Login
Contact Sales
Login
CONTACT SALES
Improving Business Resilience with Intelligent Compliance Automation

Improving Business Resilience with Intelligent Compliance Automation

by | Apr 16, 2020 | iComply Insights, News & Events, Updates

Improving Business Resilience with Intelligent Compliance Automation

How financial services providers can take advantage of the new contactless culture

With new measures in place that require remote work and social distancing, the broader finance industry is set to look very different going forward. For board executives, management teams, and compliance officers, now is the time to rethink the most basic aspects of how financial services work.

Distribution channels that previously relied on branches or face-to-face meetings are becoming increasingly redundant. Strains on personal and business finances means financial service providers have to act quickly and with conviction when disbursing new capital. With both channels, financial services providers will still have to maintain compliance requirements, even when these core business operations were not designed to work digitally. 

Financial services providers could use this time to fundamentally overhaul the relationship with their customers while maintaining business and operational resilience. Businesses that successfully implement digital services for a new contactless culture will be rewarded in the long-run.

So what does the future look like for financial service providers? And where are the opportunities to improve internal operations and the overall customer experience?

In this post, we answer the above questions focusing on retail and commercial banking verticals. This article can be used as a checklist for compliance teams, boards, and product managers who are looking for ways to reduce costs, risk, and complexity or to improve staff capacity, effectiveness, and customer experiences.

 

Comparing Today to the Future

Most people are familiar with the process of opening a personal and/or business bank account. Will that familiar process be used in the months and years ahead? Likely not. While much of the client experience in financial services today is digital, there are a few core business processes that remain manual or require face-to-face business. 

Here are some key processes that we see boards and management teams reevaluating as they compare the old landscape with the new.

 

Client Onboarding

This is the first step of the process where financial service providers gather information on their clients. 

 

Standard Operating Procedures

  • Client must attend branch or meet agent in person
  • Physical and operational security measures in place and abided by
  • Data protection, privacy, governance, and cybersecurity measures in place and abided by
  • Training for frontline staff to validate client eligibility
  • Internal procedures for enhanced due diligence when needed, usually by email or additional in-person meetings

Non Face-to-face

  • Client goes to secure website or mobile application 
  • Data protection, privacy, governance, and cybersecurity measures are in place to prevent manipulation from bad actors
  • Onboarding logic includes validation and segmentation for additional KYC requirementsin real-time while the client is still in the onboarding process
  • Enhanced due diligence requests can be automated, reducing onboarding time and costs

Identity Verification

Financial service providers, through their “Agents”, must verify and document the identity of the client for KYC and AML requirements.

Standard Operating Procedures

  • Agent views ID documents, signs attestation of authenticity, and visually confirms identity match
  • Documents need to be transported and stored securely
  • Client information is processed manually or via batch refresh
  • Agents require document authentication training and typically can only authenticate local documents
  • Document authentication processes include manually viewing templates or using document authentication software
  • Identities can be verified in 5 minutes, when a qualified agent is available

 Non Face-to-face

  • User documents are validated using machine vision
  • Address and identity are confirmed by qualified third-party data sources
  • Secure client-side verification enables user data to be processed without leaving the user’s device
  • Compliance managers configure controls in online identity verification services to support documents from over 200 jurisdictions
  • Automated document verification detects fraud, low image quality, and user errors before the document leaves the user’s device
  • Identities can be verified in under 20 seconds

Risk Screening

Once the client’s identity information is verified, financial service providers search for potential risks such as adverse media mentions, sanctions, watchlists, relations to politically exposed persons, and more.

Standard Operating Procedures

  • Compliance teams log in to back-office systems to conduct searches and manage cases. Searches must be thorough, as names such as “John” can have varied spelling and homonyms: “Johnathon, Jon, Johan, Juan, etc.”
  • Each search must be documented for future audit and reporting. Any search result must be analyzed according to the firm’s policies to determine whether it is a True or False positive
  • True Positives will be calculated against the firm’s risk assessment program in preparation for Risk Classification
  • Data sources are reviewed and updated periodically (typically every 1-3 years) by risk analysts

Non Face-to-face

  • Client information is passed directly through artificial intelligence (AI) processing systems to analyze the results of thousands of searches simultaneously; any potential results are escalated to the compliance teams for analysis 
  • False positives are reduced using fuzzy matching and Levenshtein distance algorithms, and escalated for analyst review
  • True Positives are used to update Risk Classification in real-time
  • Documentation of all functions are generated autonomously. Data sources and profiles are reviewed and updated every night via AI; potential matches are escalated to risk analysts for final review

Risk Classification

Clients are assigned a risk rating and risk score, and segmented based on “red flags” such as jurisdiction, industry, risk screening results, and internal data sets.

Standard Operating Procedures

  • Compliance teams review the client case, any risk identified, and classify the risk level of the client
  • Quality assurance is conducted after the fact, usually during annual or periodic reviews

 Non Face-to-face

  • Scoring systems and automation thresholds automatically update risk scores, rating, classification
  • Quality assurance triggers create escalations for compliance teams to review

Low-Risk Clients

The client profile is reviewed for completeness and red flags before final approval.

Standard Operating Procedures

  • Compliance or account teams review the client profile.
  • Missing information may require additional client meetings or trigger enhanced due diligence procedures 
  • Account is opened manually or via API

 Non Face-to-face

  • Client profile has already been validated for completeness with onboarding controls 
  • Account is opened manually or via API

High-Risk Clients

Red flags may require enhanced due diligence, risk assessment, and potential reporting.

Standard Operating Procedures

  • Manual procedures include data management, additional risk screening, physical document processing, and reporting for SARs and filings
  • Account managers are notified of additional requirements from the client
  • Materials are typically submitted physically or via unsecure email
  • Fragmented or legacy technology solutions do not support remote staff or client operations
  • Total decision time per case: 48-72 hours
  • Account is opened or declined

 Non Face-to-face

  • Automated data processing and AI in risk screening enable unique search profiles to reduce errors due to manual procedures
  • Account managers and clients can be notified through push or email notification
  • Materials are submitted through secure and encrypted client portals
  • Intelligent AML solutions support remote operations, automate configurable workflows, and generate SARs and reports for filings
  • Account is opened or declined

Transaction Monitoring

Each transaction must be screened across multiple factors such as country, industry, beneficiary name, volume, and value of transactions.

Standard Operating Procedures

  • Threshold-specific procedures are maintained in company manuals and training sessions
  • Periodic reviews identify risk after the fact and increase remediation costs

 Non Face-to-face

  • Threshold-specific workflows trigger unique due diligence requirements, screening profiles, and generate reporting documents
  • Compliance teams can focus on exceptions, not data entry

Ongoing Monitoring

Risk screening data must be updated, not only to onboard new users but also to rescreen your existing clients for new risk.

Standard Operating Procedures

  • Risk data updates are done manually, often without re-screening of existing clients
  • Re-screening procedures face the same challenges as the initial risk screening

Non Face-to-face

  • Risk data is refreshed each night
  • Re-screening procedures identify net new risk for every client in your KYC software, reducing noise and improving productivity for compliance teams

KYC Data Refresh

Knowing your customer requires that you maintain accurate and current records. Clients may change their name, address, citizenship, or need to update KYC documents on file.

Standard Operating Procedures

  • KYC document templates require version control and physical document destruction for stale documents
  • Clients send sensitive personal information over mail, courier, or unsecured email
  • Expired data may require face-to-face meetings with licensed agents and transaction freezes, which increases client frustration

 Non Face-to-face

  • KYC document template versions are managed by system admins and pushed into client workflows in real-time
  • Clients submit personal information securely through an encrypted KYC portal in your website or mobile app
  • Data expiry dates trigger refresh requests to clients through email or push notifications in your website or mobile app

Ongoing Access Management

Verifying a user’s password only ensures the user has access to your client’s password.

Standard Operating Procedures

  • Online access security questions can be bypassed if hackers or thieves have enough of your client’s information
  • Face-to-face meetings with tellers or agents include manual identity verification
  • E-signature fraud creates risk, liability, and requires additional identity assurance in material agreements

 Non Face-to-face

  • Live face matching quickly enables the user to easily perform biometric authentication more securely than security questions
  • Identity verification processes can be witnessed during video meetings to enable contactless meetings
  • Biometric authentication enables “Smile to sign”, live face matching, and fraud monitoring to ensure strong client authentication at all times

In Closing

Most financial services providers spend over 10% of their gross annual revenues to complete their standard operating procedures. As we have seen, there is ample opportunity to apply new regulatory technologies to name screening, risk scoring, portfolio risk assessment, and AML reporting. Client data management enables financial services providers to reduce cost, risk, and complexity while improving staff capacity, effectiveness, and customer experience.

Migrating customer onboarding and compliance workflows to digital-first channels can be challenging. Costs have mushroomed and complexity increases with each additional jurisdiction you serve. Customer expectations on user experience, contactless availability, and KYC friction are changing rapidly. 

Compliance teams, boards, and product managers should regularly re-evaluate their KYC and AML systems to identify weaknesses, better manage risk, improve staff capacity, reduce vendors, cut costs, and improve their client’s KYC user experience. We hope this article can serve as a valuable resource for your business. 

 

Thanks for reading!

The iComply Team

About iComply

iComply Investor Services Inc. (“iComply”) is a regtech company that provides automated KYC and AML compliance solutions for non face-to-face financial and legal interactions. iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.

Microsoft Partners with iComply to Enable Remote KYC and AML Verification

Microsoft Partners with iComply to Enable Remote KYC and AML Verification

by | Apr 14, 2020 | News & Events, Press Releases, Updates

Microsoft Partners with iComply to Enable Remote KYC and AML Verification

Partnership provides financial service providers, financial planners, law firms, mortgage brokers and insurance agents with a full suite of tools to serve clients without face-to-face meetings

Vancouver, B.C. – April 14, 2020 – iComply Investor Services (“iComply”), a leading regtech software provider, is announcing it has partnered with Microsoft to offer its intelligent KYC and AML services through over 64,000 Microsoft solutions providers worldwide. This enables financial services providers to fast track their digital transition and enable a contactless customer journey.

Now available through Microsoft’s Appsource and the Azure Marketplace, iComply’s KYC Essentials solution enables businesses to quickly deploy banking-grade identity verification and AML screening tools directly into their website, mobile app, or client portal. 

“Businesses that rely on face-to-face interactions for client onboarding and identity verification need help to close these gaps in their digital operations,” said Matthew Unger, CEO of iComply. “iComply enables businesses to securely deploy unique compliance workflows with clicks, not code, reducing cost and manual processes.”

iComply’s compliance tools can be set up within days and do not require developers or downloadable apps. By verifying the user’s identity “client-side,” iComply ensures personal data is protected and never has to leave the device to be authenticated. This innovation in privacy reduces liability, cost, and helps to identify fraud early. 

“It’s common for digital onboarding services to send user’s data into unknown jurisdictions or employ hundreds of people to review photos manually for face matching. Conversely, our verification tool uses artificial intelligence for verification and facilitates unique AML workflows by jurisdiction to improve compliance, scalability, accuracy, cyber-security, and unit economics,” added Unger.

-##-

Learn more about iComplyKYC

 

About iComply Investor Services Inc.
iComply Investor Services Inc. (“iComply”) is a Regtech company that provides fully-digital KYC and AML compliance solutions for non-face-to-face financial and legal interactions. iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience. By partnering with multinational technology vendors such as Microsoft, DocuSign, Thomson Reuters, and Refinitiv, iComply is bringing compliance teams into the digital age. Learn more: www.icomplyis.com 

Canadian Regulators Issue Warning for Halifax & Associates

Canadian Regulators Issue Warning for Halifax & Associates

by | Apr 7, 2020 | Compliance Updates, iComply Insights

Canadian Regulators Issue Warning for Halifax & Associates

Multiple Canadian regulators issued investor alerts against online trading platform Halifax & Associates for selling illegal securities

What Happened?

April 7, 2020: Manitoba, Nova Scotia, British Columbia, and other Canadian securities commissions have issued a warning that Denmark-based Halifax & Associates–claiming to be a cryptocurrency trading platform–has been defrauding Canadian investors. The Manitoba Securities Commission (MSC) claimed that a resident was scammed out of CAD$8,000, while the Nova Scotia Securities Commission (NSSC) notes that multiple investors in that province were defrauded.

Source: https://nssc.novascotia.ca/sites/default/files/docs/2020-04-06-NSSC%20Halifax%20and%20Associate%20Investor%20Alert.pdf

Who Is Impacted?

Financial services providers targeting Canadian residents.

Why This Matters?

The Investor Alert helps Canadians assess the credibility of the firms they deal with, or intend to deal with. Investors who do not heed these warnings may be at risk of a total loss of capital–with no recourse for recovery–when dealing with fraudulent and unlicensed service providers operating outside of Canada’s regulatory oversight.

What’s Next?

By issuing the Investor Alert on Halifax & Associates, the NSSC has sent a clear message that these unlawful practices of promoting an unlicensed business can result in public enforcement. This alert could damage a company’s reputation in the public and create barriers to their future growth and development.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.

iComply Announces $2M Grant for COVID-19 Relief

iComply Announces $2M Grant for COVID-19 Relief

by | Mar 31, 2020 | News & Events

iComply Announces $2M Grant for COVID-19 Relief

Announcing iComply for Good, a $2M Services Grant for Government and Community Organizations Responding to COVID-19

Overview

March 31, 2020: The iComply for Good Services Grant is a $2M USD funding stream delivered for COVID-19 relief or response through eligible government agencies, registered charities, and community organizations. As the community support and engagement program for iComply Investor Services, iComply for Good‘s purpose is to strengthen the resilience, continuity, and remote operations capacity of our community organizations and social services.

Due to COVID-19, many organizations are scrambling to ensure their core functions can be safely and securely completed remotely. Governments need to identify and serve their citizens digitally. Universities, schools, and workplace education have moved online. Reporters and healthcare workers are battling misinformation and need to validate subject matter experts at scale. Charities need to accept donations and verify the source of funds without physical paperwork or face-to-face meetings.

iComply for Good is here to help these organizations survive and thrive despite the unique challenges of this new landscape.

We accomplish this by focusing on:

1. Building capacity through technology
2. Scaling impact through business process automation
3. Empowering organizations to support remote operations
4. Inspiring our peers to find creative ways to give back to our communities

Eligibility

Funding can be used to support client-side identity verification and document authentication, and e-signatures for remote operations, government subsidy claims, witnessing e-signatures digitally, source of funds, or source of wealth, KYC process automation, and AML risk intelligence data.

The following types of organizations will be prioritized in the grant assessment process:

      • Healthcare
        Meet “Know Your Patient” requirements. Support virtual consultations. Protect patient identities and personal data according to local data and privacy regulations.
      • Government
        Protect citizens’ personal information with client-side identity verification. Reduce fraud in subsidy claims processes. Directly and securely integrate verification programs into government datasets.
      • Online Education
        Move classrooms and tests online. Avoid the “streamlined onboarding” fallacy and ensure the user behind the screen today is the same person that was originally verified.
      • Charitable Organizations
        Verify the identities of new staff, volunteers, donors, and more. Perform enhanced due diligence, source of funds, and source of wealth checks according to your policies and procedure
      • Community Organizations
        We are happy to support community services and relief efforts such as verifying employees, volunteers, or stakeholders directly through your social media channel, website, email,  or mobile application.

Applying to iComply for Good

iComply for Good’s service grants program provides funds to cover 25-100% of the costs of iComply products, services, and data. 

There is no deadline to apply, and we evaluate applications on a first-come, first-served basis. If you are a government or community organization that needs digital identity resources to support remote operations, apply now!

Apply Today

 

 

Why iComply

iComply’s solution loads a unique identity verification program into your website or mobile application. This ensures your user’s data stays on their device, in their jurisdiction, and can be sent directly and securely to your own servers, websites, or applications.

Client-side verification is a new technology that reduces the cost of identity verification by up to 80% compared to API or mobile app based KYC or identity verification services. This proprietary iComply technology ensures the highest institutional standards for data privacy, processing, and retention. Deployed in minutes using drag-and-drop verification widgets, these tools can optimize remote operations.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.

Luxembourg Targets Companies in “Non-Cooperative” Tax Jurisdictions

Luxembourg Targets Companies in “Non-Cooperative” Tax Jurisdictions

by | Mar 26, 2020 | Compliance Updates, iComply Insights

Luxembourg Targets Companies in “Non-Cooperative” Tax Jurisdictions

Luxembourg to Deny Tax Deductibility for Companies Based in “Non-Cooperative” EU Countries

What Happened?

March 25, 2020: According to the official portal of the Grand Duchy of Luxembourg, Luxembourg Government Council adopted a draft bill (Number 7547, the “Bill”) denying the tax deductibility of interest and royalties paid by associated enterprises established in countries listed by the EU as “non-cooperative”.

Source: http://www.legilux.public.lu/eli/etat/leg/loi/2020/03/25/a192/jo

Who Is Impacted?

Businesses engaged in transactions with entities (individuals, organizations, or governments) based in, or operating through, the listed jurisdictions. The biggest impact in Luxembourg will be on the fund industry players, such as:

  1. Investment funds and alternative investment fund managers (AIFMs),
  2. Fund administrators and corporate service providers/fiduciaries, and
  3. Banks who provide the payment infrastructure for subscriptions/redemptions and dividend/interest payments.

Why This Matters?

Luxembourg is the second-largest fund center in the world (after the U.S.) and has a strong interest in compliance and the application of transparency regimes. Not only is it considered a safe haven of assets, but it is also the go-to jurisdiction for international players seeking to access the EU market.

Luxembourg (legally) has a flexible structuring regime of transactions that involves exposure to various countries—amongst them, the Cayman Islands. Putting the latter onto a blacklist would put off new structures and trigger internal “enhanced due diligence” measures in all financial institutions and financial service providers.

Further clarifications as to why there is a business relationship would need to be justified by the client. In the worst case, this would potentially involve the filing of suspicious activity reports (SARs) to the FIU, causing potential further investigation by the state prosecutor and the police.

Does this change create new opportunities? If so, what might they be?

This certainly creates opportunities, as it strongly incentivizes “blacklisted” countries to work on implementing tax transparency measures to be able to continue accessing the EU markets faster and easier, and by gaining an international reputation for being removed from the blacklist. Speaking for Luxembourg—in complying with this proposal, it would confirm its status as serious jurisdiction that takes factual measures towards limiting international tax arbitrage and tax evasion, which is an intra-European competitive advantage.

Does this change create new risks? If so, what should stakeholders be looking out for?

Indeed—this is not only a tax-related subject, but it can also cause waves for compliance officers, MLROs, and directors responsible for these tasks. Since the 4th AML Directive, stakeholders should very much be aware that tax evasion and aggravated tax fraud is subject to EU-wide Anti-Money Laundering and Anti-Terrorism Law. In Luxembourg, these are covered under local CSSF Circular 17/650 on tax transparency.

How does this impact compliance teams, and what can they do to stay ahead of these changes?

Be aware to check your Compliance Monitoring plans and update your policies and procedures accordingly to cover these aspects during onboarding, and also under an ongoing review basis. Compliance teams should escalate these topics with their senior management and potentially consider external help to cover these requirements. The world is changing and compliance is not going away—adoption is the key.

What can management teams or boards of directors do to stay ahead of these changes?

One way to stay ahead is to subscribe to newsletters of law firms, regulators, and regulatory advisors to keep in touch with current developments. Another good way would be to use an existing budget on Continuing Professional Development (CPD) for training and courses to ensure the information is also given to your employees. Most breaches can be avoided and resolved before an expensive penalty—it is more expensive to be non-compliant than compliant.

What can service providers do to help their clients stay ahead of these changes?

Service providers can build the IT and operational backbone covering these new requirements. Talk to your clients openly about what they are struggling with and work on giving them a tailored solution. Companies are all people businesses, and understanding people’s concerns will make you only more valuable.

Subscribe to Regwatch newsletter

Author — DIMITRIJ GEDE

Dimitrij Gede is the Principal and Founder of Anagram Compliance, a specialized AML compliance and technology advisory firm that bridges traditional finance to the modern digital economy. He provides professional compliance services utilizing existing financial infrastructure and leveraging the capabilities of fintech and regtech.

Previously, Dimitrij led the creation of a KYC department at Deutsche Bank and gained in-depth experience working as a Compliance Officer at an FTSE 250-listed subsidiary in Luxembourg. Apart from his activities in blockchain and compliance associations, Dimitrij is actively engaged in regulatory policy for Luxembourg and has spoken publicly on AML regulation and compliance in the EU and Asia. He is listed as a top 100 EU blockchain expert by the Frankfurt School of Finance.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.