Understanding and using FATF's June 2013 Guidance note of a Risk Based Approach to Implementing AML/CFT Measures for mobile money and other new payment methods
GIFT City Overview India's Gateway to Global Finance
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/CFT Measures for New Payments Products and Services
1. Applying a Risk-Based Approach to
FATF’s AML/CFT Measures for
Mobile Money in Emerging Markets
20 November 2013
Louise Malady
Senior Research Fellow
University of New South Wales
2. Background
• Research Project - The Regulation of Mobile Money
• CIFR – Centre of Excellence for research and
education in the finance sector (www.cifr.edu.au)
• Emerging markets focus
• Focus is on key legal and regulatory issues
– Protection of customers' funds
– Legal and regulatory considerations in the use of agents
– Applying a risk-based approach to FATF’s AML/CFT
measures for mobile money in emerging markets
– A financial regulator’s role in building and understanding
consumer demand for mobile money
2
4. Principal Researchers
Professor Ross Buckley
Scientia Professor and
CIFR King & Wood
Mallesons Professor of
International Finance
and Regulation
Professor Douglas Arner
University of Hong Kong
Jonathan Greenacre
Louise Malady
Research Fellow, University of
New South Wales
Senior Research Fellow,
University of New South Wales
4
5. FATF and Risk-Based Approach
• FATF 2012 Standards – Risk-Based Approach
(RBA)
• FATF Guidance on ML/TF and Financial Inclusion
– Feb 2013
• FATF Guidance on ML/TF, the RBA and New
Payment Products and Services (NPPS) – June
2013
– Risk assessment and mitigation for NPPS
– Regulation & Supervision of NPPS providers
– Encourage use of simplified CDD for NPPS
5
6. FATF June 2013 – Key Messages
• Risk assessment in the design phase of products and
regulations – involve regulator early
• A holistic approach to risk assessment – no “one-size fits
all”
“[Y]ou don’t need to put the same padlock on your garden
shed as you’d put on your house – that’s the principle of
proportionality.” Ignacio Mas, 2013.
• Stops short of requiring simplified CDD
• Regulators left to oversee implementation of RBA – lead
the way
6
7. Risk Factors – Mobile Money
Risk Factor
Non-face-to-face
relationships and
anonymity
How Risk Factor Arises
Risk posed by anonymity occurs on using or reloading
Level depends on the functionality of the service and any existing risk mitigation
measures - consumer due diligence and funding thresholds.
Geographical reach Global reach - Jurisdictions different levels of controls for AML/CFT
Methods of
funding
If the origin of funds is obscured (e.g. cash is used) or if account to account
transfers are permitted then risk of ML/TF increases.
Access to cash
The more interconnection or interoperability that a service provides means there
are more ways to withdraw cash from the service and hence greater ML/TF risk.
Segmentation of
services
Various parties involved - greater risk of losing customer or transaction
information along the payments chain or being unable to retrace information.
Not always clear which parties is subject to AML/CFT measures, or to which entity
they are reporting to, or even in which country is the responsible regulator based.
Using agents for account opening or cash-in/cash-out - further cloud regulatory
responsibilities.
Training, management and control of agent networks are important in this regard.
7
8. Risk Mitigation – Mobile Money
Risk Mitigation
Consumer Due Diligence (CDD)
- Enhanced for higher risk
- Simplified for lower risk
- Exemption for low risk
under specific
circumstances
Loading, value and
geographical limits
(Functionality)
Source of funding
(functionality)
Record keeping, transaction
monitoring and reporting
How to apply
Simplified CDD - basic but cover the four basic components of CDD.
Remain alert to why product or service is being used.
Simplified CDD - identification, verification and monitoring
requirements can be less intensive and less formal and
assumptions can be relied upon about the use of basic products
and services.
Customer ID can be verified following the establishment of a
business relationship - enables a more smooth process for
establishing and conducting business with end-users.
Limits on the amount loaded, reloaded, transferred or withdrawn
by value and frequency and limiting where the product can be
used. Combinations of limits also effective.
Distributors and agents carrying out CDD obligations on behalf of
provider - compliance with AML/CFT measures should be
monitored.
Using cash as a funding source cannot immediately translate to
the product being classified as “higher risk”
If cash is the funding source then use other limits in to achieve a
lower risk rating and eligibility for simplified CDD.
Transaction monitoring and suspicious activity reporting is essential
8
irrespective of the level of CDD.
9. Tiered Approach to Provision of NPPS
Level of
Functionality
9
Phase 1
Phase 2
Phase 3
Level of CDD increases for each phase of the products’ or services’ roll-out
Phase 1 Very basic functionality -> Low risk -> Exemption from CDD
Phase 2 Broadened functionality -> Lower risk -> Simplified CDD
Phase 3 More wide functionality -> Higher risk -> Enhanced CDD
10. Regulating and Supervising Entities
Involved in Providing NPPS
• RBA from the perspective of a country’s
responsibilities (Recommend’n 1 and 15);
• CDD and implications of simplified CDD
(Recommend’n 10);
• Licensing and Reg’n requirements, including
those for agents (Recommend’n 14); and
• NPPS share common features with Wire
Transfers (Recommend’n 16).
10
11. Identification of Responsible Authority
• Implications of entity based supervision - effective
cooperation between the regulators/authorities
• Local context determines who does what BUT…
If many MNOs offering mobile payment services - comms
authority not automatically best placed to monitor MNOs
for AML/CFT compliance:
– Assessment of capacity of authority should be made;
– Provide training and education in AML/CFT to develop
expertise ; and
– Close cooperation with the financial supervisors - essential to
ensure consistent , co-ordinated approach.
11
12. Determining the NPPS Provider
Subject to AML/CFT Obligations
• NPPS - range of entities involved in the
provision and complex
• Look for the entity which:
– has visibility and management of the NPPS;
– maintains relationships with customers;
– accepts the funds from (the) customer, and
– against which the customer has a claim for those
funds.
12
13. Issues for Further Consideration
ML/TF risk for reasons of financial exclusion
• Continued focus on access, usage and quality of NPPS to drive growth in
financial inclusion
Unintended consequences from using the RBA
• Apply methodologies sensibly, maintain perspective
AML/CFT measures and innovation
• Cost to innovation as a result of the focus on risk assessment, and
involvement of regulator, in design phase
Proposed changes to FATF mutual evaluation methodology
• Focus on effectiveness of implementation of standards rather than rating
technical compliance
13