FinTech companies face great challenges
With the adoption of the 5th AMLD all types of FinTech businesses are already legally obliged to keep up with the high AML/CTF standard designated for traditional financial institutions. The legal uncertainty around virtual asset providers (cryptocurrency exchanges, wallet providers, etc.) is overcome. These players are obliged to implement a sound AML compliance programme. European regulatory development comes much later then the US one. Already in 2013, FinCEN published a Guidance on the Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual currencies. Regulatory scrutiny is rising. The 5th AMLD provides for enhanced cooperation between FIUs and financial supervisors, meaning that transboundary nature of ML/TF cases will not impede enforcement anymore. Designation of European Banking Authority as a common EU-wide supervisory body could allow more standardised law enforcement policy. By contrast with Europe, the US authorities already have solid experience in enforcement actions against FinTech companies.
Usually, they are falling under the definition of “money services businesses” (“MSBs”), being under the Bank Secrecy Act obligation to establish AML programs and to verify the identities of account holders through KYC. The first FinCEN enforcement action against a virtual asset provider was against the Ripple Labs, Inc., fined with $700,000 in 2015.
FinTechs in Europe should prepare, especially when the 5th AMLD is expected to be the turning point. How should a FinTech start-up stay compliant? What are the challenges and opportunities? What can be learnt from a traditional financial institution compliance department? FinTechs should not merely be compliant on paper. They will soon be expected to demonstrate to regulators that they are effectively managing their financial crime risks. Otherwise, severe penalties will follow. Many start-ups are concentrating on the business side. The risk of non-compliance is biggest during up-scaling, thus compromising the probability of financial success of the company.
In such environment, old compliance solutions do not address new challenges. Financial crime compliance is impossible without data sharing and automatization. Consider for example, the AML risks coming with the onboarding process. The electronic only relationship with the client brings the threat of identity theft. A criminal might open many account under false identity and use them for laundering the proceeds of crime. Or, without proper screening tool, a FinTech company might find itself in violation of the Office of Foreign Assets Control and the US Department of the Treasury sanction lists. The best practice is human and machine insights to come together to determine whether the money coming in and going out belong to the person whose name is on the account.
Dr. Elina Karpacheva