2022 was a fast-paced and dynamic year for compliance professionals filled with new challenges every step of the way. Can we expect more of the same in 2023?
Not only is the answer to that question a resounding yes, 2023 is stacking up to be a year that will bear witness to the most significant regulatory changes to compliance professionals in decades. The acceleration of digital transactions over the past few years has fundamentally shifted the compliance landscape, and it will continue to drive transformative change for the foreseeable future.
With so much concurrent change combined with increasing scrutiny from regulators, it can become overwhelming to understand how your organization can best prepare for the new regulatory landscape. To help you prioritize the planning of investments in people, processes, and systems to fight financial crime, we’ve examined the most impactful U.S. and global trends we foresee this year.
U.S. Domestic Trends
FinCEN Regulatory Changes / Anti-Money Laundering Act 2020 Residuals
FinCEN will be enacting a number of regulatory changes to meet the Anti-Money Laundering Act of 2020 (AMLA) requirements to meet the stated goals of modernization, leveraging new technology and streamlining information sharing between FIs, regulatory agencies, and law enforcement.
Of note we are expecting to see:
- Expansion of the minimum consumer personally identifiable information (PII) required for consumer identification programs (CIPs) from name, date of birth, address and identification number to require additional elements such as IP address and device data
- Identity assurance tied to a risk-based approach; stronger requirements based on higher risk profiles or financial products
- Changes in customer sanctions monitoring requirements and typologies
- Creation and use of a new registry for FIs, regulators and law enforcement agencies for Know-Your-Business (KYB), Ultimate Beneficial Owner (UBO), relationship detection and management
- Customer due diligence (CDD) rule updates to combat synthetic identity fraud and UBOs
Consumer protections will also be a significant theme of new regulatory changes, with emphasis on practices designed to improve controls to limit fraud and combat both synthetic identity fraud and third-party fraud.
Organizations need to prepare now for these forthcoming changes and increased CDD this year and into 2024 as they will likely require significant investments in technology and process changes to fully comply.
KYB, UBO, Relationship Detection and Management
Expected FinCEN regulations establishing a registry of beneficial ownership information, reporting requirements, and requiring due diligence on KYB and UBO will represent a new requirement in CDD programs for your organization. While understanding the business and ultimate beneficial owner are already required, increased scrutiny and formal standards for what constitutes proper due diligence will expand the scope for compliance professionals.
Sanctions compliance related to KYB and UBOs will also become standardized with an expectation that organizations will establish traceability to decipher legal ownership across borders and different legal entities that may be used to obfuscate detection. Modernization of processes and systems to enable this level of verification will represent the need for investment and resourcing to execute and document these processes.
Consumer Financial Protection Bureau (CFPB) Increased Consumer Protections
Consumer protection will be a significant theme in 2023. The CFPB is readying new regulations, or requirements for self-regulation in the form of new controls to limit third-party fraud and synthetic identity fraud. Of particular impact for FIs, the tactic of “prefilling” consumer data has come under scrutiny in recent regulatory audits with guidance to cease this practice.
The use of prefilled consumer data has enabled instances of bad actors acquiring full consumer PII from just a few elements, as well as running afoul of requirements that consumer PII data be input by the consumer for CIP. We expect a formal prohibition of “prefilling” consumer data for regulated entities.
In addition, Congress has begun to focus on investigating the prevalence of P2P scams, as well as rampant fraud on payment platforms and its financial impact to consumers, making this a likely area for tightened regulation. Depository institutions could become liable to bear the losses from these scams, which could result in a doubling of losses from synthetic fraud due to the shift of the burden from consumers to FIs.
Perhaps the most visible area requiring regulatory oversight in the eyes of consumers and the CFPB has been the collapse of several cryptocurrencies and exchanges. While FTX has received the most attention, the industry as a whole was already facing regulatory review at the beginning of 2022 at the direction of an executive order from the White House. Given recent events, the growth of non-intermediary financial institutions, and consumers’ ability to access them directly from providers, formalized regulation is imminent.
In our view we view this as a net positive for the market, as it will bring stability with greater consumer protections while leveling the playing field for all participants. Regulators including the Commodity Futures Trading Commission (CFTC), Securities and Exchange Commission (SEC), and others will deliver formal rules on the treatment of these digital assets as well as the specific regulatory bodies that will have oversight. This will result in greater clarity to a market over which a potentially large number of regulators could otherwise claim jurisdiction.
Compliance professionals should prepare for regulatory enhancements of sanctions to expand beyond named entities to now encompass crypto wallet addresses and others that will necessitate technology investments to adhere to compliance requirements. This will further increase the complexity and scope of your sanctions program under an already dynamic and heightened state of regulatory scrutiny.
Much has been written about Millennials, born between 1981-1995, as the most dominant financial force in the market today. In a little over a decade, Gen Z, born from 1996-2012, will be taking over the economy.
This younger cohort is more dynamic in following financial innovations and less loyal to FIs they may already be doing business with. At the same time, for compliance professionals they are harder to identify with traditional KYC/CIP processes from thin, or even non-existent financial and credit histories. A sizable number of Gen Z consumers 18 to 19 years old also lack government issued identification, such as a driver’s license, that most enterprises require to onboard new applicants.
Concurrently, large proportions of the population are entering higher health and fraud risk stages as they approach and surpass retirement age. As a result, it is expected elder abuse and victimization will continue to rise in 2023 and in the years ahead.
Compliance teams need to adapt to these demographic changes by ensuring that they have the right tools in place to accurately identify younger populations, while simultaneously monitoring accounts of older consumers for potential fraud.
Perpetual KYC and Ongoing Dynamic Risk Rating
One trend which has attracted the attention of regulators and compliance leaders is the power of continuous monitoring of customer information which provides the ability to detect changes to consumer status that may indicate risk. This approach is known as Perpetual KYC (pKYC).
Powered by technology, the pKYC approach enables automation across all end-to-end periodic KYC review process steps. Instead of focusing primarily on onboarding and regular updates at prescribed intervals, this approach employs continuous monitoring to alert you in real-time to any changes in a customer’s risk profile so it can immediately be addressed, rather than lurking in your portfolio as a risk, or a potential issue uncovered in an audit that may result in a fine.
pKYC is driven by a dynamic risk assessment of the changed customer information, leaving only a small subset of the more complex cases requiring some degree of manual review. Customer information is continuously changing as life events unfold. Most updates are expected over time and of little concern, however, others may be less benign.
This globally recognized risk-based approach, encouraged by the Financial Action Task Force (FATF), outlines the risk factors to be considered when assessing the risk of clients. Many different types of risks can be identified with this approach including:
- Identity records
- Source of wealth
- Political exposure or corruption
- Customer behaviors that may result in a Suspicious Activity Report (SAR)
- Source or destination of funds
- Customer product fit
- Domestic geographic risk
- International ties or activity
- Sanctions or terrorism
Distribution or Channels
- Interactions and traceability
- Contact and liveness
The result of bringing a pKYC approach to your organization is timely, efficient, and effective compliance and fraud risk reduction across your portfolio. As such, we believe it will become expected by regulators as well.
Assessing the high volume of information from pKYC will require new, more efficient tools and processes. Having insights into consumer data changes as they happen may also benefit your organization on the revenue side by uncovering opportunities to expand the customer relationship that may have otherwise gone unnoticed. This would aide in shifting the perception of the compliance organization from being solely a cost center to one that has strategic, and potentially financial benefit.
Dynamic Sanctions Environment and Enforcement
The last year has brought some of the most intense focus on sanctions in recent memory due to geo-political events.
Sanctions focus areas to date include:
- Full blocking sanctions on significant financial institutions
- Sanctions on political elite and family members
- Sanctions on enabling individuals and entities
- Debt and equity restrictions on enterprises and entities
- Restrictions on importing technological goods
- Export controls targeting oil refining
- Banning aircraft from entering/using domestic U.S. airspace
- Fifty percent rule adopted by the EU regulatory community
New pressures on detection, traceability, and seizures are increasing. The use of sanctions by government agencies will expand in 2023, as will the expectations for what constitutes compliance for regulators.
The use of audits and subsequent penalties have increased in scope and frequency. While your organization may have been able to perform periodic rescreens against your customer list in the past to ensure compliance, that strategy is no longer sufficient in an era of daily, if not hourly, updates to the Office of Foreign Assets Control (OFAC) lists and the increasing expectation from regulators that affected customers are immediately sanctioned as required.
It is recommended that your organization rescreen against sanction lists at least daily. However, even daily updates still leave some risk of exposure. The best protection for your organization is continuous watchlist and sanctions monitoring so you are alerted in real time to any risks requiring your attention, and avoid fines from a regulatory audit.
Environment, Social and Governance (ESG) Trends
ESG has gained a great deal of momentum over the last few years from both investor demands and external pressures, driving the attention for many risk areas impacting society today. This has extended to raising awareness of financial crime typologies. Defining, measuring, and reporting ESG can be complex in terms of both quantitative and qualitative methods. Regulators have included ESG factors in their upcoming priority plans for 2023, so your organization should take note and start investing in resources and putting processes in place to address this emerging area of regulatory focus.
ESG-related detection of crime typologies can include:
- Environmental crime and wildlife crime trends (FATF reports and task forces)
- Human trafficking and migrant smuggling (domestic and global)
- Consumer protection to detect fraud and corruption
- Domestic violence, extremism, and supremacy groups
Ensuring all forms of predicate crimes are included within anti-bribery, anti-corruption, and AML programs is a recommended best practice as ESG requirements emerge in 2023, along with building and sharing metrics to empower management to support your crime fighting projects.
Compliance Budget Pressures
With so much in play in 2023, it can be hard to determine what to prioritize. Cost pressures as an economic downturn may be at hand may limit budgets, all while the labor market continues to sustain tight competition for talent. The increasing demands from regulators have added another layer of pressure on compliance budgets that may require new systems, people, processes, and tools to address the changing landscape.
As compliance requirements grow, threats grow ever more complex, and the risk of regulatory fines increases the need to focus on procuring the right tools to automate and scale to these new challenges. The right technology can greatly reduce the operational impacts today’s compliance environment presents to your organization, all while bolstering your compliance program to ensure it is well prepared to withstand a regulatory exam.
Socure Can Meet Your Toughest Compliance Challenges
With so much changing and the stakes higher than ever before, you need modern compliance tools and technology to adapt to the new compliance landscape.
Socure KYC leverages patented AI/ML technology for automation, unmatched data coverage, matching, and risk signal detection by correlating thousands of identity data points—online and offline—to accurately identify the correct consumer. Your organization will also benefit from the expanded set of CIP data points regulators are expected to require at onboarding.
Socure’s Global Watchlist with Monitoring leverages sophisticated matching algorithms, proprietary data, and true continuous monitoring to deliver industry-leading accuracy and uninterrupted compliance with Know Your Customer/Customer Identification Procedures (KYC/CIP) regulations.
Rather than rely on outdated batch processes that can be time consuming and expose you to risk, Global Watchlist with Monitoring enables real-time alerting so you are immediately notified of risk and always remain compliant. For example, in the case of recent sanctions on North Korea, a Socure Global Watchlist with Monitoring customer would have received a notification within 15 minutes of the new additions to the sanctions list if these entities matched an existing customer.
Global Watchlist delivers customizable coverage for:
- Specially Designated Nationals (SDN)
- The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN)
- Global sanctions and enforcement lists
- Politically exposed persons (PEP)
- Adverse media, and more
Socure can also identify any risk that currently exists in your portfolio so you can take action and prevent penalties.
Contact us today to get your organization on the path to confident compliance in 2023.
Matt is the Director of Product Marketing for KYC and Global Watchlist solutions at Socure. Prior to Socure, Matt established and led the product marketing efforts for fraud and identity solutions at TransUnion.
How Legacy Identity Verification Vendors Expose Your Enterprise...
The strength of an identity verification solution is not determined solely...
How Socure KYC Increases Coverage and Accuracy Performance,...
Think of all the times you’re asked to identify yourself: getting...