How do you determine the nature of a digital transaction? How can financial services organizations and nonbank financial institutions (NBFI) ensure that all transactions conducted via mobile or online peer-to-peer (P2P) payments networks are legal and not the result of criminal activity?
As more consumers embrace P2P solutions such as Zelle, Venmo, ApplePay and the hundreds of smaller fintech startups promising to make it easy to move money, financial services organizations and NBFIs must prove to Financial Crimes Enforcement Network (FinCEN) and other regulators that they comply with all Bank Secrecy Act and Anti-Money Laundering (BSA/AML) laws. The consequences of non-compliance can be costly. In 2015, FinCEN fined Ripple Labs $700,000 for failing to properly register its subsidiary that sold digital tokens to settle payments on the ripple network.
The key to avoiding these costly fines is understanding and adhering to the BSA/AML regulatory requirements. To do this, organizations must ensure employees have the proper training and understand the impact of the regulations on their day-to-day job. Taking steps to eliminate the risk associated with non-compliance will help protect the organization’s reputation and mitigate potential repercussions that could negatively impact their bottom-line.
BSA/AML’s Rules Regarding P2P Payments
Traditional financial services organizations are already aware of their obligations to comply with BSA/AML laws. The addition of a P2P service does not change the requirements. However, many fintech companies also meet the definition of a “financial institution” under the BSA/AML rules. In addition to traditional financial services organizations, FinCEN also includes money services businesses (“MSBs”), which covers peer-to-peer transfer systems (such as Venmo) and digital wallets (such as Google Wallet).
Compliance with the BSA/AML requires organizations to complete four primary tasks:
- Maintain an adequate AML and Know Your Customer (KYC) program;
- File Currency Transaction Reports (“CTRs”) for transactions over $10,000;
- File Suspicious Activity Reports (“SARs”) when the organization “knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part) involves money laundering, is designed to evade the requirements of the BSA, serves no apparent lawful purpose, or facilitates criminal activity;” and
- Register with the Department of Treasury.
Conducting BSA/AML Risk Assessments
Beyond simply understanding these regulations and reporting suspicious transactions, P2P payments providers must conduct risk assessments periodically to remain in compliance. Every financial services organization, whether it is a traditional bank or credit union, must create and follow policies and procedures to ensure BSA/AML compliance. The policies and procedures must fit the needs and risk profile of each particular organization.
The risk assessment process involves identifying specific risk categories, such as products, services and geographic locations. Some products and services that fall into the higher risk category include services provided to third-party payment processors or senders, foreign exchanges, lending activities such as loans secured by cash collateral, and others.
Financial services organizations should flag transactions to higher risk international locations, which include countries that are subject to OFAC sanctions, those that have been identified as supporting international terrorism or offshore financial centers. For domestic transfers, higher-risk locations include those that have been flagged as high intensity drug trafficking areas or high intensity financial crime areas.
Identifying Suspicious Activity in a Digital World
As regulations tighten, NBFIs need to examine the actions of customers carefully, which goes well beyond simply verifying their identity. Many of the techniques used to identify suspicious transactions in a physical interaction are not possible in a digital P2P environment. An organization may not be able to see when customers seem unusually nervous, and transactions made on P2P networks may need to confirm the source of the funds to ensure they are not the result of criminal activity.
In the absence of in-person cues, organizations may look for suspicious patterns. For example, if a customer makes a habit of making transfers of $9,500 once a day throughout the week, this activity could be highly suspicious. Organizations are required to file a Currency Transaction Report for cash transactions exceeding $10,000, and by limiting his deposits to $9,500, this customer may be trying to avoid having his activity reported.
When opening new accounts for customers virtually, organizations should set up their systems to flag new accounts which trigger suspicious activity, which could include listing a permanent address outside of the country or using a phone number that is no longer in service. Also, if customers are unwilling to provide personal background, such as identification, details about their business activities, or provide financial statements or documents, all these behaviors are extremely suspicious.
Understanding BSA/AML is critical for financial services organizations and NBFIs, as limiting money laundering and cutting off terrorists’ access to funds is a high priority to the regulating and law enforcement agencies.
And the risk is not limited to financial institutions. NBFIs also run the risk of an audit or fine, such as the one levied on Ripple, if they fail to adhere to these rules. Having documented proof that employees are aware of the rules and been trained can reduce fines – or eliminate them all together – preventing monetary damages.
Maintaining high compliance standards is not only important to avoid fines and penalties, but also to maintain an organization’s reputational security. Financial services leaders and NBFIs should ensure employees have the tools, training and information necessary to uphold the highest standards and minimize organizational risk.
About the author
Ed Marcheselli is managing director of Learning & Development of BAI, a nonprofit independent organization that delivers the financial services industry’s most actionable insights.