Remote Customer Onboarding and ML/TF Risk Mitigation

It’s important for businesses to provide a smooth onboarding as customers want convenience and a world-class customer experience. Due to widespread money laundering and terrorist financing risks, the DNFBPs and VASPs are obliged to comply with KYC and customer due diligence requirements. It is important to strike a proper balance between customer experience and compliance requirements to maintain customer expectations and fight ML/TF effectively. Here is the definitive guide on remote customer onboarding and ML/TF risk mitigation to help you balance the compliance requirements and customer experience.

What Is Remote Customer Onboarding?

In today’s world, technology has made life easy and trouble-free. Technology has now been used in every sphere of life. Development in technology post–COVID has been increased. This development in technology has resulted in remote customer onboarding. The regulated entities that are subject to anti-money laundering (AML) compliance must conduct customer due diligence, which includes customer identification and verification. This KYC process can be conducted remotely through KYC software, which is referred to as remote customer onboarding or non-face-to-face customer onboarding.

Remote Customer Onboarding negates the physical presence of customers. It makes the customer onboarding process less time–consuming, accurate, easy and efficient. This even helps with customer retention as customers do not have to be physically present with all the documents for verification.

Remote Onboarding and AML/CFT Compliance

The regulated entity can conduct AML/CFT compliance in cases of remote onboarding by verifying the identity of customers without their physical presence. In remote Onboarding, the customers can be identified by live video along with some other identity proof with photo. The AML/CFT compliance in remote onboarding includes identification and verification of customers’ documents, liveness check, and behavioural analysis. The regulated entities use a risk-based approach in remote customer onboarding.

Although remote Onboarding makes the process seamless, the threat of data breach is always there. The entity should make robust policies and procedures to combat the threat of money laundering and data breaches. Moreover, the policies related to AML/CFT compliance should also be strong in cases of remote Onboarding of customers to prevent the chances of any fraud.

Digital Onboarding Process

Digital Onboarding has become the new normal as businesses have customers beyond geographical boundaries. Digital Onboarding has made it easy for an entity to onboard the customer without face-to-face interaction. The trend of video calling can be equated with the physical presence of customers. There are certain steps that an entity should take to onboard its customers digitally. Let us discuss these in detail:

• The first step in the digital onboarding process is to develop a risk-based approach. The regulated entity should adopt a risk-based approach for remote customers. These AML measures should be well-planned and clearly drafted. The CDD measures should be applied based on the level of risk the customer is associated with.
• The next step is to develop a procedure for ID verification. The entity can define criteria that customers need to fulfill in order to be eligible for remote onboarding. These ID verification checks can be prepared by an entity based on the chances of money–laundering threats.
• To understand the risk associated with remote customers, it is important to conduct in-depth KYC. The KYC process includes matching the customer’s profile with the government-issued identity document. The verification and validation of IDs reveal that the customer is a genuine person or a person with a criminal offence. The entities can also ask for additional proof from the customer to know him better.
• The entity should also consider the geographical location of its customers. If the customer is from a sanctioned region, a region with weak AML controls, jurisdictions with high levels of corruption, terrorism, etc., or a politically unstable region, then the regulated entity should exercise caution in such cases.
• It is difficult to verify the identity of customers in remote Onboarding, which is why it is important to adopt risk-based due diligence measures. It should be ensured that the first payment should be from a customer’s bank account. The entity should use safe and secure electronic identification technologies. In addition to this, the entity should also check the publicly available information about the customer from reliable sources.
• The entity can even engage a third party to identify and verify documents. It becomes difficult to verify the documents if the customer resides in other countries as documents might differ from one country to another country.
• Verification of the identity of customers can be done through video calls with the consent of the customer. The entity can ask the customer to hold the identity document in the video and match their face with the photo to verify the identity in real-time. Verification also includes clicking live photos for facial recognition and performing liveness checks to avoid the risk of deepfakes.
• The entity should use advanced technologies to verify customers’ identity. Advanced technologies help confirm the authenticity of customers’ identities.
• After digitally onboarding a customer, it is important to monitor the customer’s transaction. It will help in detecting any unusual transaction or change in the behaviour of the customer. The entities should look at whether more than one user is using the account, whether the user uses more than one account, whether the customer information or the IP address does not match, etc. The entity should also develop ongoing monitoring tools to conduct ongoing monitoring effectively.

Difference between KYC and eKYC

Know Your Customer is the process that regulated entities follow to verify the identity of their potential customer. When the KYC process is done manually, then it is called KYC, but when the KYC process is carried out electronically, it is known as eKYC. It is the digitised version of conventional KYC. There are certain differences between KYC and eKYC. Let us discuss these in detail:

• The eKYC can be performed through any platform at any time by the customer. On the other hand, KYC can only be performed during the entity’s working hours.
• The eKYC can be performed at any location. It is convenient for a customer as he does not need to visit the office for the same, whereas, in the case of KYC, it can only be performed at the workplace of a business entity requiring customer details.
• eKYC can be performed through digital platforms like apps, software and portals. On the other hand, KYC can be done through an employee of the business. The employee will guide the customer throughout the KYC process.
• In eKYC, there is no need for human intervention or minimal human intervention. In the case of KYC, human intervention is a must, as the entity’s employee will guide the process.
• In eKYC, the customer convenience is prioritised. The customer can conveniently perform KYC at any time from any place, whereas in the case of KYC, customer convenience is not prioritised; rather, it is compromised.
• The use of apps and AI make the eKYC procedure more accurate and efficient. The chances of any mistakes are minimal. Whereas in the case of KYC, the chances of any mistakes are high. It is prone to inaccuracy and inefficiency. As this is done by human beings, there is a chance of human error.

AML/CFT Regulatory Requirements for KYC and Customer Due Diligence

AML/CFT regulatory requirements for KYC and Customer Due Diligence (CDD) help in combating instances of money laundering. A well-defined KYC and CDD procedure provides a clear structure that needs to be followed to prevent cases of money laundering. Let us discuss AML/CFT regulatory requirements for KYC and CDD in detail:

• The first and foremost regulatory requirement is to conduct customer identification and verification. Countries have their own laws related to this, like the Money Laundering (Prevention and Prohibition) Act, 2022 referred to as Nigeria’s MLA, 2022 (MLPPA), which lays down provisions for identification of customers in Nigeria, Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations, 2017 talks about the identification of customer in U.K., Prevention of Money Laundering Rules (Maintenance of Records) Rules, 2005 deals with about identification of customer and CDD in India, Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 talks about CDD in Singapore, Anti-Money Laundering and Counter-Terrorism Financing Act 2006, lays down provisions for identification of customer and CDD in Australia, Cabinet Decision No. (10) of 2019, talks about CDD in UAE. The customer can be a natural person or a legal entity. Basic identity proof for the verification of name, address, and date of birth should be obtained from the customer. If the customer is a legal entity, then certification of incorporation and registered address of the entity should be verified.
• The screening of sanctions for individuals and legal entities should also be conducted. It involves checking the individuals and entities against the list of sanctioned parties. This ultimately helps in preventing business dealings with prohibited parties. If the match is found, then a report named Funds Freeze Report (FFR) or Partial Name Match Report (PNMR) is submitted to FIU.
• The entity should also prepare a customer profile mentioning details about the customer’s business, income level, value of transactions, occupation, etc.
• The entity needs to conduct a Customer Risk Assessment of each customer. This risk assessment helps the entity in knowing the risk associated with a customer. An entity considers various factors, such as geography, service, transaction, product, customer, technology, etc.
• Based on the level of risk assessment, if the risk associated with the customer is high, then the entity needs to take a risk-based approach and see if it wants to onboard the customer.
• After establishing a business relationship with the customer, it is important to monitor the business relationship continuously. The ongoing monitoring of business relationships includes monitoring the client’s financial transactions, being alert to any potential changes in the risk profile of customers, and maintaining the records of all the data, papers and information for the CDD purpose.
• If the customer appears to be suspicious, then the entity should conduct an investigation and file the STR or SAR with the FIU.
• According to AML/CFT laws, the entities are required to maintain the record and documentation for a specified period. In Nigeria, under the Money Laundering (Prevention and Prohibition) Act, 2022 referred to as Nigeria’s MLA, 2022 (MLPPA), an entity is required to maintain the record for a period of five years. In the U.K., under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations, 2017, the entity is required to maintain the record for a period of five years. In India, under the Prevention of Money Laundering Act, 2002, the entity is required to maintain the record for a period of five years. In Singapore, under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 an entity is required to maintain the record for a period of five years. In Australia, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, the entity is required to maintain the record for a period of seven years; in UAE, under Cabinet Decision No. (10) of 2019, the entity is required to maintain the record for a period of no less than five years.
• Along with fulfilling all these requirements, it is important to conduct staff training. It makes the staff aware of the CDD requirements. It will help the staff detect red flags and fulfill legal obligations related to customer onboarding.

Risks Associated with Online Customer Onboarding

Online customer onboarding has made the process of onboarding hassle-free, but there are certain pros and cons. Likewise, there are certain cons of online customer onboarding. As an entity cannot assess the customer face to face, there are certain risks associated with online customer onboarding. Let us discuss these risks in detail:

• ID Theft:

ID theft is the most common risk associated with online customer onboarding. The customer can fake their identity and open an account with the entity for making the transactions. As this is online Onboarding, it becomes difficult to identify the offender. This, in turn, increases the entity’s chances of ML/TF risk.

• Document Fraud:

In the cases of remote onboarding of customers, there is a high chance of document fraud. The customer might submit forged documents like a forged ID card or utility bill, which misrepresents their identity. This will ultimately lead to high chances of ML/TF risk for the entity as providing forged documents is suspicious conduct.

• Money Laundering:

The chances of ID theft and document fraud result in high chances of money laundering in cases of remote Onboarding of customers. Criminals can open accounts with stolen identities that look like genuine identities, and hence, it becomes difficult to catch such criminals at the time of identity verification. The suspicious and malicious identity increases the chances of money laundering for an entity.

• Terrorist Financing:

In the cases of remote Onboarding of customers, it becomes difficult to understand the behaviour and demeanour of customers, which makes it difficult for an entity to understand their actions or any suspicious activity, leading to high chances of ML/TF risk. Moreover, in the cases of non-face-to-face customer onboarding, the probability of data breaches is high as the genuine customers’ accounts may be taken over by criminals to perform their illegal activities, which might lead to ML/TF risk for an entity.

Challenges in Remote Customer Onboarding

Remote Onboarding of customers has many challenges like lack of face–to–face interaction, difficulty in ID verification, etc. Knowing the challenges will help in developing ways to overcome them. Let us discuss these challenges in detail:

Lack of Face-to-Face Interaction:

As the remote Onboarding of customers is done digitally through some software or app, it becomes difficult to have a face–to–face interaction. The face–to–face interaction helps in analysing the person better. It becomes easier to understand the customer’s behaviour and demeanour.

Difficulty in ID Verification:

The chances of ID fraud are high in cases of remote Onboarding of customers. Criminals use fake IDs to open an account, and if customer onboarding is performed remotely, it is difficult to spot fake IDs.

Difficulty in Customer Authentication:

Customer authentication in cases of remote Onboarding of customers can be done through software or app. In the cases of forged ID, it becomes difficult to verify the customer’s ID, which in turn poses difficulty in customer authentication.

Difficulty in Complying with AML/CFT Regulations:

Difficulty in ID verification or customer authentication automatically contributed to non-compliance with AML/CFT regulations. The regulations require the identification and verification of ID. If the ID is forged, the verification cannot be done properly. Moreover, it would also affect the screening of customers against sanctioned lists, as the forged ID might not be able to match the sanctioned list.

Poor Customer Experience:

The remote Onboarding of customers might be done using a software or app. There is a chance that customers will have to submit one document multiple times due to technical issues. The customer can get irritated by the blurred photos as he might have to upload the clear photo again. There are many other problems that customers have to face that contribute to poor customer experience overall.

Technological Solutions Enabling Digital Onboarding

Digital Onboarding of customers can become hassle-free with technological advancement. The use of technology makes the process of digital onboarding error-free. Let us discuss some technological solutions related to digital Onboarding in detail:

Digital ID Verification:

Digital ID verification includes the verification of customers’ IDs through ID Verification Software (IDV). The digital ID verification also involves the choice of a video call with the customer. The entity can video call the customer to match the customer’s face with the photo on the government-approved ID card.

Electronic Signatures and Consent:

Electronic Signatures provide the client with an opportunity to sign the document without their physical presence. The electronic signature is legally valid and binding. The electronic signature saves the client’s time and speeds up the document processing.

Risk Assessment:

In the case of digital onboarding, an entity can use customer risk assessment tools to analyse the risks associated with customers. The tool analyses the risk based on the geography, product/service, delivery channel, transaction history, etc. of the customer.

Secure Communication Channels:

It is important for an entity to have secure communication channels in case of digital Onboarding. Customer data should be preserved, and privacy should be maintained. The overall KYC process should comply with data privacy laws.

Blockchain and Distributed Technology:

Blockchain technology is used to preserve customer data. It helps with securing the customer’s data in blocks which cannot be hacked, making it secure and safe. This technology saves data from the offence of data breach.

Enhanced Due Diligence in Remote Onboarding

Remote onboarding of customers lacks face–to–face interaction between the entity and the customer. The entity is not able to analyse the customer’s behaviour. The chances of fraud are high; hence, it is preferred to conduct Enhanced Due Diligence (EDD) in remote Onboarding. Enhanced due diligence includes certain additional steps than standard due diligence, such as increased verification of documents, the reason behind establishing a business relationship, the customer’s source of funds, etc. Let us discuss these factors in detail below:

• In the EDD process, the entity requires additional information from the customer, such as additional proof of identity.
• The customer has to submit information related to sources of funds and sources of wealth.
• It should be ensured that in remote onboarding, the customer completes the transaction from his own bank account.
• Moreover, considering the risk appetite of an entity, senior management approval should be obtained to ensure that the Onboarding is in line with the risks a business is willing to take.
• It is also important in the case of remote Onboarding to conduct sanctions screening and adverse media checks. The entity should also regularly monitor the level of risk posed by the customer by being aware of the changes in the customer’s situation.
• As the risk is high in cases of remote Onboarding, it is important to conduct periodic reviews of customers’ profiles to be aware of the activities of the customer. This helps identify suspicious customer activities.
• It is mandatory to report any suspicious activity observed during the EDD process to the Financial Intelligence Unit (FIU).

Ongoing Monitoring of Business Relationships

In the case of remote onboarding, it is important to monitor the business relationship with the customer regularly. Regular monitoring helps track the activities of customers and prevents an entity from being at risk of ML/TF. Now, the question that comes up is, what activities of the customer should be regularly monitored? Let us discuss this in detail:

• The unusual transaction pattern, which does not match his profile, should be monitored.
• The mismatch between the customer’s IP address and his information should be monitored.
• If the customer uses different payment methods, then it should be considered a red flag and should be monitored.
• Moreover, if the customer opens more than one account, then his activity should also be monitored.

The purpose of monitoring business relationships is to identify any out-of-pattern behaviour of customer transactions to spot suspicious activities and transactions and reduce the risk of ML and TF.

Building a Secure Remote Onboarding Process

Building a secure remote onboarding process is essential for an entity as well as for a customer. Secure remote Onboarding prevents the entity from ML/TF risk. It boosts the confidence of customers as their data is protected. There are some steps which an entity should take to build a secure remote onboarding of customers. Let us discuss these in detail:

• Customer authentication:

Customer authentication and verification are important steps in securing customers’ remote onboarding. The entity should use an extra level of security to prevent identity fraud. Moreover, an entity can use software to check the genuineness of the customer’s ID.

• Data security:

The data provided by the customer should be safely stored. For this, an entity should comply with the data security rules and regulations. Moreover, important information should be shared via secure media. Data security boosts the confidence of the customer in an entity and protects the entity from breaches related to privacy laws.

• Artificial Intelligence and Machine Learning:

The use of technology makes human life easy. Technologies like artificial intelligence and machine learning can be used in AML measures. AI can help confirm the authenticity of ID proof, facial recognition, etc. Machine learning helps with screening, risk scoring, identification of suspicious patterns and transactions, etc.

• Customer education:

Educating customers about the tools used in remote Onboarding is important. This reduces the chance of any error during the onboarding process. Moreover, educating customers about security measures helps them boost their confidence in an entity.

• Staff training:

Staff training is important for making the staff aware of customer onboarding policies and procedures. It even helps the staff identify any red flags, which in turn helps curb the offences of money laundering. It even makes the staff aware of their individual responsibilities.

Importance of Staff Training in Remote Onboarding

Training the staff makes the remote onboarding process trouble-free. The trained staff is well aware of their responsibilities and fulfills them to the fullest. It removes the room for any confusion. Regularly training the staff makes them aware of the latest updates in rules and regulations as well. Let us discuss the importance of training the staff in remote Onboarding in detail:

• Training the staff regarding policies, procedures, and requirements reduces the chance of any error during remote Onboarding. Well–trained staff makes the onboarding process seamless.
• Training the staff to recognise any suspicious activities and unusual customer behaviour reduces the chances of money laundering and terrorist financing. The staff would only be able to catch red flags at the early stage.
• The staff should also be trained in ML/FT typologies, ML/FT reporting, and record-keeping requirements to prevent ML/FT and PF incidences.

Future Trends in Remote Onboarding

Technological developments in every sphere of work have been growing rapidly. It has changed the way of working in various ways. The development of technology has added many benefits to the process of remote Onboarding. As it is still growing, there will be some future advancements in remote onboarding that will make the remote onboarding process much easier and error-free. Let us discuss these future trends in detail:

• The more secure video calls in remote Onboarding will make the process easy. Sharing any information through video calls without any worry about leakage will eliminate the requirement of face–to–face onboarding. It will even allow entities to offer virtual tours and personalised assistance to customers.
• The use of AI is developing day by day. The AI will automatically capture all the information from the KYC documents and enter the details into the system. It will even help with risk identification, assessment and management, thereby reducing the ML/TF risk. It will also provide real-time support to customers by providing answers to their questions.
• For enhanced security, the use of biometric authentication will become standard practice. Biometric authentication scans the customer’s retina or fingerprint. The use of biometric authentication will help in preventing instances of money laundering.
• The burden on the staff will be reduced with the use of AI. The AI will aid customers while remotely onboarding. The AI will be capable of providing answers to the FAQs and technical assistance in remote onboarding.

Conclusion

Remote Onboarding of customers makes the onboarding process easy and quick, as customers do not need to be physically present for the Onboarding. Apart from being easy, there are certain cons associated with non-face-to-face customer onboarding. Privacy concerns play a major role in digital Onboarding. As customers’ data are preserved online, there is a high chance of data breaches. However, with the improved rules, regulations and technology, the lacunas in remote Onboarding can be eliminated.