KYC Challenges and Solutions for DNFBPs and VASPs in the UAE

Know Your Customer (KYC) is an important aspect of ensuring AML/CFT compliance. In this article, we will explore KYC challenges and solutions for Designated Non-Financial Businesses and Professions (DNFBPs) and Virtual Asset Service Providers (VASPs) in the UAE.

The Importance of KYC in the UAE

What is KYC?

‘Know Your Customer’ (KYC) is a process by which businesses undertake measures to determine the true identity of their customers. It helps them detect the involvement of such customers in any unusual or unexpected activity related to money laundering or terrorist financing.

AML and CFT Regulations in the UAE and KYC Requirements

The Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) laws and guidelines such as the:

• Federal Decree-Law No. (20) of 2018 concerning the Prohibition of Money Laundering, Terrorism Financing, and Illegal Organization Financing;
• Cabinet Decision No. (10) of 2019 concerning the Regulation of Decree Law No. (20) of 2018 on Countering Terrorism and Illegal Organization Financing and Anti-Money Laundering;
• Other sector-specific Guidelines published by the regulatory authorities (CBUAE, Ministry of Justice, Ministry of Economy, Virtual Asset Regulatory Authority, etc.);

Require Designated Non-Financial Businesses and Professions (DNFBPs) and Virtual Assets Services Providers (VASPs) to conduct Customer Due Diligence (CDD) process to identify and verify their customers prior to onboarding.

The need to scrutinise or determine customers’ true identities arises because businesses such as DNFBPs and VASPs are prone to being misused by criminals as a channel to introduce illicit money into the legitimate financial system.

The Role of DNFBPs and VASPs in AML/CFT Compliance

In line with the applicable AML/CFT laws, businesses such as DNFBPs and VASPs are required to establish internal measures to carry out the KYC procedure to supplement and ensure compliance with KYC requirements in UAE.

By implementing stringent and effective KYC measures, processes, and controls, DNFBPs and VASPs can minimise the likelihood of non-compliance events and incidents.

The AML/CFT compliance requirements require DNFBPs and VASPs to implement a Risk-Based Approach (RBA) while establishing measures to mitigate the Money Laundering, Financing of Terrorism, and Proliferation Financing of weapons of mass destruction (ML/FT/PF) risks.

The RBA means that ML/FT and PF risk mitigation measures must be in proportion to the ML/FT and PF risk the business is exposed to.

Why Effective KYC is Crucial

Implementation of risk-based KYC measures is essential to ensure its effectiveness in identifying and verifying a customer’s identity and associated customer risk. Appropriate KYC protocols help identify customers who pose ML/FT and PF risks. An effective KYC program helps DNFBPs and VASPs to:

Prevent Fraud – The KYC process helps in weeding out or segregating customer profiles that cannot be verified due to documents being forged or counterfeit. Having a KYC process reduces incidents of identity fraud and identity theft.

Regulatory Compliance – Having a KYC process helps businesses such as DNFBPs and VASPs to ensure regulatory compliance with applicable AML/CFT laws and regulations in and outside the UAE, wherever the business operates.

Safeguard Customer Onboarding and Ensure Customer Retention – An effective KYC process helps businesses onboard customers without any hassles, thus ensuring customer retention due to a seamless and convenient KYC process.

 

KYC Challenges Faced by DNFBPs and VASPs in UAE

The DNFBPs and VASPs in the UAE face challenges while implementing KYC procedures. These challenges include the following:

1. Customer Onboarding Difficulties

The customer Onboarding process for DNFBPs and VASPs presents multifaceted challenges. These challenges are rooted in setting expectations during the customer onboarding process itself, where the customer onboarding staff is unclear of the process and is unable to guide the customer appropriately to complete the KYC formality.

Customer onboarding difficulties would vary from customer to customer and business to business, based on various circumstances, such as resource constraints, involvement of cross-border transactions and jurisdictions, complex customer profiles where identification of the ultimate beneficial owner is difficult, and so on. A few other customer onboarding challenges include:

Regulatory Compliance:

A lot of DNFBPs and VASPs, due to their size and operations, remain unaware or have outdated knowledge about AML/CFT compliance requirements for conducting KYC.

Documentation Requirements:

The process of collecting and verifying customer documentation manually is a time-consuming process that causes delays and hinders the entire customer onboarding process. Also, not knowing which documents to collect and verify poses a challenge too.

Technology Infrastructure:

Outdated or inefficient tech can slow down the customer onboarding process. Hence, it is necessary to implement modern, user-friendly onboarding systems to streamline the process, enhance client experience and reduce KYC challenges.

Data Security Concerns:

Increased reliance placed on cloud storage or online record-keeping poses risks concerning data security, confidentiality, integrity, and third-party risks, such as data leakage, data selling or data theft or violation of data privacy and data protection laws.

By acknowledging these challenges, DNFBPs and VASPs can look for countermeasures to mitigating KYC challenges.

2. Verifying Identity in a Digital World

The trend of digital dealings and remote engagement has led to an increase in non-face-to-face onboarding, which poses a special challenge and increased customer risk in terms of AML/CFT Compliance.

DNBFPs and VASPs often conduct business with customers remotely, making it difficult to verify their true identities. Cybercriminals may attempt to use stolen or fake identities. In such a scenario, it becomes difficult to recognise fraudulent activities.

DNFBPs and VASPs are subject to strict regulatory requirements. Some KYC identity verification technologies may have limitations or vulnerabilities that could be exploited by cybercriminals. In such a digitally vulnerable environment, the task of building and maintaining customer’s trust is a different ballgame altogether.

One more distinct challenge arises from the global nature of digital transactions. Digital dealings often span multiple jurisdictions, each with its own regulatory framework and compliance requirement. This can introduce additional complexities in identity verification.

Other challenges include the risk of algorithmic bias, malware, data breaches, etc. Addressing these challenges requires a comprehensive approach that combines robust technology solutions, risk management strategies, and a customer-centric mindset.

3. Obtaining Information from High-Risk Customers

High-risk customers are those customers who pose a higher degree of ML/FT or PF risk due to their inherent qualities. Examples of high-risk customers include Politically Exposed Persons (PEP), individuals with criminal backgrounds or terrorist ties. They may also include sanctioned individuals and associates of criminal entities.

Dealing with such high-risk customers presents several challenges in obtaining information due to the nature of their businesses and the potential involvement in illegal activities. These challenges could be:

Limited Availability of KYC Data:

High-risk customer may not provide detailed information about their identities, sources of funds, and beneficial ownership due to the possibility of their direct or indirect involvement in illegal activities.

Complex Business Structures:

High-risk customers often operate through complex business structures, making it difficult to identify the Ultimate Beneficial Owner (UBO).

Use of Cryptocurrency and Anonymous Transactions:

VASPs, especially those dealing with cryptocurrencies, may face challenges in obtaining customer information due to the anonymous nature of blockchain transactions.

Sophisticated Money laundering techniques:

High-risk customers usually employ sophisticated ML techniques, such as structuring, to avoid detection or use of front companies, further complicating the process of obtaining accurate information.

4. Keeping Up with Evolving Regulations

DNFBPs and VASPs face significant challenges in keeping up with regulations due to the dynamic nature of the regulatory landscape.

Firstly, the pace at which regulations are being introduced or modified creates a constant need for DNFBPs and VASPs to stay informed and update their compliance procedures accordingly.

Secondly, the introduction of new technologies and business models in the financial sector introduces new regulatory considerations that must be addressed.

5. Technological Obstacles

In the realm of AML/CT, developing and maintaining robust systems can be challenging and resource-intensive, especially for smaller firms, as they have limited technological capabilities.

Secondly, cybersecurity concerns are rising day by day. Cyberattacks, including phishing, malware injections, and ransomware attacks, bring significant risks to the integrity of operations and the confidentiality of customer information. It is advised to regularly update systems to stay a step ahead of evolving cyber threats.

Legacy Systems and Manual Processes

Legacy systems refer to outdated technology platforms, software, or hardware that are still used in the organisation.

Manual Processes, on the other hand, involve tasks that are performed manually by humans without much intervention from digital systems.

Both DNFBPs and VASPs often struggle with legacy systems and manual processes, which disturb their agility in adapting to the rapidly evolving AML landscape.

Outdated software and hardware legacy systems bring challenges in terms of scalability, interoperability, and integration. These challenges are very much prone to errors, increasing compliance burdens on DNFBPs and VASPs.

DNFBPs, for example, real estate agents may rely on antiquated paper-based processes for property transactions, which are time-consuming and prone to discrepancies.

Similarly, VASPs face distinct challenges to the complexities of blockchain technology and decentralised networks, which require specialised expertise and infrastructure.

All this can lead to inefficiency, security vulnerabilities, and KYC compliance gaps for DNFBPs and VASPs.

6. Data Integration and Security Concerns

Integrating diverse data contains complexities for maintaining accuracy and complying with regulations. Seamless integration across platforms is crucial for carrying out operations efficiently.

In this era of advanced technology, integrating data from blockchain networks can be challenging due to factors like immutability, transparency, and cryptographic security. Likewise, integrating other data, such as legal documents, case files, multiple property findings, and so on, can be complex and time-consuming.

Managing data while ensuring the safety of sensitive customer information is extremely important.

In such situations, carrying out KYC effectively poses a huge challenge due to the involvement of blockchain, where identification details for the KYC of the originator and beneficiary are very difficult to obtain.

Solutions for Effective KYC in UAE

Leveraging Technology

Making the most out of technological advancements helps in solving the KYC challenge puzzle. The latest tech has many benefits in eliminating and discouraging the act of money laundering. There are some ways to implement effective KYC measures by leveraging technology:

Biometric Authentication:

Biometric authentication techniques like fingerprint scan, facial recognition, voice recognition, or OCR (Optical Character Recognition) can be employed to verify clients in the KYC process. This aids in maintaining high security and accuracy levels during KYC and solving KYC complexities.

Blockchain Technology:

Blockchain helps ensure that the customers’ data is stored safely and securely in non-editable storage. Blockchain can operate as a transparent portal and help in maintaining user privacy, thus leading to safe KYC solutions.

Machine learning and AI: Machine learning is more prominent in digital environments. Applying machine learning algorithms can simplify the identification of customers’ suspicious behaviours or fake transactions. AI-based KYC processes can automate identity verification to speed up operations and enhance accuracy.

eKYC (Electronic Know Your Customer): It is a process of verifying customer identity through an online process. eKYC software is developed with a high level of protection to prevent financial fraud. It comes with features like OTP (One Time Password) and Video KYC, helping in boosting the reliability of the process.

By leveraging these technological solutions, financial institutions can effectively strengthen their compliance efforts and provide a smoother and more secure experience to their customers.

KYC Automation and Identity Verification Tools

Relying on KYC automation tools helps reduce manual data entry and data verification of customer details. KYC software takes care of verifying customer details from reliable public sources, increasing the accuracy of the KYC process itself.

Identity verification tools usually work in combination with the KYC and CDD tools. DNFBPs and VASPs should consider having a one-stop solution to fulfil their KYC obligations.

Customer Onboarding Platforms and Workflows

The formulation and implementation of Customer Onboarding Platforms and Workflows helps businesses with KYC process by:

1. Employing the AI-driven KYC process, including features that would allow faster verification without risk of non-compliance.
2. Utilising systems like biometric checks, liveness checks, and digital IDs to add an extra security level.
3. Implementing flexible workflows to speed up quick approval of clients with low risk while slowing down the process for customers with relatively high risk.
4. Ensuring that all KYC processes work across multiple channels – the web, mobile, and in-person for a well-rounded customer experience.

Blockchain for Secure Data Sharing

Blockchain technology can be used for KYC compliance requirements in the following ways to ensure Secure Data Sharing:

1. Using blockchain’s decentralised approach to set up a tamper-proof KYC data storage.
2. Smart contracts can be used to automate KYC processes, they provide data integrity in the KYC process and still, maintain compliance with regulations of all transactions performed.
3. Introducing secure, direct data exchange to regulatory bodies by minimising existing data duplication and thus making the system more efficient and cost-effective.
4. Aligning with privacy-preserving techniques like zero-knowledge proof, responsible for data sharing while shielding customer information.

Conclusion

With the dynamic nature of the AML regulatory landscape and constantly growing businesses, the need for effective and efficient KYC procedures has become more important. This importance cannot be overstated.

KYC serves as the primary safeguarding technique in combating ML/FT and PF. Automated KYC solutions in UAE ensure effective AML compliance and protect the data integrity of customer information. Therefore, it is crucial to adopt KYC solutions to ensure regulatory compliance by leveraging advancements in technology.