Financial institutions (FIs) and merchants are getting used to life with the European Union’s 5th Anti-Money Laundering Directive (5AMLD), which took effect on January 10, 2020. It comes with stronger Anti-Money Laundering/Know-Your-Customer (AML/KYC) regulations than ever before, extra scrutiny for cryptocurrency exchanges — and 6AMLD is already in the works.
The January 2020 PYMNTS AML/KYC Tracker® details new rules under 5AMLD, with its additional Counter Terrorism Financing (CTF) restrictions. Use cases illustrate how e-tailers and their financial partners are navigating a complex tangle of new digital fraud regulations.
Crypto in the crosshairs
The EU’s fifth AML/KYC directive is squarely set on making companies redouble anti-cybercrime systems implementations ahead of the next wave of EU regulations, coming at the end of this year. Hammering on cryptocurrencies after two-thirds of active crypto exchanges were found to have lax KYC screening in Q3 2019, the EU revised regulations and ordered players in the space to carry out KYC checks on transfers over $1000, along with reporting suspicious activity.
A few exchanges and fiat currencies balked at the directive, either moving corporate headquarters to more accommodating nations, or in some cases just shutting down, as was the case with bitcoin payments outfit Bottle Pay. Online gambling also gets special attention under 5AMLD as gaming sites are being widely implicated in money laundering activities.
Legacy identity verification techniques are part of the discussion around 5AMLD. The January PYMNTS AML/KYC Tracker quotes Ryan Fox, head of global identity services at PSP Worldpay from FIS on the hack-to-fraud cycle, explaining that unsuccessful hack attempts often just appear harmless as fraudsters get better at hiding activities in plain sight.
“The [attack that is] exclusively [seen as] a cyberthreat is no longer just a cyberthreat in and of itself, [but] a means to an end from a fraud perspective,” Fox told PYMNTS, noting that conventional security like knowledge-based authentication (KBA) is now too easily defeated.
6AMLD closes in
Payment services providers (PSPs) figure prominently in AML/KYC efforts and must go levels deeper than their merchant clients, performing Know Your Business (KYB) checks and remaining compliant as real-time payments and instant money become industry standard.
PSPs are tightening up merchant vetting and onboarding procedures to keep on top of the new regulations and turning to RegTech firms for the automation and scale that 5AMLD demands. Cybercrooks are countering with synthetic identities, deep fakes and more exotic forms of fraud as the entire payment ecosystem absorbs 5AMLD and awaits the December 2020 arrival of 6AMLD, now just 10 months away … and counting.
Other highlights from the latest AML/KYC Tracker include these items of interest:
- Germany is enacting 5AMLD with extra provisions that would force foreign payments players (like Apple Pay) to disclose certain data in a bid for greater transparency
- Deribit, the crypto derivatives exchange, is leaving its Netherlands home for Panama in the wake of 5AMLD, where the government has a more relaxed AML/KYC posture
- Credit union service organization (CUSO) CULedger is talking up its blockchain solution for credit unions using the MyCUID digital credential for KYC identity compliance