interactive workshop: digital identity and ekyc how to look at...
TRANSCRIPT
![Page 1: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/1.jpg)
1/22/2020
1
1
Interactive Workshop: Digital Identity and eKYCHow to Look at the Growing Technology Requirements and
Financial Crime-related Risks互動研討會:電子身分與電子化了解您的客戶 (eKYC)如何看待逐漸提升的技術需求及金融犯罪相關風險
Moderator 主持人:Dr. William Scott Grob, CAMS-FCI, AML Director – APAC, ACAMS公認反洗錢師協會亞太區反洗錢合規策略總監高威廉博士 (CAMS-FCI)
Speakers 講者:Brian Huang, Chief Compliance & AML officer, Cathay United Bank國泰世華銀行總機構法遵主管暨洗錢防制專責主管黃允暐YU Man Him, CAMS, Partner, Forensic & Integrity Services, Greater China., Ernst & Young Advisory Services Limited安永(中國)企業咨詢公司法政調查服務合伙人余文謙 (CAMS)
16 January 2020
2
![Page 2: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/2.jpg)
1/22/2020
2
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
3
Analyzing how digital identities and eKYC fields used in digital banking and compliance systems分析數位銀行及法規遵循制度如何應用電子身分與電子化了解您的客戶 (eKYC)
Reviewing examples for practical guidance on how to strengthen AML/CTF requirement in digital channels參閱實用指引的範例,瞭解如何加強數位通路的防制洗錢 / 打擊資助恐怖活動的必備條件
Detailing technology and project management best practices for understanding potential AML vulnerabilities詳細說明技術與專案管理最佳實務,以利理解防制洗錢的潛在漏洞
Agenda
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
92 04 39
4
![Page 3: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/3.jpg)
1/22/2020
3
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
5
What do you want to learn from this workshop?您想從這次研討會中學到什麼?
a) Increased awareness 增強意識
b) Know the pros and cons 了解優點和缺點
c) The vulnerabilities 漏洞
d) The impact to my job 對我的工作的影響
e) The technology 技術
Question 1
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
FATF DRAFT GUIDANCE ON DIGITAL IDENTITY
6
Digital ID systems use electronic means to assert and prove a person’s official identity in online (digital) and/or in-person environments at various levels of assurance.
In NIST digital ID Guidelines, digital ID systems involve two essential components: Identity proofing and enrolment (with initial
binding/credentialing) Authentication and identity lifecycle managementAnd one optional componentPortability and interoperability mechanisms
![Page 4: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/4.jpg)
1/22/2020
4
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
FATF DRAFT GUIDANCE ON DIGITAL IDENTITY
7
Digital ID relevant technologies include:
• a range of biometric technology
• the near-ubiquity of the Internet and mobile phones (including the rapid evolution and
uptake of “smart phones” with cameras, microphones and other “smart phone”
technology)
• digital device identifiers and related information (e.g., MAC and IP addresses; , mobile
phone numbers, SIM cards, global position system (GPS) geolocation);
• high-definition scanners (for scanning drivers licenses and other ID);
• high-resolution video transmission (allowing for remote identification and verification
and proof of “liveness”);
• artificial intelligence/machine learning (e.g., for determining validity of government-
issued ID);
• and distributed ledger technology (DLT)
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
DIGITAL IDENTITY in Taiwan
8
• Electronic Signature Act(2001 Nov.14)電子文件 Electronic record電子簽章 Electronic signature數位簽章 Digital signature加密 Encrypt憑證機構Certification service provider憑證Certificate
• Nature Person Certificate 自然人憑證
• National Health Insurance IC card 健保卡
• National Identification IC card國民身分證IC卡 ( planned to issue in 2020)
![Page 5: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/5.jpg)
1/22/2020
5
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
DIGITAL IDENTITY relevant regulations
9
Bankers Association self-regulations:•金融機構辦理電子銀行業務安全控管作業基準Different risk level transaction requirements
•銀行受理客戶以網路方式開立數位存款帳戶作業範本Different Certification requirements for Digital Deposit account
Opening
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
FATF DRAFT GUIDANCE ON DIGITAL IDENTITY
10
Digital Identity on FATF standards on CUSTOMER DUE DILIGENCE
Recommendation 10 (a) permits financial institutions to use “documents” as well as “information or data,” when conducting customer identification and verification.
• “Reliable, independent” identity evidence • Risk-based approach to CDD • Non face-to-face business relationships and transactions
![Page 6: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/6.jpg)
1/22/2020
6
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
FATF DRAFT GUIDANCE ON DIGITAL IDENTITY
11
Recommendation 10 (d), regulated entities must conduct “ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.”
• Ongoing due diligence on the business relationship • Customer Profiling using digital track• Transaction Pattern• Behavior Analysis (Usage pattern, Locality, “source of funds”)• Relationship Analysis • Machine Identity (cookies, Cell phone version, Browser version…)• Common Identities (email, phone, address, password(?), common settings…)
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
BENEFITS OF DIGITAL ID SYSTEMS FOR AML/CFT COMPLIANCE
12
Potential Benefits• Strengthening CDD
• Minimise weaknesses in human control measures
• Improve customer experience and generate cost savings
• Transaction monitoring
• Financial inclusion
![Page 7: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/7.jpg)
1/22/2020
7
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Risks and Challenges OF DIGITAL ID SYSTEMS FOR AML/CFT COMPLIANCE
13
Risks and Challenges
• Identity proofing and enrolment risks
• Impersonation risks and synthetic IDs (involving cyberattacks, data protection and/or security breaches)
•Authentication and identity life cycle management risks
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Best Practices
14
Key Steps by Team work
• Identifying the risk of new technologies adopted
•Analysis the necessary mechanism(s) to mitigate the risk , when enjoying the benefits from using new technologies
•Periodical Review of Effectiveness / Efficiencies
![Page 8: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/8.jpg)
1/22/2020
8
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Digital identity and eKYC: How to look at the advancing Reg/AML technology in mitigating financial crime risks?
• Manhim Yu
• Partner, Forensic & Integrity Services
• Ernst & Young Advisory Services Limited
• 16 January 2020
15
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Contents
1. Digital identities and eKYC
2. Advanced technology for AML/CFT controls
16
![Page 9: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/9.jpg)
1/22/2020
9
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Digital identities and eKYC
17
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Transition from traditional KYC to eKYC
Face-to-face customer onboarding
Manual verification of identification documents
Manual screening and adverse news search
Information extractionOptical character recognition (OCR) to extract information from ID Document
Remote customer onboardingUse of electronic channels such as mobile application for customer onboarding
Identity authenticationVerification of ID document to ensure validity
Automated screening and monitoringIntroduce technology such as RPA into screening and transaction monitoring system
Identity matchingSelfie capture and liveness detection to ensure facial recognition matches with ID document
Transition of traditional KYC to eKYC
18
![Page 10: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/10.jpg)
1/22/2020
10
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Underlying Risk of eKYC
Below diagram shows the underlying risk of eKYC:
19
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Ways to mitigate the risks of eKYC
Impersonation fraud
Technology risk
Data privacy and cybersecurity
Evaluate the adequacy of cybersecurity regarding customer onboarding and develop respectivemaintenance plans
Ensure privacy of customers are well-protected through implementation of IT controls.
Establishment of robust transaction monitoring system tailored to the characteristics of various paymentchannels is essential to ensure that these payment channels will not be exploited to facilitate thelayering of transactions to obscure the source or destination of funds.
Expanded payment channels
Make use of data from multiple sources through the adoption of a comprehensive database andincorporate qualitative checks to ensure information supplied for KYC is true and genuine.
Ensure technology deployed is sufficient to authenticate the customer.
Ensure eKYC technology (e.g., liveness detection for facial recognition) has been tested thoroughly priorto launch;
Assess risk and equip skilled personnel;
Design a comprehensive back-up plan in case of technology failure.
While connectivity is enhanced by facilitating businesses through a digital platform, it also implies thatcustomer on-boarding could be completed non-face-to-face, anywhere, anytime. Enhanced due diligencemeasures should be implemented to ensure that customer’s identity is legitimate prior theestablishment of business relationship.
Geographical risk
Emerging risks How to mitigate the risk?
20
![Page 11: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/11.jpg)
1/22/2020
11
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Advanced technology for AML/CFT controls
21
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Robotics Process Automation (“RPA”) consists of software that mimics human interaction with core systems, web, and desktop applications to executeprocesses in a repetitive, audited and controlled manner. Robots are a virtual workforce that sit alongside existing infrastructure.
Below are the common areas where RPA is used:
Financial crime robotics
22
![Page 12: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/12.jpg)
1/22/2020
12
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Benefits of using robotics automation in financial crime compliance
23
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Robotics process in customer due diligence process
1. Identify the customers 2. Verify the identity of the customers 3. Name screening for sanctions / PEPs
4. Obtain information on source of funds /
source of wealth6. Negative news search7. Senior management approval 5. Obtain information on reasons for intended
or performed transactions
When EDD procedures are necessary
Defined RPA/ Bots
Below is an illustrative example of the use of robotics in the customer due diligence process:
Below is an illustrative example of the use of robotics in the customer due diligence process:
24
![Page 13: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/13.jpg)
1/22/2020
13
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Robotics process in transaction monitoring alert clearanceLevel 1 investigation
Below is an illustrative example of the use of robotics in the transaction monitoring alert clearance process:
Defined RPA/ Bots
Investigators
25
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Defined RPA/ Bots
Investigators
Robotics process in transaction monitoring alert clearanceLevel 2 investigation
26
![Page 14: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/14.jpg)
1/22/2020
14
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Defined RPA/ Bots
Investigators
Robotics process in transaction monitoring alert clearanceLevel 3 investigation
27
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
28
What additional information would like to know?您想知道哪些其他信息?
a) More on the regulation有關法規的更多信息
b) Impact on my AML program 對我的反洗錢計劃的影響
c) Privacy concerns 隱私問題
d) Risk assessment concerns 風險評估關注
Question 2
![Page 15: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/15.jpg)
1/22/2020
15
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Digital Identity Risk Assessment 電子身分風險評估Customer 顧客
Biographical Data 傳記資料
Attached documents 附加文件
Photo /Video 照片/視頻Passport / National ID 護照/身份證
Time 時間Place 地點Device 儀器
Legal Name合法姓名Date of Birth / Age出生日期/年齡Legal address 地址Citizenship / Jurisdiction國籍/管轄權National ID number身份證號碼Telephone 電話號碼Email address 電郵地址
Disclosure 公開
Capture Attributes 採集屬性
User Consent 用戶同意
Identity Number身份證號碼
Application Password 申請密碼
Unique ID # / Acct # 獨特身份證號碼
Credential Testing 憑證測試
Security 安全性
Device儀器
Device of use 儀器用途
Device of residence儀器產地
Device of user 儀器用者
Device number儀器號碼
Device stable IP address儀器網際網路通訊協定地址
Location位置
Country of use 使用國家
Country of residence 居住國家
Current GPS 當前的GPS
Scope of use 使用範圍
Inclusion / Exclusion 包含/排除
Area of Use Authentication 使用認證範圍
Device Authentication 設備認證
Jurisdiction Authentication 司法管轄區認證
Facial 面部Voice Fingerprint Retina 視網膜
Cookies 網路跟蹤器
User Authentication 用戶認證
Trust Score 信任分數
Product / Service 產品/服務
Product attributes 產品屬性
SIM card registration SIM卡註冊
29
Facial 面部Voice 指紋Fingerprint 指紋Retina 視網膜
Step 1 – Assess the customer, product,
geography, channel, and device features
步驟1 –評估客戶,產品,地理位置,渠道和設備功能
Step 2 – Assess
the risk
步驟2 –評估風險
Step 3 – Assess the risk
mitigation and controls
步驟3 –評估風險緩解和控制
Step 4 – Evaluate the overall
impact to the organization
步驟4 –評估對組織的總體影響
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Inherent Threats 固有威脅
ID spoofing 身份欺騙
Device spoofing 設備欺騙
Insiders 內部人士
Counterfeit ID 偽造身份證
Substitutes 替代品
3rd Party use 第三方使用
Non activity 非活動
Fraud / Elderly abuse 欺詐/虐待老人
Romance fraud 網上情騙
Cyber attack 網絡攻擊
Misuse of an account 濫用帳戶
Controls控制
Digital KYC Policy 電子 KYC政策
Customer scoring 客戶評分
3rd reference checks 第三次參考檢查
Terms & conditions 條款及細則
Media screening 媒體篩選
Sanctions screening 制裁篩選
Simplified / Standard / EDD triggers簡化/標準/ EDD觸發器
Periodic Reviews 定期審查
Trigger events 觸發事件
Analytics
Change of Behavior 行為改變
Change of use 用途變更
Transactional Monitoring 交易監控
Quality Checks
Risk Appetite
Governance 管治
Audit / Assurance Reviews 審核/保證審查
Assessment Reviews 評估評論
Velocity of transactions 交易速度
Use by time / day patterns 按時間/日期模式使用
Pattern of use 使用方式
In / Out patterns 輸入/輸出模式
Rate of increase 增長率
% of high risk activities 高風險活動的百分比
Jurisdictions restrictions 轄區限制
Enhancements 增強功能
Limitations 局限性
Customer & Products 客戶與產品
Step 1 – Assess the customer, product,
geography, channel, and device features
步驟1 –評估客戶,產品,地理位置,渠道和設備功能
Step 2 – Assess
the risk
步驟2 –評估風險
Step 3 – Assess the risk
mitigation and controls
步驟3 –評估風險緩解和控制
Step 4 – Evaluate the overall
impact to the organization
步驟4 –評估對組織的總體影響
30
Digital Identity Risk Assessment 電子身分風險評估 (Cont’d)
![Page 16: Interactive Workshop: Digital Identity and eKYC How to Look at …service.tabf.org.tw/tw/User/2020aml/doc/2020_TW_T5... · 2020-01-21 · 1/22/2020 4 ACAMS 11th Annual Taiwan Conference](https://reader031.vdocuments.pub/reader031/viewer/2022011912/5f98a493a8a61b59725cec6b/html5/thumbnails/16.jpg)
1/22/2020
16
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
Key Takeaway (Mr. Huang)
31
• Knowing the new technologies
• Benefits, Risk and Challenges of adopting digital identities
• Regulations for digital banking are all important for AML/CFT
• FATF draft guidance on Digital Identity
• Best practices by Team Work!
ACAMS 11th Annual Taiwan Conference – “Enhanced AML and Financial Crime Tools & Techniques”
32
Thank you!
Questions?