AML & CFT Innovations to Mitigate Risks Lessons from the e-money industry Presentation to the World Bank Workshop in Bangkok 25 June 2008 Dr Thaer Sabri Chief Executive Electronic Money Association 05 August 2008 1
Overview The EMA and its members Summary AML provisions impacting financial institutions Issues faced by the e-money industry Development of a practical solution Money remittance Characteristics of M-payments Possible contribution to verification? Miscellaneous issues Benefit and limitations of technical solutions Final thoughts 05 August 2008 2
The EMA Trade body for e-money issuers and payment service providers Established in 2001 with initial EU focus Members e-money issuers and payment service providers: E-money and prepaid cards Money remittance Bill payment, Transport, treasury services Payment schemes Address regulatory, AML, Fraud, consumer, and good practice Member of the UK Joint Money Laundering Steering Group 05 August 2008 3
Members of the EMA 05 August 2008 4
Summary AML & CTF Requirements Initial and ongoing due diligence, including verification of ID Record keeping of transaction information and DD evidence Putting in place systems to detect suspicious transactions, and to train staff in both legislative requirements and ML risks Reporting suspicions to appropriate authorities Appointing a nominated officer to receive internal reports, assess them and make reports to authorities. Other requirements including sanctions list monitoring etc. 05 August 2008 5
Role of Due Diligence Provisions Initial and ongoing due diligence, aimed at deterring money laundering, and detecting suspicious activities in the following way: Verification of ID acts as a deterrent and point of departure for any investigations Obtaining information on purpose and nature of business enables the establishing of a base line for detecting unusual and suspicious activities Ongoing due diligence ensures up to date and enriched information 05 August 2008 6
Purpose of the Risk Based Approach The risk based approach provides for better prioritisation of both effort and resources; diverting resources where needed Also allows extent of due diligence to be calibrated to the risk Lower risk justifies simplified due diligence Higher risk attracts enhanced due diligence Means of undertaking due diligence can however further evolve in the context of payment products 05 August 2008 7
Verification of ID - Issues for Industry Requirement for up front verification and the means of verification address bank account type relationships well They have shortcomings when applied to low value payments: Cost of verification as a percentage of income per device is high - eg. 2 when value of prepaid card is 50 Need to address substantial rate of churn and percentage of dormant accounts- can be 50% They create an upfront barrier to take up; high percentage of abandoned applications online 05 August 2008 8
Evolution of a Solution Delay verification until sufficient value had been transacted to: Enable a more iterative verification process, and Make verification economical While also minimising opportunities for ML E-money is allowed to enter the system without verification up to a given threshold, but Cannot exit the system (subject to a small allowance) without verification Merchants are always verified Consumers verified if they redeem more than 1000 annually This mitigates most of the risks of ML 05 August 2008 9
Additional System Requirements A condition of the adopted approach is for systems to be put in place to detect misuse of the allowances; such as: Multiple purchase of cards, or opening of accounts Detect suspicious transactions & patterns Cross reference submitted data against other data sources such as industry and third party fraud hot lists Cross reference submitted data against detected data etc. 05 August 2008 10
Development of Legislation The approach was used as industry guidance, then adopted as an exemption in the Third Money Laundering Directive in the EU The limits that were adopted were: Annual turnover of 2500 and redemption (refund) limit of 1000 annually for reloadable purses Non re-loadable purse limit of 150 05 August 2008 11
Innovation in the Means of Verification Once limits begin to be approached, need to verify Verify in a risk based manner; Review product, transactions, territory etc Document differing verification requirements from lowest to high risk Apply verification process Verification for lowest risk leverages verification undertaken by bank or card issuer; establishing control over the account Increased risk requires additional data; independent electronic data sources etc. 05 August 2008 12
Innovation in the Means of Verification Passage of time A parameter that is not usually captured in AML processes Passage of time with consistent data creates greater confidence in collected data 05 August 2008 13
Avenues for Development - Clarification The following approaches to alternative means of verification are intended for discussion and have not been adopted by the EMA. 05 August 2008 14
Money Remittance Guidance in Development Challenge: in the context of un-banked including migrant labour, available means of verification are not conventional Survey of 13 MTO s of varying sizes revealed: Result: small MTO s often have very good knowledge of their community: Personal knowledge of customers, directly or indirectly They visit destination country periodically and familiar with payee community and/or counterpart agent Understand areas of risk, often also fraud/reputation risk 05 August 2008 15
Proposed Solution Solution: proposed reliance on direct knowledge of MTO or their indirect knowledge in which they have confidence: Statement of MTO acceptable verification, in risk based context Require documenting of statement, and manner of knowledge Place responsibility with remitter, exploit depth of knowledge Additional means of verification can complement if needed 05 August 2008 16
Characteristics of M-PaymentsM Generally low value, even for remittance; similar economics to other low value payments and e-money Similar churn and dormancy behaviour Ease of access to device means that registration is often basic Relationship with network operator often non face-to-face Lack, at times, of conventional means of identification in faceto-face transactions But can also have some unique characteristics 05 August 2008 17
Contribution to Verification? Communication Network derived from financial transactions and non financial communication creates an electronic footprint, a unique identity Can this be used? By any m-payment provider? What are data protection and privacy implications? Established relatively rapidly because of combination of telecom and financial transaction use Is it legitimate to combine data for this purpose? Location sensitive data, may assist investigators in event of crime Can this be used? Is a warrant required? 05 August 2008 18
Contribution to verification? Overall, data is not conventional name, address and documentary proof Is collected data an acceptable trade -off? 05 August 2008 19
Barriers Retention time for telecommunication data is shorter than that for financial transactions, and its volume means that long term storage is costly Cost of retrieval of data may be additionally prohibitive Data protection and privacy issues need to be addressed If contemplated, a cost-benefit analysis for the approach is needed 05 August 2008 20
Miscellaneous issues Conventional money laundering highly laborious and likely to be flagged by monitoring systems Card fraud, ID theft or other fraud more likely to be the challenge Cooperation with staff of higher risk service providers key Typologies will provide means of focussing on risks, in different parts of transaction; CTF an ongoing concern, building typologies currently being undertaken by FATF 05 August 2008 21
Benefit & Limitations of Technical Solutions Technologies offer biometric means of proving identity But, must first register users Complex neural net and other means of mining information for suspicions are helpful But, must teach system to minimise false positives, and subsequent human assessment still needed Databases of personal information are helpful for non face to face verification But information is only as good, as the source material; and the richness of the interface is almost as important 05 August 2008 22
Final thoughts E-payments and M-payments are transparent, even where verification of identity has not been undertaken The electronic footprint, and additional sources of data such as IP addresses, etc. provide meaningful data In comparison to cash, e-payments and m-payments are far more transparent 05 August 2008 23
Thank You Dr Thaer Sabri Electronic Money Association Thaer.Sabri@e-ma.org T 020 8399 2066 05 August 2008 24