The emergence of m commerce promises great benefits, but also poses significant regulatory concern

The Emergence of M-Commerce Promises Great Benefits,

But Also Poses Significant Regulatory Concern

Presented to

Professor Andrea Johnson

Submitted By

Keith A. Adams

This Paper is Submitted for Scholarly Credit

Table of ContentsIntroduction.....................................................................................................3

M-Payments and M-Commerce........................................................................3

Money Laundering Concerns...........................................................................3

The Storm Looming on the Horizon.................................................................3

Stored Communications Act............................................................................3

How To Resolve The Catch-22 Regarding BSA Reporting................................3

An Additional Housekeeping Matter.................................................................3

How to Reign Invisible NFC Transfers..............................................................3

Digital Know Your Customer............................................................................3

Conclusion.......................................................................................................3

Bibliography.....................................................................................................3

Page 2 of 29

Introduction

Mobile Commerce (M-Commerce), and more specifically Mobile Payments (M-Pay) and Mobile

Banking (M-Banking), are a developing trend in the United States. This new technology has the

capability to make the consumer’s life more convenient through additional payment options and

has the potential to bring lower income persons into the banking industry. It can allow them to

transfer money and make payments through more efficient and lower cost means, e.g. as it has in

other countries, most notably the Philippines, where it is more developed.1

M-commerce is the ability to conduct financial transactions using a mobile device, such as a

personal digital assistant (PDA) or more commonly, a cellular telephone (cell phone). M-

commerce can be broken down further into mobile banking (M-banking) and mobile payments

(M-Pay). M-banking “is a subset of e[lectronic]-banking in which customers access a range of

banking products, such variety of savings and credit instruments… M-banking requires the

customer to hold a deposit account to and from which payments or transfers may be made.” 2 M-

pay “is simply the transference of value from payer to payee, as in a remittance or bill

payment.”3 M-pay and M-banking operate under two business models, the bank centric model

and the telecom centric model. In the bank centric model, “all value transfer subscribers need to

have accounts/access cards and also have customer due diligence preformed by [a bank].” 4 The

telecom-centric models allow users to transfer value peer-to-peer (P2P) through the telecom

itself, without the use of any banking institution.5, 6

While this technology holds much promise, it also poses risks in the terms of money laundering

and terrorist financing, especially with Radio Frequency Identification (RFID) transfers among

telecommunications accounts. RFID transfers are a form of device-to-device transfer, such as

person “A” transferring money to person “B” via cell phone. These transfers can be done

1 John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, 2007, at 19-232 David Porteus, The Enabling Environment for Mobile Banking in Africa, 2006, at txt 173 Id.4 John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, 2007, at 245 Id. at 206 This paper does not discuss issues with the risk associated by keeping value stored with a telecom rather than an insured financial institution.

Page 3 of 29

outside the regulatory schemes of the banking system. Worse, these forms of transfer may be

conducted transnationally, allowing large amounts of illicit money to flow out of country “A” to

country “B,” where the criminal suspect may more easily launder the proceeds.

Under the USA PATRIOT Act,7 Congress sought to clamp down on loopholes in the anti-money

laundering (AML) regulatory scheme. One of these endeavors included expanding the term

financial institution to cover most business engaging in wealth transfers. This expanded

definition included the Bank Secrecy Act, which requires uninitiated reporting of financial

transactions that reach a threshold amount or appear suspicious.8 However, in the Stored

Communications Act,9 Congress forbids the uninitiated disclosure of various information by the

telecom to the government, creating a privacy right. This privacy right also includes financial

reporting that is required under the Bank Secrecy Act, creating a conundrum for the telecoms and

law enforcement, as one statute requires uninitiated financial reporting to the government, but on

the other forbids such uninitiated reporting.

As the United States is a late comer to M-pay, it can look to the example of other countries to

find ways to limit money laundering and terrorist financing, while balancing the needs to

minimize regulation to promote the new technology. To accomplish this, the US needs:

1. to clearly identify the telecoms as potential financial institutions,

2. resolve the regulatory uncertainty created by the conflicting duties the Bank Secrecy Act,

31 USC § 5311-5330, and the Stored Communications Act, 18 U.S.C. §§ 2701-2711,

imposes on them, and

3. work with the industry to enable financial monitoring of RFID transactions as well as

develop appropriate Digital Know Your Customer (DKYC) protocols for the telecoms.

This paper with first explain the emergence and development of M-pay in the world economy, its

effects on the populace and issues related to anti-money laundering efforts and counter terrorist

financing (AML). Next, America’s efforts in AML will be discussed, starting with the Bank

7 Uniting And Strengthening America By Providing Appropriate Tools Required ToIntercept And Obstruct Terrorism (USA Patriot Act) Act Of 2001, Pub. L. no. 107-56, 115 Stat 272 (2001).8 31 U.S.C. § 53129 18 U.S.C. §§ 2701

Page 4 of 29

Secrecy Act, to the outright criminalizing of money laundering,10 including the modifications

made under the USA PATRIOT Act. Then the Stored Communications Act will be discussed,

and how it relates to the cellular telephone industry, specifically focusing on the congressionally

created privacy right which conflicts with the reporting requirement under the Bank Secrecy Act.

Then the best remedial measure that should be taken to balance the goals of each act will be

explained, namely to maintain a statutorily created reasonable expectation of privacy along with

the financial reporting requirements that allow law enforcement to indentify and ameliorate

money laundering. Finally, there are improvements that can be made under the traditional Know

Your Customer protocols in a new digital environment that can be enhanced under a Digital

Know Your Customer scheme, potentially using biometrics to satisfy requirements for

establishing accounts and monitoring ongoing financial transactions for potential abuses.

M-Payments and M-Commerce

There are three main platforms to engage in M-pay: 1) via the internet, 2) short message service

(SMS) (i.e. text messaging); and 3) near field communication (NFC),11 which is “a form of

Radio-frequency identification (RFID) technology that allows for wireless data communication

between two enabled devices.”12 M-pay can be further broken down into “proximity payments

and are typically initiated using NFC technology”13 and “remote payments … [that] are not

transmitted by NFC but rather require payments to be initiated and settled through the mobile

cellular phone network in combination with an associated payment network.”14 Additionally,

these transactions can be conducted entirely through a traditional financial institution, such as a

bank or credit card company, or through the telecom provider directly, potentially bypassing the

traditional financial communities.15, 16

The adoption of this technology has not been consistent throughout the world. Asia is leading the

way, using both the bank-centric model and the telecom centric model. Worldwide, there were

10 18 USC 195611 Julia Cheney, An Examination of Mobile Banking and Mobile Payments: Building Adoption as Experience Goods?, 2008, at 412 Id. at 413 Id.14 Id.15 See, John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, 200716

As the Bank Secrecy Act, Anti-Structuring Act and AML Act already pertain to traditional financial institutions, their consideration is omitted from this paper.

Page 5 of 29

1.2 trillion SMS messages sent,17 a third of which were international.18 That number is expected

to rise to 1.8 trillion in 2010.19 Further, it was noted that “[n]ot only is more of the world’s

population using mobile cellular phones to make traditional phone calls, people around the world

are also increasingly using these devices for a range of nonvoice services” such as SMS, internet,

banking and making payments.20

As of December 2007, there were 285.4 million cellular subscribers in the US,21 resulting in a

penetration rate of 84%.22 While present M-pay adoption has been slow in the US, it can be

expected to increase as the customer base becomes more and more familiar with SMS

technology.23 One recent example is Amazon.com, which has a payment by text message

function that operates through an individual’s banking institution.24

There is also another payment option, NFC, which is a subset of RFID technology. RFID/NFC

technology allows the payer to pay the payee through physical proximity. A common example is

the toll-less pay tags that can be found throughout the US, such as EZPass, which allows users to

pass through a tolling station and pay their fare as they pass through the toll lanes. 25 A

commercial example includes Exxon-Mobile’s Speedpass, which is linked to a credit card and

allows for purchases by waving an adapter over a sensor at a gas pump.26

The term RFID describes a family of technologies in which (1) a “tag” contains

an integrated circuit storing data that identifies or describes the tag itself, or the

item it is attached to, or the person carrying it, and (2) the data can be read,

wirelessly, by a separate device called a “reader.” The reader, in turn, is part of a

17 Julia Cheney, An Examination of Mobile Banking and Mobile Payments: Building Adoption as Experience Goods, at 1018 Id.19 Id.20 Id. at 9-1021 Id. at 922 Id.23 Id. 724

Amazon.com Corporate Website, Amazon Payments, available at https://payments.amazon.com/sdui/sdui/index.htm (last visited March 22, 2009).2520 EZPass Website, About EZPass FAQs, available at http://www.ezpass.com/static/faq/index.shtml (last visited March 22, 2009).26 Speedpass Commercial Website, Questions & Answers: Getting Started, available athttps://www.speedpass.com/forms/frmFaqs.aspx?pPg=faqStarted (last visited March 22, 2009).

Page 6 of 29

system of networked computers that can take action based on the tag data they

receive.27 

RFID’s can also be found in payment cards, such as Master Card and Visa.28

A primary technical difference between contactless payment cards and NFC-enabled mobile cellular phones resides in the RFID chip and whether it is passive or active. Contactless payment cards are primarily based on passive RFID technology, while NFC is an example of an active RFID technology. Active tags have their own power source, and both can send (or initiate) and receive data transfers. By being able to both send and receive data, the potential applications for NFC-enabled mobile cellular phones are more robust than applications such as contactless cards, which rely on passive RFID. For example, an NFC-enabled mobile cellular phone may be used in a similar way to a contactless payment card: It may be tapped in front of an RFID-enabled reader, or alternatively, it may be waved over a magazine or poster that has a passive RFID chip associated with an advertisement. In this case, the NFC chip in the mobile cellular phone would use its power source to initiate data transfer with the passive RFID chip in the poster or magazine[.] 29

Within the next three to five years, one third of all handsets will be NFC capable. 30 While the

telecom companies have not settled on a standard frequency for NFC chips, the credit card

companies have, adopting ISO 14443.31 Essentially, this gives the telecoms the opportunity to

adapt to the credit card standard and implement NFC payments in the near future. As noted

earlier, while the US is still in its infancy of NFC, especially when it comes to the telecoms,

more mature markets, such as the Philippines,32 see the telecom “industry [] quickly moving in

the direction of Peer-to-Peer NFC value exchange.” 33 It makes sense that this technology will

further expand and grow within the United States, as well as throughout the rest of the world.

27 Jonathan Weinberg, Tracking RFID, 3 I/S: J. L. & Pol'y for Info. Soc'y 777, 781 (2008)28 Mary Catherine O'Connor, Chase Offers Contactless Cards in a Blink, May 24, 2005, available at http://www.rfidjournal.com/article/articleview/1615/1/1/29 Julia Cheney, An Examination of Mobile Banking and Mobile Payments: Building Adoption as Experience Goods?, at 17 FN 5630 Id. 1231

See, James C. McGrath, Micropayments: The Final Frontier for Electronic Consumer Payments, 2006, available at http://www.philadelphiafed.org/payment-cards-center/publications/discussion-papers/2006/D2006JuneMicropaymentsCover.pdf (last visited April 14, 2009) 32 John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, at 19-2033 Id. at 32

Page 7 of 29

A benefit to the transition of M-banking, is it has the potential to offer banking services to those

who presently lack it.34 It is likely that “underserved populations in the United States, in

developing countries, and around the world are likely to adopt to various other mobile financial

services models.”35 It is noted that 10% of the US population are unbanked,36 i.e. lacking the

resources to establish a traditional bank account. The “Transformative” approach to market

development and regulation seeks to “reach out to markets beyond the existing banked groups,

through a product offering which meets the known needs of the unbanked groups.”37

As M-banking and M-pay is conducted electronically and wirelessly, overhead expenses

included in the old ‘bricks and mortar’ costs can be minimized. M-commerce also has the

potential to cut out the middle man in various financial transactions. These cost savings have the

potential of being passed onto the customer through competition, allowing for greater penetration

of the underserved groups. As M-commerce is conducted through cellular telephones, the need

to access to a specific physical location disappear, allowing persons without adequate

transportation or physical proximity to a financial institution access to its benefits.

A recent example includes a SMS payment service in Rwanda, “where cellphone-to-cellphone

[sic] finance is emerging as an enormous business opportunity.”38 The service allows forty

percent of Rwandans to purchase their prepaid electricity via text message,39 saving them the

effort of mailing invoices or visiting the electric company office.

However, some unique circumstances can arise with telecom centric models. One such situation

involves being able to conduct transactions solely through the cellular telephone. One example

in Kenya, “a telecommunications company, a mobile operator, and sellers of air time manage

and facilitate a payment network that allows people to load and withdraw cash or send money

from their mobile cellular phone.” 40 This could also lead to the development where a cellular

34 David Porteus, The Enabling Environment for Mobile Banking in Africa, 2006, at 1535 Julia Cheney, An Examination of Mobile Banking and Mobile Payments: Building Adoption as Experience Goods?, at 2236 Id.37 David Porteus, The Enabling Environment for Mobile Banking in Africa, at 1538 Matthew Clark Matthew Clark, A texting entrepreneur embodies spirit of a new Rwanda, April 9, 2009, available at http://news.yahoo.com/s/csm/20090409/wl_csm/orwanda339 Id.40 Julia Cheney, An Examination of Mobile Banking and Mobile Payments: Building Adoption as Experience Goods?, at 25

Page 8 of 29

phone user can entirely fund his cellular account through various transactions, and make

withdrawals at various locations, such as a McDonalds or Burger King, an activity currently

done in the Philippines.41 In the telecom centric model, traditional AML practices could prove

ineffective, as banks are not informed of financial transactions, thereby bypassing reporting

requirements. The US has attempted to minimize this threat through a broad definition of the

term ‘financial institution’ under 31 U.S.C. 5312.42 This definition is used for the AML statute.43

However, privacy legislation under the Stored Communications Act44 forbids telecoms from

being able to report information to the government, creating a dilemma for the telecoms and law

enforcement.

Money Laundering Concerns

In the US, Money Laundering (ML) was made illegal in 1986 by Title 18 U.S.C. § 1956. It has

since been amended many times, most recently by the USA PATRIOT Act. It was the

culmination of Congress’ attempt to identify the proceeds of criminal gains that started in 1970

under Title 31 U.S.C. § 5313, the Bank Secrecy Act (BSA) that required the reporting of all

transactions of $500045 or more. This was following by the Title 31 U.S.C. § 5324, Anti-

Structuring Act which made structuring transactions (Smurfing) to avoid the $10,000 threshold

illegal. From here, the Congress finally made money-laundering illegal.46 In short, the AML

statute forbids “[t]he process of taking the proceeds of criminal activity and making them appear

legal.” 47

41 John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, at 20; further, if the transfer meets a minimum requirement, the transferor can get a free Big Mac Meal42

31 USC 5312(a)(2)(R) a licensed sender of money or any other person who engages as a business in the transmission of funds, including any person who engages as a business in an informal money transfer system or any network of people who engage as a business in facilitating the transfer of money domestically or internationally outside of the conventional financial institutions system; or (Y) any business or agency which engages in any activity which the Secretary of the Treasury determines, by regulation, to be an activity which is similar to, related to, or a substitute for any activity in which any business described in this paragraph is authorized to engage; or (Z) any other business designated by the Secretary whose cash transactions have a high degree of usefulness in criminal, tax, or regulatory matters. 43

18 USC 1956(c)(6) the term “financial institution” includes-- (A) any financial institution, as defined in section 5312(a)(2) of title 31, United States Code, or the regulations promulgated thereunder; and …

44 18 U.S.C. §§ 2701 to 271245 Now $10,00046 For a detailed review of Congress’s battle with money laundering and dealing with criminal proceeds, See, John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, at 5-1347

The Free Dictionary, Legal Dictionary, Money Laundering, available at http://legal-dictionary.thefreedictionary.com/money+laundering, (last visited April 14, 2009)

Page 9 of 29

Money laundering is a multistage crime, consisting of placement,48 layering,49 and integration.50

Money laundering has also been noted to have specific choke points, namely entry in the

financial system, transfers to and from financial system (or telecom in this case) and cross border

flows of cash (which can also occur through the telecoms).51 These choke points also straddle

the placement definition. The easiest way to detect money laundering is at the placement stage,52

and hence we have the Bank Secrecy Act reporting requirement. It seems that while the Bank

Secrecy Act is a standalone offense, it is also an integral tool to the discovery of ML.

While there are numerous ways to engage in money laundering, limited only to the criminal’s

imagination, there are certain methods which may provide for the greatest opportunity to engage

in the activity. One example utilizes a wire service, which collects money at one point, and

electronically tells a broker at another point to release funds to an identified party, i.e. Western

Union. At the placement stage, the broker may collect money from several individuals, who are

legally transmitting a remittance to their family in another country, such as Mexico. The broker

also receives a sum from a criminal, such as a drug dealer, who needs to transfer money to

Mexico, as well.

The broker will structure the transaction in such a way to avoid the statutorily required reporting

requirement, also known as smurfing. Here, the broker will modify the amount of the

unsuspecting workers, and add the drug dealers money, thereby failing to establish the $10,000

threshold, and avoiding the need to report a transaction to the government. The wealth is

transferred to the destination, where the broker on the other side will separate the sums of

money, giving the family their proper remittance and the money launderer in Mexico the drug

proceeds. The next stage is layering. Here the money launderer will bury the money in a

business, such as a tavern. The money launderer will report earnings that include the illicit gains

from the drug dealer. The money launderer will then send the drug dealer the money as a return

48 “Placement involves physically placing illegally obtained money into the financial system or the retail economy. Money is most vulnerable to

detection and seizure during placement.” See, Financial Crimes Enforcement Network, Money Laundering Prevention, A Money Services Business Guide 49 “Layering involves separating the illegally obtained money from its criminal source by layering it through a series of financial transactions, which makes it difficult to trace the money back to its original source.” Id.50 “Integration involves moving the proceeds into a seemingly legitimate form. Integration may include the purchase of [goods]” Id.51 International Money Laundering Information Bureau, Money Laundering - Some Measures To Prevent It, http://www.imlib.org/page7_wcwdo.html (last visited April 14, 2009)52

Id.

Page 10 of 29

for his “investment.” The money has now been “integrated” into the economy and is clean and

free to use.

In an effort to combat ML internationally, the G-7 created the Financial Action Task Force

(FATF) in 1989.53 An important method the FATF developed, adopted by the US, was the Know

Your Customer (KYC) protocols, also known as Customer Identification Program (CIP) and Due

Diligence.54 “Due diligence” requires the financial institution to properly identify the customer

seeking to establish an account, determine their address, while maintaining the veracity of such

identification, obtain the purpose of the account, scrutinize transactions of the customer in order

to identify suspicious activity or any other activity that is required to be reported and cross

referencing lists of known of suspected terrorists or groups.55 Banks have the flexibility to

decide how they will carry out the above tasks and to determine how much effort is needed to

properly monitor in terms of the type of customer, account, business activity, etc.56 Typically,

this is done in some type of face-to-face encounter with government documents presented, such

as a passport, driver’s license, etc.

With the advent of electronic commerce, and online accounts, the concept of due diligence

became difficult. Now, an individual could set up an account online and just mail off an initial

deposit, and he would have an established account. For an example, E*Trade Banking allows

you to set up a bank account online or via the mail.57 In order to address this change and adapt to

a dynamic electronic environment, FATF determined that

if Internet payment service providers adequately monitor the financial

transactions of their customers, monitoring for and acting on deviations from the

customer transaction profile, the lack of face-to-face contact at the beginning of

the relationship with the commercial website and the Internet payment service

provider may not constitute a problem.58

53 Financial Action Task Force, About the FATF, http://www.fatf-gafi.org/pages/0,3417,en_32250379_32236836_1_1_1_1_1,00.html (last

visited April 14, 2009)54 Rivera-Mercado v. Scotiabank De Puerto Rico-Int’l, 571 F. Supp.2d 279, 282-83 (D.Puerto Rico, 2008)55

Financial Action ask T Force, The 40 Recommendations, http://www.fatf-gafi.org/document/28/0,3343,en_32250379_32236930_33658140_1_1_1_1,00.html#r4 (last visited 28 March 2009) 56 Id.57 E*Trade Corporate Website, Complete Savings, available at https://us.etrade.com/e/t/welcome/completesavings, (last visited March 28, 2009).58

See, Financial Action ask T Force, The 40 Recommendations at 9

Page 11 of 29

As the internet example applies to electronic and distant account formats, it can be easily applied

to the telecommunications industry, which operates through a distant relationship electronically

and over radio waves. The telecoms, through the cell phone, allow a customer to access the

internet, browsing through various functions, just as if the user were sitting behind a computer

monitor. The telecoms also have another feature, which allows the user to bypass the internet

entirely, and conduct transactions through radio frequencies, via SMS messaging. In either case,

the financial transactions are conducted remotely, with the potential of unverified users

conducting transactions. This observance by FATF resolves the potential of denying services to

those, especially in developing countries, who lack formal addresses, and so cannot be

adequately identified according to the original due diligence standard.59

The Storm Looming on the Horizon

While the above standards provide adequate tools for law enforcement to combat ML, there is a

looming loophole in the regulatory system, peer-to-peer (P2P) transfers. P2P is an unmediated60

transfer between two parties, i.e. person A directly provides a monetary instrument to person B,

without the aid of a payment website, like PayPal or a bank. FATF has determined this type of

transaction to be vulnerable to ML activity in the context of e-commerce,61 as well as others.62

This vulnerability has been countered through the efforts of Internet Payment Service Providers

(IPSP) to “put in place systems to detect, monitor and analyze suspicious transactions – even for

small amounts.” 63

However, there is a significant difference between an online monetary transfer and a mobile

NFC transfer. The online transfer still goes through the IPSP whereas the mobile NFC payment

can potentially avoid going through the bank or telecom, and transfer wealth directly and avoid

monitoring. This can be accomplished through a NFC transfer that allows active and passive

RFID chips to communicate directly, rather than through cellular towers. This direct cell phone-59 John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, at 3260 Mediated websites facilitate financial settlement whereas in an unmediated setting, the website merely acts as a messenger, and the private parties handle the financial transaction independent from the website, FATF txt 661 Financial Action ask T Force, The 40 Recommendations, at 962 Ross Panko, Banking on the USA PATRIOT Act: An Endorsement of the Acts Use of Banks to Combat Terrorist Financing and a Response to its Critics, 122 Banking L.J. 99, 130 (2005)63 Financial Action ask T Force, The 40 Recommendations, at 2

Page 12 of 29

to-cell phone communication can allow for financial transactions. While some type of activity

will be reported to the bank, in terms of new balances, this can be completely avoided through

the telecom centric model.

At this time, it is also worthy to note Digital Value Smurfing (DVS). DVS is merely the digital

structuring of transactions in order to avoid tripping the reporting requirement of Bank Secrecy

Act and AML statute. However, there are concerns inherent in DVS, particularly in terms of

mobile transactions. If a smurf is caught, he may speed dial funds to a new location where law

enforcement may not be able to respond in a timely manner or the smurf may destroy the

Subscriber Identity Module64 (SIM) card or the entire cell phone, destroying any physical

evidence linking him to a crime.65

Stored Communications Act

In 1984, Congress passed the Electronic Communications Privacy Act, 18 U.S.C. § 2510, which

included the Stored Communications Act,66 18 U.S.C. §§ 2701-2711 (SCA). This Act sought to

enhance the general Fourth Amendment protections to electronic and radio communications

from seizure by the government by creating a duty on the telecoms to protect such information

under a criminal penalty. The Act also regulates what kind of information the provider can

release to the government and the processes by which it can voluntarily provide information to

the government. A SIM card is a computing device,67 and as such, stores and sends electric

signals covered by the act.

64 “A Subscriber Identity Module (SIM) on a removable SIM Card securely stores the service-subscriber key (IMSI) used to identify a

subscriber on mobile telephony devices (such as computers and mobile phones). The SIM card allows users to change phones by simply removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device.” Wikipedia, Subscriber Identity Module, available at http://en.wikipedia.org/wiki/Subscriber_Identity_Module (last visited April 5, 2009)65 John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, at 2866“The statute has been given various names by different commentators. Its names have included: (1) the “Electronic Communications Privacy Act” or “ECPA” because it was first enacted as part of that statute; (2) “Chapter 121” because it has been codified in Chapter 121 of Title 18 of the United States Code; (3) the “Stored Wired and Electronic Communications and Transactional Records Access” statute or “SWECTRA” because that is the formal title given to Chapter 121 in Title 18; and (4) “Title II” because it was enacted as the second title of ECPA. For reasons too complicated and uninteresting to explain here, I find it easiest and simplest to refer to the statute as simply the Stored Communications Act, or “SCA.””  72 Geo. Orin S. Kerr, A User's Guide To The Stored Communications Act, And A Legislator's Guide To Amending It, 72 Geo. Wash. L. Rev. 1208, 1243 FN 1 (2004) 67

As larger onboard handset memory and advanced SIM’s are developed, the opportunity for real web connectivity and security are becoming a reality. "The SIM card will become almost like normal computing memory," says Gary Waite, technology manager for devices and SIMs at UK-based operator O2. "Then it will start interfacing with other servers. I can see it setting up secure channels with the operator to back up data." John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, 2007, at 29; Further, a “number of articles indicated that a SIM could be manipulated to act as a server.” Id. at 41 and “Gemalto provided the operator with its Multimedia Ready SIM card incorporating SCWS [Smart Card Web Server]technology, which enables applications to run directly from the SIM. This approach allows T-Mobile to develop applications on any SCWS-compatible handset and consequently, to broaden access to high-end services, while offering a multimedia look and feel.”

Page 13 of 29

While this Act generally discusses email and electronic communications, a quick look to the

definitions of the Act reveals that it also includes cellular communications. 18 USC § 2510 part

12 states an “‘electronic communication’ means any transfer of signs, signals, writing, images,

sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio,

electromagnetic, photoelectronic or photooptical system that affects interstate or foreign

commerce…” This definition encompasses the radio waves used by SMS texting and NFC that

would be engaged in by the cellular users.68 As a result, this Act can prevent the telecoms from

reporting financial transactions of their customers to the government because the

communications fall under the radio waves protection created by Stored Communications Act.

This results in a conflict between this Act and the AML laws resulting in an interference in

government criminal and anti-terror investigations.

This definition continues; however, to state specific exclusions, including “(D) electronic funds

transfer information stored by a financial institution in a communications system used for the

electronic storage and transfer of funds…” It does not provide a definition of a financial

institution. This lack of clarity creates a conundrum of whether a financial institution one that

primarily engages in financial transfers of payments, making it central to its business model, or

whether it incorporates institutions that may engage in an electronic funds transfer (ETF)

ancillary to its main business, similar to receiving cash back at the supermarket after writing a

check or using a debit card for an amount over the balance. If the later, then many businesses

would be caught within its web, if not, then the telecoms would not be included as their core

business is communication.

Under Black’s Law Dictionary, a financial institution is a “business, organization, or other entity

that manages money, credit, or capital, such as a bank, credit union, savings-and-loan

association, securities broker or dealer, pawnbroker, or investment company.”69 “[W]hen the

statute's language is plain, the sole function of the courts-at least where the disposition required

by the text is not absurd-is to enforce it according to its terms.”70 This is especially true where

68 One can easily imagine an SMS text traveling across State lines and/or the telecom company acting within several States to engage in operations and billing which can also be different from the customer and vender selling the product or service to the customer.69 Black’s Law Dictionary, Financial Institution, (8th ed. 2004)70 Dodd v. United States, 545 U.S. 353, 359 (2005)

Page 14 of 29

the Congress has taken the effort to provide a specific definition to the term “financial

institution,” as in 18 USC § 1956, which is “given [the] term in section 5312(a) (2) of title 31.”71

This tends to show that if the Congress had intended the more expansive definition under §5312,

the Congress would have provided for it. A telecom may fall under the Black’s definition of a

“money service business,” 72 but the Congress chose not to use that specific term. Due to the

different definitions of “financial institutions” and the convergence of telecommunications and

ETF’s, it is quite possible the government would seek the more expansive definition under

§5312. This can create ambiguity for the telecoms.

The Act has two primary functions:

1. Regulating a response to a government request for information, and

2. The uninitiated release of information to the government from the provider.

While AML laws require financial institutions to report financial information to the government

without a government request, under a telecom centric M-pay model, the Stored

Communications Act forbids such uninitiated reporting. As the telecom centric model can work

outside the purview of a bank, it creates the potential of the Stored Communications Act

forbidding any uninitiated reporting of suspicious or routine financial transactions that otherwise

would be reported.

“Under the private search doctrine, the Fourth Amendment is wholly inapplicable to a search or

seizure, even an unreasonable one, effected by a private individual not acting as an agent of the

Government or with the participation or knowledge of any governmental official.”73 Eighteen

U.S.C. § 2702 creates privacy safeguards by providing that a provider of an “electronic

communication service” shall not divulge the contents of a communication held by it and shall

not divulge information it receives on behalf of the user via an electronic transmission provided

the user does not authorize such a release. The Act goes further and states that the service

provider shall not knowingly release a “record or other information” pertaining to the user to

71 18 USC 1956(c)(6)72

“money service business, n. A nonbank entity that provides mechanisms for people to make payments or to obtain currency or cash in exchange for payment instruments. • Money service businesses do not accept deposits or make loans. They include money transmitters, payment instrument sellers, stored-value providers, check cashers, and currency exchangers. -- Also termed nonbank financial institution; nondepository provider of financial services.” Black's Law Dictionary, money service business (8th ed. 2004)73 Orin S. Kerr, A User's Guide To The Stored Communications Act, And A Legislator's Guide To Amending It, 72 Geo. Wash. L. Rev. at 1212 

Page 15 of 29

“any governmental entity.”74 In addition to creating the crime, this title also provides for a

punishment for non-commercial benefit, which is generally a fine and/or imprisonment of not

more than one year for a first offense,75 or more than five years and/or a fine for other

convictions under the statute.76 The Act also includes exclusions for law enforcement, but they

consist of specific government requests for information and emergencies, and not routine

disclosures by the telecoms to satisfy Bank Secrecy Act requirements.77

The courts have drawn lines between a wealth transfer service that utilizes an electronic format

and a communications provider providing the means for a wealth transfer. In Standefer,78 the

court had the opposite issue, a financial institution using an ISP, in contrast to our dilemma, the

telecom transferring wealth in its own right. In Standefer, Standefer, the defendant in a child

pornography case, transferred a payment for access to a child pornography website using e-

gold.79 E-gold had accepted a deposit from the defendant and allowed the defendant to fill out a

form on e-gold’s website to transfer a sum to the child pornography website. In differentiating

between the wealth transfer service and communications provider:

[t]he Court concludes that e-gold80 is not a service which provides users the ability

to send or receive electronic communications, rather e-gold is a service which

utilizes the ability to send or receive electronic communications to permit the

instant transfer of gold ownership between its users.81

74 (a) Prohibitions.--Except as provided in subsection (b) or (c)--(1) a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service; and (2) a person or entity providing remote computing service to the public shall not knowingly divulge to any person or entity the contents of any communication which is carried or maintained on that service-- (A) on behalf of, and received by means of electronic transmission from (or created by means of computer processing of communications received by means of electronic transmission from), a subscriber or customer of such service; (B) solely for the purpose of providing storage or computer processing services to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of providing any services other than storage or computer processing; and (3) a provider of remote computing service or electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by paragraph (1) or (2)) to any governmental entity. 75 18 USC 2701(2)(a)76 18 USC 2701 (2)(b)77 18 U.S.C. § 2702 (b) & (c) 78 United States v. Standefer, No. 06-CR-2674-H, 2007 WL 2301760 (S.D. Cal . Aug. 8, 2007)79 Standefer, 2007 WL 2301760 at 180 “e-gold is a digital gold currency operated by Gold & Silver Reserve Inc. under e-gold Ltd., and is a system which allows the instant transfer of gold ownership between users. e-gold Ltd. is incorporated in Nevis, Lesser Antilles but the operations were conducted from Florida” Wikipedia, e-gold, available at http://en.wikipedia.org/wiki/E-gold, last visited April 10, 200981 Standefer, 2007 WL 2301760 at 4

Page 16 of 29

(Emphasis in original). The court also cites a Senate report stating “Existing telephone

companies and electronic mail companies are providers of electronic communication services,”82

which differentiates it from e-gold’s service.

Essentially, what has been created is a money laundering protection because the Stored

Communications Act forbids the telecom from reporting on the electronic/radio messages.

These messages fall clearly within the statute. Further, inside these messages contain the

financial transaction activity. The irony is that the telecom centric M-pay enjoys greater privacy

for transactions than their bank centric counterpart. This gives it a competitive advantage and

opens the door for an unscrupulous telecom provider to assist in the laundering of funds. Even if

the telecom wanted to report transaction information, the statute forbids it under a criminal

penalty. Thus, the only way for the government to gather the information is through the

subpoena or warrant process, but the concept of the Bank Secrecy Act is to provide the

government the information that there is suspicious activity. We have a legislatively created

Catch-22, as the telecoms have an affirmative duty to not report violations of the Bank Secrecy

Act and anti-smurfing acts that were created to give the government the information needed to

pursue AML activities.

How To Resolve The Catch-22 Regarding BSA Reporting

Before Congress looks into new regulatory mechanisms to combat ML, they first need to assess

concerns about the market as a whole and the need to balance regulations with the need to keep

the market open and free, to allow companies to experiment and innovate. “In any new market,

enablement requires a blend of legal and regulatory openness, which creates the opportunity to

startup and experiment, with sufficient legal and regulatory certainty that there will not be

arbitrary or negative change to the regulatory framework, so that providers have the confidence

to invest the resources necessary” 83 to develop and expand their industry (emphasis in

original).84 Thus far, the United States has not passed substantial legislation, allowing the States

to take the lead.85

82 Id. 83 John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, at 484 Id.85 Id. at 36

Page 17 of 29

Another consideration is the role of the Stored Communications Act in the first place. Its goal is

to protect the privacy of individuals from dissemination of their communications, especially to

the government. The Fourth Amendment offers weak protections from intrusion of a person’s

expectation of privacy of electronic and mobile content.86 The Fourth Amendment applies to the

government. Non-government actors are free to look over electronic communications placed

within their control, such as an email sitting in one’s email inbox on a server.87 Further, many

electronic companies are third parties. Once content is delivered to them for storage, it may be

deemed that the customer had ceded control to them, destroying a reasonable expectation of

privacy. Where a reasonable expectation of privacy was non-existent, Congress legislated one.

From these concerns, the goal is to balance the need to effect financial reporting while protecting

a Statutorily created Reasonable Expectation of Privacy (SREP) while minimizing cumbersome

regulation. First, Congress must decide where to insert a new of modified regulation, under

Title 47, which governs telecommunications,88 under Title 31 which governs financial

transactions,89 or under Title 18, which contains the criminal code.90 As the conflict of regulation

exists outside of Title 47, it can easily be excluded. The question becomes whether Title 31 or

Title 18 should give way to the other.

As stated earlier, the purpose of the Bank Secrecy Act under Title 31 is to require reporting

information to the government that is suspicious or would be useful in a criminal investigation. 91

In short, the Bank Secrecy Act assists in criminal investigations for crimes found under Title 1892

as it prevents banks from being used, knowingly or not, as a conduit for money laundering

86 Orin S. Kerr, A User's Guide To The Stored Communications Act, And A Legislator's Guide To Amending It, 72 Geo. Wash. L. Rev. at 1210 -1212 87

Gmail, a service provided by Google, gives users “an enormous amount of storage capacity ... in exchange for ... terms of service which say that Google is allowed ... [to] take a look at the content of [users'] e-mail and ... target advertising at [users] accordingly, Warshak v. United States, 532 F.3d 521, 527 (6th Cir. 2008)88

Government Printing Office, GPO Access, available at http://www.gpoaccess.gov/uscode/browse.html (last visited April 14, 2009)89 Id. 90 Id. 91 Title 31 §531192 It is noted that this provision also assists in other regulatory and law enforcement functions, such as Title 26, the US Tax Code. For the sake of conciseness, I focus on only Title 18 needing the reporting requirement. Further, the illustration I am focusing on is that §5311-5330 supports other Titles.

Page 18 of 29

activities and creates a paper trail that the government can later use for investigatory purposes. 93

The Bank Secrecy Act also provides penalties of its own,94 and has been held to be a separate

prosecutorial offense from money laundering.95

The Stored Communications Act is a privacy act. It also is a standalone crime with punishment.

The Act’s sole function is to create an SREP, which would naturally give way to a privacy

invasion under reasonable circumstances. Further, it already contains exclusions, such as

releasing information for law enforcement to respond to an emergency. The Stored

Communications Act sits in Title 18, whereas Bank Secrecy Act is firmly rooted in Title 31,

financial transactions. It seems that taking the Stored Communications Act statute and placing it

into the financial services regulatory regime could cause unintended effects and potentially

expose the telecoms to excess regulation. However, taking 31 U.S.C. § 5311-5330 and inserting

them into the Stored Communications Act as an exception to the prohibition to uninitiated

disclosures to the government would adequately address money-laundering concerns while still

adhering to Congress’ goal of securing privacy through creation of an SREP.

Eighteen U.S.C. § 2702 (c) should be modified to create an exception commanding the telecom

to monitor and report financial transactions in accordance with 31 U.S.C. § 5311-5330. This

would firmly allow telecoms to report suspicious transactions as required under Bank Secrecy

Act.

An Additional Housekeeping Matter

To alleviate any ambiguities in regards to the telecoms and financial reporting, Congress should

also modify the definition of a financial institution. Eighteen U.S.C. § 1956 uses the definition

found under 31 U.S.C. § 5312 which defines a financial institution in very broad terms that

includes a telegraph company 96 and the general catch all that stipulates any business that the

Secretary of the Treasury may deem as a financial institution as falling within the confines of the

93 United States Treasury, Money Laundering: A Banker’s Guide to Avoiding Problems, 2002, available at

http://www.occ.treas.gov/moneylaundering2002.pdf (last visited April 14, 2009) at 4 94 Title 31 §531695 “[T]he Government may properly charge Defendant Ortiz with both the [Report of International Transportation of Currency or Monetary Instruments] CMIR count and the Money Laundering Control Act count. Application of the Blockburger rule clearly allows for the charging of both counts. Each provision requires proof of a fact which is not required under the other provision. There is no evidence that Congress did not intend to allow for separate punishment in cases where both CMIR violations and Money Laundering Act violations are charged. Moreover, the two statutes manifestly address separate evils.” United States v. Ortiz, 738 F. Supp. 1394, 1403 (S.D. Fla.,1990)96 31 U.S.C. § 5312 (2) (S)

Page 19 of 29

expansive definition found in 31 U.S.C. § 5312. 97, 98 Congress should amend 31 U.S.C. §5312 to

specifically identify the telecoms to put them on notice, which could most easily be

accomplished under 31 U.S.C. §5312 (2) (S), modifying “telegraph” to the more expansive

“telecommunications company.” This would serve as a clear and fair notice to the telecoms that

they can be financial institutions and avoid the generic snare through a catchall phrase.

How to Reign Invisible NFC Transfers

Congress should work with the telecom providers to develop a system that will achieve the goals

of law enforcement and regulators to detect and prevent money laundering while being

inexpensive and convenient enough to avoid dissuading investment and innovation. Congress

could seek to establish a financial monitoring and reporting requirement for the telecoms to

adhere. This duty should not prove overly burdensome, as telecoms already monitor much

information about the cell while it is on, creating an already established electronic infrastructure

for Congress and the telecoms to exploit. Additionally, Congress and the telecoms can look to

successful programs adopted in the Philippines, which includes transactions limits, transactions

caps and a paper trail, i.e. deposit and withdrawal forms.

NFC transfers occur P2P, bypassing the cell phone tower, thereby avoiding scrutiny by cellular

telecommunications companies, i.e. making the transaction invisible. This essentially creates the

problem of allowing electronic transfers of money without anyone learning about the movement

until the ultimate receiver of funds chooses to enter it into the system. It can be presumed that

this end receiver would have put forth the effort into properly having had laundered the money,

thereby using only clean money.

While these transactions are invisible, the cell phone is not. The cell phone is “always” in

communication with cell towers,99 regardless of calling status, to provide its location and identify

itself on the network. The reason for these “check-ins” is so the telecom can bill their clients

according to use, allow service, and provide location finding/GPS services and comply with

97 31 U.S.C. § 5312 (2) (Y)98 31 U.S.C. § 5312 (2) (Z)99 “[A] mobile phone always communicates wirelessly with one of the closest base stations, so if you know which base station the phone communicates with, you know that the phone is close to the respective base station.”, Wikipedia, Mobile Phone Tracking, available at http://en.wikipedia.org/wiki/Mobile_phone_tracking (last visited April 14, 2009)

Page 20 of 29

Wireless E911.100 Further, cell phones are individually identifiable. To further understanding, a

brief explanation of what happens when a user turns a cell phone on follows:

All cell phones have special codes associated with them. These codes are used to identify the phone, the phone's owner and the service provider.

Let's say you have a cell phone, you turn it on and someone tries to call you. Here is what happens to the call:

When you first power up the phone, it listens for an [System Identification Code] SID101 … on the control channel. The control channel is a special frequency that the phone and base station use to talk to one another about things like call set-up and channel changing. If the phone cannot find any control channels to listen to, it knows it is out of range and displays a "no service" message.

When it receives the SID, the phone compares it to the SID programmed into the phone. If the SIDs match, the phone knows that the cell it is communicating with is part of its home system.

Along with the SID, the phone also transmits a registration request, and the [Mobile Telephone Switching Office] MTSO102 keeps track of your phone's location in a database -- this way, the MTSO knows which cell103 you are in when it wants to ring your phone.

The MTSO gets the call, and it tries to find you. It looks in its database to see which cell you are in.

The MTSO picks a frequency pair that your phone will use in that cell to take the call.

The MTSO communicates with your phone over the control channel to tell it which frequencies to use, and once your phone and the tower switch on those frequencies, the call is connected. Now, you are talking by two-way radio to a friend.

As you move toward the edge of your cell, your cell's base station notes that your signal strength is diminishing. Meanwhile, the base station in the cell you are moving toward (which is listening and measuring signal strength on all frequencies, not just its own one-seventh) sees your phone's signal strength increasing. The two base stations coordinate with each other through the MTSO, and at some point, your phone gets a signal on a control channel telling it to change frequencies. This hand off switches your phone to the new cell

100 “A second phase of Enhanced 911 service is to allow a wireless or mobile telephone to be located geographically using some form of radiolocation from the cellular network, or by using a Global Positioning System receiver built into the phone itself. Radiolocation in cellular telephony uses base stations. Most often, this is done through triangulation between radio towers.” Wikipedia, Wireless Enhanced 911, available at http://en.wikipedia.org/wiki/E911#Wireless_Enhanced_911 (last visited April 14, 2009)101

System Identification Code (SID) - a unique 5-digit number that is assigned to each carrier by the FCC, See, Marshall Brain et al., How Cell Phones Work, available at http://www.howstuffworks.com/cell-phone.htm/printable (last visited April 14, 2009)102 telecoms local central office, Id.103 A cell is an area covered by a cell tower which work with other cell twoers to create a grid to allow continuous cellular telephone communications coverage; http://en.wikipedia.org/wiki/Cell_site (last visited May 10, 2009)

Page 21 of 29

(emphasis in original). Let's say you're on the phone and you move from one cell to another -- but the cell you move into is covered by another service provider, not yours. Instead of dropping the call, it'll actually be handed off to the other service provider.

If the SID [System Identification Code] on the control channel does not match the SID programmed into your phone, then the phone knows it is roaming. The MTSO [Mobile Telephone Switching Office] of the cell that you are roaming in contacts the MTSO of your home system, which then checks its database to confirm that the SID of the phone you are using is valid. Your home system verifies your phone to the local MTSO, which then tracks your phone as you move through its cells. And the amazing thing is that all of this happens within seconds ...104

As can be seen, many things are going on while the cell phone is engaged in communications,

regardless of calling status. This constant communication could provide the missing link to

ensure adequate reporting of NFC transfers. Congress may seek to prod the telecoms to develop

the technology, software, or just initiative to develop a way for the telecom to monitor for NFC

transactions that have occurred and their amounts while the cell phone is transmitting its System

Identification Code for network registration. In essence, Congress would create a duty for the

telecoms to monitor for financial transactions occurring on their networks.

The result of these monitored and recorded NFC transactions would allow for compliance of

Bank Secrecy Act reporting and recording standards. It would also provide a way for law

enforcement to gather evidence if this technology were to develop to allow regular NFC

transactions between people engaged in an illegal business, such as narcotics sales or

prostitution. The suspects’ ability to hide or destroy evidence would be greatly hindered by a

monitored network. Further, as these are electronic communications, they would also be

protected by the Stored Communications Act, preventing unauthorized disclosure to government

or private parties. This approach, if feasible, could satisfy Congress’ goals of privacy under

Stored Communications Act with law enforcement and regulatory needs under Bank Secrecy Act

and AML. However, as with many things, this is easier said than done, and the proper course of

104 See, Marshall Brain et al., How Cell Phones Work

Page 22 of 29

action would be for the Congress and telecoms to work together to formulate a satisfactory

mutual solution.

A second option, one that is used in the Philippines is also available. In the Philippines, a

company, Globe Telecom, offers P2P wealth transfers under the telecom centric model.105 It

operates under a closed system, where the user can only transfer wealth to other Globe Telecom

customers.106 In order to establish an account, the user must open the account in person, allowing

Globe Telecom to perform traditional due diligence.107 Further, all withdrawals require a form to

be filled out before funds are given.108 Probably most importantly, there are strict limits to the

amounts of daily and monthly amounts that can be transferred, which are quite low. 109 The

financial caps, in effect, prices out ML activity, as the amounts are too small to launder money.

Globe Telecom also monitors transactions.110

While this can serve as a potential model for implementation in the US, it also has drawbacks.

Namely, being a closed payment system could severally limit the telecoms and merchants ability

to allow for transfers of wealth due to problems with service compatibility. Further, if one

telecom becomes the dominant provider of m-commerce, it could monopolize the industry, as

users and merchants may be reluctant to having to sign up for multiple cellular agreements to

effect trade, and would naturally use only the most popular one. This restraint on trade would

ultimately hurt the consumer, as their choice would be limited, and limited opportunities could

result in limited innovation and certainly limited competition. Additionally, the SIM may be

hacked and reprogrammed, thereby defeating built in NFC controls.

While Global Telecom’s solution may not be a perfect match for the expansive US

telecommunications industry, it is worthy to note that Global Telecom has taken proactive

measures to monitor financial transactions for irregular and suspicious activities. This

105 John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, at 20106 Id. at 26107 Id.108 Id.109 Id at 26110 “Globe’s Fraud Monitoring Systems are able to trace the origin of transfers from one SIM to multiple SIMs and from multiple SIMs to a single SIM. Hence, Globe’s reporting of suspicious and/or significant transactions include not only those transactions that breach thresholds, but also those that show abnormal patterns. It serves as a best practice for others,” Id. at 35

Page 23 of 29

monitoring occurs outside the NFC context, it does show that telecoms can efficiently monitor

for illegal activities and seek to take counter measures to prevent or disrupt them. Another

valuable tool that Globe uses is the withdrawal caps. These caps can be analogized to the ATM

withdrawal caps in the United States, especially in response to suspicious activities.111 In short,

there are opportunities and examples that Congress and the telecoms can look to develop

appropriate safeguards to allow m-pay and m-banking to flourish.

Digital Know Your Customer

Another area that the Congress and telecoms can work to prevent and detect money laundering

and enforcement of the Bank Secrecy Act is through proper due diligence, or Know Your

Customer. KYC is a set of principals laid out by FATF that instruct banks how to prevent ML

and Bank Secrecy Act violations by properly identifying customers, learning their habits,

purposes for accounts, etc. As the digital world has expanded, it would be worthwhile to explore

and recommend Digital Know Your Customer (DKYC) protocols that telecoms, regardless of

whether they follow the bank or telecom centric m-pay or m-banking model, should enact, as

physical distance will increase between customers and their accounts as they opt for more

convenient methods of wealth transfers.

An interesting recommendation was made in a working paper of the Asian Development Bank,

which discussed biometrics in the cell phone handset. Currently, there are wide variety of

biometric handset security features available, including voice, facial and fingerprint

recognition.112 However, the potential of hacking of the SIM was still possible, potentially

allowing for defeating these countermeasures.113 Notwithstanding the caution, biometrics in

other areas has helped prevent fraud. Research in the use of biometrics for visa application in

Canada found:

Field trial enrolments [sic] for visa applications totalled [sic] 14,854. Of those 14,854 enrolments [sic], 394 matches were made because of multiple enrolments

111 “A jump in ATM fraud led Citibank to slash the maximum amount of cash available to customers from their accounts - a security move

greeted warily Wednesday by its patrons. The new cap on cash kicked out by the company's ATMs began in mid-December after what Citibank called "isolated fraudulent activity" around the city.” Kerry Burke and Larry Mcshane, Citibank limits ATM cash in city, January 3rd 2008, available at http://www.nydailynews.com/money/2008/01/03/2008-01-03_citibank_limits_atm_cash_in_city-2.html112 John Forbes, Effects of Cell phones on Anti-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, at 41 113 Id.

Page 24 of 29

[sic]. Those match results show that biometric technology is a highly effective way to manage client identity:

97% of the fingerprint and facial biometrics enrolled were of high quality. When facial and fingerprint recognition were combined, the system made

matches in 100% of cases. Verification was accurate in 96% of cases …

While not completely alleviating concerns about SIM hacking, this study seems to support that

biometrics can help prevent fraud. Fraud can allow cell phone users to swap accounts, establish

false accounts, etc, so that they may be able to avoid financial transfer caps or to be able to

structure transactions to avoid Bank Secrecy Act reporting requirements.

Another concern is whether biometrics can be cost effective or if imposing a new standard for m-

commerce would cost too much. This maybe a red herring; however, as this technology already

exists in other countries:

Japan’s leading cell phone provider, NTT DoCoMo, has recently launched the P930i, a new handset with the ability to recognize its owner’s face, and automatically lock down if anyone else tries to use it.

Simply storing three simple snapshots of your face on this cool new camera phone allows this innovative security feature to take effect, and protect your data from thieves and other prying eyes.

The feature is currently limited to the Japanese market, but with the help of new facial recognition applications, other countries aren’t far behind. Face Tracker, for example, a clever new piece of software from FotoNation makes it possible to follow a person’s face and auto-detect the best camera settings to take their picture.114

While this example is not dispositive, it does show that the market is adapting to the new realities

in the m-commerce world, so imposing heightened standards, such as biometrics as a form of

DKYC would not impose an undue burden on the telecom industry.

Conclusion

114 Geoff Duncan, Cell Phones to Gain Face Recognition?, October 20, 2005, available at http://news.digitaltrends.com/news-article/8580/cell-phones-to-gain-face-recognition; See also, Telecommunication Industry News, New Cell Phone Features Facial-Recognition Security, October 30, 2006, available at http://www.teleclick.ca/2006/10/new-cell-phone-feature-facial-recognition-security-feature/

Page 25 of 29

Today, the United States is experiencing a new wave in the way business is conducted in the

form of being able to use one’s cellular telephone to conduct business and banking transactions,

i.e. engage in M-commerce. M-commerce has the ability to bring a new class of people who are

traditionally underserved into the banking industry. Further, this development also will bring a

new level of convenience to the consumer in the purchasing of various goods and services. This

convenience also poses some regulatory concerns, especially in areas where various regulatory

schemes seem to contradict each other. These contradictions can create uncertainty in the

marketplace, potentially limiting investment, or worse, being exploited by unscrupulous telecom

players to contravene various reporting and AML regulations, allowing for a black market to

flourish, resulting in a greater reward for criminal behavior and potentially assisting terrorists in

their nefarious schemes.

These uncertainties and risks can be adequately dealt with though, through modifying the current

regulations, namely the Bank Secrecy Act and Stored Communications Act. Further, the goals

of these acts, financial reporting and individual privacy, respectively, can be accommodated

through a modification that adopts the Bank Secrecy Act under an exception of the Stored

Communications Act. This adoption would allow the telecom to legally report financial

transactions conducted through their communications without having to worry about violating

the criminal code forbidding such disclosures.

The nature of banking is changing. Customers no longer need to go to the bank and meet with a

teller in order to conduct a financial transaction. People no longer need to meet their banker

before establishing an account with them. These personal contacts were at the heart of the

traditional due diligence that a banker performed before establishing an account. With these

changes in mind, it is important for Congress to work with the telecommunications industry in

order to develop a Digital Know Your Customer protocol, possibly even utilizing biometrics to

ensure financial transactions are properly conducted and reported.

Page 26 of 29

Bibliography

ArticlesGeoff Duncan, Cell Phones to Gain Face Recognition?, October 20, 2005, available at http://news.digitaltrends.com/news-article/8580/cell-phones-to-gain-face-recognition

Kerry Burke and Larry Mcshane, Citibank limits ATM cash in city, January 3rd 2008, available at http://www.nydailynews.com/money/2008/01/03/2008-01-03_citibank_limits_atm_cash_in_city-2.html

Marshall Brain et al., How Cell Phones Work, available at http://www.howstuffworks.com/cell-phone.htm/printable (last visited April 14, 2009)

Mary Catherine O'Connor, Chase Offers Contactless Cards in a Blink, May 24, 2005, available at http://www.rfidjournal.com/article/articleview/1615/1/1/

Matthew Clark Matthew Clark, A texting entrepreneur embodies spirit of a new Rwanda, April 9, 2009, available at http://news.yahoo.com/s/csm/20090409/wl_csm/orwanda3

Telecommunication Industry News, New Cell Phone Features Facial-Recognition Security, October 30, 2006, available at http://www.teleclick.ca/2006/10/new-cell-phone-feature-facial-recognition-security-feature/

CasesDodd v. United States, 545 U.S. 353 (2005)

Rivera-Mercado v. Scotiabank De Puerto Rico-Int’l, 571 F. Supp.2d 279 (D.Puerto Rico, 2008)

United States v. Ortiz, 738 F. Supp. 1394 (S.D.Fla.,1990)

United States v. Standefer, No. 06-CR-2674-H, 2007 WL 2301760 (S.D. Cal . Aug. 8, 2007)

Warshak v. United States, 532 F.3d 521 (6th Cir. 2008)

Page 27 of 29

DictionariesBlack’s Law Dictionary, Financial Institution, (8th ed. 2004)

Black's Law Dictionary, money service business (8th ed. 2004)

The Free Dictionary, Legal Dictionary, Money Laundering, available at http://legal-dictionary.thefreedictionary.com/money+laundering, (last visited April 14, 2009)

Law Review ArticlesJonathan Weinberg, Tracking RFID, 3 I/S: J. L. & Pol'y for Info. Soc'y 777 (2008)

Orin S. Kerr, A User's Guide To The Stored Communications Act, And A Legislator's Guide To Amending It, 72 Geo. Wash. L. Rev. 1208 (2004)

Ross Panko, Banking on the USA PATRIOT Act: An Endorsement of the Acts Use of Banks to Combat Terrorist Financing and a Response to its Critics, 122 Banking L.J. 99 (2005)

ReportsDavid Porteus, The Enabling Environment for Mobile Banking in Africa, 2006, http://www.bankablefrontier.com/assets/ee.mobil.banking.report.v3.1.pdf (last visited April 14, 2009)

Financial Crimes Enforcement Network, Money Laundering Prevention, A Money Services Business Guide, available at http://www.msb.gov/materials/en/prevention_guide.html#Background%20on%20Money%20Laundering (last visited April 14, 2009)

International Money Laundering Information Bureau, Money Laundering - Some Measures To Prevent It, http://www.imlib.org/page7_wcwdo.html (last visited April 14, 2009)

James C. McGrath, Micropayments: The Final Frontier for Electronic Consumer Payments, 2006, available at http://www.philadelphiafed.org/payment-cards-center/publications/discussion-papers/2006/D2006JuneMicropaymentsCover.pdf (last visited April 14, 2009)

John Forbes, Effects of Cell phones on Anit-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, 2007, http://www.adb.org/Documents/Others/OGC-Toolkits/Anti-Money-Laundering/documents/AML-Cell-Phone-Effects.pdf (last visited April 14, 2009)

Julia Cheney, An Examination of Mobile Banking and Mobile Payments: Building Adoption as Experience Goods?, 2008, http://www.philadelphiafed.org/payment-cards-center/publications/discussion-papers/2008/D2008MobileBanking.pdf (last visited April 14, 2009)

Page 28 of 29

Financial Action ask T Force, The 40 Recommendations, http://www.fatf-gafi.org/document/28/0,3343,en_32250379_32236930_33658140_1_1_1_1,00.html#r4 (last visited 28 March 2009)

Statutes18 U.S.C. § 195618 U.S.C. § 251018 U.S.C. §§ 2701-2711 31 U.S.C. § 5311-5330

WebsitesAmazon.com Corporate Website, Amazon Payments, available at https://payments.amazon.com/sdui/sdui/index.htm (last visited March 22, 2009).

E*Trade Corporate Website, Complete Savings, available at https://us.etrade.com/e/t/welcome/completesavings, (last visited March 28, 2009).

EZPass Website, About EZPass FAQs, available at http://www.ezpass.com/static/faq/index.shtml (last visited March 22, 2009).

Government Printing Office, GPO Access, available at http://www.gpoaccess.gov/uscode/browse.html (last visited April 14, 2009).

Financial Action Task Force, About the FATF, http://www.fatf-gafi.org/pages/0,3417,en_32250379_32236836_1_1_1_1_1,00.html (last visited April 14, 2009).

Speedpass Commercial Website, Questions & Answers: Getting Started, available athttps://www.speedpass.com/forms/frmFaqs.aspx?pPg=faqStarted (last visited March 22, 2009).

United States Treasury, Money Laundering: A Banker’s Guide to Avoiding Problems, 2002, available at http://www.occ.treas.gov/moneylaundering2002.pdf (last visited April 14, 2009).

Wikipedia, e-gold, available at http://en.wikipedia.org/wiki/E-gold, (last visited April 10, 2009).

Wikipedia, Mobile Phone Tracking, available at http://en.wikipedia.org/wiki/Mobile_phone_tracking (last visited April 14, 2009).

Wikipedia, Subscriber Identity Module, available at http://en.wikipedia.org/wiki/Subscriber_Identity_Module (last visited April 5, 2009).

Wikipedia, Wireless Enhanced 911, available at http://en.wikipedia.org/wiki/E911#Wireless_Enhanced_911 (last visited April 14, 2009).

Page 29 of 29