How to choose your "AML-compliant"​ eID-verification provider?

How to choose your "AML-compliant" eID-verification provider?

Over the past few days I’ve noticed some ID & AML software adverts from companies across the world claiming to be “AML compliant”! These so called “platforms” are not "AML compliant", in fact most of them don’t even know what SRA's AML Compliance even means. Fact!

For those of you interested in AML compliance for law firms, so "compliance" which is in line with the Solicitors Regulation Authority rules, please note:

  1. A digital “eID check” alone does not provide complete AML compliance for your practice. If you see adverts from companies that just provide ID-checks claiming to be fully-AML compliant, please avoid them.
  2. Also, a digital “eID check” with “PEPs & sanctions” checks doesn’t make your firm AML compliant. It is part of the compliance requirements, however, it is not complete AML-compliance.
  3. Using a platform through which your clients simply upload a “copy” of their passport and then send this to you (unverified) is also not AML compliance. That’s why these cheap platforms costs £5 or less. A full AML/ID platform check costs £25+. 
  4. We have “legislation” in this country that solicitors and law firms must understand and adhere to in order to ensure AML compliance. So please read up about this. This advice goes for lawyers and technology firms. 

So, in summary, in order to comply with the AML regulations, your firm needs to:

  1. Undertake risk assessments, both of your firm, as well as relevant clients and matters. AML Process starts with risk assessments. 
  2. Identify and verify identities of your clients and any beneficial owners of your clients. This is where eIDV platforms fit in. One of the best platforms is Verify 365.
  3. Identify sources of funds and wealth, where relevant. Only platforms such as Verify 365 and Thirdfort provide this.  
  4. Train your staff to recognise “red flags”. eIDV providers won’t do this for you. This is an internal process.
  5. Appoint a Money Laundering Reporting Officer (MLRO) to alert the National Crime Agency where they suspect they have encountered the proceeds of crime. eIDV providers won’t do this for you. 

Where relevant to the size and nature of the business undertake an independent audit, screen your staff, and appoint a Money Laundering Compliance Officer (MLCO) to supervise your compliance work. Again, eIDV providers won’t do this for you. 

AML Compliance can often be a significant task, so we recommend that you determine how you will carry out the above before you provide services that are in scope of the AML regulations. eIDV providers cannot do this for you. And speak to experts, e.g. have a conversation with Advantage Consulting's legal compliance team, as they work with 500+ law firms, so they can help your practice.

In terms of Client Due Diligence, your practice must have clearly documented PCPs based on your practice-wide risk assessment which should include: 

  1. Client Due Diligence procedures (including procedures to identify the ownership and control structures of non-natural persons).
  2. Identification and verification (ID&V) procedures relating to natural persons (this includes ID&V procedures in relation to the ultimate beneficial owners of non-natural clients, and those purporting to act on behalf of a client) 
  3. Procedures to facilitate a clear understanding of the client’s source of wealth and funds in relation to a transaction, and the level of evidence required, in line with the risk profile of the client/matter. 
  4. Procedures to facilitate reporting of discrepancies between Beneficial Ownership information obtained through due diligence checks and what is held on the Companies House register.
  5. Enhanced Due Diligence procedures – including the provision of adequate controls to manage higher risk clients/transactions, and measures to establish Source of Funds/Source of Wealth where appropriate.
  6. The practice’s position on the use and application of Simplified Due Diligence
  7. The timing of any due diligence procedures.
  8. The practice’s position on the use of R39 Reliance and any related procedures. 
  9. The ongoing monitoring of clients and their matters.
  10. The identification of instances where it is required or appropriate to re-apply or renew CDD or EDD on a client.
  11. Dealing with the return of un-solicited or apparently accidentally deposited funds. 
  12. Identification and scrutiny of any complex or unusually large transactions, or an unusual pattern of transactions, or those which serve no apparent economic or legal purpose. 
  13. Any additional measures to prevent products/transactions that support anonymity being used for ML/TF.
  14. Identification of Politically Exposed Persons (PEPs), their relatives or close associates and the control of any associated risks.

Where practices use electronic identification and verification (eIDV) tools, such as Thirdfort and Verify 365, they should document the role of the platform, the data sources it uses, and in what circumstances (clients/matters) it is appropriate to use the solution. This is important and your terms of business or your firm's client care letter will need updating.

So - there you have it. AML compliance briefing in less than 60 seconds. 

Summary

If you are a technology provider offering eIDV checks in the UK- please read the above. You shouldn't advertise that you can provide "full AML compliance" if you don’t even understand the wider AML regulatory scope of this country and this profession, which I've outlined above. 

In fact, I am aware of only two digital eIDV platforms that currently provide technology which can assist your law firm with AML compliance. They are Verify 365 and Thirdfort. Most of the other providers that I've come across know very little about AML compliance in this country (or nothing!). 

Give Verify 365 or Thirdfort guys a call! They know what they’re doing. Believe me. 

And have a great Thursday. 

Rudi Kesic

CEO | Lawtech Software | Verify 365 | Part of TM Group | Ex-Managing Partner at ASR Law | Investment Director at ADN Capital | Author, Speaker and Advisor on Legal Technologies

3y

*UPDATE* - Success!!! I can see my blog has already made a difference and this ID company (from Holland) has now updated its advertising to “KYC & Oboarding” platform instead of “AML Compliant” platform. So - there’s a big difference between “AML compliance” and an “Onboarding” app. If you want AML compliance- go for Verify 365! On that note- I’m off to bed. Good evening. 👍

Neveen Galal

Commercial Immigration Solicitor | Founder and Managing Director of Amnesty Solicitors Who's Who Britain's Elite Business Leaders

3y

Martina Ignatova interesting

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics