to achieve this, the business should obtain key information about the customer (name, address, date of birth, and so on) and verify the accuracy of this information.

CDD shouldn’t stop after the KYC stage, however. Existing customers should also be subject to CDD measures through ongoing monitoring, as customer risk profiles may change over time. Accordingly, businesses should take customers’ account activity into consideration, in addition to ensuring that all their KYC documentation remains up to date. Record-keeping is also a necessary part of ongoing CDD, which helps businesses have a clear picture of their customers throughout the entire lifecycle.

In unison, these steps help businesses prevent—or promptly react to—any crises and stay compliant with regulations.

How to: Grow a Forex Platform by Sustainable Customer Acquisition, KYC and Compliance
Absent or inadequate CDD procedures and KYC standards can subject businesses to serious customer, reputational, operational and legal risks. Regulators around the world heavily penalize entities that don’t adhere to AML standards. Banks, large multinational corporations, and forex firms are being fined at record levels (up to $900 million). Most of the penalties levied in 2020 included failures in customer due diligence (CDD).

Key regulatory requirements

Every forex platform has to effectively comply with AML/CTF regulations of their jurisdiction. These requirements may differ from country to country, so platforms should take care when choosing the jurisdiction for their business registration and brokerage license.

Below you’ll find a list of key laws, regulations, and jurisdictions that forex platforms need to comply with. Click on the country to learn more.

High-requirement jurisdictions

These are jurisdictions with high capital requirements ($20 million+), along with detailed reporting obligations and significant operating expenses. Customer complaints to regulatory agencies overseeing these jurisdictions may result in severe consequences, including seven-figure fines.

Legislation:

Regulating body:

  • The Financial Industry Regulatory Authority (FINRA) writes and enforces rules governing the activities of all registered brokers in the United States. To conduct securities transactions or any other business with investors in the U.S., both firms and individuals must be registered with FINRA.

Complying with CDD requirements:

  • Identifying individuals: Collect their name, date of birth, address, and an identification number (typically a social security number). It is also required to create a customer risk profile and conduct ongoing monitoring.
  • Identifying entities: Collect their name, principal place of business, office location, or other physical location of operations or presence, identification number, employer identification number (EIN), and beneficial ownership information.

Penalties for non-compliance: A fine of over $1,000,000.

Legislation:

Regulating body:

Complying with CDD requirements:

  • Identifying individuals: Collect their name, address, and date of birth (has to be verified from valid customer identification documents: a driving license, passport, alien registration card or any other acceptable documents), details on their profession and other occupations, purpose of transaction, status of asset and revenue, confirmation of personal identification data of the person in charge of the transaction, confirmation of agency power for the person in charge of the transaction. For higher risk customers, it is also required to verify assets and income.
  • Identifying entities: Collect name, location of the head or main office, the nature of the company, purpose of transaction, identity of beneficial owner. For higher risk customers, it is also required to verify assets and income.

Penalties for non-compliance: A fine of up to ¥3,000,000 ($27,215) for individuals and up to ¥300,000,000 ($2.7m) for legal entities. The maximum penalty is imprisonment of up to two years for responsible persons.

Moderate-requirement jurisdictions

Reputable jurisdictions with high to moderate capital requirements, moderate expenses, and reporting.

Legislation:

Regulating body:

Complying with CDD requirements:

  • Identifying individuals: Collect their name, address, place and date of birth, identity card reference number (where available) and nationality.
  • Identifying companies: Collect their name, registration number, date of incorporation or registration, and registered address or principal place of business.

Penalties for non-compliance: A fine up to €5,000,000 ($5.9m) mor the equivalent of 10% of total annual turnover (according to the latest financial statements).

Legislation:

Regulating body:

Complying with CDD requirements:

  • Identifying Individuals: Collect their name, address, telephone and fax numbers, e-mail address, signature, date and place of birth, details on their profession and other occupations, including the name of their employer.
  • Identifying entities: Collect their name, registration number, office address, location of the head or main office, telephone numbers, fax numbers, e-mail address, the members of the board of directors, the persons that are duly authorised to operate the accounts of the company and act on behalf of the company, the registered shareholders, the business profile of the company.
  • Specific procedures required by CySEC: Check the adequacy of the data and information pertaining to the customer’s identity and economic profile when:
    • an unusual or significant transaction takes place;
    • there is a change in the customer’s legal status and situation;
    • there is a change in the rules and methods of customer account operation.

Penalties for non-compliance: An administrative fine of up to €200,000 ($235,250). In case the offense continues, an additional administrative fine of up to €1,000 ($1170) is imposed for each day.

Legislation:

Regulating bodies:

Complying with CDD requirements:

  • Identifying individuals: Collect their name, date of birth, and address.
  • Identifying companies: Collect their name, addresses of registration and principal place of business, registration number (either their Australian Company Number or Australian Registered Body Number), the nature of the company, and the names of the directors. Only the name, legal form and registration number must be verified.

Penalties for non-compliance: A civil penalty of up to A$4,440,000 for an individual and up to A$22.2 million for a corporation. This is the maximum penalty applied, where the penalty unit amount is $222.

*Under the Notice of Indexation of the Penalty Unit Amount, a penalty unit is currently $222. Penalty units are used to calculate fines for various offences. Fines are calculated by multiplying the value of one penalty unit by the number of units that offence carries.

Low-requirement jurisdictions

Jurisdictions with low to moderate regulatory environments, capital requirements, operating expenses, and minimal reporting

Legislation:

Regulating body:

Complying with CDD requirements:

  • Identifying individuals: Collect their name, address, date and place of birth, nationality, contact details, signature, purpose of the account and the nature of the business relationship.
  • Identifying corporate customers: Collect their name, principal place of business and registered office, contact details, board resolution, certificate of incorporation, identities of all account signatories and details of their relationship with the company, identity information on the natural persons with a controlling interest in the corporate entity.
  • Non-face-to-face identification: Take specific and adequate measures to compensate for the higher risk. This includes communicating with the customer at an address that has been verified, two-factor authentication, requiring copy documents to be certified etc.

Penalties for non-compliance: A fine of up to $25,000, imprisonment up to 3 years, or both.

Legislation:

Regulating body:

Complying with CDD requirements:

  • Identifying individuals: Collect their name, date and place of birth, personal identification number/unique Identification number of client, nationality, country of permanent residence, address.
  • Identifying UBOs: Collect information on entities, legal persons and other bodies that directly or indirectly control a company.

Penalties for non-compliance: A fine ranging from $300-$3,000 for individuals, $600-$6,000 for legal entities. The penalties are to be applied monthly until the requested information is duly registered.

Least regulated jurisdictions

These jurisdictions have weaker institutional control and less detailed legislation than others. Only offshore companies fall into this category. It is worth considering that companies registered in offshore jurisdictions are almost always regarded by counterparties as high risk partners / providers / clients, etc.

Legislation:

Regulating body:

  • The Marshall Islands have no local forex trading regulatory bodies. However, there are a number of forex brokers in the Marshall Islands that are authorized and licensed by different types of international regulatory bodies, such as CySEC of Cyprus, and others. Therefore, if a company is regulated by CySEC it must comply with all the requirements set out by CySEC, including its branches.

Complying with CDD requirements:

  • Identifying individuals: Collect their name, address, telephone and fax number, date and place of birth, nationality, details on their profession and other occupations, including the name of their employer, a copy of their passport or national ID, signature, purpose of the account and the potential account activity, written authority to obtain independent verification.
  • Identifying entities: Collect their certificate of incorporation, Articles of Association, location of their head office or registered agent, description and nature of their business, board resolution, the names and addresses of all officers, directors, and beneficial owners, confirmation that the corporate entity has not been struck off the register or is not in the liquidation process, purpose of the account and the potential parameters of the account, written authority to obtain independent verification.

Penalties for non-compliance: A civil penalty up to $10,000 per violation for any willful violation of any record-keeping; up to $500 per violation for any negligent violation of any requirement.

How to: Grow a Forex Platform by Sustainable Customer Acquisition, KYC and Compliance
Jurisdictions generally considered ‘reputable’ are the US, UK, EU, Switzerland, Japan, Singapore, Australia, New Zealand. When assessing the reputability of a jurisdiction, it is recommended to trusted sources of information, such as:

The new anti-money laundering directive

On December 3, 2020, the Sixth Anti-Money Laundering Directive (6AMLD) took effect in the European Union to ramp up the fight against money laundering. The directive affects KYC/AML procedures and was supposed to be implemented by financial institutions by June 3, 2021. The directive does not require businesses to significantly change their KYC/AML procedures. Rather, these procedures must be updated to align with the latest definition of “money laundering,” as well as the new list of predicate offenses:
  • The definition of “money laundering” now expands to property as well as the acquisition, concealment, and distribution of all physical and virtual assets stemming from illegal activities, be it money, artworks, or real estate.
  • The extended list of predicate offenses now covers cyber and environmental crime. The latter includes the illegal wildlife trade, air pollution, and other crimes that impact the environment. 6AMLD also took further measures to incriminate persons if they know “or ought to have known that someone is involved in money laundering activities.”
Click here to find our practical advice on complying with 6AMLD.

How Sumsub can help

With Sumsub, forex platforms can enjoy quick and easy KYC that converts even the least motivated users in minutes. The verification process requires just two photos from the users and takes just a couple of minutes. As a result, the business can increase conversion by 30% or greater.
How to: Grow a Forex Platform by Sustainable Customer Acquisition, KYC and Compliance

Sumsub’s identity verification platform enables businesses to increase customer conversion—all while ensuring compliance with regulations worldwide (ongoing monitoring, record keeping and so on). The solution is globally applicable, as its approach and methodology are carefully designed according to the latest recommendations on AML and CTF.

The bottom line

How to: Grow a Forex Platform by Sustainable Customer Acquisition, KYC and Compliance

As the forex market grows and generates more interest across the globe, scammers become an ever-increasing threat. However, if you put time and effort into implementing professional KYC and AML practices, you’ll minimize the risk of fraud and other dangers. Plus, you’ll be best-equipped to deal with constantly shifting regulations, avoiding steep fines and penalties along the way.

To onboard more customers, increase revenue, comply with regulations, and preventing fraud, try Sumsub’s efficient KYC/AML verification solution, developed specially for forex platforms. Discover more here.

Sign up for our Newsletter

Thank you for subscribing to our newsletters.

How to: Grow a Forex Platform by Sustainable Customer Acquisition, KYC and Compliance

We are always happy to help you in case of any questions.

Feel free to contact us at [email protected]

Thanks for contacting us!

We will get in touch with you shortly.

Be up and running in minutes.

Questions? Schedule some time to talk with one of our experts.

This contact form is available only for logged in users.