August 6 2021
The Financial Conduct Authority (FCA) has written an open letter to retail banking chief executives in the UK. It raises concerns surrounding weak financial crime controls and anti-money laundering (AML) compliance in the sector.
UK retail banks have until the 17th September 2021 to analyze, identify, and resolve issues around “common control failings in anti-money laundering frameworks.” Failure to change may result in potential regulatory action, so banks need to take urgent steps toward securing their AML and financial crime management.
iProov can help banks with AML and other fraud protection. iProov’s remote facial biometric verification technology enables banks to verify that an online user is the right person (i.e, that the user matches the image from a trusted photo ID), a real person (not a photograph or video used in a presentation attack) and that the authentication is taking place right now (not a digitally injected attack).
Part 1: Customer verification during online onboarding
Verifying the identity of a new remote customer is the first and most crucial step in a bank’s online anti-money laundering efforts. It’s how banks ensure that they’re engaging with a legitimate individual from the beginning, which enables you to filter out potential bad actors, bots, and fraudulent identities straight away.
The UN estimates that the amount of money laundered globally each year is 2 – 5% of the world’s GDP. Fines are common: in total, global penalties for non-compliance with AML regulations totalled $36bn between 2008-2020. Verifying and enrolling your customers in a way that complies with regulatory guidelines is essential.
iProov’s simple-to-use, inclusive facial biometric technology enables you to verify each and every remote customer with the highest level of assurance. With Genuine Presence Assurance, retail banks can ask new customers to complete a brief and effortless facial scan during the online onboarding process. This confirms that a remote individual is who they claim to be, by verifying their physical face against the image in their photo ID.
This helps banks to:
Part 2: Ongoing authentication
Once you have verified a customer during onboarding, the customer will also need to authenticate themselves on an ongoing basis when they access their account online or make transactions.
An account could be created and verified legitimately, but then be compromised through account takeover fraud, identity theft, phishing, or other activity. Biometric face authentication ensures that the person trying to access an account (the ‘visitor’) is the same person that created the account (the ‘owner’).
iProov also provides banks with flexible authentication. A returning online customer that wants to check a balance or complete another lower-risk activity can use Liveness Assurance to authenticate. A brief face scan verifies the person is the right person and a real person.
But if that customer wants to complete a higher risk transaction—for example, transfer money to a new payee, change a PIN or request a new debit or credit card—iProov Genuine Presence Assurance can be used to provide additional security against fraud.
When criminals need to ‘wash’ dirty money through financial systems, they’ll use a number of methods to try to avoid detection. A few examples:
A criminal gains access to a legitimate bank account. They may have gained access to a real person’s account in a number of ways, such as credential cracking, phishing, or malware. Once they have full control of the compromised account, the fraudster then uses it to channel or ‘layer’ transactions, which obfuscates stolen money and conceals their criminal origins by passing money through multiple ‘legitimate’ transactions. The legitimate account owner may never notice, as the money simply passes through. Or when they do notice, it’s likely too late.
Rather than taking over an existing account, a criminal creates a completely new account with a bank. They go through the entire onboarding process using a ‘synthetic identity’. This is done by creating identities using a blend of fake, real, and stolen data — such as an address or phone number, or a utility bill — to create a ‘person’ who doesn’t exist. Criminals can then launder money through this new account, which for all intents and purposes looks like a real account to the bank, with real transactions.
A foreign university student sets up a legitimate bank account in the UK. When their studies finish, they return home. They are then contacted by a criminal who offers to purchase the account from them. The fraudster then uses this legitimate account to move money from account A to account B. In return, the student gets a monetary reward. This is a serious offense and form of money-muling: people agreeing to transfer money in and out of a legitimate bank account on behalf of criminals, either knowingly or unknowingly. This type of fraud has grown exponentially during COVID-19, particularly targeting younger age groups.
These are just a few of the ways that criminals and fraudsters can use financial institutions to launder money.
iProov’s remote face verification technology helps banks to mitigate against these risks of money laundering in several ways:
We’re working with a number of banks around the world to verify and authenticate customers online, helping to deliver AML and KYC compliance. These include:
You can view all of our case studies here
If you’d like to see how iProov’s Genuine Presence Assurance technology can secure and streamline your customer onboarding and authentication processes, book an iProov demo here.