Building Operational Resilience in a Digital Industry: Security, KYC and Compliance May 22, 2023

Operational resilience has become a critical concept for businesses in the digital age, where disruptions can occur at any moment, and the impact can be significant. To ensure operations are delivered through disruption, organisations need to be prepared, adaptable, and ready to respond to any unforeseen events whilst staying compliant and secure, but how? We gathered our experts to discuss exactly that.  


  • Oussama Kseibati, Associate Sales Director, RemitONE 

Our panellists include: 

  • Kathy Tomasofsky, Executive Director, MSBA  
  • Richard Spink, Sales Director – Channels & Partnerships, GBG  
  • Ibrahim Muhammad, Payments Consultant, Finxplor 
  • Nadeem Qureshi, CTO, USI Money 

What is Operational Intelligence? 

Before we dive into the key pillars, let’s first define operational intelligence.  

Operational intelligence refers to an organisation’s ability to adapt and adjust operations during disruptions, ensuring they are well-prepared for unexpected situations. It differs from disaster recovery and business continuity plans, as it focuses on proactive measures for operational optimisation rather than reactive responses to disruptions. 

What are the key pillars of operational resilience?  

Based on the inputs from Nadeem and Ibrahim, the key pillars of operational resilience are as follows: 

  1. Prevention: Proactive measures taken to prevent or minimise the impact of disruptions or shocks to business operations. 
  1. Preparation: Having proper measures in place to respond to any unforeseen events, including identification of critical business services, and ensuring they cause the least disruption to the ecosystem. 
  1. Robustness: Measures taken to minimise the risks and interruptions caused by the occurrence, and to ensure continuity of operations. 
  1. Recovery: Ability to recover effectively and efficiently. 
  1. Adaptation: The ability to adapt to changes in the environment and to be resilient in the face of challenges and uncertainty. 
  1. Learning: Continuous learning and improvement from past experiences. 

To sum this up, having a complete framework in place to protect consumers, ensures market integrity, and safeguards vulnerable customers, which is key for operational resilience. 

Why is it important to have operational resilience?  

Operational resilience has always been important, especially in recent years, where the recent pandemic has brought it into sharp focus. It forced organisations to adapt quickly and left a lasting impact on the business world. Some changes include the organisation’s employees working from home and amending their supply chain processes. 

This also meant regulatory bodies like the Financial Conduct Authority (FCA) had to be more vigilant and ensure that firms are capable and ready to handle such unplanned situations. Similarly, companies themselves have a responsibility to have measures in place to ensure that they are prepared for anything that comes their way. 

So, what are some of these measures? Employee safety is a top priority, as well as ensuring that all people processes are up-to-date and robust. Companies should aim to have agile systems in place to enable them to pivot quickly when needed, and investing in up-to-date technology is a smart move to ensure you’re able to operate seamlessly even in the face of disruption. 

Kathy pointed out that some American companies do not pay attention to small details such as training staff on email scams and viruses. Therefore, establishing new procedures is vital to continually evolve the businesses safely. This also builds good business practices and saves time and effort in the long run, as you’ll already have procedures in place to deal with unexpected interruptions. Being prepared also helps identify potential risks and plan accordingly, minimising damage when things go wrong. 

But the benefits go beyond just risk reduction. By ensuring that every department within your organisation is on board, you’re creating a culture of readiness and adaptability that can help your business thrive in the ever-changing landscape.  

What challenges do firms face in developing the required framework for operational resilience?  

One main challenge Nadeem addresses is the struggle many organisations face when trying to grasp the meaning of operational resilience – they often view it as another part of their continuity or disaster recovery plans when it is, in fact, a distinct and complementary approach. 

Another common misconception is that companies need to create a whole new department and invest a considerable number of resources, time, and money into operational resilience. In reality, it’s more about building on existing policies and improving them in stages over time. It involves identifying gaps, assessing risks, and continuously evolving and adapting to new challenges. Companies also fail to reassess if the technology they have access to or are currently working on is both robust and future-proof

Ibrahim also identified post-pandemic issues that businesses are still dealing with, such as developing the required framework for operational resilience in the post-pandemic scenario. These include sudden shifts in how business is conducted, which can lead to losing key resources, an inability to serve customers through offices, and financial constraints. Additionally, there are regulatory requirements that need to be addressed, adding further operational burden to businesses. 

What is digital ID? Why is digital ID necessary? How does it impact KYC and AML? 

Digital ID is verifying one’s identity, confirming they are who they claim to be. Know Your Customer (KYC) is a process that does not require physical confirmation of the customer’s identity. Instead, it confirms that the details provided by the customer appear to be legitimate and consistent with the service they are trying to access. 

Anti Money Laundering checks (AML) go a step further than KYC and involve compliance with regulations. AML checks look for any potential association with financial crimes or politically exposed individuals.  

There is a growing interest in digital identity programs, leading to their implementation in countries such as Estonia, Sweden, and some African nations. However, digital identity as a topic is tied up with politics, making it a complex issue. In countries where digital identity is in use, it has been largely successful; on the other hand, many countries have not been as successful due to a lack of political will. Despite this, the demand for digital identity is increasing, and it is likely that we will see more implementation and integration of it in the future. 

Richard predicts that the future of online identity verification will revolutionise the way we sign up for services. By linking AML compliance tokens to an individual’s digital ID, personal information such as age and address will be securely stored in a vault, allowing only the necessary information to be shared. This will streamline the process of accessing services whilst maintaining security and privacy. 

Kathy acknowledges that the adoption of digital ID systems in the US may face political opposition due to concerns over data ownership and privacy. Despite this, there is recognition that such systems are necessary for effective AML programs, as digital money is becoming more common. Therefore, finding a way to implement digital ID systems while addressing data ownership and privacy concerns is crucial for maintaining operational resilience in the financial sector. A collaborative engagement between significant people from diverse departments can channel various viewpoints. 

How can we simplify KYC identity verification (IDV) checks for key players?

The KYC IDV checks for key players could be simplified through digital verification, but regulation varies across the world, leading to a fragmented system. For instance, the UAE uses facial recognition tied to government ID, while Spain and Italy do video-capturing conversations, however, this may not be as scalable as they’re reliant on call centres. While in the UK, US, and Australia, the process is more data-driven, causing less friction for consumers. To address these challenges, governments and tech companies should exchange data, but the lack of trust often prevents the two parties from forging together, making them hesitant to collaborate. 

Moreover, the use of innovative technologies such as social media biometrics, semantic analysis, and APIs for open banking can help cut down the process. Reviewing current procedures and incorporating relevant touchpoints and online portals can also streamline the process, making it more agile. The slow implementation of digital IDV must also be addressed to meet customer expectations set by fintech innovation. The UAE pass app is an example of the successful simplification of KYC, allowing users to verify their IDs and sign and share documents digitally in a secure manner. 

What are the main challenges facing Money Transfer Operators (MTOs) regarding compliance and regulation? 

Some of the main challenges according to Nadeem include insufficient time spent investigating constant shifts, lack of periodic policy reviews, and the need for third-party audits to provide external viewpoints for improvement frameworks. These challenges highlight the importance of staying on top of regulatory changes and maintaining compliance. 

Richard also adds that businesses demand a global solution that works everywhere, which is challenging due to different regulations in each country, as highlighted previously. ID documentation and databases also vary in the information provided, making it difficult to create a universal solution that delivers transparency and granularity. 

Does the challenge of varying regulations over multiple jurisdictions impede or enable innovation? 

The existence of various regulations across multiple jurisdictions enables more innovation. Although the technology exists, the problem lies in finding organisations that can be trusted to deliver such solutions. In fact, many innovations arise from people facing daily challenges and finding new solutions. In today’s constantly evolving regulatory landscape, it’s important for businesses to accept it as the new norm and raise their standards to gain a competitive edge. One successful example of this is open banking in the UK, which was made possible by regulatory changes and has opened opportunities for innovative financial products and services. 

In summary, having operational resilience is crucial for businesses to not only survive but thrive in today’s fast-paced digital environment. By being prepared, adaptable, and ready to respond to any unexpected events, businesses can reduce risk, save time and money, and ensure their operations continue smoothly.

What next? 

At RemitONE, we endeavour to provide the most compliant technology and licensing solutions, alongside expert advice on how to remain compliant when starting or scaling your business.  

RemitONE’s Compliance Manager™ has been evaluated by leading regulators and used by top-tier banks and MTOs. Our NameMatch™ application checks remitter names against international AML block-lists including CIA World Leaders, DFAT Canada, DFAT Australia, EU Sanctions, FIU Netherlands, HM Treasury, MAS, SECO, UN 1267, MAS and much more. We link up with a variety of PEPs and Sanctions lists worldwide. 

For AML and Compliance support, or to hear more about how the RemitONE solutions can support your business, get in touch at 

Share this article: