In today’s digital economy, a more sophisticated approach to KYC and AML helps companies handling cryptocurrencies and virtual assets navigate a stormy regulatory environment and increasing risks. If you are a product manager trying to ensure regulatory compliance and reduce risk exposure to fraud and money laundering, ongoing monitoring provides you with continuous assurance that you are serving legitimate customers.
What is ongoing monitoring? Why is it important? A number of anti-money laundering (AML) requirements help to prevent fraud and criminal activity. Ongoing monitoring is one of those requirements which provides companies with a detection system for signs of:
- financing of terrorism
- money laundering
- financial fraud
As crypto’s mainstream popularity has skyrocketed, the same companies are becoming lucrative targets for hacking and other kinds of fraud. As it becomes easier for the average consumer to buy, sell, and transfer crypto, it also becomes a convenient tool for money laundering, especially across borders. As crypto companies grow their customer base, knowing who their customers are and ensuring they do not end up on a watchlist or sanctions list (ongoing monitoring) will protect the future of the business from legal liabilities.
KYC solutions like Passbase offer ongoing monitoring that will help companies to lower their risk exposure by tracking updates for individuals’ statuses and evaluating risk profiles after someone has created an account. Through comprehensive KYC and AML compliance, a company builds solid reputation with customers and remain in good standing with regulators, who increase their scrutiny as firms grow.
What is Ongoing Monitoring in Compliance with AML Regulations?
Anti-money laundering regulations require companies to track transactions, screen and monitor customers and identify those who are using their platforms. Customer due diligence (CDD) is a top priority and risk profiles help companies to identify who their users are now and in the future.
In places like the U.S. and Europe, companies should also carry out ongoing monitoring of politically exposed persons (PEPs) who might have a higher risk exposure, or individuals who are on an international or country watchlist. Even some kinds of adverse media can increase a customer’s risk profile and might require action from your company, such as some service restrictions.
Here are factors to consider in building your ongoing monitoring system for cryptocurrency operations.
As mentioned, your company will likely have to screen new users to see if they are a PEP while increasing CDD and ongoing monitoring if they are. Does your KYC solutions vendor offer ongoing monitoring as a service? Claiming ignorance with regulators when an individual’s status changes and you fail to report it can have grave individual consequences for negligence.
Companies can integrate databases into their tech stack, but next-generation KYC providers like Passbase help companies orchestrate multiple identity verification workflows, add additional checks, and create automated case handling logic both from a dashboard and API integrations.
2. Risk Levels and Risk-Based Approach
International regulations recommend a risk-based approach for AML for virtual asset service providers (VASPs) that mirror traditional finance. Regulators want companies to demonstrate they have created a risk-based approach for their AML program. For example, how does your company grade the risk level of customers and how does it handle higher-risk ones? Applying the right amount of ongoing monitoring practice based on the risk level of a customer is a best practice – but it also may be a requirement, such as enhanced due diligence for PEPs.
3. Opportunity Cost
Part of identifying opportunity costs for these operations involves weighing the cost of creating your own in-house ongoing monitoring solution and retaining more control against the cost of a complete set of KYC services. You will have to at a certain point, whether it is to the database aggregators or to a KYC solution provider. How much time will you gain or lose integrating one versus the other? And how do the costs for each work within your budget?
4. Hidden Costs
It’s also important, in doing your opportunity cost research, to weigh any hidden costs that may be involved in vendor services or building your in-house solution. Consider how much building each feature or function costs for you internally with headcount. At the same time, understand how different KYC vendors price their services, whether it’s a pre-committed monthly minimum or pay-per-verification. Pay special attention to which features are included in a base cost, such as how many data points are extracted, or how much it would cost to add a feature like ongoing monitoring later on. Will adding a new feature require another setup fee from a vendor or can it be activated from the dashboard, like Passbase’s ongoing monitoring? Know what your vendor total will be in order to plan well for both operating costs and other expenditures.
Here’s another key question – does the third-party solution work for ongoing monitoring? Can it be integrated into your existing tech stack? To save time, you can ask your engineering team what their requirements are, if any, such as SDKs for certain languages. Go a step further and understand whether the solution can integrate into your other third-party solutions, such as Slack, to make sure the right notifications are set up for the relevant teams, such as fraud prevention or compliance.
Sometimes there’s not a lot of time to build a system according to KYC and AML regulatory requirements. If these provisions aren’t live and operational by the time there’s a significant customer base, or when a certain product is through beta, the company could be in real regulatory jeopardy. So consider time-to-market in the development of a comprehensive KYC and AML solutions stack and negotiating with specalized vendors for each feature that you might need to integrate and orchestrate. In contrast to that, finding the right KYC solutions provider that offers the ongoing monitoring feature can allow your team to meet regulatory requirements the moment the integration is embedded into your web or mobile application, allowing you to ship a branded identity verification flow that fits your time-to-market roadmap.
7. Data Management
Ensuring that your KYC solutions provider can handle the data securely and pass it into your system, to the teams that need it is key. This also helps with a seamless ongoing monitoring process. This means you need to consider baseline security in your vendor assessments, such as whether all the data is encrypted (at rest and in motion).
In addition, can your non-technical teams find the information on a user-friendly dashboard? Can you make make sure that the data is moving to where it’s most useful — such as through an API and webhooks. Siloing of data remains a challenge for departments to provide each other with appropriate context and can be a big factor in jeopardizing the effectiveness and ROI of third-party solutions. Having access to the data in the right way is a must-have.
Finally, will your KYC solution(s) allow you to scale and grow your business? Do advanced features like ongoing monitoring allow for integrations into your workflow to automatically handle certain cases? For example, Passbase has a pay-as-you-go model that enables teams to get started on their KYC program now and add more features like additional identity verification flows or ongoing monitoring later.
The bottom line is that any KYC provider you go with has to be able to scale with your business and work effectively with your tech stack and operational setup. When you consider ease of use, appropriate KYC tools and features and integrations, you will have a more holistic view when assessing a KYC vendor. Even if you may not need ongoing monitoring to start your KYC program, knowing how you can add advanced features later may affect your choice of vendor.
As a start, you can explore how Passbase works and the type of KYC features that can help you meet compliance requirements without compromising on user experience. Sign up here to get started.