ID Verification AML & KYC for Financial Institutions UK Reference Guide Research conducted by
ID Verification UK 1 Regulatory Landscape 2 AML & KYC Developments 3 Key Dates Practical Guidance 5 The Case for Mobile ID Verification DISCLAIMER - The material on this guide is offered for educational and informational purposes only, and should not be relied on as legal advice. Neither Mitek nor any contributor to this guide will be responsible for any action or failure to act in reliance upon information contained within this document. 2016 Mitek Systems Inc. 2
AML & KYC Financial Institutions Reference Guide In order to avoid sanctions and keep a competitive edge in fast paced international markets, financial institutions in the UK must ensure they comply with the latest Anti Money Laundering (AML) and Know Your Customer (KYC) regulations. This document provides practical guidance and industry best practice recommendations regarding the latest AML and KYC regulatory developments. This guide has an informational purpose and is based on proprietary research Mitek commissioned from Innovative Identity. The Financial Conduct Authority is the main regulator for Financial Services in the UK Accurate identification and verification of personal data is essential to combat money laundering Banks in the UK must comply with local and international AML guidelines: FATF Standards, FATF Guidance, Guidance from the Bank for International Settlements (Basel Committee) Lack of alignment between UK and international AML regulations causes major problems for banks looking to implement AML & KYC controls to global standards Financial Regulators in the UK have accepted electronic means of identity verification since 2004 2016 Mitek Systems Inc. 3
Identity Verification Regulatory Landscape Regulation Supervision and Enforcement Bodies Key Information Sources Sanctions Data Protection Act (DPA) https://ico.org.uk/fororganisations/guide-to-dataprotection/ The DPA regulates the sending of personal data outside of the EEA. Once received by an entity or individual within the United Kingdom, the data is subject to the requirements of the DPA. The Information Commissioner s Office is the UK s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. https://ico.org.uk Data Protection Act, UK Government https://www.gov.uk/data-protection/the-data-protection-act No corresponding provisions exist governing the receipt of personal data from countries outside the EEA. The Act prohibits data from being sent to countries that do not ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. FATF Recommendations http://www.fatfgafi.org/publications/fatfrecommen dations/documents/fatfrecommendations.html The Financial Action Task Force (FATF) sets international standards on anti-money laundering and counter financing of terrorism (AML/CFT). http://www.fatf-gafi.org The National Crime Agency (NCA) Within the NCA, the Economic Crime Command oversees FATF Recommendations http://www.fatfgafi.org/publications/fatfrecommendations/documents/fatfrecommendations.html#updates FATF Guidance http://www.fatfgafi.org/documents/guidance/?hf=10&b=0&s=desc(fatf_release date FATF Recommendation 6 requires each country to implement the targeted financial sanctions regimes to comply with the United Nations Security Council resolutions (UNSCRs or resolutions) relating to the prevention and suppression of terrorism and terrorist financing. 4th Money Laundering Directive http://eur-lex.europa.eu/legalcontent/en/txt/?uri=celex:32015 L0849 Joint Money Laundering Intelligence Taskforce (JMLIT) is an NCA initiative created in partnership with the financial sector to tackle high end money laundering. It includes representatives from the Government, the British Bankers Association, law enforcement and over 20 major UK and international banks. http://www.nationalcrimeagency.gov.uk/about-us/what-wedo/economic-crime/joint-money-laundering-intelligencetaskforce-jmlit Joint Money Laundering Steering Group (JMLSG) Guidance http://www.jmlsg.org.uk/industry-guidance/article/jmlsgguidance-current FCA s Financial Crime Guide for Firms Part1 https://www.handbook.fca.org.uk/handbook/document/fc1_fc A_20150427.pdf FCA s Financial Crime Guide for Firms Part2 https://www.handbook.fca.org.uk/handbook/document/fc2_fc A_20150427.pdf Changes to the Money Laundering Regulations 2007 which came into force on October,1 2012, included the power to impose penalties for failure to provide information required by notice. Proceeds of Crime Act (POCA) http://www.legislation.gov.uk/ukpg a/2002/29/contents The National Crime Agency (NCA) http://www.nationalcrimeagency.gov.uk House of Commons Home, Affairs Committee Proceeds of Crime Fifth Report of Session 2016 17 Report http://www.publications.parliament.uk/pa/cm201617/cmselect/c mhaff/25/25.pdf Money Laundering Regulations 2007 http://www.legislation.gov.uk/uksi/2007/2157/contents a) Failure to report: up to five years imprisonment and/or an unlimited fine; and/or b) Tipping off: up to five years imprisonment and/or unlimited fine. 2016 Mitek Systems Inc. 4
Key Dates Featured Use Case The Money Laundering Regulations ( ML Regulations ) came into force in the UK http://www.legislation.gov.uk/uksi/2007/2157/contents/made The Money Laundering (Amendment) Regulations 2012 enhanced the scope of the ML Regulations to include all estate agents, and included a power for professional supervisory bodies to share information with each other. Additionally it specifically referred to HMRC s criteria that may be used to determine whether an individual is fit and proper in connection with money service businesses and trust and company service providers. http://www.legislation.gov.uk/uksi/2012/2298/resources UK Government 15 th December, 2007 UK Government 1 st October, 2012 The Fourth Anti-Money Laundering Directive came into force http://eur-lex.europa.eu/legal-content/en/txt/pdf/?uri=celex:32015l0849&from=en EU Parliament EU Council 26 th June, 2015 The European Commission (EC) published an amendment (amending directive or AD) to 4MLD, following its announcement in February 2016 that further measures were necessary to combat terrorist financing http://europa.eu/!ny84y EU Commission 1 st July, 2016 The Fourth Anti-Money Laundering Directive must be transposed into UK national law UK Government By 26 th June, 2017 2016 Mitek Systems Inc. 5
The UK Financial Services Authority highlights the benefits of electronic identity verification 27. Electronic delivery does not in itself make verification more robust. But electronic verification can have significant advantages:* Financial Gambling Regulators have accepted electronic methods of identity verification since 2004 Housing for firms, it can be a straightforward way of accessing several corroborative sources (because CRAs draw on multiple data sources, including individuals credit history); customers do not need to provide documents, unless the firm considers that further corroboration is required in the circumstances; record-keeping is easier and cheaper; in non-face-to-face business it reduces the need for customers tosend important personal documents by post, with risk of loss and inconvenience; it can be cheaper than obtaining paperdocuments; it can be delivered in the broader context of other related checks (e.g. checks against terrorist sanctions lists or credit history checks). *http://www.fsa.gov.uk/pubs/other/id_report.pdf 2016 Mitek Systems Inc. 6
The Joint Money Laundering Steering Group interprets the legislation written by the Financial Conduct Authority Money Laundering Guidance for The Financial Sector by Joint Money Laundering Steering Group (JMLSG)* Electronic evidence 5.3.33 / 5.3.34 Joint Gambling Money Laundering Steering Group represents the leading UK Trade Associations in the Financial Services Industry Housing Electronic data sources can provide a wide range of confirmatory material without involving the customer. Where such sources are used for a credit check, the customer s permission is required under the Data Protection Act; a search for identity verification for AML/CTF purposes, however, leaves a different footprint on the customer s electronic file, and the customer s permission is not required, but they must be informed that this check is to take place. Where such sources are used for a credit check, the customer s permission is required under the Data Protection Act; a search for identity verification for AML/CTF purposes, however, leaves a different footprint on the customer s electronic file, and the customer s permission is not required, but they must be informed that this check is to take place. External electronic databases are accessible directly by firms, or through independent third party organisations. The size of the electronic footprint (see paragraph 5.3.25) in relation to the depth, breadth and quality of data,and the degree of corroboration of the data supplied by the customer, may provide a useful basis for an assessment of the degree of confidence in their identity. The size of the electronic footprint (see paragraph 5.3.25) in relation to the depth, breadth and quality of data, and the degree of corroboration of the data supplied by the customer, may provide a useful basis for an assessment of the degree of confidence in their identity. * http://www.jmlsg.org.uk/industry-guidance/article/jmlsg-guidance-current 2016 Mitek Systems Inc. 7
European Commission embraces electronic IDV In its latest amend to 4AMLD, the EC recommends using electronic ID verification The European Commission (EC) has recently published an amendment (amending directive or AD) to 4MLD, following its announcement in February 2016 that further measures were necessary to combat terrorist financing*. The EC Gambling sees accurate identification and verification of personal data as essential to combat money Housing laundering Individuals might be required to prove their full name, residential address and date of birth ideally from a government issued document which includes the customer's full name and photo, and either residential address or date of birth e.g. valid passport, valid photocard, driving licence, etc; or a government issued document (without a photograph) which includes the customer's full name, supported by a second document, either a government-issued, or issued by a judicial authority, a public sector body or authority, a regulated utility company, or another FSA- regulated firm in the UK financial services sector or in an equivalent jurisdiction, which includes the customer's full name and eitherresidential address or date of Accurate identification and verification of data of natural and legal persons is essential for fighting money laundering or terrorist financing. Latest technical developments in the digitalisation of transactions and payments enable a secure remote or electronic identification. Those means of identification as set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council should be taken into account, in particular with regard to notified electronic identification schemes and means that offer high level secure tools and provide a benchmark (Regulation (EU) No 910/2014 of the European Parliament and the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market) Therefore, it is essential to recognise secure electronic copies of original documents as well as electronic assertions, attestations or credentials as valid means of identity. * http://ec.europa.eu/justice/criminal/document/files/aml-directive_en.pdf 2016 Mitek Systems Inc. 8
The Case for Digital Identity Verification Whilst manual in person identity verification is acceptable, there are a number of reasons why electronic methods have been accepted in the UK by regulators such as the Financial Conduct Authority. Therefore it is essential to recognise secure electronic copies of original documents as well as electronic assertions, attestations or credentials as valid means of identity. DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directive 2009/101/EC 2016 Mitek Systems Inc. 9
Why Choose Mitek? Experience & Expertise Happy Users Global Leader Award Winning Innovation Commitment to delivering solutions that optimize the mobile channel for safe and secure customer acquisition Proven technology used by 5,000+ FI's and loved by over 70 million consumers worldwide Mitek is the global leader in mobile capture and identify solutions Our strong and growing patent portfolio includes 27 patents issued and dozens more pending connect: sales@miteksystems.com 2016 Mitek Systems Inc. 10