Businesses that Neglect ‘Know Your Customer’ Regulations are Messing with Fate and Government Regulations
Here’s the weird thing about money laundering: The problem just doesn’t want to go away. According to statistics compiled by the IRS, the ways that crooks hide the sources of their ill-gotten gains appear to be infinitely creative, with investigations and prosecutions remaining steady over recent years.
Certainly the financial impact is enormous: the 2018 Basel AML Index pegs the amount of money laundered globally at as much as $1 trillion, with some sources raising that figure even higher.
In response, governments are racing just as hard as the bad guys in insisting that financial dealings are transparent. In Europe the fourth Anti Money Laundering Directive—4AMLD for short—went into effect a little over a year ago, while in the U.S., there’s the Bank Secrecy Act and Suspicious Activity Report.
These, and other “Know Your Customer” regulations, require financial institutions, law firms, accountants, trust providers, currency exchange companies, and even the gambling industry, to assure that they’re monitoring the people they do business with, and flagging suspicious activity. But clearly not every impacted business has stringent-enough processes, given the abiding level of money laundering and terrorist financing activity globally.
The Need to Step up Your Game
It should be obvious that any U.S. company doing business in the EU would fall under the 4AMLD mandates. The law strengthens the regulations of the previous third version by boosting banks’ due diligence mandates, insisting they look at every country as a potential source of risk, and implementing more severe penalties for non-compliance. But financial institutions themselves have to step up their game.
First, the types of companies that fall under money laundering and terrorist financing regulations must have an internal structure to be in full compliance with all pertinent government mandates. If they don’t, they risk monstrous fines and a ruined brand reputation. Secondly, and fortunately, compliance officers have ready access to cloud-based APIs that can tap into worldwide databases.
The goal: to identify that someone is on the up and up—that they are, in fact, who they say they are.
Leveraging the power of data sets and the internet, a person can be identified by linking a name with a variety of other verifying data, including email, postal addresses and phone numbers. If there are mismatches, red flags are raised.
But databases aren’t always reliable, which is why technology that matches addresses through standardization and cleans up misspellings is so important.
Then there’s social media. While many people are rightly concerned these days about their online information being hacked or misused, there are undeniable benefits to the financial services industry in being able to tap into social media usage, especially social accounts linked to email addresses. APIs can do this easily, further identifying people, and perhaps exposing incendiary views.
Technology even exists to identify people via imaging and facial recognition. This aids both the onboarding process and later management of compliance and risk assessments. These are all ways to identify someone as either a valid, safe customer, or alternately someone who may be suspicious and worth a closer look.
Regulations Respond to Increased Threats
As noted, the criminals are ever-inventive, taking advantage of new opportunities. One year after 4AMLD went into effect, the EU is preparing a new, fifth version. Set for implementation in 2021, 5AMLD is expected to include virtual currencies like bitcoin, anonymous prepaid cards and wallet services that are potential sources of money laundering. We’re also likely to see a central database of registered users of these currencies.
5AMLD also will require public companies to have access to real estate ownership, another critical way to verify someone’s identity and ensure there are no gaps in KYC database records. Again, cloud-based APIs exist for matching owners with properties throughout most of the world. Again, mismatches between purported and actual addresses can prompt banks and others to take a closer look.
Whether your business is domiciled in the U.S. or in the EU, or anywhere else for that matter, you must get a handle on your Know Your Customer protocols. Your own safety and that of your business demands it, and the safety of our country requires it.