International norms and industry standards that the non-profit association WDIA complies with
As part of its mission, WDIA helps all of its members, partners and their clients comply with industry standards and international regulations. In this article, we will explore the normative architecture of WDIA and help you understand how to standardize our work.
REGULATORY CHECKS
• KYC
Know your customer (KYC) is a banking and stock exchange regulation term for financial institutions and bookmakers, as well as other companies working with private money, meaning that they must identify and establish the identity of a counterparty before conducting a financial transaction.
The KYC requirement applies to obtaining reasonably complete information about counterparties — legal entities, the nature of their business and individual business transactions for which a financial transaction is being carried out. Currently, requirements and standards aimed at implementing this principle are established at the level of national legislation, regulations of banking regulators and international organizations such as FATF.
• PEP
Politically exposed person (PEP) is a financial regulation term. In some jurisdictions, PEPs are considered to pose an increased risk of potential involvement in bribery and corruption due to their position and the influence they can have.
• Sanctions
Sanctions in the context of WDIA policies are considered as an element of an international legal norm that provides for adverse consequences for a person who violates a rule contained in such a rule. Persons on the sanctioned lists of the WDIA jurisdiction cannot use the platform’s capabilities under any circumstances.
• AML
Anti money laundering (AML) — giving a legitimate look to the possession, use or disposal of money or other property obtained as a result of a crime, that is, their transfer from the shadow, informal economy to the official economy in order to be able to use these funds openly and publicly. In official documents, it is referred to as “legalization (laundering) of money or other property obtained by criminal means”.
In this case, the form of funds can change both from cash to non-cash (for example, through instant payment terminals), and vice versa (for example, by winning a lottery or buying a winning lottery ticket from the legal owner, including for an amount exceeding the winning amount).
INDUSTRY STANDARDS
• ISO/IEC 27001
ISO/IEC 27001 is an international information security standard for WDIA policies, developed jointly by the International Organization for Standardization and the International Electrotechnical Commission. The standard contains information security requirements for the creation, development and maintenance of an Information Security Management System (ISMS).
• GDPR
The General Data Protection Regulation (GDPR) is a regulation of the European Union through which the European Parliament, the Council of the European Union and the European Commission strengthen and unify the protection of personal data of all persons in the European Union (EU). The regulation also aims to export data from the EU.
The GDPR is aimed primarily at giving citizens control over their own personal data, and at simplifying the regulatory framework for international economic relations by unifying regulation within the European Union.
• SOC 2
Security Operations Center 2 (SOC 2), developed by the American CPA Institute (AICPA), defines criteria for managing customer data based on five “Trusted Service Principles” — security, availability, processing integrity, confidentiality and confidentiality.
SOC 2 is essentially a semi-annual audit process that ensures that your data is securely managed by service providers to protect your organization’s interests and the privacy of its customers. For security-conscious enterprises, SOC 2 compliance is the minimum requirement when choosing a SaaS provider.
• JMLSG 2020 — JMLSG 2021
The Joint Money Laundering Steering Group (JMLSG).
Private sector organization JMLSG publishes an annual guide (the JMLSG Guide) to help those who work in the financial industry sectors represented on the JMLSG by their merchants comply with their obligations under UK anti-money laundering (AML) and terrorist financing laws (CTF) and act in accordance with the prescribed rules in accordance with the law.
• PSD2
The Revised Payment Services Directive (PSD2) is a Directive (EU) 2015/2366 administered by the European Commission (General Directorate for the Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and the European Economic Area (EEA).
The PSD directive aims to increase pan-European competition and encourage participation in the payment industry by non-banks, and to ensure a level playing field by harmonizing consumer protection and the rights and obligations of payment providers and users. The main objectives of the PSD2 directive are to create a more integrated European payments market, provide safer and more secure payments and protect consumer rights.
• BBFC
BBFC is a standard for age verification certificates for service providers. The BBFC was developed in February 2018 and has since been used to develop and implement age verification systems designed to prevent minors from accessing pornography on the Internet.
• PAS 499
PAS 499 (2019, 2020,2021) is a set of rules for digital identity and strong customer authentication. The PAS is intended for organizations with regulatory requirements in accordance with the Payment Services Directive 2 (PSD2) and related regulations. It describes how organizations can implement strong client authentication processes. In particular, PAS focuses on governance principles and addresses regulatory requirements for identification and strong authentication of customers (for example, banks, online payment providers), especially with regard to PSD2.
Additionally, it is worth mentioning the current and potential WDIA partners in the field of personal data security:
• CIFAS
CIFAS is an international non-profit organization that helps reduce and report fraud in the digital environment.
• ADVP
ADVP is a commercial organization representing UK and EEA companies that participate in electronic document verification.
ADVP’s mission is to promote the wider use of risk-based electronic verification of identity documents in the public and private sectors.
• Cigital
Cigital (Synposys) is a security architecture validation technology designed to look for any potential vulnerabilities in any security-related WDIA operation.
