I recently had the opportunity to speak to an audience at the The Payments Association in London on the EU’s 4th Anti-Money Laundering Directive and how to build effective Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) governance and process frameworks.
The discussion prompted many questions; predominant was that abiding by current and forthcoming AML / CFT laws risks stifling the nascent PayTech industry to the point it ceases to innovate. The EU is already lining up a 5th directive as an amendment to the 4th that will go further still, bringing stored value and digital currency providers into a regulated framework.
Financial crime is not victimless. Bribery, corruption, terrorism, tax evasion, smuggling, and trafficking all have a detrimental effect on our society and destabilise our financial systems. It is well documented that the Paris and Brussels attackers used pre-paid cards to fund their attacks. Thus, within the EU at least, law makers have looked to tighten regulation around any form of value storage or transfer, placing many of the organisations who create and operate such technologies under obligation.
For a start-up PayTech though, this places a significant regulatory burden onto the fledgling company. Large banks have had to manage this overhead for years, some better than others. Already, evidence suggests that PayTech firms are being de-banked as their banking partners withdraw services to them where they sit outside the bank’s risk profile. The problem here for PayTech’s is that to a bank providing services to a PayTech, the bank doesn’t know the PayTech’s customers. In other words, the bank does not know its customer’s customers.
This is where Know-Your-Customers-Customer (KYCC) has significance. If a bank cannot trust the PayTech to have conducted sufficient due diligence on its customers, including ongoing monitoring of transactions, it will be unlikely to take the risk of on-boarding the PayTech for risk of being caught complicit in, or unwittingly involved in, a money laundering / terrorist financing initiative.
Here in the UK, with the FATF mutual evaluation just around the corner, we may see the regulator become more active in enforcement actions against the 1,100 or so PayTech firms. This would then see the industry face enforcement actions similar to those that the banks have faced for a number of years. And, sometimes these fines are not driven by actual evidence of illicit activity but simply by failing to have the appropriate systems and controls in place.
PayTech’s are faced then with a double-edges sword; fail to complete compliance obligations and risk losing banking services and face enforcement actions, or undertake compliance obligations and risk an administrative and data cost overhead that makes continued business unprofitable or so slow as to dissuade customers.
However, the wider implications for the PayTech industry are huge. This may come in two forms. First, if banks see the sector as non-compliant and failing to satisfactorily complete KYCC it may move it even further outside an acceptable risk profile, making it harder for PayTech’s to obtain or maintain banking services. Second, if enforcements do begin in the sector, again it will serve to tarnish the industry as a whole that will reinforce the banks’ view of non-acceptable risk.
This is where the smart approaches that have given rise to PayTech need to be applied to PayTech AML / CFT compliance. There are numerous regulatory technology (or RegTech) solutions that can help to speed up due diligence, making it near-frictionless in many cases. Examples include electronic identity verification, managed services for AML / CFT name screening and enhanced due diligence reports, and big data / machine learning approaches to transaction monitoring. The key is to finding the right blend of RegTech to service the needs and speed of the organisation.
Cheapest may not always be best though, and PayTech’s must seek out appropriate solutions for their compliance needs rather than simply the lowest-cost option on the market. Companies need to adjust their business models as a result, for whereas previously regulatory compliance was low on the agenda and not built into pricing models, the cost of thorough compliance may make existing strategies unprofitable.
Technology aside, PayTech’s should start with an appropriate governance framework, and within it a tone from the top that drives the compliance agenda. As a group of like-minded businesses they should also be ready to support one another, or call one another out, given the potential that one bad apple could potentially spoil the entire barrel.