The Financial Conduct Authority (FCA) wrote an open letter in May 2021, to retail banking chief executives in the UK. It raised concerns surrounding weak financial crime controls and anti-money laundering (AML) compliance in the sector.
UK retail banks were mandated to analyze, identify, and resolve issues around “common control failings in anti-money laundering frameworks.” Failure to change could result in potential regulatory action, so banks need to take urgent steps toward securing their AML and financial crime management.
How can biometric technology help retail banks protect against online money laundering?
Part 1: Customer verification during online onboarding
Verifying the identity of a new remote customer is the first and most crucial step in a bank’s online anti-money laundering efforts. It’s how banks ensure that they’re engaging with a legitimate individual from the beginning, which enables you to filter out potential bad actors, bots, and fraudulent identities straight away.
The UN estimates that the amount of money laundered globally each year is 2 – 5% of the world’s GDP. Fines are common: in total, global penalties for non-compliance with AML regulations totalled $36bn between 2008-2020. Verifying and enrolling your customers in a way that complies with regulatory guidelines is essential.
Inclusive face biometric verification technology enables each and every remote customer to be verified with the highest level of assurance. With Genuine Presence Assurance, retail banks can ask new customers to complete a brief and effortless facial scan during the online onboarding process. This confirms that a remote individual is who they claim to be, by verifying their physical face against the image in their photo ID.
This helps financial institutions to:
- Reduce the time and cost involved in onboarding new customers. Face biometric verification replaces manual verification to increase accuracy and reduce costs. It also speeds up the process, enabling customers to quickly get access to their new accounts, while maintaining high levels of security. This helps to maximize customer completion rates and reduce drop-off during application.
- Mitigate the risk of fraud and financial crime. Face biometric verification enables you to ensure that new customers are who they say they are.
- Reduce the risk of compliance penalties and reputational damage from negative publicity. iProov enables banks to meet regulatory guidelines while reassuring customers and protecting the organization’s reputation.
Part 2: Ongoing authentication
Once you have verified a customer during onboarding, the customer will also need to authenticate themselves on an ongoing basis when they access their account online or make transactions.
An account could be created and verified legitimately, but then be compromised through account takeover fraud, identity theft, phishing, or other activity. Biometric face authentication ensures that the person trying to access an account (the ‘visitor’) is the same person that created the account (the ‘owner’).
At iProov, we also provide banks with flexible authentication. A returning online customer that wants to check a balance or complete another lower-risk activity can use Liveness Assurance to authenticate. A brief face scan verifies the person is the right person and a real person.
But if that customer wants to complete a higher risk transaction—for example, transfer money to a new payee, change a PIN or request a new debit or credit card—iProov Genuine Presence Assurance can be used to provide additional security against fraud.
Money laundering in retail banking: why is face biometric verification needed?
When criminals need to ‘wash’ dirty money through financial systems, they’ll use several methods to try to avoid detection. A few examples:
Scenario 1: Account Takeover
A criminal gains access to a legitimate bank account. They may have gained access in a number of ways, such as credential cracking, phishing, or malware.
Once they have full control of the compromised account, the fraudster then uses it to channel or ‘layer’ transactions, which obfuscates stolen money and conceals their criminal origins by passing money through multiple ‘legitimate’ transactions.
The legitimate account owner may never notice, as the money simply passes through. Or when they do notice, it’s likely too late.
Scenario 2: Synthetic Identity Fraud and Account Creation
Rather than taking over an existing account, a criminal creates a completely new account with a bank. They go through the entire onboarding process using a ‘synthetic identity’.
This is done by creating identities using a blend of fake, real, and stolen data — such as an address or phone number, or a utility bill — to create a ‘person’ who doesn’t exist.
Criminals can then launder money through this new account, which for all intents and purposes looks like a real account to the bank, with real transactions.
Scenario 3: Money Mules
A foreign university student sets up a legitimate bank account in the UK. When their studies finish, they return home. They are then contacted by a criminal who offers to purchase the account from them.
The fraudster then uses this legitimate account to move money from account A to account B. In return, the student gets a monetary reward.
This is a serious offense and form of money-muling: people agreeing to transfer money in and out of a legitimate bank account on behalf of criminals, either knowingly or unknowingly. This type of fraud has grown exponentially during COVID-19, particularly targeting younger age groups.
These are just a few of the ways that criminals and fraudsters can use financial institutions to launder money.
Banks can fight back against these threats using face biometric verification technology to:
- Prevent unauthorized account access and account takeover: iProov’s face biometric verification technology ensures only the legitimate account holder can gain access. A criminal can steal passwords or mobile devices (or other knowledge or possession-based security factors) but they can’t steal a face. They can copy a face, using a photo or mask or deepfake, but iProov’s Genuine Presence Assurance is designed specifically to detect spoof attacks. With iProov, only the verified account holder, determined during the onboarding process, can log in and authorize transactions.
- Detect synthetic IDs at the point of onboarding: Verifying a new customer’s face against a trusted ID document during onboarding ensure that the physical face of the remote customer matches the ID document provided. This provides protection against synthetic identity fraud, impersonation, and applications by bots or other new account fraud.
- Prevent fraudulent payments: High-risk transactions can be flagged so that the user can be authenticated using Genuine Presence Assurance. This ensures that activity is legitimate, preventing fraudulent payments in real-time.
- Protect against money mules: Secure face biometric verification and authentication can also protect against some money mule activities. For example, iProov can prevent legitimate customers’ accounts from being used as money mules without their knowledge, as the person using the account wouldn’t ‘match’ the face biometric of the legitimate owner.
Summary: face biometric verification for anti-money laundering and financial crime control
- The FCA issued an open letter to UK retail bank chief executives highlighting weak financial crime controls and AML compliance in the sector
- Banks will be required to demonstrate how they are strengthening anti-money laundering and financial crime controls.
- iProov can help banks to prevent money-laundering and other financial crime.
- iProov’s Genuine Presence Assurance technology uses face verification and authentication to enable banks to deliver security, compliance with regulations, and maximum completion rates while ensuring an effortless and reassuring user experience.
To read more, check out iProov’s guide to Biometric Authentication for Financial Services.
iProov are sponsoring the Future Identity festival 2021, November 15th & 16th at The Brewery, London.