As more and more countries were forced to implement lockdowns due to the pandemic, remote working and reliance on online platforms became the norm. In the financial services sector, however, this new way of working has also increased the risk of fraud. Frauds of this type took many forms, including identity theft, account takeovers, and money laundering.
Criminals became more empowered through the remote setting, and eWallets are financially oriented, making them more vulnerable to cybercrime. Regulating this industry became necessary to prevent fraud. Consequently, just like other industries, eWallet firms must comply with KYC and AML frameworks set by global regulatory authorities.
What Is An eWallet?
Digital wallets (or E-wallets) are software-based systems that securely store a user’s payment information and passwords for numerous payment methods and websites. With the use of near-field communications, users can make purchases quickly and easily with digital wallets. Additionally, they can create stronger passwords without worrying about forgetting them later.
As a result of the risks involved, eWallet providers need to implement measures to prevent criminal activity. Service providers must understand the risks they face as well as the applicable legislation in their jurisdiction to ensure that their measures are effective.
E-KYC, also known as electronic KYC, refers to the remote verification of a customer’s identity during the initial registration of an account. It is implemented on an ongoing basis and triggered by events such as a customer performing large transactions or opening a new account.
With an E-KYC process, the customer’s true identity is verifiable, therefore, customer-related risks are evaluated and analyzed. An e-wallet firm that follows this process not only ensures maximum security but also avoids heavy fines and penalties that could arise from KYC/AML non-compliance.
Additionally, e-wallet service providers use facial recognition as a security measure as part of the e-KYC process. With the help of liveness detection, an e-wallet is able to verify a customer’s live presence. It involves detecting facial expressions and eye movements to identify potential spoof attacks.
In order to comply with AML regulations, customers must be screened against criminal watch-lists, Politically Exposed Persons (PEP) lists, adverse media stories, and global sanctions.
Every member state must implement what the FATF has outlined as an AML/CFT framework based on risk. According to this regulation, providers of e-wallet services are required to conduct a risk analysis on every customer to rule out potential criminal threats.
In practice, e-wallets should comply with AML compliance standards by taking the following steps:
- Due Diligence of Customers
This involves verifying and authenticating the customer’s full name, address, date of birth, etc. EDD (Enhanced Due Diligence) measures must be implemented for customers who are designated with a high-risk rating.
- Transaction Monitoring
E-wallet service providers should monitor customer transactions to identify suspicious activity that may be indicative of money laundering. If a suspicious transaction is detected, the firm must file a Suspicious Activity Report (SAR) with the authorities.
- Ongoing Screening
In order to minimize reputational and financial risks, e-wallet firms need to conduct ongoing customer screenings. E-wallet users are verified against global sanctions and criminal watch-lists during this process.