FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/CFT Measures for New Payments Products and Services

Applying a Risk-Based Approach to FATF’s AML/CFT Measures for

Mobile Money in Emerging Markets

20 November 2013

Louise Malady Senior Research Fellow

University of New South Wales

Background

• Research Project - The Regulation of Mobile Money

• CIFR – Centre of Excellence for research and education in the finance sector (www.cifr.edu.au)

• Emerging markets focus

• Focus is on key legal and regulatory issues – Protection of customers' funds

– Legal and regulatory considerations in the use of agents

– Applying a risk-based approach to FATF’s AML/CFT measures for mobile money in emerging markets

– A financial regulator’s role in building and understanding consumer demand for mobile money

2

Project Advisory Board

• Standard Chartered Bank

• UNCDF

• ADB

• ANZ Bank

• GSMA

• Telecommunications Management Group

3

Principal Researchers

Professor Ross Buckley

Scientia Professor and

CIFR King & Wood

Mallesons Professor of

International Finance

and Regulation

4

Professor Douglas Arner University of Hong Kong

Jonathan Greenacre Research Fellow, University of

New South Wales

Louise Malady Senior Research Fellow,

University of New South Wales

FATF and Risk-Based Approach • FATF 2012 Standards – Risk-Based Approach

(RBA)

• FATF Guidance on ML/TF and Financial Inclusion – Feb 2013

• FATF Guidance on ML/TF, the RBA and New Payment Products and Services (NPPS) – June 2013

– Risk assessment and mitigation for NPPS

– Regulation & Supervision of NPPS providers

– Encourage use of simplified CDD for NPPS

5

FATF June 2013 – Key Messages • Risk assessment in the design phase of products and

regulations – involve regulator early • A holistic approach to risk assessment – no “one-size fits

all” “[Y]ou don’t need to put the same padlock on your garden shed as you’d put on your house – that’s the principle of proportionality.” Ignacio Mas, 2013.

• Stops short of requiring simplified CDD • Regulators left to oversee implementation of RBA – lead

the way

6

Risk Factors – Mobile Money

7

Risk Factor How Risk Factor Arises

Non-face-to-face

relationships and

anonymity

Risk posed by anonymity occurs on using or reloading

Level depends on the functionality of the service and any existing risk mitigation

measures - consumer due diligence and funding thresholds.

Geographical reach Global reach - Jurisdictions different levels of controls for AML/CFT

Methods of

funding

If the origin of funds is obscured (e.g. cash is used) or if account to account

transfers are permitted then risk of ML/TF increases.

Access to cash The more interconnection or interoperability that a service provides means there

are more ways to withdraw cash from the service and hence greater ML/TF risk.

Segmentation of

services

Various parties involved - greater risk of losing customer or transaction

information along the payments chain or being unable to retrace information.

Not always clear which parties is subject to AML/CFT measures, or to which entity

they are reporting to, or even in which country is the responsible regulator based.

Using agents for account opening or cash-in/cash-out - further cloud regulatory

responsibilities.

Training, management and control of agent networks are important in this regard.

Risk Mitigation – Mobile Money Risk Mitigation How to apply

Consumer Due Diligence (CDD)

- Enhanced for higher risk

- Simplified for lower risk

- Exemption for low risk

under specific

circumstances

Simplified CDD - basic but cover the four basic components of CDD.

Remain alert to why product or service is being used.

Simplified CDD - identification, verification and monitoring

requirements can be less intensive and less formal and

assumptions can be relied upon about the use of basic products

and services.

Customer ID can be verified following the establishment of a

business relationship - enables a more smooth process for

establishing and conducting business with end-users.

Loading, value and

geographical limits

(Functionality)

Limits on the amount loaded, reloaded, transferred or withdrawn

by value and frequency and limiting where the product can be

used. Combinations of limits also effective.

Distributors and agents carrying out CDD obligations on behalf of

provider - compliance with AML/CFT measures should be

monitored.

Source of funding

(functionality)

Using cash as a funding source cannot immediately translate to

the product being classified as “higher risk”

If cash is the funding source then use other limits in to achieve a

lower risk rating and eligibility for simplified CDD.

Record keeping, transaction

monitoring and reporting

Transaction monitoring and suspicious activity reporting is essential

irrespective of the level of CDD. 8

Tiered Approach to Provision of NPPS

Phase 1 Phase 2 Phase 3

9

Level of Functionality

Level of CDD increases for each phase of the products’ or services’ roll-out Phase 1 Very basic functionality -> Low risk -> Exemption from CDD Phase 2 Broadened functionality -> Lower risk -> Simplified CDD Phase 3 More wide functionality -> Higher risk -> Enhanced CDD

Regulating and Supervising Entities Involved in Providing NPPS

10

• RBA from the perspective of a country’s responsibilities (Recommend’n 1 and 15);

• CDD and implications of simplified CDD (Recommend’n 10);

• Licensing and Reg’n requirements, including those for agents (Recommend’n 14); and

• NPPS share common features with Wire Transfers (Recommend’n 16).

Identification of Responsible Authority

• Implications of entity based supervision - effective cooperation between the regulators/authorities

• Local context determines who does what BUT…

If many MNOs offering mobile payment services - comms authority not automatically best placed to monitor MNOs for AML/CFT compliance:

– Assessment of capacity of authority should be made;

– Provide training and education in AML/CFT to develop expertise ; and

– Close cooperation with the financial supervisors - essential to ensure consistent , co-ordinated approach.

11

Determining the NPPS Provider Subject to AML/CFT Obligations

• NPPS - range of entities involved in the provision and complex

• Look for the entity which:

– has visibility and management of the NPPS;

– maintains relationships with customers;

– accepts the funds from (the) customer, and

– against which the customer has a claim for those funds.

12

Issues for Further Consideration

• Continued focus on access, usage and quality of NPPS to drive growth in financial inclusion

ML/TF risk for reasons of financial exclusion

• Apply methodologies sensibly, maintain perspective

Unintended consequences from using the RBA

• Cost to innovation as a result of the focus on risk assessment, and involvement of regulator, in design phase

AML/CFT measures and innovation

• Focus on effectiveness of implementation of standards rather than rating technical compliance

Proposed changes to FATF mutual evaluation methodology

13

Thank You

14