KYC Hub's Advanced Solutions Now In India LEARN MORE

Knowledge Base





Learn From The Best!

Intensify your understanding of AML/KYC regulations and get insights into the fintech industry with KYC Hub's knowledge base and mitigate the financial risk with help of industry experts.


What is Adverse Media?

Adverse Media is any negative news about your customer that may have an adverse impact on your business. This may have originated from media sources such as newspapers, telecasts, or news broadcasts or from user-generated content such as blogs, podcasts, web posts, or even social media posts. Adverse Media may indicate your potential client’s presence on (but not limited to) sanction lists, terror watch lists/ financing, money laundering history, organized crime, or having criminal records of any kind. Read more about Adverse Information.

what is adverse media
Due diligence solutions such as KYC Hub run checks on your clients/businesses for any such adverse media and produce a risk score ranging from low to high. Automating the risk checks and continuously monitoring high-risk businesses have become all the more important due to stringent compliance requirements. Learn more about our Global KYC Solution. 

Where can I find the information about UBO?

UBO or Ultimate Beneficial Owner is the final beneficiary of any transaction with any business. They are either a legal entity or a person who may directly or indirectly control accounts, have power, or even shareholders. The term UBO is defined in the 4AMLD directive as someone who has a 25% share in the voting rights of the business.

Info about UBO
It is imperative for businesses to find out who the UBO of their client.

In order to avoid malpractices, some of the following suggestions are:
1. To avoid someone misusing funds in tax havens/ shell companies
2. Find if there is a UBO by looking at their financial statements and structure>
3. Based on the region, type of business, jurisdiction and the percentage of the company they own UBO is determined.

Risk categorization is done based on the above factors into low, medium, and high. Learn more about KYCHub’s AML Screening.

What is adverse media screening/check?

Adverse Media Screening is a process to perform risk checks on any individual or business entity by extracting information from thousands of data nodes and relevant sources and uncover crucial links and the information that matters to your business. KYC Hub uses millions of relevant data nodes and forms decisions based on contextual data and integrated networks to check/screen individuals or businesses and reduce your false positives.

What is adverse media screening and checks
Adverse Media Screening Process

1. Partner with an automated KYC Solution tool such as

2. Ensure that their capabilities include uncovering the risks in your client’s network and that they have access to millions of data sources.
3. Tailor the solution to your business needs and define your risk levels.
4. Discuss and categorize those risks that matter to you the most.

KYC Hub uses millions of relevant data nodes and forms decisions based on contextual data and integrated networks to check/screen individuals or entities and reduce false positives.

What does different regulations say about adverse media?

Running adverse media checks lays out the identification of risky profiles and identities that helps you to regulate similar profiles of individuals before and after onboarding of customers. It helps to identify the Politically Exposed Person(PEP), Relative and Close Associates(RCA), and Ultimate Beneficial Owner(UBO). The FAFT rules and regulations state the firms and financial institutions to provide a SAR report file within 30 days if there’s something suspicious about any individual or entity during these checks/screenings.

Regulation adverse media
Staying up to date with the regulatory environment governing your business is of utmost importance.

Here is what various regulations dictate about adverse media:
1. FinCEN - Conduct CDD, requires obligated financial institutions to conduct adverse media screening as part of the customer due diligence (CDD) process.

2. 5AMLD - requires firms to perform enhanced CDD for high-risk customers, a process which includes “carrying out the open-source or adverse media searches. encourage the use of automated adverse media screening. 6AMLD- add both cybercrime and environmental crime to the list of money laundering predicate crimes, and extend the criminal liability of money laundering to enablers and legal persons.

3. FATF - recommends “verifiable adverse media searches” as part of customer risk assessments, and points out the need for financial institutions to “understand the client’s reputation” when establishing relationships. It also requires firms to find out whether high-risk clients have been “previously investigated” for money laundering or terrorist financing, or have been subject to regulatory penalties in the past. 

Adverse Media Types and Importance

Adverse Media is any negative news about your customer that may harm your business. This may have originated from media sources such as newspapers, telecasts, or news broadcasts, or user-generated content such as blogs, podcasts, web posts, or even social media posts. Adverse Media may indicate your potential client’s presence on (but not limited to) sanction lists, terror watch lists/ financing, money laundering history, organized crime, or having criminal records of any kind.

Adverse media types and importance
Types of adverse media

1. Terrorism

2. Terror financing
3. Trafficking
4. Corruption 
5. Drug financing/ narcotics
6. Cybercrime
7. Regulatory and sexual crimes

Adverse Media Ongoing Monitoring

Adverse media/ negative news, it exists, needs to be identified and mitigated without much delay. Hence it became a key priority in any Customer Due Diligence(CDD) process. To stay compliant, businesses partner with automated KYC solutions to have ongoing monitoring.
Adverse media monitoring-1On-going monitoring can be done in two ways:

1. Manual
- The manual process requires a team of compliance and risk officers that checks the negative news of a customer from thousands of data sources. This takes up to weeks so months to figure out the risk profile of the customer.

2. Automated - This is a much more effective way to find out any negative news for the onboarding customer. AI/Ml-based tools help to cross-verify the customer screening of negative news with the help of integrated network models that collect and verify data from thousands of reputed sources from various regions. 

What Is AML?

Anti Money Laundering (AML) is a set of guidelines put forward in legislation, which are specific to region and jurisdiction to help the financial institutions and other businesses involving financial transactions from money laundering and other related crimes. Companies are obliged to adhere to these policies and put in place either manual or automated fraud monitoring. To understand further let's have a look at what money laundering is and what consists of it.

What is Money laundering:
It is a process defined by compliance officers as converting dirty money obtained by illegal businesses such as drugs, terrorism, false and/or multiple transactions, etc., and making it appear as money that came from a legitimate source. The industrial term is referred to as “clean money.” This is carried out with a stepwise process: Placement, Layering, and integration.

Develop an aml policy
Process of money laundering:
1. Placement- Placement is the very first step of financial crime, involves the moving of dirty money into a legitimate source via a financial institution, casinos, banks, etc., hiding its source. This is the time when a criminal is vulnerable to his crime as the fund is at a bulk level and that might attract the law enforcement agencies.

2. Layering- layering is the second step of financial crime, which involves transferring this dirty money/funds into small transactions with a fake invoice of transactions, making it difficult to trace back to its source. It usually involves the international distribution of money making it difficult to trace and do illegal proceedings.

3. Integration- This is the final stage of money laundering and now smaller funds are transferred back to the original mastermind, legally, and he retrieves that white money from different sources like cash transaction or cash withdrawal, buying properties, jewelry, etc - basically, items that are a large amount of money but does not draw much attention.

AML Compliance Program

AML Compliance Program aims to prevent illicit financial activities such as fraud, terrorist financing, corruption, etc. The AML compliance program is carried out by the compliance officer of the financial institution. Automated solutions using AI and ML are capable of verifying the authenticity of an individual or business, screen them for any adverse media and get results in less than a millisecond.

Here is a 4 step approach to stay compliant with the legal requirements:
1. 360-degree account review
2. Transaction screening and monitoring
3. Internal regulation
4. Reporting SAR to the financial institution

In AML compliance program
A primer about AML compliance program:
1. AML compliance programs are specific to every business depending on their business needs, type of customers, and the region they operate in.

2. It is a holistic approach to meet the regulatory requirements and safeguard their businesses. An end-to-end compliance program such as KYCHub offers solutions ranging from onboarding your business, continuous monitoring for adverse media, transactional inefficiencies, dynamic adherence to policies, alerting and reporting any frauds/ money laundering incidents, etc.

3. Businesses need to strengthen their reporting system as the fraudsters evolve their methods with every transaction cycle. Putting in place a compliance officer to keep their reporting, monitoring systems up to date with the regulations is a must.

4. Categorizing the businesses based on their risk level is one of the key features that businesses need to also consider while adopting a compliance program.

Compliance Officer and Responsibilities

A compliance officer is a key person in an organization who is responsible for designing and implementing a compliance program. Since AML policies are overseen by financial regulatory authorities such as FATF, it is imperative to appoint a compliance officer.

Here is what a compliance officer is majorly responsible for:
1. Track the regulatory developments
2. Educate and update the organization about the advancements in the regulatory compliances and also the fraudulent mechanisms
3. Monitor the Due diligence process of high-risk customers.
4. Maintain the compliance cycle dates and issue a recheck whenever necessary.
What is financial crimeWho can become a compliance officer?

A position as a compliance officer is not typically an entry-level job. It requires a great skill set and analytical power that helps to make better decision making. Generally, it requires a bachelor's degree and MBA or LAW degree for a higher-level job. The compliance officer has the opportunity to complete the Certified Compliance and Ethics Professional Program (CCEP) which adds to the skill of the compliance officer job

What are the key skills required to be a compliance officer?
1. Analyze customer details
2. Ability to interpret data correctly
3. Ability to apply the real-facts
4. Risk assessment
5. Communication skills

Key Components of AML Compliance Program

The Anti-Money Laundering(AML) compliance program is an amalgamation of different processes performed by compliance officers to identify and eliminate fraudulent transactions within the business. Compliance programs differ for every company based on the region they operate in & the businesses they deal with.

Key Component Compliance Officer
Here is a step by step guide to designing your AML compliance program:
1. Identify the important persons in the client's business such as UBO, PEP, control officers, etc and obtain any adverse information existing on them. Perform due diligence.

2. Categorize the persons and businesses you are dealing with into low, medium, and high risk based on the thresholds decided by your risk mechanism.

3. Monitor any kind of transactions especially those involving high-risk customers. Set triggers for certain transactions such that any suspicious activity is alerted and reported.

4. Establish standard internal practices such as mandating due diligence for any business, classifying the tasks of compliance officers, reporting suspicious activity, and keeping your team educated about any regulatory changes.

5. Auditing is key to maintaining the checks and balances of any compliance program. Due diligence needs to be repeated at regular intervals.

Ideal AML Policy: Key Component

Anti-money laundering(AML) policies are a set of guidelines and regulations made by financial institutions that help to prevent money laundering. These policies are developed based on risk assessment. Any AML policy must be tailor-made based on your type of business and jurisdiction.
AIML can help?

However, we have identified 4 must-have dimensions for any AML policies

1. Basic hygiene - Establish why do you need an AML policy and what according to you is money laundering keeping in mind the regulatory bodies. Create a separate designation for taking care of the compliance mechanism such as compliance officer. Read more about the compliance officer here. ( link to compliance officer question)

2. Data protection - Your customer data is your responsibility. Understanding due diligence will involve collecting and storing the private information of your customers. Hence, it must be clearly defined how you store your data, what kind of information will be shared with financial institutions and financial intelligence agencies in the event of fraud, etc. This serves as an ultimatum to your customers who have the right to know how their data is being used and also encourages them to provide accurate information.

3. Due diligence - Based on the type of process you have in place, any client must undergo your due diligence process failing which you can deny your services. Based on the risk scoring, basic due diligence or enhanced due diligence must be applied appropriately. This also involves running checks on sanction lists and adverse media as well.

4. Reporting- This involves setting up the definitions for triggers, alerts, and timely reflection of any suspicious activity that hits these triggers. Withstanding your data protection policies, the necessary information must be shared with financial watchhouses such as BSA in the form of SAR( suspicious activity report).

Setting up an AML policy is easier said than done. Talk to our expert today and automate your compliance process.

Biometrics Identity Verification?

When a person can be uniquely identified by his/her biological traits such as fingerprints, iris, voice, DNA, signatures, and retina. The Biometric Verification helps to identify the person's credibility concerning his possessed documents and whether the customer is credible or not.
Biometric Verification
Documents needed for the biometric verification
1. Photo Identity includes state id card, driving license, passport, military card, military dependent card, permanent residential address

2. Employment records include a payment statement that shows issue date, first name, last name, SSN, employer name, pays period dates.

3. Address verification includes the document utility bills(Gas, Water, Electricity, etc.), telephone bill, bank statement bill, property tax bill

4. Liveliness Checks include the person's live check of his/her face to match and verify with his/her uploaded documents.

Is Biometric Verification Safe for Businesses?

Biometric systems have provided a more dynamic solution to the business owners who can now navigate through complications such as ID verification, undocumented access, etc. Biometric is safe as it integrates the process of human character and saves the information in an encrypted format.

Safe biometric verification(use)-1
At the same time, the companies are required to be aware of the fact that sharing this kind of valuable information of an individual is a crime and can lead to huge penalties and deformation of the AML license and individuals can also file a lawsuit against the company to leak private information. 

Biometric Information Privacy Act (BIPA)

BIPA or Biometric Information Privacy Act Illinois is one of the strictest acts against financial companies or organizations who misuse the data of onboarding customers and protect the customer from the unauthorized collection of data, storage, and illegal use.

Best Practice To Reduce Risk Of A BIPA Plan

Key BIPA provisions
1. The financial institution must inform and have an authorized consent of an individual before taking the biometric data.
2. The financial institution must develop a zero-tolerance policy and take an action in case of misuse of individual information.
3. No biometric data can be kept for more than 3 years of the last individual interaction.
4. Each BIPA violation must result in the cancellation of a license or liquidated damage to the aggrieved individuals. 

What Is Financial Crime?

Financial Crimes are the different types of criminal activities carried out by individuals or criminals to provide economic benefits through illegal methods. Financial crimes occur around everywhere in the world and it is becoming difficult to trace them because they occur in many different forms. The most common types of financial crime include money laundering, terror financing, tax evasion, fraud, identity theft, forgery, and counterfeiting. organizations

What is financial crime
How do criminals carry out these fraudulent actions?
There are three steps to carry out any financial crime or activity, are as follows:

1. Placement- Placement is the very first step of financial crime, involves the moving of dirty money into a legitimate source via a financial institution, casinos, banks, etc., hiding its source. this is the time when a criminal is vulnerable to his crime as the fund is in bulk level and that might attract the law enforcement agencies.

2. Layering- layering is the second step of financial crime, involves transferring this dirty money/funds into small transactions with a fake invoice of transactions, making it difficult to trace back to its source. It usually involves the international distribution of money making it difficult to trace and d illegal proceedings.

3. Integration- This is the final stage of money laundering and now smaller funds are transferred back to the original mastermind, legally, and he retrieves that white money from different sources like cash transaction or cash withdrawal, buying properties, jewelry, etc - basically, items that are a large amount of money but does not draw much attention.

Financial Crime Unit(FCU)?

Financial Crime Units(FCU) helps banks and relevant financial units to detect and prevent money laundering ad terror financing by detecting and fetching data from various sources, much more effectively.

What does the financial crime unit do?
The global AML/CFT entities use the FAFT guidelines and the use of financial intelligence units(FIU) to analyze and investigate suspicious activities such as money laundering or suspicious transactions, from dedicated sources to help fight against crime. FCU take appropriate actions to scrutinize the activities, block certain transactions or payment and finding relevant authorities for further investigation.

What is the responsibility of FCU?
There are certain task and processes that are important with the working of FCU, are:
1. Know your customer
2. Transaction monitoring
3. Sanction
4. Regulatory Compliance

Can AI/ML help?

The manual processing and monitoring of transactions might take an army of compliance members and weeks to find out the fraudulent transactions. That's why the introduction to the AI/ML processing technologies helps to find out this tedious manual of screening and monitoring. The AI/ML puts thousand to processing and advance algorithms to find financial criminals.

AIML can help?
By using advanced network algorithms and integrated solutions with thousand of resources and databases, machine learning tools can Guage emerging customers can look for patterns of suspicious activities that help to find the real criminal of money laundering and terror financing.

The advantages of having AI/ML tools for compliance are:
1. Immediate recognition of the change in the behavior pattern of customer
2. You'll get regular insights into customer activity
3. Immediate alerts for suspicious activity and accurate risk-based reporting
4. Contextual analysis and structured datasets
5. Reduce noise and false positives based on the risk factors

Future of AI/ML In Anti-Money Laundering

While many banks and financial institution uses rule-based software tom identify anti-money laundering, AI offer a significant improvement in detecting fraudulent activities. The AI learns and grows with each change in its environment and reverts to a database that has thousands of other data nodes. These keep on updating with every single activity. AI/ML helps to take control over manual work and automate the process of finding criminal activity and/or transactions and update it in the software, also helps in reducing false alerts and update the compliance team with the relevant adverse media, and best of all, with an increased focus on privacy, AI represents a viable source to make it possible

Future of AIML
The manual processing and monitoring of transactions might take an army of compliance members and weeks to find out the fraudulent transactions. That's why the introduction to AI/ML processing technologies helps to find out this tedious manual of screening and monitoring. AI/ML puts thousand to processing and advance algorithms to find financial criminals.

By using advanced network algorithms and integrated solutions with thousand of resources and databases, machine learning tools can Guage emerging customers can look for patterns of suspicious activities that help to find the real criminal of money laundering and terror financing.

Suspicious Activity Reports(SAR)

The suspicious activity report(SAR) is a report filed by financial institutions that observes suspicious activity while screening and monitoring a customer or corporate business. The report is filed with the financial crime enforcement network(FinCEN) who will further investigate the report.

Regulations of reporting a SAR
The institution is required to report such a case within 30 days of the incident recorded and cannot get an extension of more than 60 days, if necessary to make internal audits and collect more evidence. The individual/entity is not reported with the suspicious activity recorded under his name or company name.

The following information required to submit a SAR file:
1. Information such as the name, passport number, fate of birth, address, social security number(SSN), phone numbers of included parties

2. The information of the institution where the activity is reported includes name, address, license number, documents, etc.
3. Date of suspicious activity reported and further verified documents if there's an internal audit investigation.
4. A written description of suspicious activity is developed.

Know Your Business(KYB)

When financial institutions deal with other businesses as part of the supply chain, board directors, stakeholders, or similar relationships, the verification process is known as Know your Business (KYB). This is a similar process to Know your customer(KYC) which requires identifying its onboarding customer for risks that they possess via money laundering, terror financial crime or corruption, etc.
Know your business regulation:

It is very important to determine the status of the business and its involvement in any activity that might possess a risk to other institutions.

The FinCEN (Financial Crime Enforcement Network), US, address the AML regulation of business rules by corporate due diligence and the 5th Anti Money Laundering Directive (5AMLD), EU, emphasis on knowing the complete detail of the KYB process with forthcoming 6AMLD set to increase the penalties and punishment for non-compliance of financial institution. 

KYB procedures

Generally Know Your Business(KYB) has similar procedures to Know Your Customer(KYC), regarding identity verification. The difference lies in the purpose and intentionality of the process, focused on identifying companies and suppliers in the first case and consumers or customers in the second one. It is important to perform KYB checks before onboarding a customer to mitigate risk and for easier and efficient compliance.

The procedures of performing KYB checks
Generally, KYB checks and verification depend on company to company but there are some standard sets of procedures that have to be maintained to comply with the regulatory authority rules.

1. Connect to a database, could be either internal or external
2. Input user side documents for the verification
3. Identification data checks according to the need of an organization, company, and/or firm
4. Verification results

The ultimate goal of performing KYB checks and verification is to identify and stop any suspicious activity that can harm the company's data and value. It also helps in reducing frauds in their account. 

Automated KYB Compliance

The traditional approach where a compliance team is required to audit a suspicious account or perform verification checks for the onboarding client is quite a time-consuming and resource-exhausting process. For such reasons, companies use automated systems with AI/ML power to comply with AML regulations.
Automated processTo protect the business, KYC Hub uses an integrated network model and electronic identity verification to speed up the compliance process and derive efficient results in no time. It analyses global corporate records, sanction databases, and PEP checks while performing adverse media scans. Moreover, regular screening and monitoring of onboarded clients ensure businesses remain compatible at all times. 

What is KYC?

Know Your Customer (KYC) is a procedure defined by the regulatory authorities to help businesses know and verify their client's identities. It encompasses the basic due diligence checks such as collecting the identity of the client, biometrics, and other business-specific documents. With the rise in terror financing, fraudulent transactions involving money laundering, and misusing financial mechanisms, KYC has become a mandatory requirement.
What is kycThere are several types of KYC done by financial institutions in order to know their customers:
1. Customer Identification Program
2. Customer Due Diligence
3. Ongoing Monitoring
4. Corporate KYC
5. eKYC Verification
6. Mobile KYC
7. Global KYC Compliance
8. KYC News Around the World

KYC Remediation

Businesses need to know who their clients are. In order to achieve this, a proper KYC process is to be set up which can collect all the necessary information based on the jurisdiction and the type of business they perform. KYC is a crucial task divided into several stages from getting customer documents verified to building a sanction list if a company finds something fishy or suspicious in an individual or entity's profile.
KYC RemidationRemediation is a process in which a client's details are known completely using any of the standard KYC forms and put for verification. This was earlier done manually but now with the help of AI/ML techniques that use network-integrated models and different checks such as ID verification, liveness checks, etc. results in knowing if the customer profile is risky or not within seconds.

End to End compliance solutions, extract this information, run checks against the government and other intelligence data sources to verify the client. Other steps in the remediation process include performing a liveness check while the information is being collected so as to avoid any misinformation and once all the information is collected they are classified into categories based on the risk rating they obtain. 

KYC forums and Do I need to submit One?

To assist the business you are dealing with, the KYC form might contain requests to any specific documents ranging from date of birth, address verification, proof of name, marital status, job, etc. Adherence to such standards has become a routine requirement and the type of form you need to fill is based on your region of operation and the jurisdiction.

KYC Analyst: Roles and Responsibilities

A risk management professional exists in any organization to verify the documents provided by the client and perform other checks based on the risk classification such as Standard Checks for low-risk clients, Customer Due Diligence for medium-risk clients, Corporate Due Diligence for medium-to-high risk entities, and Enhanced Due Diligence for high-risk clients respectively. They are also responsible for ensuring that their business is adhering to the compliance requirements set by their respective regulatory authorities.
KYC Analyst
KYC analyst duties and responsibilities are as follows
1. Analyze Customer Behaviour - By using smart KYC solutions and integrated models, a KYC analyst analyzes trends and patterns of customer behavior throughout its verification journey and concludes a result on the basis of results. If a customer does not have any red flags financial institutions will let him/her get on board and if not, then a sanction is filed.

2. Review policies and procedures - A KYC analyst reviews all the policies document especially the risk-based policy of the company and then analyses the pattern of customer behavior and also suggests an improvement in policies for the company.

The skill required to be a KYC analyst
1. Assisting new account information
2. Analyzing new market trend
3. Analyzing customer behavior patterns
4. Understanding risk and compliance
5. Should have a minimum 1 year of experience in the domain

KYC Risk Rating And How It Helps

The “Risk Rating” is a simple categorization of your client in one of the risk categories as defined by your organization based on the gathered financial information & intelligence. This helps in understanding what type of due diligence must be applied to your client. Organizations need to tailor their risk-based policies to help fight the crime. A risk-based model helps in the risk rating of a customer that might be getting on-board or under screening and regular checks.

Risk rating
Based on the risk rating, one of the following due diligence approaches is chosen to perform

1. Standard due diligence predominantly used for no-risk, least critical clients.
2. Customer due diligence is applied to medium-risk clients.
3. Enhanced due diligence to be applied to those clients whom you believe is potential routes to perform suspicious activities.

Risk assessment is extremely important to protect your business from being a target of money laundering and related crimes. Risk assessment and assigning of risk rating can be done both manually and automated. With the rise in transactions, data collection becomes messy and may result in ample false positives. KYCHub specializes in reducing false positives and providing an accurate risk assessment.

Customer Due Diligence

Customer Due Diligence a process to verify your new or existing clients' background in a timely manner to ensure that they are harmless to your business. The process included some checks such as proof of birth, residence, name, work, biometrics and may extend to business license and other documents related to their business such as UBO details, nature of the business, regions of operations, etc.
customer due diligenceIn general, customer due diligence is performed on their low-risk or medium-risk clients. But as a standard process to even assess the client's risk rating, a standard CDD process is put in place in cases such as forging new business relationships, clients requiring our transactional services, clients who are suspicious to do money laundering, and other financial crimes. An Automated Process with prior knowledge about which kind of business is prone to which type of crime is essential to stay fully secured.

Enhanced Due Diligence

Taking the Customer Due Diligence (CDD) a step further, Enhanced Due Diligence is a higher standard of checks performed on the potential clients to uncover those risks which go undetected in CDD. As EDD needs to be performed on high-risk clients, it's a must to ensure that we have their reliable information and additional documents to scrutinize further.
Enhanced due diligenceSome of the criteria which help us know if we need to perform EDD are if the clients UBO is easier a PEP or holding major staking in the business if the clients business is predominantly headed by foreign individuals, their business is located in sanctioned tax havens such as cayman islands or even if there is a lot of adverse media on any individual in your clients business. The Automated processes will help you determine the risks accurately.

Risk-Based Approach

With the evolution of fraudulent mechanisms, knowledge-based authentication slowly perished and Risk-based authentication rose to popularity. Emphasized by FATF and other regulatory bodies, RBA is a robust approach to safeguard the businesses and have them complied with the guidelines. Under this, a heavy emphasis is placed on understanding the risk posed by a client and taking a proactive approach to remediate it.

Risk based approachSome of the common steps taken to follow risk-based approach are :
1. Evaluating the riskiness of a business by having a risk rating in place

2. Perform necessary risk assessments to mitigate the above-identified risks
3. Gauge the residual risk that prevails after remediation
4. Develop strategies that mitigate these risks and standardize them

By implementing such stringent measures any chances of money laundering or other AML risks can be mitigated effectively.

Knowledge-Based Authentication

It is a common form of authentication to identify and scrutinize a client by asking simple questions known to the user such as mother maiden name, first school name, best friend's birth date, etc. in order to grant them access to your services. KBA questions are set such that they are easily recollected by the mass, have only a singular answer and strangers apart from the target user should be able to guess it.Knowledge based authentication
Thanks to the advent of social media and the information blast, it is only a matter of time for someone to know the answers to such KBA questions. Compliance Solutions recognized the vulnerabilities in Knowledge-based authentication and developed solutions such as biometric verification, OCR, etc. 

What is Video-based KYC?

Video-based customer identification or Video KYC refers to authenticating an onboarding customer identity where the customer can complete the KYC process using a remote link anywhere via video call.
Video KYC-1
Is video KYC different from digital KYC?
Video KYC is an improved variant of the digital KYC process that provides a 360-degree view of customer identity while extracting information from the uploaded documents using optical character recognition (OCR) and verifying identity at the same time to prevent fraud.

The industries that need video KYC
1. Banking and financial institutions
2. Insurance provider
3. Mutual funds
4. Non-banking financial institutions
5. Digital payments
6. Digital lending
7. Money exchange and remittance companies

Is video KYC safe?

Yes, video KYC is safe. It is a customer due diligence process that verifies the customer identity in real-time while checking the liveness of the customer. Our technology used in this process is automated document recognition and face-match analysis backed up with AI/ML algorithms. Also, a company cannot store your sensitive information.
Safe KYCPre-cautions customers can take while performing Video KYC:

1. Do not share your remote video KYC link with anyone
2. Never share your sensitive details such as Aadhaar number or PAN card MRZ code while initiating the video KYC procedure
3. Always upload a masked Aadhaar card for document verification
4. Check your background lightning before instating the video KYC process

How to perform video KYC?

KYC is an integral part of customer due diligence and, all compliant regulators must perform video KYC to verify customer identity. It is crucial for banks, NBFC, payment gateway, digital lending, trading finance, and other financial institutions to perform checks and analysis with video KYC.
Perform Video KYC
Steps to perform video KYC with KYC Hub

1. Login into the KYC portal and enter your credentials

2. Fill in your details and selects checks to perform
3. Visit the remote link and initiate the video KYC process
4. Upload the required documents
5. Align your face according to the directions shown on the screen and perform a liveness check
6. Customers can verify if KYC is successful or failed via the dashboard

What are the regulatory guidelines in India?

Video KYC is a customer due diligence process that helps to verify and authenticate customer identity. Financial institutions should be 100% compliant with RBI and SEBI to perform KYC regulations.
Document checklistSome of the regulatory guidelines to follow:

1. The image uploaded should be clear and coherent.

2. The face image of customers should match with the uploaded ID.
3. Institutions should capture a clear face image of the uploaded document.
4. IPV address verification or geo-tagging enablement to ensure the customer is in India or not?
5. While uploading the Aadhaar offline XML file (if), it should not be older than three days.
6. A complete audit trail of the video KYC process.

What is PEP?

A politically exposed person (PEP) is someone with their prime position in the state or government, is susceptible to be involved in bribery, fraud, or corruption. The financial task force (FAFT) issues a frequent recommendation on the PEP list.

Risk factor
The types of PEP list exist on the guidance issued by FATF, categories PEP as
1. Government Officials
2. Senior Executives
3. Political Party Official
4. Relatives and Close Associates

How to do PEP Check
PEP Checks are done at the beginning of the opening of onboarding customers could be any individual who is opening an account, also known as Know Your Customer (KYC). Although it’s not a regulation PEP check should be performed once every month for domestic clients and regularly for international clients.

What is RCA?

Relative and close associates (RCA), also known as PEP by the association are typically a known person of a politically exposed person (PEP). The guidance issued by FAFT is that RCA must be a close relative to a PEP and there should be regular monitoring of PEPs and RCAs for any negative news.


The relative and close person of the politically exposed person is as follow:
1. Spouse
2. Partner
3. Children
4. Parents
5. Close Friends
6. Legal advisor
7. Business associates

RCA monitoring and screening
According to FAFT guidelines, it is mandatory for all financial institution who works with compliance and fight against money laundering and fraudulent activities. To deal with the risk posed by the RCA, screening should take while onboarding a customer and regular monitoring should be done. The financial institution needs to know the change in pattern or risk exposure of RCA and PEP.

What is UBO?

UBO, also known as the ultimate beneficial owner, is a person or entity that arranges the last decision when a transaction is initiated. EU AMLD4 suggests that any person owning more than 25% of the legal entity is steed as UBO. The main benefit of UBO identification is to prevent fraudulent activities such as money laundering, terror financing, corruption, etc.
Info about UBO

How to check if for the UBO
There are generally four steps to take while identifying a UBO, which are as following

1. Acquire the firm's credential that includes the registration number, firm's address, top management employee and, yearly revenue.

2. Research ownership is the process of identifying the names of the real person who has major shares in the company.

3. Cross out the ultimate beneficial owner. Now after taking all the relevant information make claims of the owner that possess those shares in the company and owners that don't.

4. Do KYC/AML checks. All those marked as UBOs have to go through regular KYC/AML checks.

Foreign PEP vs Domestic PEP?

According to the FAFT guidelines, a PEP is a politically exposed person that is a high-ranking official in the state or government and/or military and defense sector. Foreign vs domestic PEPForeign PEP
According to the FAFT guidelines, a foreign PEP is an "Individual identified as a prominent public figure in a foreign country", which include
1. Head of state and/or government
2. Senior politician or senior official
3. Important political party official

Domestic PEP
According to the FAFT guidelines, a domestic PEP is an "Individual identified as a prominent public figure in a respected country", which includes the same ranking officials above and should go through regular monitoring to identify the risk possessed by those individuals.
Since the risk level of the foreign PEP is much higher than the risk possessed by the domestic PEP, it is easy to do business with the domestic PEP because of geographical reasons. Furthermore, it would be very difficult to generate the red flags for foreign PEP and reduce false positives.

Some important factor to consider while looking out for additional PEP, are the following:
1. The nature of PEP position
2. The PEP business Objectives and goals
3. Exposure to the adverse media or negative news
4. PEP close relative and associates (RCA)

PEP List and Who Qualifies?

The compliance team often asks if there's any dedicated PEP list for foreign and domestic clients and the answer is "NO". A few organizations do publish free information but lack total coverage to meet the regulation provided by FAFT.
PEP checklist
1. CIA World Org List - This online directory of Chiefs of State and Cabinet Members of Foreign Governments is updated weekly by this U.S. Federal agency.

2. – This site contains lists of heads of state and heads of government of select countries and territories going back to 1700.

3. Central Bank of Uruguay PEP List – The list includes people who hold or have held public functions of importance in Uruguay. It is not updated regularly and the last published list was April 2019.

Who qualifies for a PEP?
It is important to understand that not every political person is identified as a PEP, only those whose guidance is issued by FAFT are. But it's not easy to check on PEP by reading all the articles and lists generated on the internet or adverse news might generate false positives. Using KYC Hub software, we can easily identify a PEP within milliseconds and with cutting-edge AI technology and contextual adverse media, it is very easy to find out for PEP. 

Sanction Watchlist and How To Find It?

A Sanction Watchlist is a type of list provided by the financial regulatory authority of every country that includes sanctioned individuals, organizations, and government officials that are in risk-based categories. Furthermore, sanctioned checks are the specialized checks done by a financial institution to get an idea of an individual who is prohibited from certain activities. for instance, OFAC checks are specially designated to the terrorist, narcotics traffickers, blocked persons and vessels, and parties forbidden from conducting business in the US.
The individuals included in the section list are from a certain domain, referred to as:
1. Terrorist
2. Drug Traffickers
3. Terrorist Financing
4. Human Rights Violation
5. Money laundering groups
6. International Contract Violation
7. Weapon Proliferation

Sanction List By Region And Geolocation

The sanction watchlist is used to combat the illicit activities performed by criminals and is majorly red-flagged by the financial institution. However, with the increased number of mules and other helping hands they get away and it is a very crucial task to regularly monitor and screen those individuals that might look suspicious and update the authorities such as FAFT in case of any money laundering activity based on risk policies of your company and/or organisation.


sanction location
There are more than hundreds of sanction watchlists for every domestic and foreign country. These are list generated by financial regulatory authorities of each and every country and some of the trusted and well know sanction watchlist are as follows:
1. United Nations Sanctions (UN)
2. US Consolidated Sanctions (US Sanction Lists)
3. OFAC — Specially Designated Nationals (SDN)
4. Office of the Superintendent of Financial Institutions (Canada)
5. Bureau of Industry and Security (US)
6. Department of State, AECA Debarred List (US)
7. Department of State, Nonproliferation Sanctions (US)
8. EU Financial Sanctions
9. UK Financial Sanctions (HMT)
10. Australian Sanctions
11. Consolidated Canadian Autonomous Sanctions List
12. Consolidated Sanctions List Of The Kyrgyz Republic
13. EEAS Consolidated List
14. SDFM Terror List
15. Us Cia World Leaders Pep List
16. World Presidents Pep List
17. CoE Assembly Pep List
18. Every Politician Pep List
19. Switzerland Consolidated List
20. Capital Market Board Of Turkey Operation Banned List
21. Interpol Wanted List
22. Turkish Terror Wanted List
23. Interpol Yellow Wanted List
24. Interpol UN Wanted List

Non-Compliance of Sanction List

Fail to comply with AML regulation can cause serious problems like punitive fines, criminal proceedings, damaged reputation, and sanctioning. That financial institution credibility and performance, not able to cater to international customers which include freezing of assets by counterparties which results in tremendous pressure on the sanctioned financial institution's liquidity and not only this, the above consequences could and, have, in some instances, led to sanctioned financial institution's ability to continue operation.

non compliance
So financial institutions have to increase their resource power and be proactive in such cases with defining the right AML checks and do contextual and relevant and regular adverse media checks as well. 

What is Aadhaar OKYC?

Aadhaar OKYC or Aadhaar paperless offline XML verification enables regulatory entities to verify customer identity only using reference data fields. Furthermore, no core biometric such as fingerprint or iris scan is required.
Two factor authenticationA user can contact regulatory entities like KYC Hub to download an XML file. It includes phone number, photo, date of birth, email, gender, and address. Aadhaar Paperless Offline KYC data is encrypted using a “Share Code” provided by the Aadhaar number holder while downloading is required to be shared with agencies to read KYC data.

What is Aadhaar Masking?

A masked Aadhaar choice allows you to mask the first 8-digits of your Aadhaar number. It enables a high level of security to sensitive details while performing KYC verification. The reserve bank of India (RBI), the Aadhaar Act, has allowed masked Aadhaar for identity verification.
Business mail protection
RBI suggest regular entities cannot access the sensitive information of a customer so, masking of the Aadhaar card is necessary for customer identity verification. It provides an additional layer of security to the privacy of the customer.

Is Aadhaar card a KYC document?

Yes, the Aadhaar card is a KYC verification document. It is a substitute for other documents used for verification. All other documents like PAN card, voter ID card, driving license, etc, are linked to the Aadhaar card.
Document verification
Advantages of using an Aadhaar card for KYC verification:

1. It is compliant with government standards
2. It promotes a paperless process
3. The risk of document forgery is minimal
4. It should be performed with the consent of the individual
5. Results are in real-time and instantaneous

What is Aadhaar Verification API?

The Aadhaar verification API is a convenient mechanism for the regulatory entities to offer a paperless KYC to the customers and provide an additional layer of security. It aids in the privacy of customers where data is accessible via API calls.
API VerificationThe Aadhaar ecosystem and environment comprises core infrastructures to provide enrolment, update & authentication services. Regulator entities need to develop a testing environment to verify the request/response rate and hit rate from host to server. It will help to understand if there is an error occurred.

Some of the frequent API errors and how to handle them:

1. Pi (Basic) attributes not matched - Customer should re-enter the name, address, DOB, etc.
2. Biometric data not matched - Ensure correct Aadhaar number is entered and use different authentication fingers to access the data.
3. Invalid OTP - Access OTP with registered mobile number only and authenticate the request using the new OTP.
4. Invalid XML authentication - RE should ensure the latest version of API for data requests.

What is E-sign?

eSign stand for electronic signature, allow customers to sign documents digitally. eSign application providers such as KYC Hub integrate with government servers to digitally sign and verify documents. Anyone who is on the country premises can digitally sign documents.

Secure Digital Signture
Is eSign legally valid?
Yes, eSign is legally valid across the country and recognized under the Information Technology Act, 2000. government of India confirms the usage of eSign while Section III of the Act provides for authentication of electronic records. The Government of India via, notification in The Gazette of India, Extraordinary, Part II, Section III, dated January 28th, 2015, has recognized the usage of eSign. 

Which documents can be e-signed?

E-Sign or electronic signature is used for both personal and business reasons where customers can digitally sign documents. Some regular entities like KYC Hub offer Aadhaar based, electronic captured, and pre-captured signatures.
Digital Signature

All of the documents can be e-signed except following:
1. A negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881.
2. A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882.
3. A trust as defined in section 3 of the Indian Trusts Act, 1882.
4. A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925, including any other testamentary disposition by whatever name called.
5. Any contract for the sale or conveyance of immovable property or any interest in such property.
6. Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.

What is Aadhaar based e-sign?

An Aadhaar e-sign is a method of digitally signing the documents, verified by the government database to provide an additional layer of security in customer identity verification and is a replacement to hand-stylus signature. The Aadhaar based e-sign is evidentially more suitable than a wet signature.
How does Aadhaar based e-sign works?
Aadhaar based e-sign is a two-way authentication system that involves a 12-digit Aadhaar number provided by the government of India and OTP-based user identity authentication on a registered user mobile number. It is one of the safest and reliable ways to provide an electronic signature of the user.

Is Aadhaar based e-sign safe?

Yes, Aadhaar based e-sign is one of the safest ways to provide an electronic signature for customer identity verification and document validity. The process of e-sign is transparent to a signer. Moreover, no third party or agency can store user data.
Secure Digital Signture
The other two options are available for user authentication:

1. Aadhaar e-KYC OTP - It is an easy way to authenticate customers. A randomly generated password is sent to the registered mobile number. It is an application-level authentication for online signature validity.

2. PIN - An alternative option to Aadhaar e-KYC OTP is PIN generation. For every registered mobile number, the user can generate a random 4-digits number as a passcode for user authentication. 

What is e-stamp paper in India?

E-stamp paper is a secure digital of paying non-judicial stamp duty to the government of India. Stock Holding Corporation of India (SHCIL) is the only Central Record Keeping Agency (CRA) appointed by the Government of India. The CRA is responsible for user registration, Imprest Balance Administration, and overall E-Stamping application operations and maintenance.
Digital Agreement
Why do we need e-stamp paper?
Certain payments such as home loan agreements, rental agreements, partnership agreements, etc need stamp duty. This stamp duty is paid to the central/state government of India. E-stamp helps the pay the stamp duty to the issuing authority via an online mode. It is an easy alternative to stamp paper.

Benefits of using e-stamp:
1. E-stamp certificates are generated within minutes.

2. It has a higher level of authenticity.
3. The E-stamp certificate is tamper-proof.
4. An E-stamp certificate has a unique identification number.

What is the significance of e-stamp code?

For the documents which are compulsorily registerable e-stamp is not printable before registration completion. It gets printed on the final document after registration. E-stamp code is generated by the system on payment of Stamp Duty and its realization in Government account. Concerning this e-stamp code applicant can view information regarding the amount paid, party details, particulars of the transaction.
Stamp code
The information e-stamp code contains:
1. A unique identification number to ensure e-stamp is not re-used.

2. The issuing date and time of the e-stamp.
3. The user-id code of the service provider.
4. The digital signature or seal of the e-stamp issuing service provider.

compliance landing page info art


Recent Posts

A risk-based approach to AML is defined by the Financial Action Task Force (FATF) as the identification, assessment, and understan...

3rd June 2022   The European Union is preparing to impose its toughest sanctions yet on Russia, banning imports of its oil and pro...

1st June 2022   The European Parliament may soon decide whether to adopt a proposal to broaden the regulation for cryptocurrency b...