“KYC”, “CDD”, “AMLD5”, “eIDAS”, “PSD2″…We know it’s super easy to get lost in the hustle and bustle of the acronyms of the European regulations. Let’s try to keep it simple.
“No, not another compliance article 😱!” Which is what you’re probably thinking, but this one’s different! It’s the one you’ll like. Storytime: You’re probably familiar with one of the most notorious criminals in history – Al Capone. If so, you know that when he was finally tried for his offenses, all he could be convicted with was TAX EVASION. The billion-dollar-empire (in today’s currency) he had acquired from illegal activities such as bootlegging, gambling, extortion among others could have helped as evidence, but the money was nowhere to be found. Capone had very strategically hidden it through businesses whose precedence couldn’t be proven. One of the most famous schemes used by Capone was cash-only laundromats, where – yes, you guessed it, the term “Money laundering” originated.
With the recent arrival of virtual currencies, online banking, and eCommerce, schemes have become much more complex. Yet, money laundering & tax evasion still remain as one of the biggest threats to the financial system. In order to avoid such impacts, the EU has been promoting targeted regulations in the last 10 years to reduce this risk. How is this relevant to you? Well, If you’re running a FinTech firm in a European country or are planning to expand there, plan to be directly impacted: you need to comply with regulations or be prepared to face fines if you don’t comply – even worse, an interdiction to operate… But don’t panic: to avoid that, all you need is a basic understanding of well, what you need to do to comply with local regulations. Ready to dive deep?
Meet your new best friends, AMLD & PSD2
AMLD & PSD2 are two clunky acronyms representing two critical directives that impact everyone running a FinTech. They stand for Anti Money Laundering Directives (AMLD) and Second Payment Service Directive (PSD2).
The AMLD is a set of regulatory requirements issued by the EU containing rules to fight money laundering and terrorist financing by EU member states. Its main goal is to protect the financial system by enforcing procedures for prevention, detection, and investigation of money laundering and terrorist financing. AMLD is suitable for credit and financial institutions, certain legal professionals such as auditors, notaries, trust or company service providers, people trading in goods for payments made or received in cash totaling the amount of €10,000 or more, and gambling service providers.
PSD2 is the second Payment Services Directive, designed by the EU to revolutionize the payments industry, influencing the way we pay online as well as the information we see when completing a payment. PSD2 will also require stronger identity checks such as KYC, especially when dealing with higher transactions.
Yeah alright, but what is KYC? Tah-dah!! new acronym: KYC, which stands for Know Your Customer, is the first step of AML procedures. It’s the practice carried out by companies to verify the identity of their clients in compliance with legal requirements and current laws and regulations. To put it shortly, verifying your clients are, in fact, who they claim to be. This process ensures that the user who wants to become client of a company demonstrates with legal evidence their identity.
There are several simple methods that can be implemented in which the user submits identity documents, which must be authenticated, and a picture or a video of their face (in some cases their fingertips), in addition to other biometric tests and security checks.
Not all KYC verifications comply with legal qualifications in Europe. For example, selfie-based identification solutions (meaning that you ask your user to submit a picture of their face to make sure it matches the photo on the ID) are not KYC/AML compliant in the EU. The latest version of AMLD, going under the name AMLD5 (yep, because it’s the fifth edition) establishes that they have weak reliability and do not fit requirements demanded by legislation. Good news is that AMLD5 introduced a new regulation last year called eIDAS (electronic Identification Authentication and trust services), that allows other recognized identification methods that provide security equal to physical presence, such as Liveness Recognition a.k.a proof of life.
Neobanks, lending companies, eCommerce, to name a few, are some of the industries that will now have to comply with KYC; as well as the uprising Cryptocurrencies (exchanges) which had a big impact on AMLD5 by stating that all EU member states must implement AML regulations when it comes to crypto. These exchanges will now be required to not only follow KYC rules but also to monitor customer transactions and file suspicious activity reports. That way, it will be ensured that they’re legitimate and are not attempting to abuse the platform for malicious purposes.
So as a Fintech what do I need to do?
Fintechs operating in the EU need to comply with basic KYC/AML regulations, which can be summed up in 3 steps:
- Making sure your user provides an authentic document to verify their identity;
- Ensure it’s the same person as the one on the document provided running a liveness check;
- Confirm users aren’t listed on international anti-money laundering watchlists or blacklists.
As simple as this sounds, it can be a painful process to carry out without the proper tools. Thankfully, technology has evolved a lot in the last few years, and Identity Verification processes did the same, helping solve any potential friction for users. There is a lot of hype about the various service providers specializing in ID verification with KYC/AML inspections, but I’ll let you be the judge on that subject. I will, however, recommend that you test first hand that the compliance offered is up to your standards and requirements (for more insight on how to choose a good ID verification solution, check this article: 5 questions you should ask your ID verification provider).
The global pandemic we are now facing has introduced a tremendous challenge for organizations that are required to comply with KYC regulations – at least, for the ones that were unprepared to digitize operations. While many companies have adapted to digital processes and compliance, many others have not and therefore have seen a substantial loss of customers during this time. Major financial institutions such as banks are struggling to keep these processes running throughout this crisis, which should be an eye-opener for how unprepared the whole world was for COVID-19. Truth is, The onboarding of customers shouldn’t come to a complete stop when a pandemic occurs. However, this should be taken as a lesson that being able to digitally onboard new customers is key, as is following regulations aimed at preventing crimes such as tax evasion and money laundering no matter the situation, whether its a pandemic or any other world-crisis.
Final thoughts: KYC/AML regulations can be challenging to understand, but it’s a great way to protect your business from malicious activity. Especially during these times where fraud is skyrocketing everywhere in the world, mostly due to the mounting uncertainty emerging from the COVID-19 pandemic which has fraudsters getting more creative and scamming companies left and right. This is why accelerating processes such as fully digitalized, seamless compliance should be a must on your agenda. If you’re wondering where you should start, our KYC consultants are here to help!