The digital revolution – managing the emerging AML and regulatory risks of new payment methods

As the payments landscape evolves at lightning pace, compliance must become a shared responsibility.

As with any fast-moving environment, managing financial crime risk while keeping up with the speed at which new payment methods are emerging presents a huge challenge. Detecting and countering illegal financial activity in established currencies and payment methods is already challenging enough. Add to this an inconsistent definition of what constitutes a ‘payment provider’, and we face a real dilemma when balancing the optimum breadth of regulations (such as level of due diligence) with the quantum of money being channelled through the rising number of platforms.

Striving for financial integrity

Tackling financial crime in this space­­ requires strong collaborative relationships with financial technology firms (fintechs), which are driving the ‘creative destruction’ of the traditional payments model. Both fintechs and banks stand to benefit from the establishment of a clear set of standards for the digital age.

In building this, it’s vital to consider the end users of financial intelligence – law enforcement agencies. While in theory the increased digitisation of the cash economy should secure a better evidential trail, in reality the level of fragmentation across multiple actors makes it unlikely that a handful of banks can piece together all the information that law enforcement agencies may need.

Allocating responsibility for compliance is therefore paramount. An agreement must be reached on what responsibilities fall to banks, fintechs, and what is shared between them.

Standing on common ground

At Standard Chartered, we believe that the future of payments is already here; it’s just unevenly distributed. Mobile payments, for example, have been widespread in Africa for a decade, whereas in the United States, cheques are still routinely accepted.

The example of African countries is instructive. When mobile payments became popular across the continent, telecoms companies effectively became cash couriers outside of the formal payment systems. This moved the process beyond the scope of the banking industry’s established practices for anti-money laundering (AML), such as know-your-customer (KYC) diligence.

It’s not realistic to expect banks to scrutinise the internal transactions of wallet providers or mobile money providers. The data is not available and transaction values are often small.  If banks were to do so, the benefits of replacing cash with digital flows could be crowded out by cost and complexity between actors. 

Instead, we need to develop a globally-accepted, common set of standards and expectations around KYC, AML screening and sanctions compliance that banks should apply in engaging with new payment methods. Banks can bring value and experience in financial crime compliance and insist on reasonable standards being established by fintechs, in return for providing crucial infrastructure in support of business models. Currently, however, banks are assuming that regulators will be satisfied with their approach to compliance and diligence in the event of controls at new payment providers (NPPs) being insufficient to prevent money laundering or terrorism finance.

It’s clear that this situation is unsatisfactory. 

Follow the data

In the old world, law enforcement agencies could subpoena banks, confident that they would be able to identify 95 per cent of the fund trails in a particular country. Cash transactions were not visible beyond cash deposits and bank withdrawals. In the new world, this is no longer the case. As digital replaces cash, the digital landscape involves not only more information, but also far more fragmentation across multiple players.

The largest fintechs are becoming the ‘Walmarts’ of data. Traditional banks simply do not process data on remotely the same scale and are ’corner shops’ in comparison. The likes of Ant Financial are already closing in on Visa in terms of transactions processed per day – and they have done so in a matter of years. 

Such data-management capabilities represent the upside that fintechs could bring, however, with more digital trails that can be tracked. ‘Follow the money’ will become ‘follow the data’.

Banks are concerned that they’ll be required to shoulder the burden of delivering on this opportunity. If the expectation is that banks ingest and monitor all this data, the business is unlikely to be economically-driven. Moreover, that banks have developed hard-won capabilities in managing financial crime is an insufficient reason to set such an expectation on them. 

Cost centre to product offer

Technical constraints on the fast, efficient transfer of money between parties have been virtually eliminated, but KYC compliance is still both costly and time-consuming.

While NPPs generally have the technological excellence to deliver fast services to customers, the established banks still retain a huge advantage in terms of trust, reputation and security. Providing leading due diligence systems for compliance and making better use of digital-identity stewardship is an integral part of that trust.

The challenge for banks, which Standard Chartered embraces, is examining how compliance can be transformed from a cost centre into a competitive advantage, by creating platforms that give greater confidence of financial integrity to all our stakeholders. Indeed, compliance services could become a product offer.

So, if new thinking is required, does that mean starting from scratch? Absolutely not. 

The Wolfsberg Group, of which Standard Chartered is a member, has relevant standards on payment transparency that fintechs would be well advised to build into their product offerings from the outset. Doing so will help build confidence with banks. Similarly, standards on correspondent banking, adapted for risk, are a good starting point for due diligence on NPPs. 

Facing the new reality

The future lies in collaboration and partnership between banks on one hand and fintechs and NPPs on the other. Banks need to adapt to a new reality or be disintermediated by online platforms and fintechs, whose technology will increasingly replace cash, lower costs and increase speed for cross-border transfers. Fintechs in turn must prepare for a complicated compliance environment, in which they can draw advantage from the compliance programmes developed by banks. 

In order for any collaboration to be meaningful and sustainable, banks’ expectations with regards to AML must be met. On their side, fintechs will require reasonable standards of compliance, access to new technology, and recognition of the risks that banks take to enable their business.

Back to CCIB News and Views

Click here