How to remotely complete your customer due diligence requirements

Bypassing the main banks in sending money offshore can be a profitable business. But companies need to be aware that breaches of the increasingly tough enforcement of laws governing international money laundering can result in hefty fines.

The head of New Zealand Internal Affairs’ Anti-Money Laundering group Mike Stone says that about NZ$1.35 billion from fraud and illegal drugs is laundered through New Zealand businesses alone each year, according to an article published by Martin van Beynen on Stuff earlier this year.

The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT) came into force in 2013. It requires financial businesses including accountants, financial funds, lawyers and real estate agents, to proactively detect money laundering and potential terrorism financing. Closely linked, and in response to the act, has been the growing need for companies to maintain much more efficient systems to ensure effective and reliable Customer Due Diligence (CDD).

Under the act, while the level of scrutiny can depend upon the customer, businesses such as money remitters and currency changers are obliged to vet their customers before acting on their behalf. Money remittance businesses in particular can pose a potentially high risk of being used for money laundering as they often transfer cash and specialise in moving money quickly between countries.

The act imposes a duty on all financial institutions to tell the police about suspicious activities and requires strict record keeping. Businesses need to maintain a thorough compliance programme that allows them to demonstrate to the authorities how they have assessed the risks posed by each customer. That is especially the case with customers requesting large and unusual transactions, notes Van Beynen.

He cites the case of two linked operations, which managed to process well over $400 million of transactions between 2015 and 2019 in breach of the money laundering laws. A Christchurch business, operated under the name MSI Group, was involved in currency changing and remittance, mainly from New Zealand to China. Customers put at least $213 million through the company’s bank accounts between 2015 and 2019. An operation in the same group, OTT Trading, was doing the same thing in Auckland, running up $196 million of transactions in the same period.

The companies stopped trading when they were fined a combined total of $7.58 million, in court action brought by the Department of Internal Affairs (DIA). The DIA doesn’t expect to see the money as the offending companies’ bank accounts had by then been cleaned out. However, the DIA told the court that the impact of the legislation was not always widely known, and that its main message in bringing the case was to send a message that non-compliance could be expensive for perpetrators.

However, AML/CFT compliance doesn’t need to be complicated. Credisense recently launched its own Software as a Service (SaaS) product called OneMatch, which provides AML/CFT and CDD services online.

OneMatch is fundamentally an electronic “know-your-customer” feature that provides companies with a reliable, safe way of automating customer identity verification. It allows customers to complete an electronic identity verification process from the convenience of their own home, if necessary.

Under the act’s Amended Identity Verification Code of Practice, electronic verification is considered to be where a customer’s identity is verified remotely or non-face-to-face. It has two key components: firstly confirmation of identity information via an electronic source(s), and secondly matching the person to the identity that they are claiming.Both components have to be satisfied.

According to the act, the electronic source is the underlying repository where the authenticated core identity information is held and against which an individual’s identity is to be verified. In most circumstances, this is going to be information that is maintained by a government body or pursuant to legislation.

The code reflects the fact that a reporting entity can satisfy electronic identity verification requirements from a single electronic source, so long as it is able to verify an individual’s identity to a high level of confidence. And that means an electronic source that incorporates biometric information or information which provides a level of confidence equal to biometric information, including measurements of an individual’s physical characteristics that can be recorded and used for comparison, and automated recognition of that individual e.g. through photographs, facial structure or fingerprint information. Where two “reliable and independent” sources are used and they match each other, the “high level of confidence” required of a single independent source is not required, the code says.

The OneMatch process is simple. Customers are sent a link by email or text to begin their verification process.

The customer then photographs their identification document – be it passport, driver’s licence or ID card. OneMatch intelligently reads the photograph, landmark tests the document, by cross-referencing authenticity marks, and also digitises any text in the image such as name and date of birth. The customer is then prompted to take a video selfie, instructed to perform a few manoeuvres such as smiling, front and profile views etc, testing liveness.

OneMatch then biometrically matches the customer’s video selfie with the photograph of their identification document, using robust facial recognition technology. In the background, the rest of the CDD requirements like such as confirming name, date of birth, PEP/sanction screening has been undertaken. Once this process has been completed, the customer identity will be approved, and the company can then move on to processing the customer’s application question set, with complete confidence in the CDD process.