Video | Managing Anti Money Laundering (AML) and Compliance for your Money Service Business

To ensure the smooth and secure operation of your business, it’s essential to be diligent in navigating AML requirements while remaining compliant with the latest regulations in your operational regions. In our third instalment of the ‘How to Start Series,’ Ibrahim delves into one of the fundamental pillars of your Money Service Business (MSB): Anti-Money Laundering (AML) and Compliance, he guides you through the essential steps such as:

  • Implementing a risk-based strategy tailored to your products/services.
  • Establishing a comprehensive AML and compliance framework, including its key components
  • Selecting the appropriate software technology that has the right capability to support your needs

Find out the insightful strategies to safeguard your MSB against potential threats, watch the full video now.

Ready to dive deeper into launching your own MSB?

Contact our expert consulting team at RemitONE today and organise a free 30-minute consultation. Let us guide you towards success and help you get your money service business up and running as fast as possible. Schedule a free consultation with our experts:

Video: Perspectives on Digital ID – What the future may look like (eKYC and AML)

Continuing our recent discussions exploring some of the challenges and opportunities being faced by the remittance sector in these uncertain times, RemitONE hosted a webinar on the 24th of June 2021 regarding the ever-shifting perspectives on digital ID in the remittance sector, particularly in light of the COVID-19 pandemic. The panel was made up of experts from both RemitONE and our friends and partners in other global companies. In case you missed the webinar, here is a summary of the key insights.

Webinar moderator:

Saiful Alom, Head of R&D at RemitONE

Panellists:

  • Richard Spink, Sales Director of Channel and Partnerships, GBG
  • Osama Al Rahma, Head of Business Development, Emirates Bank
  • Reynell Badoe, Payments Manager, Stanbic Bank

Why is digital ID important?

Osama Al Rahma: Digital ID is of course incredibly important through its use of KYC (know your customer) and the ability to identify the customer. In fact, it’s largely through the use of digital ID that we have been able to protect the financial regime from crime on a wide scale. The shift towards digital already started pre-pandemic and has only increased in recent months. No longer are banks encouraging the use of traditional brick and mortar branches. Instead, they are relying heavily on their digital offerings, which by default means that the ability to identify the genuine user of such services is more effective. We’re also seeing a shift to digital with eKYC (electronic know your customer) on a much larger scale when it comes to remittances. This will allow us access to machine learning with Artificial Intelligence, which is incredibly powerful when integrated with real-time streaming. Using this technology, we’ll be able to conduct more diligent processes within transaction screening and monitor the behaviour of certain users in greater depth. For the sake of financial security on the compliance side, this is incredibly important.

Richard Spink: At the end of the day, digital ID reduces compliance costs so it’s always going to be important from a purely financial perspective. However, there is no widely regarded standard for digital ID so far, at least as far as MTOs are concerned. What MTOs have generally been using as the core tenants of their ID is proof of identity and proof of address, which are attributes that can be used by financial services around the world. Of course, a standard would be ideal, but as there are so many different regulations in different countries, this is unlikely to happen anytime soon. As an aside, it’s worth noting that while Revolut has a lot of customers, they’re not profiting very well and the reason they’re not making enough money is supposedly due to the cost of compliance. Digital ID will help businesses globally and save money on the process of knowing who their customers are and the cost of compliance as a result. And I think the technology to do this already exists.

Saiful Alom: It would be ideal if there was a way to digitally identify a person, ensuring that they have met all KYC and AML needs. However, due to the world we live in, there are a lot of complications to work around.

What is the adoption of digital ID like in your respective markets and has COVID accelerated your options?

Reynell Badoe: From a Ghanaian perspective, if you look at the stats, the number of people with access to the internet is proportional to the number of people with access to so-called big data. Having access to the internet means giving up your information and as a result, you also have access to financial services and remittances. It’s a worthwhile trade-off for most. However, there are 1.2 billion people in Africa, and only a handful have access to the internet. While COVID certainly things and meant there had to be a quick adoption of digital money transfer channels from traditional methods, we still have a lot of catching up to do digitally. With regards to how? The pandemic has meant more people have had to use data platforms and open mobile wallets, creating a digital shift of necessity, so the groundwork has already been laid.

Have there been any challenges in terms of Trust Private Security?

Osama Al Rahma: Trust, privacy and security are the three main pillars when it comes to finance and that will never change. The challenge is that by the time that technology evolves, different unforeseen issues tend to arise. For example, using AI for facial recognition might be incredibly convenient when it comes to opening your phone with a glance but the negative consequence is that it is another means for fraud to occur. When we speak up about this, we need validity.

Saiful Alom: In terms of Trust Privacy Security, this is a concern for all of us as consumers – particularly seeing as online services have been adopted at such a large consumer scale since lockdown began. Trust has increased in these online services and so consumers use them more regularly. However, there are many issues to consider and chief among them is privacy. Because your data is a lot more venerable now and consumers transferring money online may question how secure their transactions really are, and if it can be hacked or breached.

Is digital ID a potential solution or a problem to identity fraud?

Richard Spink: If you’re lending money, then I think that there is certainly high risk. It’s a different process to opening up a bank account or sending money on behalf of someone else. The key thing is to ensure you are actually sending that money to the correct person and thankfully, there are more reliable tools that are able to detect these issues now. It comes down to the organisation’s fraud screening processes. The question is how much information are you able to acquire and what does that fraud screening process look like? The standard answer is that there is no silver bullet – there isn’t one organisation that has everything available to run the process at zero risk. However, in the same way, there is always risk in a face-to-face transaction too. As we all know. “Good friction” is necessary for both scenarios. What has changed in the digital process is that it is now acceptable to present an identity, run that process with a mobile phone and check for duplicates. In the future, things will get even more secure with the use of biometric technology and face recognition, thumbprint recognition and the ability to check a chip on a passport. This last process is something we’ve started working with recently. In all, there is a lot more information that is available when trying to detect fraud these days, however, the same rule still applies: you need to decide what information you want to capture and make a decision on it.

The government has been known to over-regulate and stifle innovation. Do you think that we have the right balance when it comes to trust vs innovation?

Reynell Badoe: I think that the government has a lot of responsibility to provide the basic and necessary requirements and nothing more. On the issue of trust, we’ve seen leakages in the past – breaches of customer information from companies. So, on a consumer level, there is the issue of trust to contend with, as people are sceptical as to whether or not their information is safe. An example of this is free apps – technically they’re not “free” in the sense that you give up some aspects of your digital ID data in exchange for access to that app. I’d say the question is: can the information be used against me in the future? In terms of innovation, there’s a need for better services – we need a safer place to operate without having to worry about any of these concerns and challenges. There needs to be a fine balance between regulation and opening up certain aspects of digital ID.

Where does the government sit within this space in terms of digital ID?

Osama Al Rahma: When it comes to the government, it comes down to the level of leadership of that nation and their perspective on digital transformation. They then need to lay down the military frameworks, the standards and the security aspects in order to develop a secure environment. It’s been said that once you introduce digital financial services then it’s not a case of if you will encounter fraudsters but when. There is a lot of truth to this adage, as I have seen myself when we launched a remittance app and immediately fraud occurring on a massive scale. The reality is that if you are not well-enough equipped in different aspects, you will likely encounter problems. One of those aspects is having clear risk mitigation policies, and the second is to use advanced technology to identify such risks. A third aspect, meanwhile, is knowledge and awareness. Most issues I’ve seen actually involve the consumer allowing the phishing to happen due to his lack of knowledge on how scams can occur. It’s all about protecting your consumers.

What advice would you give to MTOs and banks who are thinking of adopting digital ID within their processes?

Richard Spink: My advice would be to keep things simple and understand the regulation before you talk to a business like us. Everyone will give you different advice on regulation. In my world, I need to understand the regulation of the market the jurisdiction is operating in. For example, if your business is registered in Germany, the German financial regulation is very specific on how want that ID verification process to run. In fact, they want it done via video. But this isn’t the case for the whole of the EU. So, although the EU is one trading block, in theory, in practice there are different processes required depending on where your business is regulated. I’d also recommend considering what you need to do to confirm that someone is who they say they are. In my experience, finding proof of address is the hardest process and yet it’s required by most regulators. My experience in the last ten years shows that the proof of address data is large in quantity however there is still nowhere near enough to satisfy the global coverage.

What are the critical questions you will ask an ID verification provider?

Osama Al Rahma: Before asking the questions, develop your own strategy and consider what you will want in the near future, including your offerings, products and other engagements with the consumers as this will dictate the type of provider you want to consider. On one hand, look at the flexibility of upscaling the technology, as you want someone to partner with as opposed to a short-term solution that will leave you stuck with a legacy system that will hinder your ability to enhance your offerings in the future. On the other, look at the ability of the service provider – have they got a system that is dynamic enough to cope with the constantly shifting regulatory requirements?

What do you think this space will look like in two to five years?

Reynell Badoe: At this point, it’s all speculation, especially with the speed at which technology is advancing. For example, things that one would have expected to happen in a decade could happen as soon as next year. At this point, there’s already a lot of personal information online both knowingly or unknowingly. Now, people are less concerned about giving away their data and are more concerned about where it’s going. For example, if there’s a new online financial institution that people are gravitating towards then I, as a customer, would want to find out a bit more before parting with my information. This has led to the use of federated IDs where I can sign in to a website using my existing Google account because I would naturally be more comfortable leaving my limited information with Google as opposed to this relatively unknown third party. I personally expect to see a lot more use of federated IDs in the future.

How do you see the rate of digital adoption in sending and receiving markets, in terms of duration, post-pandemic and pre-pandemic?

Osama Al Rahma: During the pandemic, I think the main shift was that consumers released how digital engagement was beneficial to them. Why do you think China was able to so effectively control COVID-19? It’s because of their AI and biometrics. They were able to use this to track and trace the people who had been in touch with an infected person and find out which areas they were prominent in. The only positive, economic growth in 2020, in comparison to other developed countries, was China and one of the primary reasons was this biometric ability. This is already being applied elsewhere today – going through an airport completely contactless, for example. With regards to the future, the adoption of these new methods should be reviewed seriously by all financial companies. It might be a slow burn but always look at how they will impact your business model and how you will be able to use them to your advantage in the future.

What next?

Now that you’ve read our article we want to help you get the most out of it and deep dive into the trends and predictions shared.

Tap into our experts and schedule a free consultation.

AML and CFT Guide for Money Transfer Start-Ups

Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT), are terms mainly used in the financial and legal industries to describe the legal controls that require financial institutions and other regulated entities to prevent, detect, and report money laundering and terrorist financing activities.  

Every regulated entity should have appropriate AML as well as CFT checks and controls in line with the regulatory framework of the jurisdiction where the entity operates from.    

To make it easier for Start-Ups, please find below the diagram of the AML/CFT Ecosystem:

AML CFT Ecosystem

The ecosystem shown above shows the five core responsibilities of Money Transfer Start-Ups:

1. Onboard a Money Laundering Reporting Officer (MLRO) 

First and foremost, all start-ups must have a dedicated Money Laundering Reporting Officer (MLRO) who is responsible for managing all compliance activities within the organisation. Depending upon the type and size of the business, there could be one or more members within the compliance team.  

Aside from the MLRO, it is important that other stakeholders such as Directors, Senior Managers and even Shareholders familiarise themselves with the Payment Services and AML regulations within the jurisdiction where the business is registered.

2. Customer Due Diligence (CDD) 

Each entity is responsible to identify the customers that they deal with. This step is known as the Know Your Customer (KYC). The MLRO has to identify the checks and controls that need to be in place to capture all the information needed from the customers as part of the KYC process. 

Apart from KYC, the entity must also maintain the Customer Due Diligence which is mainly to do with checking the customers registering against the watch lists and the transaction patterns of the customers. 

3. Suspicious Activity Reporting (SAR)

The entity is required to conduct appropriate investigations whenever an event such as a transaction monitoring alert or a sanctions match occurs. The MLRO has to validate such investigations further and need to report to the local regulatory bodies in the form of Suspicious Activity Reporting (SAR) or Suspicious Transaction Reporting (STR).

4. Record Keeping

The entity is responsible to maintain records of all their customers and transactions for a minimum period of 5 years or as per the guidelines of the local regulatory bodies. The MLRO has to ensure that the data captured from customers for identification and transaction purposes are stored securely and accessible to the authorized individuals of the entity whenever needed. Apart from customers and transactions data, the entity should also maintain the records of all the SARs/STRs. 

5. Registering and Reporting to Regulators

The entity is responsible to have the registration done with the relevant regulatory bodies in the jurisdiction where the entity operates from. The entity should also be aware of all the reporting obligations in order to submit reports related to the customers or transactions data to the relevant regulatory bodies in the jurisdiction.  

Whether you are a start-up or an established Money Service Business, it is very important that the AML policies and procedures are clearly incorporated within your business model. For more information, advice and support, please contact us.

RemitONE provides proven compliance products for Money Service Businesses and Central Banks and would be delighted to help your business. Contact marketing@remitone.com or call +44 (0) 208 099 5795.