The launderer always blinks twice

My money laundering news alerts have been very, very quiet in the past fortnight – not for one moment do I think this means that money laundering has stopped, or even decreased markedly, but understandably businesses and law enforcement agencies need time to adjust to new ways of working, and AML is just not top of the agenda at the moment.  (Not that it often is, except during rare spikes of interest when we’ve had a ginormous laundering case in the news.)  But one AML-ish topic that is generating a fair amount of discussion is the acceptability or otherwise of verification of client identity at a remove.

Of course, there have always been clients who are identified remotely – online casinos never meet their players, and even more traditional businesses like banks now offer online services to clients who never set foot in a branch.  But it has been generally accepted, using the risk-based approach to AML, that “non-face-to-face client” will be a trigger for a higher risk rating and suitably enhanced due diligence.  Businesses are now having to recalibrate to a situation where – ironically – meeting a client face-to-face is far too risky, and therefore the remote client is the new standard risk proposal.  As I posited in my previous post (don’t say that too quickly), how will we undo staff and client expectations when life goes back to normal – will clients who have become used to remote verification be even more ticked off than usual when we ask them to call in with their passports?  “You believed me when I was sitting at home in my pyjamas and Zooming you – why won’t you believe me now?”

Talking of Zoom, yesterday the Guernsey Financial Services Commission addressed this very issue, issuing detailed guidance on when video calling can be used to verify the identity of individuals.  Crucially, the point is made at the end that “a firm is required to periodically review the identification data it holds on a business relationship to ensure that it is accurate and remains relevant [and] the Commission would expect these reviews to include a determination that verification of an individual via video remains appropriate and relevant in light of the activity over the business relationship and the risks associated with that relationship”.  In other words, when it’s back to business as normal, a video chat with someone may well no longer cut the AML mustard.

Of course, video ID – as it is sometimes called – was around pre-pandemic.  I have found a terrific article on it by two German lawyers, who make the frightening point that you might not be talking to the client in real-time but have been duped into conversing with a clever recording.  In order to check the client’s “liveness”, you should “request  specific actions of the person to be identified (e.g. blink the left eye twice)”.  I reckon we could have some fun with this, perhaps drawing on “Candid Camera” for inspiration.

This entry was posted in AML, Due diligence, Money laundering and tagged , , , , , , , , , . Bookmark the permalink.

7 Responses to The launderer always blinks twice

  1. CDWOS says:

    Susan, Hope you are keeping well and the garden must be close to immaculate by now!! Interesting! At least GFSC have tried to say something constructive, the other island regulatory has simply advised that as face to face is not available there are other methods of verifying ID! Of course no one in the industry will have ever realised that before.
    Stay well

    • It’s an interesting contrast: the garden is indeed immaculate, but the house is a tip. And yes: it is (nearly) always good when a regulator gives detailed guidance rather than a general statement (of the bleeding obvious).

  2. Mark Cardwell says:

    My guess is that our current “enforced remote working” will be an accelerator for all kinds of digitalisation. (I suggested over on LinkedIn that everyone is getting used to online services, and disruptors are gaining a load of experience in delivery and scaling. https://www.linkedin.com/pulse/piecing-business-together-again-mark-cardwell).

    Regulators may of course choose to be conservative, but we’ve already got online identification and address verification for UK bank accounts. The slightly stricter German version which requires a video interview is interesting – but already that can be done by API – solarisBank offers KYC-as-a-service.

    Travel was already going out of fashion; now face-to-face contact has become problematic. Look out for much more “remote presence” tech. Watch too for ever-increasing use of additional data sources, and a fight for who collects and analyses that data.

  3. Roy McCarthy says:

    Slightly off the subject Susan, you’d have had a heart attack watching ‘The Gambler’, 2014 version set in Los Angeles. Rich mother goes into bank and withdraws $250,000 in cash – the clerk is a bit concerned but hands it over upon production of passport. Rich mother’s son walks into a casino, unchallenged, with the $250,000 and blows it all on blackjack.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.