Identity Verification

Snakes and Property Ladders

How is one of the most exciting moments in someone’s life also the most stressful? 

Passports. Bank statements. Proof of employment. Payslips. So many different documents provided to so many different people.

For most people buying a house, whether for the first time or finally finding your “forever home”, is meant to be one of the best moments in their lives. But this is often soured by several journeys to the estate agents/solicitors to prove you are who you say you are or by needing to send numerous personal documents by post. 

This blog looks at the documentation and due diligence behind house buying - and how it can be simplified whilst still mitigating the risks. At FINTRAIL, some of the team have been lucky enough to have bought a place within the last 12 months. We have all experienced the good, the bad and the ugly during the process but surprisingly not all in the same area. We are going to discuss the risks associated with property purchases, compare and contrast our journeys, look at how this market differs from FinTechs and gain insight from Thirdfort, a firm which specialises in providing identity verification and source of funds checks for lawyers in the property market. 

What are the risks?

Before we dive into the FINTRAIL team’s experience of property purchases, we should look into the risks associated with the property market. Laundering money through the purchase of property is often described as one of the oldest known ways to legitimise ill-gotten gains. As property purchases naturally involve high prices, it is an easy way to move large sums of criminal proceeds. Properties can also be used operationally in a criminal’s organisation - potentially as a way to generate legitimate income via rent or as a location for other illicit activity. Another risk to be aware of, which is highlighted in HMRC’s risk assessment for estate agency businesses, is the risk of overseas buyers, especially from higher-risk jurisdictions. Property purchases may be made with the proceeds of crimes committed in other jurisdictions, including but not limited to bribery and corruption and even sanctions evasion. Transparency International published a paper in 2015 which showed the extent of this risk: 40,725 London property titles were held by foreign companies of which 4.89% were held by companies incorporated in secrecy jurisdictions. 

As the risks faced by the parties in the property sector are being increasingly highlighted by numerous governmental and non-governmental organisations, it is not surprising that the property sector in the UK has come under scrutiny by both law enforcement and the supervisor under the Money Laundering Regulations, HMRC. Unexplained wealth orders (UWOs) are a type of court order used in the UK to compel the target to reveal the sources of their unexplained wealth. It uses the reverse onus principle, where the burden of proof shifts to the target. We have seen the majority of UWOs being issued to find out how multiple high-value properties had been financed, and in the most recent case saw nearly £10m of assets handed to the National Crime Agency. This shines a light on the need to understand the source of funds used to purchase a property and if this is in line with the individual’s profile. In 2019, HMRC fined Purplebricks for breaches concerning failures in having the correct policies, controls and procedures, conducting due diligence and timing of verification. This highlights the need for the sector to have the correct level of customer due diligence in place, which involves understanding and verifying who your customer is. 


Our Journeys 

house buying-01.png

Where is the technology? 

The first interesting observation is the lack of technology in most of our journeys. Lauren was lucky as her solicitors used an app for verification and a portal to update on progress. Being able to take a picture of your ID and upload a selfie is something we now come to expect in the FinTech space, which was replicated here. However, for Rachel and JP, the methods used to verify their identity, including certifying copies of documents or having to see someone face-to-face, were time consuming, costly and quite surprising given the online methods we know work very well in identifying and verifying individuals today.  At the time of JP’s purchase, the national lockdown was underway and COVID restrictions were in place for all businesses. To require face-to-face contact when businesses should have been operating as “COVID secure” does not seem logical, especially with the numerous contactless options that are available.  

Thirdfort have noted that the legal sector is embracing technology at an increasing rate, and certain developments mean that this trend is likely to continue apace. The HM Land Registry recently announced that they are now accepting digital signatures, and the Ministry of Justice temporarily accepted video witnessing of wills during this year’s lockdown. At the same time, law firms have had to digitalise their approach to client due diligence due to social distancing and lockdown restrictions, so it seems that the process of buying or selling a property is set to become more tech-focused. 



So what if the industry took more of a risk-based approach?

Using a risk-based approach is an expected element in a risk management framework. Within the conveyancing process, a risk-based approach could include collecting different levels of information and documentation for identity verification, varying the beneficial ownership threshold for verification, and collecting different levels of evidence for source of funds/wealth all in line with the risk of the customer. To help define that risk-based approach, a risk assessment should be conducted to identify the areas with the biggest risk exposure and tailor the procedures to mitigate those risks. HMRC recently published guidance to help estate and letting agents identify and understand where those risks could lie. 

 

In our cases, there appeared to be a lack of a risk-based approach for Lauren with her source of deposit checks from the solicitors.  A small percentage was kindly gifted by her mum, who was then asked to prove her source of funds with numerous bank statement requests. Given Lauren’s mum has been a working professional for a number of years and has accumulated savings over those years, the level of detail required for her to prove this seems excessive. This point is emphasised more when you look at JP’s source of funds check.  His proceeds came from the sale of another house, but this was not investigated in detail to ensure the funds did not come from another source. At FINTRAIL we encourage all our clients to treat their anti-financial crime checks as something more than a “tick box exercise”, which does not seem to be the case in relation to JPs SoF checks.

What next? 

Here are some key takeaways for the property market to consider:

  • Conduct a risk assessment to ensure you identify and better understand the key financial crime risks you are facing. 

  • Look out for red flags of suspicious activity, which may include:

    • Anonymous or difficult to identity owner 

    • Unusual or inconsistent income 

    • Over or under estimated property prices

  • Take advantage of the technology out there to create a smoother customer journey while still mitigating risks.

  • Apply a risk-based approach to your financial crime framework to ensure you are focussing your attention on the highest risk areas, especially when it comes to verifying source of funds.

  • Apply more targeted client due diligence and enhanced due diligence to specific areas of risks identified, rather than applying the same standard measures across the board. This allows firms to mitigate the actual risk posed by the customer rather than just conducting a tick box exercise.

  • Look out for HM Land Registries guidance on digital identity checking in conveyancing.

  • In light of the Covid-19 pandemic, companies such as Thirdfort have shown the importance of individuals being able to complete their due diligence checks in the comfort of their own home. It is important to hit a comfortable ground between ensuring firms can verify clients and manage risk compliantly and taking some of the pain-points out of property transactions for the client.


If you’d like to learn more, please contact Lauren Vincent, Team Coordinator, or email us directly at: contact@fintrail.com.

How to use Compliance as an enabler in Digital Transformation

Digital transformation for onboarding is a hot topic at the moment, given that much of the world is currently living their life from their sofas and managing their day-to-day financial needs from home. Having worked on transformation projects before with traditional FI’s, alongside assisting various FinTechs in the creation of new digital offerings, we at FINTRAIL thought it would be a good opportunity to move the spotlight onto compliance, and fly the financial crime flag by discussing some of the common misconceptions.

 

Front end change is just the tip of the iceberg

The ‘tip of the iceberg’ cliche has never been more appropriate when it comes to describing common misconceptions towards digital transformation. The main message is that a good user experience isn’t solely dependent on a minimal field registration journey, and that there are other components that need to be considered which the customer can’t see. Getting these components implemented effectively are equally as important and the focal point is our good friend - ‘a risk-based approach’. Having a robust risk-based approach can be the key for a slick user experience and dictate your approach to CDD, custom screening and risk management, enabling you to target your controls on your highest risk areas.

Image of front end change is the tip of the iceberg. Registration depicted above water, while the rest of the compliance processes depicted underwater as the main body of the iceberg

Less is more

It would be logical to assume that the less information you collect from your customer the better, and that allowing a customer to sign up by just inserting an email and password will drive your Trustpilot reviews through the roof. Ignoring the fact that this probably doesn’t actually meet your ID&V requirements, we would like to suggest that less isn’t always more. By creating a shortened registration process you may well get more sign ups, but if you subsequently need to perform downstream due diligence to address gaps, you could be creating a poor user experience further down the line, perhaps even in a critical situation when dealing with a vulnerable customer whose account has been frozen and they need urgent access to funds.  We don’t necessarily mean your registration process should be 100 fields deep across 10 pages but there is certainly a happy medium. 


Business enabling Anti-Financial Crime (AFC)

A common misconception is that financial crime compliance can be the blocker when it comes to innovation in these projects. It probably comes as no surprise that we at FINTRAIL would offer a healthy challenge to those naysayers. 

So, you are 6 months into your digital transformation project, it’s all on JIRA (other platforms are available) or you have a lovely Gantt chart. You have lined up all your sprints and it suddenly occurs to you that you should speak to your compliance team. After 45 minutes debriefing your compliance team, they have a bunch of questions and recommendations before you can move the project forward, resulting in you putting a big red “Stuck” against it. While you may have translated this into a no, these recommendations do not necessarily mean no, and even if it is a no, is that really surprising considering you have only introduced them as stakeholders so late on? Obviously we are focusing on the negatives here to emphasise our point and the above is certainly not a reflection on most businesses’ these days.

Some of the most successful projects we have been part of are the ones where AFC stakeholders have been included as part of the journey rather than just at sign off. There is a new breed of financial crime professionals who want to be viewed as business enablers and able to offer a great user experience as much as the next product owner.

A RACI (responsible, accountable, consulted, informed) matrix is often used in project delivery to divvy up people’s roles. With that in mind your approach may have been previously to assign compliance a consulted duty, but we would encourage you to increase their involvement in order to reduce blockers downstream and increase compliant innovation.

RACI project management chart with Compliance/financial crime function moved from consulted to responsible/accountable

Being a Compliance Champion

Equally it is not just the business that needs to take ownership of transformation, it can also be the fincrime function itself. Embracing change has never been more important in a digital enabled world and as fincrime professionals we should be just as excited by these new developments. Whether it is the implementation of a new due diligence process or screening programme, don’t be afraid to rip up the policy and start again. There is no reason why the financial crime team cannot be the driver for change.

Build, Buy or Both?

Like the ‘tip of the iceberg’, ‘build or buy’ is also becoming a bit of a cliche. What we do know is that you will likely need to partner with some technology providers in order to achieve your future state goals. Equally, even if you partner with someone, there will be an element of building that goes hand in hand. There are a variety of great providers available with a range of capabilities but we would like to reposition the ‘build or buy’ question. No single provider will solve all of your needs, and equally, to build everything in house isn’t logical when there are specialist systems available. This potentially means that the ‘build or buy’ question is a goose chase and in fact an amalgamation of the two is the best approach to adopt. 

Takeaways

Here are our top takeaways to be a compliance champion when it comes to digital transformation:

  • User experience does not stop on the physical registration page; it continues throughout the customer lifecycle

  • Less is not always more when it comes to identification programmes

  • Treat your compliance/ fincrime team as business enablers, engaging them in discussions earlier

  • Answer your build, buy or both question

  • A risk-based approach marries itself perfectly with transformation projects

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch at: contact@fintrail.co.uk

Active Anti-Racism in Anti-Financial Crime: Our Next Steps for Combatting Discrimination

At FINTRAIL, our US and global teams have been closely watching the swell of protests unfolding in response to the shocking deaths of George Floyd and Breonna Taylor - the latest victims of ongoing and unjustifiable police brutality against black people. However, racism isn’t just the existence of bad actors engaging in criminal acts of violence; police brutality emerges from systematic and deep-rooted racism that has infected justice systems in the US and around the world for centuries. And unfortunately, the anti-financial crime sector, integral for feeding information on suspected money launderers and terrorist financiers to police, has been complicit in this institutional racism. At FINTRAIL, we are constantly working to do more to promote diversity within our ranks and to support and learn from black voices. But we can do more as a firm to not just avoid racism but actively reject it, particularly through our work supporting anti-financial crime teams. Together, as consultants and as community leaders in the FinTech FinCrime Exchange (FFE), we can help make meaningful change to improve the treatment of black customers and to hold ourselves accountable when we get it wrong. 

  1. We promise to help champion and support non-white perspectives within our own team and the teams we work with. Implicit biases exist not only in day-to-day anti-financial crime activity, but also in senior level decision-making. People can unfortunately be prone to ignoring or undermining opinions given by black people in the room - and this is even more so the case for black women. In the worst cases - the room may be entirely white, eliminating the chance for non-white voices and perspectives to influence decisions on financial crime. How else can we be held accountable and understand the impact of our processes and decisions across all areas of financial crime risk management without ensuring black people are involved in the work and have the space to make constructive challenges? Thus, as FINTRAIL, we will make sure that we use our privilege to ensure there is always diversity in the room and that we listen to any and all challenges to our approach, especially from black people.

  2. We promise to work with clients to take extreme caution in the consideration of demographic factors when evaluating customer risk.  Firms building out their customer risk assessment (CRA) models may choose to include demographic factors, including nationality. While under very specific circumstances, demographics may be strongly correlated with risk (e.g. cheaply purchased nationalities), we will not advise or support the inclusion of demographic risk factors into a CRA methodology in a way that could unfairly lead to the application of enhanced due diligence (EDD) measures to a customer solely based on their racial, ethnic or socioeconomic background. In practice, this means strongly questioning whether such a factor is necessary in a CRA model in the first place and, if included, ensuring that only specific risks to the business are targeted and that there is no undue bias in the weighting of such a risk factor.

  3. We promise to be aware of racial biases that may exist within ourselves and our clients when it comes to clearing and investigating screening or monitoring alerts. Even when demographic factors have not been included in the calculation of a customer’s risk, racial biases can still cloud our judgment when evaluating one customer’s financial activity versus another’s. It is well documented that people are prone to more negative perceptions of those with darker skin, often without even realizing they are doing it. This can have dangerous effects for a customer, leading to their account being frozen or offboarded and their activity being reported to police. To help mitigate implicit and explicit bias in alert clearing, we will seek to support internal and external anti-racism bias training in the context of alert clearance and will push for the provision of clear decision trees to help analysts more objectively work through potential suspicious activity.

  4. We promise to do more to recognise and help mitigate the racial biases that can exist within European and American identity verification RegTech platforms. Within the US and Europe, we are really lucky to have a variety of robust identity verification tools to suggest to our clients that help automate the onboarding process. Innovative solutions allow for FinTechs to match customer selfies, live selfies or videos to a verified ID document - allowing them to onboard the customer within only a couple minutes. However, some solutions can struggle with non-white faces as their facial recognition technology hasn’t been adequately trained in correctly matching non-white faces to IDs. This can lead to serious negative consequences - non-white victims of identity fraud may have their documents stolen and used to open financial accounts without being spotted, or alternatively, genuine customers may be routed through a laborious manual review process simply because they aren’t white. We will work closely with FinTechs and RegTechs in the community to identify practical solutions to ensure that identity verification tools can more effectively verify non-white customers.

  5. We promise to take more initiative to build out innovative onboarding solutions for non-standard non-face-to-face situations. Under some circumstances, customers may not have the typical documentation needed to onboard - they may not have a passport or driving licence, or they may have recently moved country and have no address history. The good news is that more and more regulators expect financial institutions to have onboarding processes in place for customers who may be unable to provide traditional documentation - though some regulators go farther than others in their guidance. The bad news is that, in the absence of meaningful guidance, firms may end up with extremely manual onboarding processes, which require robust sensitivity training for front-line staff and which can delay financial access for those most in need of it. Some firms may even inadvertently avoid establishing a written approach to non-standard identity verification cases. We will do more to work with clients to help them establish more innovative approaches to non-standard onboarding and ensure that the approach is well-documented and that necessary training has been given to the front-line.

By working with the community on these practical steps, we hope to help inspire greater change within anti-financial crime best practice. No one should have a worse banking experience or be treated as a criminal solely based on the color of their skin, and we are committed to actively fighting for an actively anti-racist approach to financial crime.

On Demand Webinar: How to Implement eKYC & Keep Online Customers Safe

The recent shift towards digitisation has pushed businesses to review their KYC processes, and implement new strategies to protect their customers online.

In this on demand webinar, Robert Evans Fintrail co-founder and Claire Galbois-Alcaix at Jumio will discuss:

- The impact of digitisation on businesses and their customers
- The latest risks and compliance challenges
- How to implement a successful eKYC
- Tech innovations that help organisations keep their customers engaged
- Changes to the regulatory landscape and the future of eKYC

As people spend more time online, they leave a digital trail of information that can be used against them if put in the wrong hands. The convergence of online and offline has opened up entire new pathways for fraudsters, money launderers, and identity thieves to assume another person’s identity.

KYC (Know Your Customer) refers to the process of verifying the identity of your customers, either before or during the time when they start doing business with your organisation. With eKYC, businesses are able to perform identity verification and due diligence electronically, but must ensure they have the correct end-to-end identity verification strategies in place.

Rob and Claire will share tips and best practices organisations can follow to simplify their eKYC.