John Dalton, BAE Systems Applied Intelligence, VP Financial Crime
As technology makes our lives easier, the potential hazards increase along with them – how a small services idea had a lasting global impact
While mobile operators and vendors were busy developing mobile wallet applications, under-banked mobile users in Africa were busy trading Pay As You Go (PAYG) credit with each other for goods and services In 2007, Safaricom – Kenya’s largest mobile operator – launched M-PESA. By 2012, 17 million M-PESA accounts had been created, equal to more than a third of Kenya’s population. The service has since spread to include international money transfer capabilities to transfer and receive funds across borders, creating all kinds of complications in the battle against money laundering.
M-PESA not only disrupted the traditional financial systems, in developing countries, but it has also provided the impetus for others such as Apple Pay, Venmo, Android Pay and so on to be developed.
As with all new technologies, there are complications that sit alongside what is often a sound business move. New ways of moving money, and emerging requirements to clear and settle payments in near-real time make this a really tricky area for the financial sector in combatting money-laundering. The problem isn’t necessarily with East Africa alone. The US State Department noted that overseas remittances in Kenya totalled $1.55 billion in 2015, and if even a tenth of that is laundered cash, it’s a drop in the ocean compared to the suspected 2 to 5 per cent of global cash that’s laundered – around $2 trillion by UN estimates. It’s also likely to be dwarfed by the volumes that global tech companies and other operators are already processing.
Mobile operators and technology companies effectively handle payments and generally behave in the same way that banks and money transfer services do. Safaricom initiated its own Anti Money Laundering (AML) controls some time ago. Yet in the US, Apple, Venmo and Google’s products are new intermediaries between people and banks – they’re treated as Third-Party Payment Processors under the U.S. Banking Secrecy Act. As a result, they can effectively pass responsibility for reporting suspicious activity to their processing banks. This creates increased risk for those banks; if someone is up to no good on these platforms, the compliance, reporting and violation responsibility falls on their shoulders, not those of the payment processor.
Mobile banking and mobile payments have created both opportunity and threat, and not always in the ways they might first appear. Banks can improve their KYC (Know Your Customer) processes using mobile payments data to link and understand mobile payments better. And mobile apps can deliver all kinds of behavioural analytics that help ensure the entity sending or receiving cash is who they say they are: location, biometrics, phone usage data and more.
Requirements and responsibilities vary from country to country. In Australia, the New Payments Platform is live, speeding the pace at which payments are processed, with the aim of creating real time clearing and settlement. The requirement of payment processors to detect compliance violations are not yet clear – a real concern for banks and processors in that country.
In Europe, the story is different yet again. Under the new PSD2 directive, any new technologies facilitating payments must comply with regulation, have the means to spot suspicious transactions and have a reporting process in place to the relevant law enforcement agency. Banks, tech companies and mobile operators won’t be able to initiate transactions without considering how criminals can abuse the system to launder money.
All these changes mean that any institution with an AML and KYC requirement is going to have to work very, very hard to ensure it meets those requirements in real time and across multiple new and emerging digital channels as well as the existing staples: manual ATM deposit, wire transfer and so on.
For financial institutions to effectively tackle the risks that payment processors bring with them, they need to be able to use ultra-low-latency real time detection technologies that use advanced analytics to know their customers. Machine learning and artificial intelligence can and do spot potentially risky transactions before they take place. Human beings simply can’t match the pace and volumes of transactions. But machines running advanced analytics can – when put to work by a compliance team.