Supervised entities are dependent on outsourced IT service providers
According to MLTFPA and ISA, the Fund Manager, as an AML obliged entity, is required by law to follow the KYC principle to prevent Money Laundering and Terrorist Financing (ML/TF), as well as to apply international restrictive measures such as international sanctions and prevent relevant violations. To start a business relationship Partners are asked for personal information, and the amount of information requested depends on the laws of each Partner’s jurisdiction.
Due to changing regulatory environments and the need to adapt quickly, the massive volume of manual work, that is unreliable and expensive to perform, the Board of the Management Company can decide to integrate the Management Company’s internal system with the IT solution provider that can assist in detecting individuals presenting higher risk and be complied with the regulations.
Authentication through information technology can be considered an equivalent to verifying a Partner's identity face-to-face. In both cases, the KYC requirements must be met, and the person(-s) behind the Partner must fill out a form and answer questions from the Management Company in the form of a direct conversation. When authenticating with an information technology means, the Management Company can run database queries at the same time as the authentication process and use the facial recognition feature. Provided the authentication process is recorded, the Management Company can review the process later if needed and can also present such data to the regulator in case of suspicion to ML/TF.
Authentication with an IT means, the quality of the information obtained, and the information system itself is subject to the requirements set out in a regulation issued by the Ministry of Finance of the Republic of Estonia. When innovative technological means are used to identify and verify the identity of the Partner, the Management Company shall evaluate the extent to which the solution increases the risks of ML/TF and, as a result, determine the level of risk for situations that do not involve direct contact. In doing so, the Company must take into account that an electronic verification method does not always per se entail a higher risk of ML/TF, especially if a system with a high level of reliability is used.
In addition, the Management Company, as an AML obliged entity, must take into account the risks associated with the outsourcing of IT services, as clearly stated in the article published by Finantsinspektsioon.
The prevention of money laundering and terrorist financing is now a major obligation for all businesses and non-profits. Regulations in this area have become increasingly stringent and it can be a challenge to keep up with compliance requirements. Contact AlphaLAW in case you need any support for your business related to AML/CFT.