CDD: Non-Face-to-Face (NFTF) Customers

By

 

A non-face-to-face transaction is where a transaction occurs without a customer having to be physically present. Examples of this type of activity include internet banking, telephone banking, credit cards and online share dealing. Non-face-to-face business is becoming increasingly popular in the financial services industry due to increased customer demand, the high costs of maintaining personal customer contact services and the ability to transact from a distance, which has been facilitated by developments in technology and telecommunications.

With the development of technology, the number of these customers is increasing, and the number of non-face-to-face transactions has increased tremendously because people remain in quarantine under the conditions of the COVID-19 pandemic try to comply with zero contact principles.

Maintaining personal customer contact services can be quite costly, and face-to-face transactions are becoming increasingly popular in the financial services industry due to the ability to transact remotely facilitated by technological advances.

However, there is a situation where non-face-to-face transactions are considered to be riskier. That’s because most client identification procedures are designed to associate the person in front of the firm’s employee with some sort of official identification document, including the client’s face.

It is generally agreed that non-face-to-face transactions are more risky than face-to-face transactions, since the primary identification measures which must be carried out cannot include matching the face of the customer with a document. To overcome this, in some countries it is commonplace for there to be requirements for the customer to visit a branch to have their identity confirmed. However, in other countries this is not the case and the financial institution will need to assess the level of risk that the relationship poses to the firm in deciding which procedures to adopt.

 
Technology has made rapid inroads into DNFBPs, VASPs and FIs. Customers require on-demand, anytime, and anywhere services. Their customers want to perform remote and digital transactions to avoid physical presence and visits. These are digital transactions conducted via mobiles or the internet. For example, digital identity solutions can enable non-face-to-face customer identification/verification and updating of information. They can also improve authentication of customers for more secure account access, and strengthen identification and authentication when onboarding and transactions are conducted in-person, promoting financial inclusion and combating money laundering, fraud, terrorist financing and other illicit financing activities
 Risks of Non-Face-To-Face Transactions

Some of the risks that companies that do business in a non-face-to-face-customer way may face include:

  • The customer can access the convenience of making more than one fictitious application without the risk of significant detection by the company. Lack of physical documents, lack of official documents such as identity documents, signed contracts pose a risk.
  • The speed with which electronic transactions are processed can also make it difficult to verify data before a transaction is made. Controls are often delayed and have the effect of recording inappropriate action.

Types of ML/FT threat from non-face-to-face clients:

Cross-border transactions

Engaging in cross-border transactions is the most effective way for non-face-to-face financial criminals to conduct crimes. Identifying the origin and destination of funds in transactions conducted across different jurisdictions is challenging. Also, it becomes easier for anonymous customers to hide these details or produce false documents. This is how money laundering occurs predominantly in such cases.

 

Data security and privacy

Online onboarding exposes the firm to data security and privacy breaches. The genuine customers’ accounts may be taken over by criminals to perform their illegal activities, and this exposes the DNFBPs and VASPs to various types of ML/TF risks.

You must devise and apply effective AML measures to reduce the risks of such occurrences and fight the money laundering threats.

 

Fake Identities

Customers can use fake identities to open an account with your business and conduct transactions. Since you won’t be able to associate their wrongdoing with a face and identity, it becomes difficult to capture them. This anonymity of non-face-to-face customers increases the ML, TF, and PF risks for your business.

  

Hidden ownership structures

In the case of non-face-to-face customers, understanding the ownership structure is challenging. They might be using this anonymity feature to hide their beneficial ownership. There might be possibilities of the presence of shell companies to conduct transactions. This is a widespread way by which non-face-to-face clients launder money.  

With in-person onboarding, the compliance team gets a chance to ask questions and counter-question the customer. Remote onboarding works in a pre-defined way and offers little flexibility. Further, the human element is missing, so judgement is on technology to identify suspicious customers and their activities.

 

Limited visibility of customer behavior

Physical interaction with customers enables an understanding of their behaviour. In the absence of such face-to-face meetings, you have no idea of their conduct and actions. So, it becomes difficult to identify suspicious behaviour, activity, or transaction.

 

Transaction speed

Digital transactions are faster than normal in-person transactions. So, money launderers prefer to engage in non-face-to-face transactions so that criminal activity occurs faster before anyone detects suspicious behaviour.

 

Third-party risks

DNFBPs and VASPs who rely on third parties to conduct KYC and CDD  expose themselves to ML/TF risks if the third parties do not adopt adequate procedures for customer identification and verification. The criminals may exploit the vulnerabilities existing in third-party KYC and onboarding procedures and misuse the system.

 

Common ML/TF Typologies employed through NFTF Channels

 Smurfing and structuring are the most common ML/TF typologies employed by criminals onboarded through NFTF channels.

Structuring

Criminals are resorting to structuring split large transactions into several small transactions to avoid their detection. Normally, regulators across the globe have specified thresholds for reporting cash transactions.  The criminals smartly plan their transactions to avoid crossing the thresholds.

Smurfing

Smurfing is similar to structuring. Here, the criminals split transactions into small amounts and use multiple parties to deposit funds into the banking system.

Measures For Non-Face-To-Face Customers

Companies that work with non-face-to-face customers will also need to develop risk-based policies and procedures to enforce adequate controls, which will both facilitate compliance with the AML laws they must comply with and minimize their risks. The nature of such additional procedures required will vary depending on the nature and scope of the transactions. A few important points at this point are as follows:

  • Companies need to identify their customers and take additional steps to seek independent data to validate customer documentation.
  • The nature of additional measures to certify documents that require a confirmatory certificate may also vary depending on the jurisdiction.
  • Companies can work to take into account the nature of customers’ payment profiles.

.

Rısk-Based Approach To Non-Face-To-Face Customers

The extent to which money laundering deterrent measures need to be implemented can be assessed through the application of the risk-based approach. The risk-based approach to be taken should be consistent with companies’ assessments of the nature and characteristics of products or services and their money-laundering risk appetite.

Firms need to be able to decide for themselves which transactions represent a higher money laundering or terrorist financing risk and develop appropriate systems and procedures to enable them to do so.

.

Risk-Based Approach

Risk-Based Approach, Anti-Money Laundering (AML), and compliance are one of the most important components of their operations. Millions of dollars are laundered each year through financial institutions. The source of money laundering is serious crimes such as financing of terrorism, bribery, corruption, drug trafficking, human trafficking, arms smuggling.

An anti-money laundering compliance program for businesses is now mandatory for organizations at risk. As a result, regulators have given organizations some mandatory obligations to effectively combat financial crimes. In addition, the inspections made by the regulators to the organizations have increased in recent years, and heavy fines and administrative fines have been imposed on the organizations that do not fulfill their AML obligations.

.

Financial Action Task Force (FATF) Report

 

According to the Financial Action Task Force (FATF), non-face-to-face transactions and business relationships are potentially higher risk situations for customer due diligence (CDD). The FATF defines face-to-face identification and verification as in-person, while non-face-to-face identification and verification is remote. 

Financial Action Task Force (FATF) divides the non-face-to-face internet payment methods into three groups.

  • Online banking where credit institutions offer online access to traditional banking services based on an account held at the credit institution on behalf of the customer. Internet banking was outside the scope of the FATF document.
  • Prepaid internet payment products in which non-credit institutions allow customers to send or receive money through a virtual prepaid account accessed over the internet
  • Digital currencies where customers usually buy digital currencies or precious metals that can be exchanged between account holders of the same service or exchanged for real currencies and withdrawn.

.

This report highlights the importance of monitoring as it states that monitoring systems can be a very effective tool for reducing the risk of financial crime. To be effective, such systems must at least allow the provider to define:

  • Unusual or suspicious transactions;
  • inconsistencies between customer information and IP address;
  • Cases where more than one user uses the same account;
  • Cases where the same user opens more than one account;
  • Where more than one product is financed from the same source.

.

 

Here are some FATF guidelines for non-face-to-face onboarding:

·         Assess regulations

Make non-face-to-face onboarding the standard or low risk when using a Digital ID with the appropriate level of assurance.

·         Develop a multi-stakeholder approach

Create an integrated approach to understand and mitigate risks.

·         Consider lower LoA ID systems

For low money laundering and terrorist financing (ML/TF) risk, consider ID systems with a lower level of assurance.

·         Review policies

Review policies if non-face-to-face transactions or onboarding are always considered high risk, even when using a Digital ID.

 

Where products benefit from Customer Due Diligence exemptions, systems must detect that a customer is approaching a limit (either as a product/transaction or cumulatively) at which full customer due diligence should be applied.

The report acknowledges that value and transaction limits can also be a very strong risk mitigator, as they make a product less attractive to money launderers, particularly when coupled with effective monitoring systems and procedures that prevent multiple purchases of low-value cards or multiple low-value cards. According to the report, the restrictive value limits imposed by most mobile payment service providers are thought to be one of the main reasons why so far, very few money laundering case studies involving mobile payments have been identified.


With the recognition from FATF that digital identities can play a major role in:

  • Reducing risk
  • Saving money
  • Improving time to fulfillment
  • Enhancing the customer experience
  • Increasing financial inclusion



Effective AML measures for non-face-to-face customers

 Following are some of the effective AML measures that you can carry out to manage the ML/TF risks arising out of the digital onboarding of customers:

 

Apply enhanced due diligence measures for non-face-to-face clients

RE doesn’t have the customer in front for conducting the transaction. It means identity verification is a challenge. Since the risk is high, RE can’t let it go. So, RE must apply enhanced due diligence measures to prevent the risks of financial crimes:

  • Exercise caution before engaging in transactions with these non-face-to-face clients. The first payment must be from a known bank account in the customer’s name. Even for the succeeding transactions, check the details thoroughly.
  • Use safe and secure electronic identification technologies to verify the identities of the  non-face-to-face customers.
  • RE can also check the national registers of trade, businesses, associations, and patents. Even the population and credit data registers can help RE confirm the identities of the non-face-to-face customers.

A combination of these identification and verification techniques can ensure the authenticity of your customers’ documents and identities. But do check the dates of the latest updates to these registers for timely information.



Create customised identification and verification procedures

Since the risk is high, RE can have custom identity checks to protect your business. Define the minimum criteria for accepting non-face-to-face customers. This depends on the nature of the business operations. If RE’s sector is more susceptible to money laundering threats, it’s better to avoid such remote online customers. RE can define new verification procedures like submission of more documents, manual visits to the client’s office, or any other relevant action.

Conduct in-depth KYC to understand the risks of non-face-to-face customers

The first thing to match for the regulated entities is the customer’s face with the identity document. RE make a decision based on a match or no match. However, in the case of non-face-to-face clients, the customer’s face is not available to match. This is a big challenge for the RE.

RE can face such situations when onboarding a new remote customer or while conducting a transaction. So, RE must have a stringent KYC policy to know your customers better. The KYC and CDD measures are the same, plus some additional aspects. Since the risk is higher, you must ensure the following:

  • Check for certification and attestation of documents. Such certification must be from specific authorised individuals or organisations. Such attestation can facilitate higher credibility in the authenticity of documents.
  • RE must also ask for additional proof to know the non-face-to-face clients better. These documents must be from reliable sources that can verify these customers’ identities.
  • Have a known third party to guarantee the authenticity of such customers. Check if RE’s existing customers, suppliers, or associates have complete knowledge of these customers. Also, ensure that RE have complete KYC and due diligence of these third parties.

Consider the non-face-to-face clients’ geographical location

One aspect that RE can consider critically is the geographical location of the customers. Be very careful about who is onboarded as a customer. Have second thoughts if the customer is from any of the following jurisdictions:

  • Economically sanctioned
  • Weak AML controls or financial systems
  • Politically unstable
  • High levels of corruption, drug trafficking, human trafficking, terrorism, or smuggling

If the non-face-to-face customer is from any of the above jurisdictions, the smarter decision would be not to onboard them. By onboarding them, RE will  increase the risk exposure. RE will need to put more effort into KYC and CDD before transactions.

Develop a risk-based approach to respond to risks related to non-face-to-face clients

Understand that the risks from non-face-to-face clients are high. So, RE  must be better prepared for such customers. The  AML measures for non-face-to-face customers must be well-planned and defined. Give it due importance in your scheme of things so that you can prevent and avoid the risk.

Take a risk based approach to such customers depending on the following factors:

  • Industry of the operations
  • Location of customers
  • Money laundering threats from customers

If customers’ risks are high, enhanced due diligence measures should also be implemented. If the risk is low, you can continue with the existing KYC and simple due diligence.


Employ video conferencing AML measures for identifying and verifying non-face-to-face customers

RE can conduct a video-based process to verify the identities of your customers. This will be a secure, live, and informed audio-visual interaction between the regulated entity and the customer. RE must obtain the customer’s consent before conducting such a meeting.

Manage the KYC verification process through this video conferencing method. Have a live video call with the regulated entity’s KYC expert. RE will interview them with identity questions and detect their liveness. Check their identity documents live by asking the customer to hold them in the video. Match the face with the photo to verify the identity in real time. Also, click live photos for facial recognition.

However, RE also need to ensure a secure way of conducting this video interview. It must be end-to-end encrypted. The video must be clear enough to verify the identity of the customer. The live GPS coordinates and date-time of the customer interview must be available in the video recording.


Hire third parties for identity verifications of cross-border customers

Dealing with non-face-to-face clients becomes challenging when they reside in other countries. The identity documents are different from the local Indian documents. However, RE must get all possible identity and address evidence from the customers. Now, match the details provided by the customers with these documents.

One solution in these cases is to hire third parties for such certifications to prove the authenticity of documents and identities. However, RE must be careful before engaging with a third-party provider. Ensure that the provider is registered and licensed in the jurisdiction of its operations. Check the quality of its KYC and Due Diligence Technology systems and procedures. Also, management understanding and technical acumen are required to ensure quality services.


Monitor transactions for unusual trends or patterns

Transaction monitoring is an effective AML measure for non-face-to-face customers. RE should be careful about any unusual or out-of-pattern behaviour of customer transactions. So, when supervising their transactions, look out for the following:

  • Unusual pattern not matching with customers’ profiles or regular transactions
  • If more than one user is using the same account
  • If the user opens more than one account
  • If the customer information and IP address don’t match
  • If the customer uses different payment methods for different transactions

When RE see such patterns or unusual behaviour, investigate further. RE must report the issue to higher authorities and classify the transaction as suspicious.


Ongoing monitoring is a critical AML measure for non-face-to-face clients

Face-to-face customers visit RE for transactions. So RE can still verify their identities. It is also possible to monitor their activity and behaviour. However, in the case of non-face-to-face customers, ongoing monitoring is essential. You cannot skip it at all.

So, keep monitoring the customers’ risks. Keep an eye on their transactions to spot anything out of the usual. Maintain records of their transactions for a specific period for analysis whenever RE wish. Keep repeating this exercise to prevent any potential money laundering risks.

If RE have any suspicions about the customer’s activity, report it to the FIU using STR. In cases where the risks posed by customers are beyond RE’s  risk appetite, the RE  can exit the business relationship. Carefully draft your customer acceptance and exit policies to effectively counter ML/TF.


Use advanced technologies to confirm non-face-to-face customer identity

Technologies like artificial intelligence, machine learning, and blockchain have improved many sectors. RE can use the same technologies in AML measures for non-face-to-face customers. One way to do this is to use them for customer data storage data and comparison with other documents.

RE can use AI in facial recognition to verify customers’ identities based on the proof they submit. AI even helps confirm the authenticity of identity proof submitted by customers. AI makes it possible to check the passport chip of biometric passports and the authenticity of holograms. RE can use blockchain technology for secure and confidential data storage. You can also implement AML software, which supports liveness checks. It will help RE reduce deepfakes and strengthen your defenses against ML/TF.



Happy Reading,



Those who read this, also read:


1.RBI Guidance on CDD for Specific Category of Customers

2. Customer Due Diligence: Individuals


Formerly Faculty for Finance & Associate Dean, IBS-Kochi MBA (Banking & Finance – CUSAT);CFA. Accredited Management Teacher from CME of AIMA, Delhi has been in Management Education from 1988. Exposure is in the field of Mutual Funds, Market Research, Project Report preparation & evaluation, Advertising & NGO Activities. This Chief Manager, UTI Asset Management Co Pvt. Ltd(1992-2003), Mumbai. Undergone training in Case Study method of teaching under Mr. Trevor Williams and Mr. Scott M Andrews conducted by the ECCH, UK . Published Books & Book Review, Series of academic articles and maintains a column on MFs under "Fund scan" in Business Manorama since January 2007,Contributes "Portfolio Doctor" column for 'Sampadyam' a wealth mgt publication in Malayalam from manorama group since February 2007, Listed her case studies at asiacase.com.Presented papers in national & international conferences on Mutual Funds. Faculty Member @ ASIET, Kalady from 2010 to June 2019. Dean @ SNGIST, N Paravur, Ernakulam from Sep 2019 -Jan 2021, I continue my efforts to spread the knowledge in area of Finance and contribute to Management Education

Comments

Post a Comment

Popular posts from this blog

National Risk Assessment (NRA): India

By
  India's National Risk Assessment (NRA) is  an ongoing exercise to identify sectors that are vulnerable to money laundering and terrorist financing (ML/TF) .  The NRA is based on recommendations from the Financial Action Task Force (FATF) and helps inform policy-making, resource allocation, and the implementation of effective AML/CFT measures. The NRA also ensures that national strategies address both domestic and international threats. The NRA provides a foundation for informed policy-making, resource allocation, and the implementation of effective AML/CFT measures . It ensures that national strategies are aligned with the specific risk landscape of the country and that they address both domestic and international threats. The subject matter of NRA  was discussed in the Anti-Money Laundering Steering Committee (AMLSC) set up with the approval of Finance Minister, and it was decided to conduct the NRA following the World Bank methodology. The Methodology requi...
Read more

Customer Due Diligence(CDD) : Individuals

By
Image
This post is based on RBI Master Circular dated Feb 25, 2016 updated on Jan 04, 2024  Part I - Customer Due Diligence (CDD) Procedure in case of Individuals For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: (a)     the Aadhaar number where,   (i) He is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or (ii) He decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or (aa) the proof of possession of Aadhaar number where offline verification can be carried out; or (ab) the proof of possession of Aa...
Read more

Periodic Updation of Customer Risk Profile

By
1. Preparation of Customer Profile from KYC Data In the initial years of KYC, RBI has been following a handholding approach as can be seen from their circular dated July 2009 and that of Feb 25, 2016 as updated on Jan 04, 2024. RBI requires REs to conduct risk profiling and risk categorization and periodic updation.  Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy a)ii) Parameters of risk perception are clearly defined in terms of the nature of business activity , location of customer  and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorisation of customers into low, medium and high risk (banks may choose any suitable nomenclature viz. level I, level II and level III). Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher; b). Banks should prepare a profile for each new customer based on risk categorisatio...
Read more