Mobile financial services: Strengthen compliance with anti-money laundering, anti-terror financing measures

The novel coronavirus has accelerated the global trend towards a cashless economy. The growth of e-commerce and the ease of contactless payment options amidst the fear of paper money contamination with the virus have further boosted the scope of digital transaction.

This has facilitated the growth of the Mobile Financial Services (MFS) industry, especially in countries like Bangladesh that have a large pre-existing customer base. It needs to be mentioned that as services of mobile banking are provided through digital devices, MFS is alternatively called Digital Financial Services (DFS) both nationally and globally.

What essentially started as an initiative to include the unbanked and under-banked rural population of the country in the formal economy, has now become an essential part of the lives of all strata of citizens of Bangladesh.  Along with the growth in the user adoption rate during the ongoing pandemic, the MFS providers are engaged in introducing multitudes of new products and services.

As the MFS accountholders belong mostly to the bottom of the pyramid, it is absolutely essential to ensure the safety and security of their fund in any form of transaction they make. To attain this, it is of paramount need for the MFS providers to strengthen the compliance environment to keep the service risk-free.

Most of the global MFS services maintain a stringent compliance policy following the global standard as outlined in Financial Action Task Force (FATF) 40 Recommendations and guidance from the regional regulatory watchdog, for example: Asia Pacific Group (APG) on money laundering.

In this context, Bangladesh Bank (the central bank of Bangladesh) has established efficacious regulations regarding MFS practices by circulation of Bangladesh MFS Regulations - 2018. Furthermore, the Bangladesh Financial Intelligence Unit (BFIU) has introduced detailed Anti Money Laundering/Combating the Financing of Terrorism (AML/CFT) guidelines (BFIU Circular- 20) for MFS providers to strictly adhere to all issues to thwart possible Money Laundering and Terrorist Financing (ML & TF) risks.

Implementation and adoption of these regulations and guidelines by all providers have to be in place to maintain the standard of compliance in our country as outlined by the regulators.

To maintain uninterrupted growth of the MFS sector -- a success story of the present government -- there is no alternative to understanding the value of compliance, minimising the associated risks of non-compliance and applying the utmost effort in establishing a high standard of compliance practices by all MFS providers.

Keeping the fundamental AML/CFT compliance issues in mind, regulatory guidelines related to the creation of e-money, customer fund protection, customer due diligence (CDD), Know Your Customer/Electronic KYC (KYC/e-KYC), sanction screening, suspicious transaction reporting (STR), anonymous transaction (ATr), fraud risk mitigation, capacity building, etc. are deliberated upon in the following paragraphs.

CREATION OF E-MONEY

To deep-dive into the discussion of AML compliance, we have to understand the flow of digital money in the MFS system. It is well known that the total volume of money (printed notes and coins) that is circulated in any economy is the sole responsibility of the respective central bank. The fundamental essence of e-money creation is hinged upon the deposit of an equal amount of cash in commercial bank(s) at any given point in time.

Hence, the creation of e-money must be against an equal amount of deposit of cash value in commercial bank(s) in order to maintain the total amount of money in circulation as ascertained by the central bank. The non-adherence of the requirement of reconciliation and submission of the same to the central bank could seriously impair the national monetary system. The creation of e-money without the oversight of the central bank could obviously lead to inflation -- which may become catastrophic for the national economy.

Creation of non-regulated e-money is tantamount to forgery -- a listed predicate offence of which the perpetrators can take serious advantage for the purpose of money laundering (ML) and terrorist financing (TF). To avoid such risks, reconciliation of e-money created against equal amount of cash deposit in commercial bank(s) needs to be guaranteed by the MFS providers and reconciliation statement reported to Bangladesh Bank on a daily basis (Clause 7.5(i), Bangladesh MFS Regulations - 2018). The creation of e-money of each MFS provider must, therefore, be strictly monitored by the central bank to avoid ML/TF risks within the MFS ecosystem.

CUSTOMER FUND PROTECTION

The majority of the population of Bangladesh, especially of the suburban and rural areas, remained outside of the formal economy as services to such a dispersed population through brick-and-mortar bank branches were not practically viable. On the contrary, without the facilities of formal financial services, this segment of the population was not being able to challenge their socio-economic vulnerabilities.

A visionary decision by the government and effective initiative by Bangladesh Bank witnessed MFS becoming a widely accepted and easy-to-use option, primarily among the population at the bottom of the pyramid. However, the number and amount of the individual transaction/balance remain to be small in commensuration with the financial capacity of low-income group account holders.

But, whatever the amount that may be, the value of such individual balance is very precious to each customer. To ensure the protection of accumulated fund of customers, Bangladesh Bank made appropriate regulatory provisions that warrant all MFS providers to maintain a minimum paid-up equity capital of Tk 45 crore to mitigate risks (Clause 6.3, Bangladesh MFS Regulations – 2018).

Furthermore, the MFS providers operating under the subsidiary model need to invest not less than 25% of their physical cash balance in Government Securities (Clause 7.5(iii), Bangladesh MFS Regulations – 2018). To ensure customer fund protection, the MFS providers must remain compliant to these instructions and maintain trust-worthiness to the customers.

KYC PROCEDURE WHILE CUSTOMER ON-BOARDING

MFS providers need to onboard customers and agents to offer the services through the respective platform. According to the regulatory provision, the fundamental requirement of Customer Due Diligence (CDD) in MFS is to collect "correct" and "complete" information of the customer for adhering to the know-your-customer (KYC) procedure as defined in BFIU guidelines (Clause 3.1, BFIU Circular- 20). Currently, in Bangladesh, MFS accounts are also opened with e-KYC (Clause 1.1, BFIU Circular- 25).

In both cases, the correctness of the collected customer data must be verified through a trusted and authentic source. For example, the NID information currently is being verified from the Election Commission database. The most important compliance issue relating to KYC is 'face-to-face interaction' in case of both paper and e-KYC (Clause 1.5.4, Study Paper on AML/CFT published by BFIU).

Any lapse in ensuring 'face to face interaction' would allow an opportunity to open a false MFS account. In absence of a proper KYC procedure, perpetrators get to register MFS accounts with false identity/made-up documents and become untraceable after conducting criminal activities using these accounts. In summary, opening an MFS account without following the guidelines and maintaining the prescribed KYC provided in the BFIU Circular- 20 and Circular- 25 would associate tremendous risk and thus remain out of question. 

ONE MFS ACCOUNT AGAINST ONE NID

The regulatory directives say that a citizen should maintain only one MFS account against one NID. Lack of proper KYC procedure and business logic built in the technology may allow opening of countless MFS accounts within a single MFS platform for a single customer. Here, one needs to understand that a perpetrator desires to open multiple MFS accounts through unverified information only to bypass the ML/TF risk mitigation measures.

In the case of multiple personal accounts existing with a single NID under an MFS provider, the excessive (more than one) accounts must be closed in accordance with the directive of Bangladesh Bank. Ensuring one MFS account against one NID following proper KYC procedure and authentic NID verification are the pillars that the AML/CFT stands on.

It should be noted that MFS account can be linked with any existing bank account of the same customer upon informed consent where additional KYC may not be required. The BFIU guidelines further say that the ultimate responsibility regarding KYC/e-KYC of MFS account will lie with the MFS providers. It amplifies that KYC/e-KYC requirement for opening MFS account in no case be compensated with any other registration document other than paper/e-KYC of the MFS provider itself and KYC of the linked bank account (Clause 3.3, BFIU Circular – 20).

SANCTION SCREENING

While onboarding customers, only collecting correct and complete customer data is not sufficient for battling against the ML/TF risks. It is of essence that those who are listed in the UN Security Council Sanction list, other global as well as national sanction list do not get an opportunity to open MFS account. The same lists need to be screened for allowing inward foreign remittance to be sent from abroad and received by the beneficiaries in Bangladesh. Moreover, periodic screening of the entire customer base is required to be carried out as per the regulatory requirement (Clause 2.2, BFIU Circular- 20). This screening mechanism allows the MFS providers to thwart ML risk in general and TF risk in particular.

ANONYMOUS TRANSACTION (ATR)

The main purpose of financial inclusion was to bring the unbanked population under a formal economy providing them with limited banking accounts for transacting e-money according to their financial needs. Hence, if any agent-assisted transaction, in other words- Over the Counter Transaction (OTC) is allowed to be conducted on behalf of an unbanked person, that person remains out of the formal economy defeating the very spirit of financial inclusion.

Therefore, the regulation very appropriately doesn't allow agent to agent transactions. If agent to agent transaction is allowed to facilitate transaction between two unbanked individuals, it becomes an Anonymous Transaction (ATr) where the originator and beneficiary of the transaction are not on record and hence the money trail remains non-traceable. Not only ATr increases the ML/TF risk manifold, the main purpose of financial inclusion remains unserved as well. Hence, all forms of ATr must be eliminated to ensure the safety and growth of the MFS industry.  

SUSPICIOUS TRANSACTION REPORT/SUSPICIOUS ACTIVITY REPORT (STR/SAR)

Along with the risk of ATr, another major risk is abnormalities observed in customer transactions/activities. It's the responsibility of the MFS provider to monitor if there are reasonable grounds to suspect that funds transacted by customers are the proceeds of predicate offences or may be linked to terrorist activities.

To mitigate such risks, MFS providers need to have round-the-clock monitoring arrangements to identify suspicious transactions and activities through customised technology solutions and other investigative methods for timely submission of STR/SAR to BFIU (Clause 7.3, BFIU Circular- 20). The practice of timely submission of STR/SAR helps the regulator to assess the standard of transactional norms practised by different customers.  

MONITORING AND FIELD ASSESSMENT OF CHANNEL PARTNERS

In the MFS ecosystem, liquidity management partners (channel partners) such as agents, distributors, and merchants act as the bridge between an MFS provider and personal account holders, i.e. the common customers. These channel partners carry out a considerable number of high-volume transactions. Therefore, intensive transaction monitoring is required to take risk-appropriate measures against non-compliant behaviour, especially ATr.

Besides technology monitoring, MFS providers need to deploy a Field Compliance Assessment (FCA) team to physically monitor the activities of agents, distributors, and merchants. All the MFS providers should diligently conduct regular FCA to detect and prevent different types of non-compliant behaviours of the channel partners (Clause 8.2, 8.5 and 9.3, BFIU Circular- 20). Risk-appropriate measures should include MFS providers appointing competent Regional Anti Money Laundering Compliance Officers (RAMLCOs), as directed in the guidelines issued by the regulator (Clause 1.3(1), 8.4 and 9.2, BFIU Circular- 20).

FRAUD RISK MITIGATION

ATr increases the fraud risk of MFS to a great extent. Fraudsters are perpetrators who extort money from MFS customers and abuse the MFS platform through social engineering and duplicity. In absence of a proper Fraud Management mechanism at the provider's end, the vulnerability of the customers increases manifold.

It is the duty of all MFS providers to do periodical anti-fraud campaigns to raise customer awareness and to have a dedicated fraud risk management team to prevent and mitigate fraud and dispute related complaints (Serial 2.5, Study Paper, AML/CFT Regulations for Mobile Money).

AML&CFT Capacity Building

The ever-growing sophistication of threat factors and defined regulatory supervision make AML&CFT training a mandatory capacity building measure for all employees and the members of the channel partners of MFS providers. Knowledge sharing sessions on CDD, KYC/e-KYC guidelines, NID verification procedures, STR/SAR process etc. need to be organised with proper plan and arrangement both centrally and regionally (Clause 11.2 and 11.3, BFIU Circular- 20).

Without proper and organised training of the regional stakeholders upon whom the duty of maintaining compliance at the grassroots level has been bestowed, the MFS compliance framework cannot be kept risk-free.

Innovation of Technology Solution for New Product/Services

Adding value to customers through the introduction of new products and services and improving the existing services through the adoption of new technology is a necessity for fast-paced industries like the MFS. However, these innovations and alterations should never come at the cost of compliance. It has been clearly defined in the regulatory framework that new products can be launched by MFS providers only after regulatory review (Clause 5, BFIU Circular- 20).

There are multiple types of regulatory impositions (transaction limit, transaction frequency, one MFS account against one NID, data security, etc.) for MFS. Only after making sure that the emerging or remodelled product/service is in accordance with the imposed regulatory limits/restrictions, MFS providers may proceed to do risk-assessment and get it reviewed by BFIU prior to rolling out the same in the market (Clause 1.9, AML/CFT Regulations for Mobile Money: Policy Options for Bangladesh).

The introduction of an unregulated MFS product/service may result in the loss of trust of the customers in MFS and thus eventually imperil the sustainable growth of the MFS industry as a whole.

OVERSIGHT, AUDIT, AND INSPECTION

Internal audit and self-assessment of compliance practice is the responsibility of the MFS providers to protect and maintain the security and safety of their own platform. While system-level monitoring and self-investigation of the MFS providers remain essential, regulatory oversight, periodical inspection, and audit are needed to assess and examine the outcome of these internal audits/self-assessments.

External audit and inspection, as such, help to determine the lacking(s), if any, of the compliance practices of the MFS providers, thus helping the entity to take appropriate and corrective measures. This layered and structured approach ensures required risk-reduction in accordance with the national and global best practices. In conclusion, it may be mentioned that the apparent MFS operation may seem pretty simple from a customer experience point of view.

However, the different aspects of compliance related to AML/CFT mentioned above illustrate how complex the operation of MFS really is. As MFS providers are dealing with a huge number of customers, it becomes imperative for them to always stay vigilant regarding issues like ML/TF risks, cybersecurity, and most importantly customer fund protection.

Each and every MFS provider must remain committed to keep their platforms risk-free at all times. To achieve this, MFS providers need to focus on compliance infrastructure, capacity-building and strict adherence to the regulatory directives and guidelines. There is no denying that any harm to the MFS ecosystem will be socio-economically cataclysmic for the most vulnerable segment of our population.

Hence, regulatory discipline across the industry should be identical and each and every MFS practitioner, as well as the provider, must stay committed to providing a sustainable, compliant, and reliable service to their respective customers.

The writer is the chief external & corporate affairs officer of bKash Limited, a position he has held since May 2014