Integrity in Mobile Financial Services AFI, SBS Peru and WB Forum, - PowerPoint PPT Presentation

Integrity in Mobile Financial Services AFI, SBS Peru and WB Forum, Lima Peru, May 12-13 2011 Pierre Laurent Chatain Wameek Noor Najah Dannaoui Lead Financial Sector Specialist Consultant Consultant (Financial Systems) (Financial Systems) (Financial Systems) The World Bank The World Bank The World Bank

New Research 2  Anatomy of Current Mobile Money Business Models  New Outcomes in terms of Risk  Stocktaking of Regulatory Practices and Related Policy Guidance Currently Observed on these contentious topics  KYC/CDD  Agents Regulation  Reporting Obligations  Supervisory/Enforcement Responsibilities  Other Contentious Issues UK, France, Russia, Kenya, Zambia, Malaysia, Philippines and Mexico

New Outcomes in terms of Risk 3 Our Risk Matrix is Still Valid (Anonymity, Elusiveness,  Rapidity and Lack of Oversight) Mobile Money less risky than cash  No new ML or TF risks found in Mobile Money (Cases of  Consumer Fraud Observed) Can be used strategically to lower national ML/TF risks by  facilitating the move away from “higher risk” cash transactions to “lower risk” mobile money transactions Smart Risk Mitigation Practices Utilized by M-Money  Providers and Regulators

Risks Associated to M-FS 4 From Industry From Regulators From Policymaker IT security Financial inclusion Too much regulation consumer protection impeded kills the business AML/CFT

Mobile Money Less Risky Than Cash 5

No ML or TF risks found in Mobile Money but Cases of Consumer Fraud Observed 6 Philippines Experience Case 1: Using Multiple SIM Cards but through one Phone Case 2: Many Transactions to One

Case 1 7 Amount transferred to a mobile phone through G-Cash Mr. A Mr. B ordered an Iphone from Mr. B Iphone was never received by through Ebay Mr. A Transferred the corresponding amount to a mobile phone Mr. E’s mobile Mr. D’s mobile Mr. C’s mobile Transferred Transferred account account account the the corresponding corresponding amount to a amount to a Mr. E went to G-Cash business center Mr. E Mr E. cashed out victim’s money using his mobile phone

Case 2 8 Mr. A & Mr. B Advertised fake overseas employment offers as caregivers and nurses Money the promised collected deployment through abroad never G-Cash materialized remittances VICTIMS Sent between $65 and $975 for training and processing fees

Innovative Risk Mitigation Practices Utilized by M-Money Providers 9  Smaller payments (size of transactions and volume of payments) – including capping. Smurfing is a risk but can lead to easier detection  Limitations of cross-border operations and operations in foreign currencies  Geographical restrictions  Limitation to one account for one cellular phone.  Irrespective of business model, sophisticated internal control/detection systems

Observed Control Measures 10 Type of Risk Possible ML/TF Risks Key Control Measures Off-the-branch or non-face-to-face Innovative KYC and identity verification procedures MTN Banking – SA customer origination Wizzit - SA Anonymity Unauthorized use of mobile phones for Advanced identification mechanisms • Bradesco – Brazil financial transactions • Korea Use of mobile phone at the layering stage Limits on transactions • Korea FSS of the ML process Customer profiling Use of multiple m-FS accounts • Brazil Reporting • Macau SAR China Elusiveness Monitoring • Korea • Malaysia Cross-border mobile-to-mobile In-field service risk assessment remittances • Hong Kong FIU Identification of sender • Maxis – Malaysia

Observed Control Measures (cont’d) 11 Type of Possible ML/TF Risks Key Control Measures Risk Lack of capacity to monitor/freeze Integrated system of internal controls • Itau – Brazil real-time messaging and • settlement Philippines Rapidity Managing risk of 3rd party service providers • Wizzit – South Africa Oversight loopholes for providers Guidelines on m-FS and risk management • Philippines, Korea Lack of regulation, supervision of Regulator-provider collaboration ( Philippines, Malaysia) new providers New e-finance laws and guidelines to m-FS providers External ( Korea ) Legal M-FS Shell companies issue: Clear licensing of non-bank m-FS ( Malaysia, Korea ) Poor IT & AML supervision capacity ( Philippines ) oversight AML/CFT training ( South Africa )

KYC/CDD 12 HOW TO UNDERSTAND AND INTERPRET THE FATF CDD/KYC STANDARDS: Under Rec. 5, customer should be identified and his identity verified  FATF allows reduced CDD/KYC measures (not full exemption of CDD/KYC) in circumstances when low risk can be PROVEN  A Risk Assessment can be used to prove cases of low risk, which would merit reduced CDD/KYC measures  Full exemption of CDD/KYC for certain financial activities (not specific financial transactions) is only permitted if:  (I) policymakers are able to prove that the risk is low i.e. they can demonstrate that specific and unique circumstances around the activity generate a low level of ML or TF risk and,  (ii) that they are able to provide evidence in that respect

KYC/CDD (cont’d) 13 THE CURRENT CHALLENGE :  Customers do not have the relevant identification and/or verification documents required  Flexibility accorded to KYC/CDD standards not always understood, leading to potentially overly restrictive AML/CFT regulations  Countries have not tailored AML/CFT standards to the appropriate level of risk given low value and/or low risk transactions  Policymakers feel lack of clarity/guidance on KYC/CDD from FATF, leading to misinterpretation of the standards

Document requirements in developing countries are more stringent than in developed countries 14 Percentage of countries that require certain criteria to open an account Source: Financial Access Database

KYC/CDD (cont’d) 15 OUR PROPOSED SOLUTIONS: Expanding list of acceptable IDs or Permit the use of 1. alternative IDs (that not necessarily bear a picture) Exempting the verification phase (verification vs. 2. identification) Implementing progressive KYC approach : countries 3. could envisage a tiered customer identification program, in terms of which a customer that can only provide minimal verification is restricted to basic services and can access higher levels of services after more comprehensive verification

KYC/CDD (cont’d) 16 Gradual KYC scheme adopted by Moneybookers LTD, an internet payment provider in the UK Source: Word Bank

Agents 17 THE CURRENT CHALLENGE :  Different approaches in ways AML/CFT regulations implemented in regard to agent regulation  Uncertainty about agent AML obligations, including their Licensing and Regulation, Scope of their AML duties, Supervision and Internal Procedures  Do agents needs to be regulated? Do they need to comply with AML/CFT and if so to what extent and how?

Agents (cont’d) 18 OUR PROPOSED SOLUTIONS:  Agents (Retailers) should not be regulated  Under FATF standards, they are not required to be license or registered  They are not the account providers  They are not the “ outsourcee ” of the MNO in the sense of FATF Interpretation  They act on behalf of the Account Provider  Impossible to regulate and supervise thousands of agents (retailers) on a practical level  Principle monitors all regulation and supervision of agents

Agents (cont’d) 19 OUR PROPOSED SOLUTIONS (cont’d):  Agents should be covered by certain AML/CFT obligations  Perform some AML/CFT checks including KYC on the customer  Record keeping  STRs to the Account Provider  Duties should be specified between the agency agreement of the AP and the Agent

Agents (cont’d) 20 OUR PROPOSED SOLUTIONS (cont’d):  Ultimate Legal Liability  Ultimate Legal Liability lies on the AP  KYA (Know Your Agent)  Principal (Account Provider) held accountable for AML/CFT compliance of agents, including determining extent and scope of CDD/KYC requirements between AP and Agents  Should perform KYC/CDD on agents prior to recruitment, fit and proper tests and ongoing monitoring and scrutiny (including on-site visits)

Agents (cont’d) 21 Example of Countries where Providers Assume Liability for Agents  In the Philippines , the e-money circular explicitly states that it is the responsibility of the institutions to ensure that their agents comply with all AML laws, rules and regulations. Section 4 (e) states the following: “it is the responsibility of the electronic money issuers to ensure that their distributors/e-money agents comply with all applicable requirements of the Anti-Money Laundering laws, rules and regulations.” Similar Situation found in Brazil, Colombia, Brazi and Peru. Exception currently only is Kenya, where the provider does not assume liability for its agents legally