Simplifying AML Compliance Through Open Banking


Banks hold a trove of data about us. They collect our identity details, record our transaction data, and maintain our account balances.

So, it’s no surprise that people have found ways to coxnnect this valuable bank data to other products. Perhaps the best-known example in New Zealand is Xero, where you connect your bank account once, and then transactions show up magically every day without you needing to manually import them.

This type of bank account connectivity is generally referred to as “open banking”. And it will expand to multiple sectors beyond banking over the next 5 years as the Government’s “consumer data right” regulations are developed.

But let’s focus on what’s possible in New Zealand right now. Open banking is already simplifying AML compliance for reporting entities that choose to harness it in their onboarding processes. Below is an explanation of how it works.

Connecting an account

The customer begins by connecting a bank account to a reporting entity. The customer also explicitly consents to the reporting entity accessing specific data from the account.

The bank account is now connected, and the customer can automatically retrieve the specified data in order to automate parts of the AML process. Below are the use cases that we’ve seen in action already.

1. Address verification

Retrieve the address from the bank account as a source of address verification.

This increases the match rate, especially for younger demographics that tend to have poor coverage on address databases.

For the reporting entity, this means less manual follow up, and increased conversion for new users.

2. Linking the customer to their claimed identity

Retrieve the name of the holder of the bank account. Then compare the holder to the name in the validated driver license or passport.

This linking mechanism is being used as an alternative to biometric verification. It’s very similar to a linking mechanism described in the July 2021 explanatory note (where you look at the first deposit from a customer and check that it came from an account held in the same name). The difference is that the linking mechanism is done immediately during onboarding, rather than waiting for the customer to transfer funds into your system.

Since July, we’ve seen more interest in this linking mechanism from reporting entities that have historically relied on video calls as their linking mechanism (video calls are not sufficient according to the recent guidance).

We’re also seeing interest from reporting entities that experience drop off with biometric verification and reporting entities that want a cheaper alternative to biometric verification.

3. Bank account verification

Verify the holder(s) of the bank account and the bank account number. Bank account verification ensures that any money entering or leaving the reporting entity’s system is being exchanged with a New Zealand bank account that is held in the name of the customer.

This control tightens up a hole in the AML program of many reporting entities. Let’s say an investment platform carries out its AML process during on-boarding. Then it gives the customer a unique reference and asks them to input that reference when funding their account. If there are no additional controls, the customer could coordinate with a criminal to pay into the customer’s account using the unique reference.

You can do CDD and EDD until you’re blue in the face, but if you don’t know whether the money is coming from your customer, that effort is flawed.

Bank account verification can also be used as part of the reporting entity’s risk assessment. Since the customer and their funds have already been through an AML process with the bank, the risks are already controlled to an extent. A reporting entity can’t piggyback on that bank’s AML process, but it can take that factor into account when assessing its own risks and required controls.

4. Automate enhanced customer due diligence (EDD)

Retrieve transaction data to assess the customer’s source of funds.

If enhanced customer due diligence is required, and the customer chooses salary as their source of funds, transaction data can provide a basis for carrying out that enhanced due diligence.

Final words

As participants in this sector, I think we have a shared interest in making AML processes more effective, and also simpler for both reporting entities and their customers.

Bank connectivity can provide gains on both fronts.

Josh Daniell, CEO, Akahu

Josh is the CEO of Akahu, an open finance platform that’s focused exclusively on New Zealand. Akahu provides bank connectivity to products like BUCK, PocketSmith, and Cloudcheck.

For more on how technology is automating and simplifying the AML process take a look at ‘goAML: what it is and how to use it.

Get insights and news delivered to your inbox

Webite Developed by Logo