30 Apr 2018
The rapid adoption of biometric technology by the financial sector is likely to drive profound changes in anti-money laundering and counter-terrorism financing (AML/CTF) efforts.
As biometric technology becomes more reliable, more affordable and more accessible, it is becoming increasingly appealing to financial institutions and regulators alike looking to reduce fraud and financial crime risks through better customer identification.
Implementing biometric identification in the real world is not without challenges of its own, however.
Banks and financial institutions globally are experimenting with incorporating biometric identification into their services.
For example, 65% of Barclay’s customer calls are now handled with voice authentication, whilst customers at JPMorgan Chase, Wells Fargo and Bank of America can use their fingerprints to log in to their bank accounts.
A recent study by MasterCard and Oxford found that 90% of users were willing to adopt biometric identification as a more secure replacement for passwords and PINs.
“We’re in a new world of digital fintech where customers expect fast and efficient service over the internet and in largely anonymous contexts,” says Scott Williamson, CEO of biometric identity verification solutions provider PRIMEiD.
“Our primary market is the regulated banking and financial services sector, and in particular reporting entities regulated for anti-money laundering and counter-terrorism financing (AML/CTF) that are required to verify the identity of their customers to a regulatory standard.”
A number of regulators around the world are working to smooth the way for the introduction and integration of biometric identification into existing systems.
In its guidance on how to incorporate anti-money laundering and counter-terrorism financing obligations with promoting financial inclusion, the Financial Action Task Force (FATF) outlined uses of biometric identification of customers in India, New Zealand, Colombia and Malawi. Recent amendments to AML/CTF regulations in Australia allow for the use of “unique identifiers” such as biometric traits.
In a 2017 report the Financial Conduct Authority said that for many in the financial industry, “biometrics were firmly considered to be established technology, with many firms already using technologies such as fingerprint recognition, voice recognition and vein pattern recognition.”
So what are biometrics?
Biometric identification relies on distinctive physiological or behavioural traits to identify individuals.
Traits most commonly used for identification include fingerprints, iris scans, voice and facial recognition.
A wide range of other traits are also being experimented with for identification, for example vein and blood vessel mapping, thermograms and behavioural metrics such as keystroke patterns.
As with other forms of identification, security can be enhanced by using more than one factor – for example, it may be possible to fake a person’s fingerprint or to fake their voice, but faking both would be extremely difficult and require a great deal of effort to achieve.
Biometrics reducing laundering and financial crime risk?
The core value of biometric technology is that it enables better identification of unique customers, and is difficult to fake.
From an AML/CTF perspective, this is most useful at two stages: enrolment of new customers, and verification of transactions.
Identity fraud is a major risk, and costs financial institutions billions each year. At the point of enrolment, biometric technologies can be used to support a quicker, more accurate and in some cases even entirely remote identification process for new customers.
“Biometrics enables reporting entities to provide a seamless customer experience and at the same time ensure they meet their regulatory obligations,” Williamson says.
“The PRIMEiD facial recognition technology will significantly mitigate [the risk of identity fraud] as it allows our customers to remotely authenticate that the person presenting the government-issued identity document is actually the lawful holder of that document.
“Essentially, our platform compares a selfie image of the person against the image in a passport or driver licence and authenticates they are one and the same.”
A similar process is taking place across India as new clients use facial recognition linked to their government-issued biometric identity numbers to open bank accounts, many of them for the first time.
Expanding financial inclusion to the “unbanked” is a stated goal of Indian authorities, and as of 2013, Indian banks have been able to use Aadhaar biometric and demographic data to verify the identity of new customers.
As of April 2017, 399 million “Aadhaar seeded” bank accounts had been opened.
In addition to cutting down on identity theft, this has major implications for financial crime by bringing millions of people into the regulated financial system and out of informal money transfer systems with much higher risk for ML/TF.
As truly unique identifiers, biometrics also have the potential to disrupt some of the traditional tricks of the international money laundering trade, for example, individuals trying to avoid detection by using multiple passports.
In future it may not matter how many passports or identity documents would-be money launderers can acquire – they’ve still only got one face and one set of fingerprints.
The second area where biometrics can help to cut down on financial crime is in verifying the identity of the person authorising transactions.
Payment card giants Visa and MasterCard have been proactively pushing biometric technology as a more effective solution than PINs or passwords for preventing fraudulent transactions.
MasterCard has announced that all banks offering MasterCard-branded payment cards must allow biometric authentication for remote transactions by 2019.
Visa has launched a trial of payment cards with built-in fingerprint scanners for customers of Bank of Cyprus and Mountain America Credit Union.
Voice authentication is also widely in use by banks around the world to handle customer calls.
Beyond identity theft, biometrics can also be applied at the point of transactions to monitor and track potential cases of money laundering.
In Macau, for example, ATMs have been equipped with facial recognition technology as part of an effort by authorities to crack down on money laundering and capital flight.
This has apparently been very successful, in fact almost too successful – a person working nearby one of the new machines told the South China Morning Post “I used to see lots of people lining up at the ATMs before but they have vanished since the new machines were installed. Everyone must have gone looking for those without the cameras.”
Biometric technologies are clearly here to stay. Significant challenges to their adoption remain, however.
In its guidance note, the FATF says a key challenge is developing both the necessary technical infrastructure, and the regulatory framework to protect customers’ data and privacy rights, observing that “stringent data protection and privacy measures must be implemented across the system to ensure the data integrity, prevent data leakages that can facilitate identity fraud, including by money launderers and terrorist financiers, and to protect individuals’ privacy and combat abuse.”
For example, even whilst acknowledging all of its successes, India’s Aadhaar-seeded bank accounts are not without serious problems when it comes to data protection, customer welfare and even civil liberties.
Beyond the legal and regulatory frameworks, there may be issues with the technology itself. As with other types of technology, biometric technology has been found to have a degree of bias “baked in”.
Facial recognition algorithms from Microsoft and IBM are significantly more accurate for men than women, and more accurate for people with lighter skin than people with darker skin, for example.
If biometric identification becomes a requirement for participation in the financial system, such ingrained bias has the potential to significantly impact people’s lives. Identifying and correcting issues like these now, before the technology becomes more deeply embedded into crucial systems and services, is extremely important.
Despite these challenges, the future for biometrics in the financial sector looks bright.
“The traditional barriers to large-scale uptake of biometric technologies, such as unreliability, inaccessibility and of course a lack of consumer trust, are being eroded,” says Williamson.
“Biometric technologies are becoming way more ubiquitous than in previous years. The technologies themselves are more accurate, reliable and accessible and are fast becoming part of the mainstream.”
Main image: Geralt
Melbourne-based Elise Thomas has a background in international affairs and a strong interest in financial crime, data and technology issues.
Count reading this article to your CPD minutes, by signing up to our CPD WalletFREE CPD Wallet