Pierre-Laurent Chatain Lead Financial Sector Specialist Financial Market Integrity World Bank/APG workshop for bank supervisors on AML/CFT supervision Integrity in Mobile Phone Financial Services Jakarta, Indonesia, May 11-14, 2009
Feb 25, 2016
Pierre-Laurent Chatain Lead Financial Sector Specialist
Financial Market Integrity
World Bank/APG workshop for bank supervisors on AML/CFT supervision
Integrity in Mobile Phone Financial Services Jakarta, Indonesia, May 11-14, 2009
Contents
• What are mobile phone financial services (m-FS)?• The Global Potential• Methodology• New Framework for Analysis• ML-TF risks associated to m-FS• Observed Control Measures• Applying the FATF 40+9• Lessons Learned• Policy Recommendations
Mobile Phone Financial Services = m-FS
Definition: The remote delivery of financial services by a mobile phone
What are m-FS?
Transactions
Bill Payments
Stock Trades
Vendor Receipts Rem
ittan
ces
Check
ing A
ccou
nt
Balanc
e
Access bank
or credit card
Sometimes called “m-banking” or “m-commerce”
Enormous Potential for DevelopmentProblem: Poor countries fall way behind in terms of giving access to financial services
Solution: Mobile signal covers over 80% of the world’s population
Potential is huge: All Regions Booming
0
500
1,000
1,500
2,000
2,500
3,000
3,500
4,000
2000 2001 2002 2003 2004 2005 2006 2007 2008
Mill
ions
USA/CanadaMiddle EastEuropeAsia PacificAmericasAfricaWorld Total–
3.5 Billion people with access to a mobile phone in 2008
Source: World Bank analysis of Wireless Intelligence Data provided March 2008.
Mobile payment and commerce projections
Research predicts that users of contactless mobile payment and mobile banking will reach nearly 900 million users by 2012. These users will complete 62 billion transactions over the phone (source: mFoundry).
The Mobile Phone Financial Services (m-FS) and the perceived ML/FT risks
Managing Risks of the Different Uses of Mobile Phones for Financial Services
Proposed Paradigm for ML/TF Risk Analysis for m-FS
Conclusions on perception, actual and mitigation for ML/FT risks
Recommendations to policy makers, TelCos, financial institutions and regulators
WB’s contribution to policymakers’ discussions on the development of mobile financial services in a safe and sound AML/CFT environment
World Bank’s Research on M-FS
South Africa, The Philippines, Brazil, Hong Kong, Malaysia, Macau and South Korea
Methodology
Plan: 1) Identify the unique risks
2) Mitigation measures Perceptions
Which are real?
Seven Leading Markets
Malaysia Philippines
MacaoChina
BrazilHong Kong
ChinaSouth Africa
South Korea
Bank or Non-bank services (not anchored by a bank account)
No interaction with costumer
Anchored by a bank or securities account
- fINFO
- BSA
- Money
- Payments
Mobile Financial Information
- BSA- fINFO - Payments
Mobile Payments
Offers alternative settlement systems
Mobile Banking and Securities Accounts
- Money
Mobile Money
1. New Framework for AnalysisFrom a ML/TF risk analysis all business models could be grouped into 4 types of services:
Client TelCo FIs
Services Received• Account Balance• Credit Limit Alerts• Confirmation of Transaction• Security Quotes and Positions• Exchange Quotes and Positions
Gives access to view personal financial information
-fINFO
Client TelCo
3rd Party
CCC
FIs
-BSA
CCC : Credit Card Company
FI : Financial Institution
3rd Party: Any other individual or other financial entity.
Dotted line indicates entity which provides the transaction
Services Received• Account transfers• Bill payments• Settling balances• Security quotes and positions• Exchange quotes and positions• Access to credit lines
Permits user to make transactions with a bank account
Client
FIs
3rd Party
TelCo
CCC
-Payments
Services Received• Merchant payments• Settling balances• Non-bank account transfers • Security quotes and positions• Exchange quotes and positions• Access to credit linesDotted line indicates entity which provides the
transaction
Allows user to make payments without pre-existing bank accounts
-Money
Client
FIs
CCC
TelCo
3rd Party
Services Received• Allows access to all services available
through other m-FS. • Electronic storage of value (i.e. “e-
Wallet)• Remittances (domestic and
international)
Dotted line indicates entity which provides the transaction
Empowers user to work in electronic money through mobile phone
2. Risks associated to m-FS
Type of Risk Possible ML/TF Risks Key Control Measures
Anonymity
Off-the-branch or non-face-to-face customer origination
Innovative KYC and identity verification procedures MTN Banking – SA
Unauthorized use of mobile phones for financial transactions
Advanced identification mechanisms• Bradesco – Brazil• First National – SA
Lack of traceability
Use of mobile phone at the layering stage of the ML process
Use of multiple m-FS accounts
Limits on transactions • Korea FSSCustomer profiling • Bank of China – MacauReporting • Korea FIU
Cross-border mobile-to-mobile remittances
In-field service risk assessment • Hong Kong FIUIdentification of sender • Maxis – Malaysia
3. Observed Control Measures
3. Observed Control MeasuresType of
Risk Possible ML/TF Risks Key Control Measures
RapidityLack of capacity to monitor/freeze real-time messaging and settlement
Integrated system of internal controls • Itau - Brazil
Poor oversight
Oversight loopholes for m-BSA providers
Guidelines on m-BSA and risk management • Philippines, Korea
Lack of regulation, supervision of new providers
M-FS Shell companies
Regulator-provider collaboration (Philippinnes, Malaysia) New e-finance laws and guidelines to m-FS providers (Korea)Clear licensing of non-bank m-FS (Malaysia, Korea)IT & AML supervision capacity (Philippines)AML/CFT training (South Africa)
4. Sample of AML/CFT best practices (KYC/CDD)
. Several examples of risk mitigation practices in the jurisdictions visited reflect the FATF Recommendations:
Korea:
►A customer needs to hold a bank account, ► come in person to a bank branch, ► provide identification, and fill in a form (including details of predefined
accounts to transfer money) to receive an e-banking ID and password.
► A letter is then issued by the bank so that the customer can obtain the SIM from the TelCo.
► Service is available only to post-paid individual subscribers, not corporate clients
► A foreign citizen is required to present a valid passport.► A copy of the letter is retained by the TelCo for billing purposes.
4. Sample of AML/CFT best practices (KYC/CDD)
Philippines:
► Customers using G-Cash need to register via their mobile phones or the Internet. However, they may not deposit or withdraw funds until undergoing face-to-face CDD, which can take place at a retail shop, an accredited business partner, or a partner bank.
Hong Kong SAR of China:
► customers willing to use the mobile remittance service need to register their SIM card face-to-face with the mobile phone operators.
► Subscribers are required to present their national ID, which is equipped with security features and a chip with biometric information.
4. Sample of AML/CFT best practices (Record Keeping)
• m-FS providers keep customer activity records (Customer Detailed Records- CDRs) similar to banks, payment system providers and RSPs.
• CDRs contain data related to a mobile operator’s system usage and include identification of each mobile call’s originating and receiving phone, duration, and other information
Malaysia: ► Maxis keeps records of transactions for active customers
on an ongoing basis. Once the relationship is terminated, the information is archived for seven years.
4. Sample of AML/CFT best practices (Reporting Obligations)
Hong Kong:
TelCos are reporting entities under the AML and CFT regime.
Korea:
m-FS providers are also subject to the regime as reporting institutions to the Korean FIU (KoFIU).
Macao:
Providers are required to indicate in the STR the channel used, including m-FS.
Philippines:
Reporting of STRs by m-FS providers is conducted electronically, and is required for all transactions above 500,000 Pesos (US$ 11,200)
Varying Provider Obligations Ambiguous
• Fieldwork shows that TelCo AML and CFT obligations are applied unequally in the observed jurisdictions.
• The majority of TelCo m-FS perform some KYC and CDD measures
• Virtually none are designed specifically to address ML and TF concerns.
• There is no consensus on how to implement AML and CFT international standards among the telecom industry
Providers should be classified as FIs
• FATF 40+9 Rec. contain no specific provisions governing AML/CFT obligations for Telcos
• Grounds to believe that Telcos are subject to AML/CFT obligations:
–m-fINFO & m-BSA: no ambiguity–m-Payment & m-Money: ambiguity lifted
by applying the “functional definition”
Providers should be classified as FIs• Problem: Are Telcos providing m-FS DNFBPs
or FI?• Telcos do not fit into DNFBPs category
According to the FATF, “financial institution” means, among other things, any person or entity who provides its customers with transfer of money or values services, or issues and manages means of payment, inter alia, electronic money.
• ¾ business models consist of TelCos providing a means to transfer money
• TelCos providing m-FS should be considered as FATF “financial institutions”
5. Lessons LearnedFATF standards– Address m-FS vulnerabilities– No need for new standards
Regulations do not – Address full spectrum of entities (Telco, Credit Card Company)– Provide clarity on the licensing process
TelCos providing financial services are not explicitly subjected to AML/CFT regulations
Although many m-FS providers are already applying measures consistent with AML/CFT, their purposes are commercial and not targeted to prevent ML/TF.
6. Policy Recommendations• Policy Makers
- All m-FS providers should be subject to AML regulations in accordance with risk-based approach.
- Conduct risk assessment prior to legislating controls.
• FIU/Law Enforcement• Develop clear rules and guidelines for m-FS transaction providers. • Consider requiring STR to include data on the type of channel used
• Sector Regulators• Set clear licensing criteria and monitoring procedures that are commensurate with
services and risks. • Define transaction limits giving each m-FS providers flexibility to take advantage of
market opportunities
• Supervisors• Include the associated risks into the scope of their on and off-site duties
• Private Sector• Consult with regulators on the development of new services• Introduce robust internal controls and risk management practices