Regulatory framework and legislations
Unfortunately, many of the world’s countries have no regulatory framework to fight money laundering or terrorist financing through mobile money/payment services.
Not considering a mobile payment provider as reporting entity is another big concern. Based on the Methodology of Assessing Compliance with FATF 40 and 9 Special Recommendations, FATF defined the financial institution as “any person or entity who conducts as a business one or more of the activities…”
These activities include acceptance of deposits and other payable funds from public, the transfer of money or value, and issuing and managing means of payment. The definition also applies to mobile payment providers, which acts as a nontraditional financial institution.
Accordingly, it should be considered as a reporting entity and subject to any AML law, act, or decree. This is what most governmental officials are not aware of.
For example, in some Middle Eastern countries, mobile payment providers aren’t permitted or encouraged to send suspicious activity reports to local authorities. They route them to a local bank with a business relationship so the bank can conduct extra due diligence then report it to the government.
Like any other reporting entity, mobile payment providers should be more confident in building up a healthy compliance program that underscores its compliance with local regulations and international standards. This requires:
• Designation of a compliance officer. Compliance is a brand-new term in mobile payment providers’ organizational culture. Designating a compliance officer within the company is a first step.
Qualified compliance specialists will be the cornerstone in implementing the required compliance program and following pertinent regulations.
• Policies and procedures. What would mobile operators do when regulators ask for documentation? Predefined internal policies and procedures should cover all daily operations among all related departments in mobile payment providers.
Such policies should include account-opening and closing policies, customer due-diligence procedures, and recordkeeping requirements. These may include clear preventive measures such as transaction rejections and limits in certain conditions.
• Training. A major challenge for the compliance officers is to provide proper training to all employees and related parties.
Design training materials according to the particular audience. For example, train front-line staff on the basics of money laundering red-flags in mobile payment services. Compliance officers and AML investigators are more interested in advanced and complex international money laundering typologies and regulations.
• Independent auditing. This is an effective tool to measure the success or failure of the compliance program. it will make sure previously detected deficiencies were corrected.
Due to the new threat of money laundering in the mobile payment industry and the increased number of mobile payment subscribers, mobile payment providers should implement an automated transactions monitoring solution that will detect unusual customer activity based on specified red-flags.
Mobile payment providers typically have excellent information technologies implemented already. This will pave the path for an easy deployment of a transaction monitoring and reporting system.
An effective system would be able to analyze transactions according to predefined scenarios that will enable the operators to block or close accounts when abnormal transaction patterns are detected.
Transaction monitoring systems should include:
- Customer names screening and checking against local and international lists;
- Behavioral analysis for accounts and subscribers to detect unusual transactions based on precise scenario management;
- Detection management and related analysis tools that present any hidden relationships between subscribers and accounts;
- False-positive and fine-tuning management;
- Self-steering workflows that best fit the organization’s hierarchy module;
- Extensive case management;
- A risk-based approach, where all applicable risk factors will be calculated for a proper risk weighting; and
- Regulatory and managerial reporting.
Like any other industry, mobile payments present specific risks, and regulators are unfamiliar with AML/CTF risks arising from these new services and products.
It would be a great starting point for mobile payment providers to assess the risks associated with each kind of services/products offered to the subscriber in comparison with the major four risk factors (anonymity, rapidity, elusiveness, and poor oversight).
The Mutual Evaluation Report by FATF is considering the assessment of mobile payment regulations. This makes it imperative for countries to move forward with their legislations to be harmonized with international standards and, consequently, be accountable for supervising the implementation of these regulations.
Building up a proper regulatory regime compliant with the international standards remains a big challenge for regulators and mobile payment providers due to lack of knowledge of compliance, anti-money laundering, risk management, and mitigation factors.
This is especially the case for people who are oriented towards mobile network operations only, and are new to this area of expertise.
Mohammad Noor Zraiqat is product manager, compliance solutions, for EastNets.