The European Union’s Fifth Anti-Money Laundering Directive (5AMLD) went into force on Jan. 10, with new regulations for cryptocurrencies, wallets and exchanges. Some operators said no way, moving to countries with more relaxed rules, or simply shuttering. Best leave now if know-your-customer (KYC) due diligence isn’t your jam: The EU is already prepping 6AMLD, which cracks down even harder on money laundering, especially online gambling.
Issuers, merchants, payments service providers (PSPs) and other interested parties are closely watching developments in AML/KYC and counter terrorist financing (CTF) regulations, as governments worldwide clamp down strongly on identity scams. It’s all detailed in the PYMNTS January 2020 AML/KYC Tracker®, a collaboration with verification solutions firm Trulioo.
In the latest PYMNTS AML/KYC Tracker®, we learn that crypto is increasingly being defined as a security, not a currency – but either way, it’s getting a lot more scrutiny. Same goes for online wagering, the new favorite way for cybercrooks to launder illicit dollars.
This is all happening at a time when the concept of portable, digital, verifiable identity is seen as a global human right. The United Nations (UN) actually wants to use identity to help end poverty, calling for a digital ID for every living person by 2030. The ensuing wave of financial inclusion would not only create a more just world, proponents say: It would also unleash a rush of consumer spending as those without IDs or banking products gain new access to services.
Know Your Criminals
If it seems like regulators are singling out crypto unfairly, consider the fact that 63 percent of cryptocurrency exchanges tested in Q3 2019 were found lacking in KYC security. That provides a tiny glimpse into how vulnerable the global financial infrastructure really is, and how far AML/KYC/CTF efforts still have to go before digital identity can be completely trusted.
The January 2020 AML/KYC Tracker® goes in-depth into the “hack-to-fraud cycle” and what to watch out for, because hacker attacks are often more successful than they first appear. Issuers, in particular, are warned that traditional verification methods like knowledge-based authentication (KBA) are increasingly outmoded by sophisticated next-gen hackers.
Widely used rules-based anti-fraud measures are also not the safe bet they were just a few years ago. “The patterns of fraud are moving and adjusting so quickly that if rules are the only way you’re combating [cybercrime], you’re always going to be two steps behind,” Ryan Fox, head of global identity services at PSP Worldpay from FIS, told PYMNTS.
Solutions are meeting the challenges posed by stricter regulations on one side and smarter crooks on the other, with consumers and legitimate businesses caught in the digital crossfire. Global AML watchlist solutions like the one from identity verification provider Trulioo streamline screening workflows and keep track of sanctions requirements and other processes to stay compliant.
PSPs Taking Heat
Online outlaws make things tough for everyone, but PSPs end up bearing the brunt of much fraud-related loss. These firms have to redouble screening and authentication efforts at the onboarding level, vetting each new merchant and client with the best tools available.
Customer security and rigorous AML/KYC compliance are shaping up to be an amalgam of better systems, stricter procedures and a multi-layered safety approach to payments. The fines and penalties for law-abiding firms that fail to adequately protect customers are steep, but the loss of trust in the event of a breach is a cost no one wants to calculate.