Instant payments: Enormous Potential versus Financial Crime Risks

Instant payments: Enormous Potential versus Financial Crime Risks

   

The world of banking continues to evolve at a breathtaking pace and is becoming ever more competitive. Once a new technology has come to market, banks are faced with a dilemma: do we embrace it and run with it, or do we let our competitors gain a first-mover advantage? Delay implies a commercial risk. But the operational and compliance risks that you take on as a first mover may be even greater.

Given the harmonisation of national payment systems across regions, the focus has shifted to international payments and to improve the overall user experience like speed, cost, reliability and traceability. Therefore, payment processors today are seeing some major developments, with new tools appearing such as SWIFT’s gpi and SEPA’s instant payment. These instant cross border payment initiatives are a prime example of what will become the norm in payments.  

The rapid pace of digitalisation of payments brought growing market pressure which have led cross-border payments to undergo significant infrastructure modernisation. The overall trend in digital transactions which are increasing at 6% per year alone in Europe. Total number of traceable transactions in Europe increased from 2013 to 2017: from 113B in 2013 to 144B in 2017 (+27,4%; CAGR +6%)

Number of Digital Payments: Global E-Payments increased from 28,6B in 2013 to 56,5B in 2017 (CAGR: 18,6%); Global M-Payments increased from 24,6B in 2013 to 70,4B in 2017 (CAGR: 30,1%)

Banks that offer this service will gain a competitive advantage over banks that don’t provide it. Clients want their payments to be processed quickly because for them it increases efficiency, transparency, convenience, and financial control. For small and medium-sized companies, this form of payment processing helps alleviate liquidity stress and counter party risk. And, in general, people have grown accustomed to things moving fast, so they have little patience and understanding when payment processing is slow.

Instant payment allows sellers and buyers to exchange money and purchase services in seconds. Funds are received in the payee bank account almost immediately, instead of requiring few business days. That can make a significant difference to a small business’s cash flow, in particular, and it means less time spent waiting for money to clear from the buyer’s point of view. Fast transactions are a common requirement in the new economy, especially with increased mobility: the current generations of customers (so-called millennials and beyond) want to be able to make payments anytime, anywhere, using their mobile devices.

So, what’s not to like about instant payment?

Well, quite a lot, actually. Instant payment processing makes it more difficult to detect financial crimes like money laundering and financial fraud. Criminals want to move money as quickly as possible through a number of accounts at different international banks to disguise the origin of funds. There is no faster way to do this than with instant payments. How can a bank possibly detect money laundering activity in a real time world when transaction monitoring is conducted in a batch process needless to mention the more complex criminal activity?

The Bangladesh Bank heist is a perfect illustration of the future complexity involved in monitoring instant payments.

From the $ 81 million stolen from the Bangladesh Bank in February 2016 only $ 15 million has been recovered and there is still no word on who was responsible. Cyber attackers illegally transferred US$ 81 million from the Central Bank of Bangladesh (CBB), to several fictitious bank accounts around the world, by subverting their SWIFT accounts. The hackers used the SWIFT credentials of the CBB to send dozens of fraudulent payments to fake accounts in the Philippines, and other Asian banks. This was without questioned a well-planned attack that used time differences and regional holidays brilliantly.

How will current anti-money laundering systems work in a world of instant payments?

Its difficult enough for financial institutions to monitor against money laundering violations when it takes three to five days for a transaction to be cleared, or at best overnight. With instant payment, the near-impossible becomes totally impossible using conventional methods as transactions clear in a matter of milliseconds. By conventional, we mean here rule-based approaches, where suspicious transactions are put in a queue and investigated in batch mode.

Even in a world operating in batch, traditional AML systems generate too many false positives (typically between two and 15% of all transactions) and therefore imposes a huge workload on banks and investigators.

Number of Suspicious transactions reported to UIF: +51% (’12-16), from 67K in 2012 to 101K in 2016

With instant payment, this problem is greatly increased because banks are under pressure from customers and consumers to clear transactions as quickly as possible in order to meet the agreed level of service.

Transaction monitoring systems built on current technology and based on machine learning offers the only credible answer. By creating algorithms that learn from past results with the expertise and knowledge of AML compliance officers, the system learns to identify false positives, and compliance officers can focus on alerts where there is a higher probability that money laundering is actually occurring.

Another technology-based approach that has been developed recently, called visual mapping, provides insights into how instant payments are moved around. Suspicious payments can be tracked as they move between bank accounts, regardless of whether the payment amount is split between multiple accounts, or those accounts belong to the same or different financial institutions. The software creates a visual map of where and when money has moved, providing new insights and intelligence for fraud and compliance teams to take action.

By bringing together transactional data from multiple financial institutions and running sophisticated algorithms, such solutions can identify the so-called “mule accounts” that are used for money laundering and other illegal activity. Many of these accounts are not set up directly by the criminals themselves but via a number of scams including phishing, spam email, instant messaging etc.

It is worth pointing out that while technology is a necessary condition for successful AML compliance in the new world of instant payment, it is not a sufficient condition. In addition, financial institutions will need to review their compliance procedures and their service offerings to strike the optimum balance between competitiveness and security.

What should be the upper threshold for an instant payment?

Should they give priority to VIP and profitable customers when reviewing suspicious transactions? What about social and political issues? (For example, Muhammad is the world’s most common name, and also appears a lot on sanctions list. But that also means a significantly large number of false positives, which could lead to claims of unfair profiling.) And finally, even with advanced technology and effective redesign of processes and procedures, banks may still need to increase their staffing in order to meet the challenge. They need to ensure that they have enough staff with sufficient knowledge and authority to be available to review transactions quickly.

Some banks have offshored or outsourced simple customer due diligence functions to keep pace. That said, the trend is definitely towards investment in more technology. As a recent article in The Economist put it, “Now, the biggest question for bank controllers is how many humans they can replace with bots without compromising compliance […] Banks are going into partnership with some of the hundreds of ‘Regtechs’ that have sprouted in recent years.” Technology must be a large part of the solution, but banks will just need to take care and seek expert independent advice in reviewing the new Regtech apps: the regulators and the markets will penalize them should their techno-experiments fail.[1]

For more articles on financial crime and Anti-Money Laundering join the AML Knowledge Centre at https://www.linkedin.com/groups/8196279/


[1] “The past decade has brought a compliance boom in banking”, Economist 2 May 2019.

Brexit Countdown: The impact on AML!

Brexit Countdown: The impact on AML!

The European Commission’s fifth Anti-Money Laundering Directive entered into force on 9 July 2018 and Member States have until 10 January 2020 to transpose the majority of its provisions. Its main aim is to establish a centralised public register of companies and their ultimate beneficial owners, thereby reducing the number of shell companies. It was an important step forward in combating money laundering by criminal enterprises.
The UK government has confirmed it will implement this latest Anti-Money Laundering Directive before it leaves the EU. It said that it will transpose the new rules into law as the deadline for adoption, January 2020, falls within the post-Brexit implementation period that was agreed in principle between UK and EU towards the end of 2019; however, that agreement has been rejected by the UK parliament. What now happens when the United Kingdom departs from the European Union is therefore a serious concern.
The UK has in fact put its own legislation in place (in May 2018) to be able to deal post-Brexit with both sanctions and money-laundering under the Sanctions and Anti-Money Laundering Act 2018 (“SAMLA 2018”). The main provisions of SAMLA 2018 will come into force in 2019. The purpose of SAMLA 2018 is to ensure that once the UK has left the EU that it can continue to impose, update and lift sanctions provided for by the United Nations (“UN”) and pursuant to other international obligations, and effectively detect and prevent money-laundering and terrorist financing by implementing internationally recognised standards. Under this regime the UK has already adopted its own particular approach in some respects e.g. sanctions (in the form of an asset freeze) may be adopted on individuals by description rather than by specific name.
Some commentators have warned that by stepping outside European regulatory and policing arrangements, Britain is at risk of becoming Europe’s money laundering capital. Money launderers often seek out areas where there is a low detection risk due to weak or ineffective AML policies and a breakdown in international cooperation. A disorderly exit from the European Union could therefore provide the perfect opportunity for money launderers to take advantage of potential loopholes and uncertainty.
For example, at present, the UK is a member of Europol, the European Union’s law enforcement agency. Europol has a remit to tackle European-wide serious and organised crime threats, and much of its work involves anti-money laundering efforts. In addition to providing an arena in which joint action can be organised, Europol also maintains a Europe-wide criminal information and intelligence database, the Europol Information System (EIS). The EIS collates the national databases of all twenty-four-member states, making them searchable by all Europol members. If, for example an investigation was being conducted into British nationals in France, the French police would be able to check whether they had been connected to crime which had taken place elsewhere on the continent.
Each year, the UK uses this database for around 250,000 searches relating to terrorism and crime investigations. If the UK, like Canada or Norway, were accepted as a third-country member, Britain would no longer have full access to the data, could no longer run operations from Europol, and would have less influence. It would be possible to have a special agreement, such as the EU negotiated with the United States, to give the United States greater access to data, but it is unclear how long this would take.
There is perhaps an upside. It is likely that the EU could engage in such a flexible special solution while pursuing security areas where the UK has resisted greater European integration. But in the meantime this loss of shared intelligence will greatly hinder the ability to combat illicit flows, as British officials will be unable to “follow the money trail” once it has left their locality.
Last year the EU together with the European Banking Authority (EBA) announced measures to combat white collar crime, which will ensure that Europe’s banking supervisor is the ultimate meditator when it comes to money laundering. The EBA has been given the authority not only to address problems at banks but also to perform risk assessments and further develop AML standards.

What this means for UK and European banks

In December, the EBA issued a warning to European banks that they must step up their efforts to mitigate the risks of a disorderly Brexit. The EBA warning reflected the real risks that will arise if the UK finds itself excluded from policy-making on money laundering and white-collar crime in general. As things currently stand efforts depend greatly upon cooperation and collaborative international treaties which the UK may be forced to leave. The UK will have to align its own anti-money laundering standards with those set by global leaders, such as the United Stated or the EU. The UK’s proximity to the EU and its existing financial relationships suggests that the UK may have to adopt EU standards, as European-wide compliance will be necessary for post-Brexit interaction. However, like most other EU-related matters, the UK will no longer be in a position to influence them, so its ability to combat money laundering could be curtailed. Criminals are likely, for example, to exploit the redesigned customs setup that follows Brexit.
With the UK eliminated from existing agreements and the customs union, British and European banks will be more reliant on working cooperatively at the international level and investing in their own know-your-customer (KYC) technology if they want to remain on top of the challenge. A lot have already been planning for the worst-case scenario, but this is not such an easy call for smaller banks.
For many international banks, customers may need to be transferred to the EU. The need to on-board many customers creates an opportunity for unsafe accounts to slip through the net and gain legitimacy, or alternatively if the process is delayed, this could result in bottlenecks and backlogs that lead in turn to significant losses in revenues and market share. This will not be a “one-off” event but may endure over some period of time as the implications of Brexit unfold fully. Less well-resourced financial services entities would be wise to investigate cost-effective technology (e.g. cloud-based) solutions and put processes in place to avoid the worst from happening.

Go to the AML Knowledge Centre LinkedIn https://www.linkedin.com/groups/8196279/ to read more articles on AML and financial crime. Also, we look forward to your input!

Picture:

lazyllama – Shutterstock

CRYPTOCURRENCIES IN AFRICA: THE GHANAIAN SITUATION

CRYPTOCURRENCIES IN AFRICA: THE GHANAIAN SITUATION

Cryptocurrency use is still in its infancy.

Cryptocurrencies have been in use around the world, especially in the developed world (Africa) ever since they came onto the scene after the end of the global financial crisis in 2009. In Europe, the US and industrialized parts of Asia they have become mainstream currencies.
However, in Africa in general and Ghana in particular, cryptocurrency use is still in its infancy. A few weeks ago, Ghana’s central bank, the Bank of Ghana, was compelled to even issue a statement on cryptocurrencies and their use in Ghana. The Bank of Ghana in its statement sought to give the impression that cryptocurrency usage in Ghana was not yet formally regulated and therefore cautioned the general public to be careful in dealings involving cryptocurrencies especially with institutions that purport to deal in them.

Dealing with cryptocurrencies is illegal?

This statement from the Bank of Ghana was a bit confusing for many people because some people interpreted it to mean that dealing in cryptocurrencies in Ghana was somehow illegal. However, all that the Bank of Ghana sought to do was to make the statement that it had not yet put in place regulations with respect to cryptocurrencies as a means of payments. The Bank of Ghana is responsible for regulating all payments and payment systems in Ghana.

A few of the players in the country who deal in cryptocurrencies granted interviews to media houses to correct the impression that dealing with cryptocurrencies was illegal. They had to assure the public that what the Bank of Ghana really meant by its statement was just to alert the public that it has not yet put in place binding regulations on cryptocurrencies to protect them from potential fraudsters and that it was in the process of consulting with relevant stakeholders and formulating the needed regulations for cryptocurrency usage in Ghana.

Has Ghana been slow at cryptocurrency adoption to compare with other African states?

Cryptocurrencies have been in use by people in Ghana for a few years now. However, their usage in Ghana is not currently big enough as compared to other African states like South Africa and Kenya. South Africa and Kenya have a more developed and vibrant cryptocurrency regime as compared to Ghana. Ghana has been slow at cryptocurrency adoption mainly because e-commerce generally is in its infancy as compared to other places on the African continent and beyond. Regulation in Ghana also only arises when an activity becomes so prominent that abuses are feared by regulators, consequently regulation is generally slow.

The Future for cryptocurrencies in Ghana.

All this notwithstanding, cryptocurrency usage in Ghana appears to have a bright future because it appears to be following the pattern of “mobile money” evolution in Ghana and Africa. Mobile money usage in Ghana and Africa was not keenly welcomed by the central bank and other financial institutions at the onset. Now mobile money transactions form a chunk of all financial and payment transactions in Ghana and many other African countries, simply for its convenience and ease of usage. I predict the same for cryptocurrency usage in Ghana in particular and Africa in general especially when the needed regulations are finally put in place.

It will definitely catch on!

 

“Top Misconceptions of Cryptocurrency as a Payment System”

 

Which can be read on Amazon Kindle Unlimited for Free  You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)

The Cryptoexchange Poloniex implements new KYC rules

The Cryptoexchange Poloniex implements new KYC rules

Over the weekend, Circle-owned Poloniex exchange froze a slew of user accounts in the midst of implementing a new know your customer (KYC) verification process.

Legacy account users, those whose accounts were verified under Poloniex’s old guidelines, reportedly received emails from Poloniex support requesting that they comply with the new verification method. The email asks that each legacy account provides “a verification photo…as well as a photo of a valid government-issued ID card or passport.” Each account holder has 14 days to complete the verification, under which time account functions will be suspended.

Community members took to a variety of social media to vent their frustrations over the change in KYC policy and subsequent account limitations. Many legacy account holders complain that they were blindsided by the developments, further lamenting that, even after complying with the new verification, their accounts were still frozen.

“They are not giving us ANY time to move funds, its [sic] already frozen, and verification is not working for most!”, Reddit user danglingpiledriver complains on the r/Poloniex subreddit. “They said the following in December, yet never gave us the exact date. its [sic] locked NOW without warning: “The exact date for this deadline will be announced in Q1 2018. While you will be given advance notice before this requirement goes into effect, we encourage you to verify your legacy account now…’”, the post continues.

The Reddit user is referring to a press release Poloniex posted at the end of December 2017 that alerts its customers to the KYC change. After an announcement in Q1 of this year, the release states, customers will be expected to comply with the new KYC policy. Among other suspensions, the release indicates that users who fail to verify their accounts by the announced deadline will have their trading privileges revoked and deposit addresses barred. But it also promises that “[withdrawals] will remain enabled at the daily withdrawal limits prior to the deadline.”

Moreover, it claims, “[if] at any point you verify your legacy account, full functionality will be restored and your daily withdrawal limit will be increased to $25K USD equivalent.”

Problem is, some account holders claim that they didn’t receive an email or warning like Poloniex promised, and as the widespread account freezes indicate, Poloniex also failed to uphold its promise to keep accounts and withdrawals fully-functional in the interim.

“Please rest assured that your funds remain safe and accounted for while you complete this process – you can verify your holdings on the Balances page of your account throughout,” the release reads.

“Like all registered money services businesses, Poloniex is committed to compliance with all applicable law requiring identification and verification of its customers. If you have any further questions about the identity verification process and steps required, please reach out to our support team here.” it concludes.

As the last quote reveals, the KYC change is likely Poloniex’s attempt to appear more legitimate to US government officials under existing money services laws. Acquired by Goldman Sachs-backed Circle earlier this year, this could be Poloniex’s attempt to show institutional investors that it’s willing to step up to the regulatory plate.

At press time, Poloniex exchange had not responded to CoinCentral’s request for comment.

 

This article was originally published at Coincentral: https://coincentral.com/poloniex-implements-unannounced-kyc-freezes-legacy-accounts/

 

“Top Misconceptions of Cryptocurrency as a Payment System”

 

Which can be read on Amazon Kindle Unlimited for Free  You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)

 

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close