by Elina Karpacheva
Innovation is surely a good thing. FinTech makes access to finance fast, easy and accessible which is of great benefit to individuals, households and businesses. However, the increased speed of initiating transactions, the borderless movement of money flows, and anonymity may be exploited for ill-gotten gains. FinTech might be used for terrorist financing, money laundering, fraud, tax evasion, market abuse, and overall undermine the stability of financial system. From this angle, FinTech companies have enormous responsibility towards the society to prevent fraudulent behaviour. Governments around the world have started recognising risks associated with technologically enabled financial innovation. In effect, we see the increased level of regulation with enforcement against the FinTech being one of the priorities. The need of FinTech companies to establish compliance expertise to prevent, detect, and response to financial crime has become apparent.
Considering the recent AML/Fraud scandals, traditional banking institutions are under strong pressure from authorities to enhance their anti-financial crime controls. At the same time, on the business side, banks embrace financial innovation by changing conventional business models in order to reduce costs, explore new products, enhance efficiency and fulfil regulatory requirements, such as Open banking. Thus, they experience unfamiliar financial crime risks related to the technologically enabled financial innovation. (*1)
FinTech companies face even greater challenges
With the adoption of the 5th AMLD all types of FinTech businesses are already legally obliged to keep up with the high AML/CTF standard designated for traditional financial institutions. *(2)
The legal uncertainty around virtual asset providers (cryptocurrency exchanges, wallet providers, etc.) is overcome. These players are obliged to implement a sound AML compliance programme. European regulatory development comes much later then the US one. Already in 2013, FinCEN published a Guidance on the Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual currencies.
Regulatory scrutiny is rising. The 5th AMLD provides for enhanced cooperation between FIUs and financial supervisors, meaning that transboundary nature of ML/TF cases will not impede enforcement anymore. Designation of European Banking Authority as a common EU-wide supervisory body could allow more standardised law enforcement policy. By contrast with Europe, the US authorities already have solid experience in enforcement actions against FinTech companies. Usually, they are falling under the definition of “money services businesses” (“MSBs”), being under the Bank Secrecy Act obligation to establish AML programs and to verify the identities of account holders through KYC. The first FinCEN enforcement action against a virtual asset provider was against the Ripple Labs, Inc., fined with $700,000 in 2015.
FinTechs in Europe should prepare, especially when the 5th AMLD is expected to be the turning point. How should a FinTech start-up stay compliant? What are the challenges and opportunities? What can be learnt from a traditional financial institution compliance department? FinTechs should not merely be compliant on paper. They will soon be expected to demonstrate to regulators that they are effectively managing their financial crime risks. Otherwise, severe penalties will follow. Many start-ups are concentrating on the business side. The risk of non-compliance is biggest during up-scaling, thus compromising the probability of financial success of the company.
In such environment, old compliance solutions do not address new challenges. Financial crime compliance is impossible without data sharing and automatization. Consider for example, the AML risks coming with the onboarding process. The electronic only relationship with the client brings the threat of identity theft. A criminal might open many account under false identity and use them for laundering the proceeds of crime. Or, without proper screening tool, a FinTech company might find itself in violation of the Office of Foreign Assets Control and the US Department of the Treasury sanction lists. The best practice is human and machine insights to come together to determine whether the money coming in and going out belong to the person whose name is on the account.
Sharing of fraud prevention techniques, should not be viewed as competitive advantage or trade secret
To address risks associated with financial crime compliance, an entirely new industry has sprung up. RegTech is born from the combination between enhanced technology and the need financial institutions to stay complaint with the regulation. RegTech provides solutions for customer onboarding, transactions monitoring, and for sharing customer-related documents. Artificial intelligence and machine-learning applications are also coming to help. They ensure quick discovery of trends and anomalies and suspicious individuals/transactions. Some solutions apply Neuro-Linguistic Programming for the process of enhanced due diligence and adverse media search. Even, some AI solutions are flagging whether the applicant is lying and thereby speeding up the process of identity verification.
Furthermore, Data sharing and public-private partnerships are of utmost importance. For example, a criminal could be willing to launder €1 000,000 of “dirty” money by opening 10 accounts with 10 different fintech start-ups, each licenced in different EU jurisdictions. Indeed, such an activity probably would generate SARs in 10 different jurisdictions. If the FIUs have the proper analytic tools and share data fast – it will be easy for them to spot the relationship between the accounts and unravel the bigger money laundering scheme. Private sector has an important role in financial crime prevention – to share actively data between industry players, such as fraudulent schemes and typologies or customer related information (subject to data privacy). This might happen between the FinTech start-ups, using the same RegTech solutions, but as well with the help of traditional financial institutions that already share data inside the group or in the context of correspondent banking relationship. Working together is crucial, because when a competitor is damaged by fraud, the reputation of whole industry is affected. Thus, sharing of fraud prevention techniques, should not be viewed as competitive advantage or trade secret.
Compliance Meet UP in Sofia
Recognizing the importance of the topic, Eleven Ventures and European Compliance Center are organizing Compliance Meet UP in Visa Innovation Hub@Campus X. The event will introduce financial crimes inherent to the FinTech industry with specific focus on AML/CTF risks. Our international speakers will discuss specificities of KYC and onboarding process, sanction screening and transaction monitoring. The event will explain the value of RegTech solutions for AML and anti-fraud compliance. The aim is community to discuss the FinTech compliance standard and how it relates to / differs from the traditional bank anti-financial crime process. Organizers will wrap-up with a summary of important messages how to stay compliant in the fast-changing innovation field.
(*1) For example, in June 2018, the UK’s Financial Conduct Authority (FCA) published a letter, in which it set out its expectation that banks and other financial institutions should evaluate and manage the crypto-related financial crime risks they face, see: https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-cryptoassets-financial-crime.pdf
(*2) Technically speaking, most types of FinTechs were already covered under the scope of obliged entities under the 4th AMLD.
About the author: Dr. Elina Karpacheva is a lawyer and academic researcher. She is the founder of the European Compliance Center – an international network of compliance experts in the CEE region and the first NGO in Bulgaria with a specific focus on corporate compliance. Dr. Karpacheva is Bulgarian Editor in Chief of the Risk & Compliance Platform Europe.
