And failing to comply with AML compliance laws can lead to severe multi-million dollar penalties and reputational damage, as many insurance companies have found out.
But it runs much deeper than regulatory fines and PR nightmares. All companies and organizations have an ethical responsibility to themselves and their stakeholders to prevent their business from being used as a money launderer's favorite tool.
This is what this AML Compliance for InsurTech Guide will cover:
- What are the Money Laundering Risks for InsurTechs?
- Rapid InsurTech KYC Increases Money Laundering Risk
- What AML Laws & Regulations Impact InsurTech Firms?
- AML Actions InsurTechs Need To Take
What are the Money Laundering Risks for InsurTechs?
InsurTech companies face significant money laundering risks just as traditional insurance firms do.
The sanctions.io blog discusses the AML risks that the insurance sector faces. And over the years, well-known insurance brands like BNP Paribas Cardif have been fined by financial regulators for AML failings.
But here is another fact: Insurance companies have historically had fewer money laundering countermeasures than, for example, the banking sector. But this is changing.
More than ever, governments realize that criminals increasingly use insurance products to clean dirty money and commit crimes. The risk of being penalized for AML breaches is growing as new regulations come into play.
Also, InsurTech firms, like all companies and organizations, face the increasing threat of being punished for sanctions violations. Government bodies, such as the United States Department of Justice (DOJ), are scrutinizing sanctions evasion more than ever - and dishing out fines.
Sanctioned individuals attempt to launder dirty money to circumvent the restrictions placed on them, something no InsurTech wishes to be an unknowing accomplice in.
And as we will see later in the guide, SaaS products, like sanctions screening, help InsurTechs with their AML goals.
Insurance Products Most at Risk Of Money Laundering
As discussed earlier, the insurance sector traditionally has a more hands-off approach to AML than its banking cousins. One reason is that the money laundering risk is considerably greater in only a few insurance niches.
Although all insurance products offered by InsurTechs are at significant risk of another form of financial crime: Fraud. We will discuss this in the next section.
But back to money laundering. The list below contains the types of insurance that criminals mainly target:
- Life insurance
- Annuity contracts
- Investment-linked Insurance Policies (ILPs)
- Cash Value Insurance (CVI)
In this guide, we can't go into each item on the list individually - the exact way criminals pass illicit money through these insurance products in the layering stage of money laundering is complex. This sanctions.io blog post discusses how dirty money is laundered through these products.
Life Insurance InsurTechs Most At Risk Of Money Laundering
However, life insurance is the most common type targeted by money launderers. Laundering strategies can include:
- Surrendering the policy at a much later date (cash out)
- Selling the policy on secondary markets (cash out)
All InsurTechs should be aware of the risk-based approach to the life insurance sector set by the Financial Action Task Force (FATF), the global body that sets international AML standards. The FATF Recommendations also state that other investment-related insurance is handled equally.
Rapid InsurTech KYC Increases Money Laundering Risk
InsurTechs, as with FinTechs, are known to have a specific USP: Fast onboarding. Rapid Know Your Customer (KYC) processes that embrace the latest technology see customers buying financial products on their smartphones that are approved in minutes. Today, it's common to see InsurTech firms even offering life insurance products in a matter of clicks.
But there is a problem. Financial criminals involved in fraud and money laundering can fool (and have already) speedy KYC processes that are supposed to meet compliance regulations.
And perhaps because of the pressure to create frictionless experiences for the customer, companies don't always get it right and are deemed 'non-compliant' by regulators. For example, in early 2023, Amazon Pay was punished for breaking KYC rules in India.
Why KYC is Important in InsurTech Anti-Money Laundering
Know Your Customer (KYC) and Anti-Money Laundering (AML) often come together. Why? Because both areas fight financial crime - such as fraud and money laundering.
In fact, KYC and also Know Your Customer's Customer (KYCC) are tools used within AML. KYC and KYCC processes also help with Counter-Terrorist Financing (CTF), which comes under the broader money laundering umbrella.
So what does this all tell us?
It tells us that robust KYC processes are crucial for preventing money laundering. And weaker procedures can make InsurTechs more vulnerable.
Also, as sanctions.io reported, Artificial Intelligence (AI) such as ChatGPT and deepfake pose severe challenges to the smooth, rapid KYC customer onboarding seen as a USP for InsurTechs. Balancing this risk vs. reward scenario will continue to challenge InsurTech firms in the future.
What AML Laws & Regulations Impact InsurTech Firms?
Looking at the following list, you can better understand why compliance is a thriving career (and why many professionals in the space are burning the midnight oil). Here is a selection of the laws, regulations, and recommendations that all InsurTechs may or may not need to follow (depending on the jurisdiction):
Relevant AML Laws & Regulations For InsurTech
- The Financial Action Task Force (FATF) recommendations
- The Financial Crimes Enforcement Network (FinCEN) regulations & sanctions lists
- The Office of Foreign Assets Control (OFAC) regulations & sanction lists
- OFAC's Specially Designated Nationals List (SDN)
- The EU's 5th Money Laundering Directive (5AMLD)
- The US’s Bank Secrecy Act (BSA)
- Other global sanctions lists (EU Consolidated Financial Sanctions List, United Nations Security Council Sanctions List, the UK Sanctions List)
One of the most challenging tasks for compliance officers is staying compliant, especially when the company or organization works across multiple jurisdictions. This sanctions.io post talks about this issue: The Role of Regulatory Bodies in AML Compliance.
As we'll discover in the next section, utilizing RegTech software, such as AI-powered sanctions screening, significantly improves compliance efficiency.
AML Actions InsurTechs Need To Take
We already discussed one action that InsurTechs must embrace: Strong KYC processes. Another step is ensuring the company has a culture of compliance - a dedicated AML officer often champions a compliance mindset within the company.
But there is an issue. Many InsurTechs are start-ups and don't have the resources to employ a full-time AML compliance officer. Or, they wait to hire one because there isn't a legal requirement (in most cases).
And what does this mean? It means the employee legally designated as the company's AML compliance officer may not be focused on the task (because they have other roles too). In this case, it's even more essential that InsurTech firms take advantage of third-party suppliers of AML expertise. For example:
AML Consultancies For InsurTechs
AML consultancy services can help InsurTech start-ups understand their legal obligations in the jurisdictions where they do business and provide AML compliance program plans.
Sanctions Screenings For Insurtechs
InsurTechs should use sanctions screening technology from a dedicated provider to meet their AML legal obligations - such as sanctions.io. Our innovative AI-powered Sanctions Database covers data from the most relevant regions and organizations globally, and new sanctions lists are added constantly.
Politically Exposed Person (PEP) Screening For Insurtechs
A Politically Exposed Person (PEP) is an individual who holds a prominent public or political role - they are high-risk money laundering clients. It's crucial to screen for PEPs, especially for life insurance products. An article on the sanctions.io blog details the best practices for PEP screening in the InsurTech sector.
InsurTech companies must also integrate the following processes into AML compliance program plans:
- Transaction Screening
- Criminal Watchlists Screening
- Enhanced Due Diligence (EDD)
- Suspicious Activity Reporting (SAR)
- Regular compliance training (including agents/brokers)
- Regular independent testing of AML compliance
Remember, the above information is not exhaustive. InsurTech companies should consult experts to ensure they fully comply with all applicable money laundering laws and regulations.
How sanctions.io Can Help InsurTech Companies
We deliver a comprehensive anti-money laundering (AML) solution with a simple-to-integrate API that the InsurTech sector can use to continuously scan their clients and business partners against the most critical Sanctions & Crime Lists.
To find out more about ways to detect and prevent money laundering within your organization, contact sanctions.io for an obligation-free discussion.