False positives: The complexity and scope of the information that needs to be managed during the transaction monitoring process often leads to false positive identification of suspicious behavior. False positives slow down and increase the cost of the compliance process because they need to be treated with care while creating negative experiences for customers when payments are delayed or interrupted. If the bank determines that a SAR is justified, FinCEN has asked banks to check the appropriate box in the SAR report to indicate the nature of the suspicious activity and to include the term “payment processor” in the relevant SAR narrative and professions. Some may read this and wonder what the risk is for the US and the banks that provide the methods that these fintechs use to do business. The highest risk exposure at a high level can be grouped into a major problem, the FATF`s most important product-related risk factor: when cash flow is divided. For example, funds go in, through, and out of an ecommerce platform`s bank account. However, your primary banking relationship does not see all aspects of the other parties involved. Funds from an e-commerce account can be paid in batches to a fintech company, which then pays money to individuals on behalf of the e-commerce website (see example below). Instead of using terms such as merchant payment companies, external payment processors, payment intermediaries, payment aggregators, merchant payment processors, fintechs or private ATM networks, general term payment processors should cover all aspects and parts of the transactions described below. While each of them depends on where it is in the payment flow, most institutions will have some sort of exposure to fintechs and payment processors (not considered fintechs, as they have been facilitating merchant payments for some time). Previously, it was mentioned that fintechs and payment processors are capable of exploiting loopholes, and it`s important to note that most of the legal loopholes have been made available to old-school payment processors.
It should be noted that each of these payment processors would have comprehensive anti-money laundering regulations in most industrialized countries outside the United States. To avoid registering as an MSB or money transfer in the US, payment processors and fintechs can send/receive funds via ACH instead of a bank transfer. While this isn`t always a single elimination factor, it`s important to know how ACH plays a role in the checkout flow, as can be seen in the image on the right. Fintechs are now a buzzword with many types of businesses in different parts of the transaction flow – many companies only refer to themselves as fintechs if they can move payments faster or further. However, not all fintechs are the same, and certainly not all of them pose the same risk to their major banks or partner financial institutions (FIs). When the Office of the Comptroller of the Currency (OCC) announced the Fintech Charter in July 2018, it was assumed that these fintechs would all register. However, as of December 2019, only 11 new charters were found on the OCC website, most of which were not related to fintech. Could it be because most of these fintechs legally use the Financial Crimes Enforcement Network (FinCEN) exceptions when it comes to payment processors? Transformers are generally not subject to BSA/AML regulatory requirements.
As a result, some processors may be vulnerable to money laundering, identity theft, fraud schemes, or other illegal transactions, including those prohibited by OFAC. Money transfer services and new payment methods have been billed in most other countries outside the United States. This is evidenced by their regulation, which requires payment processors – which can be several different companies in a payment flow – to implement comprehensive AML compliance programs. Banks that provide account services to third-party payment processors should monitor their relationships with processors for significant changes in the processor`s business strategies that may affect their risk profile. Banks should regularly review and update processor profiles to ensure that the risk assessment is appropriate. Banks should ensure that their contractual arrangements with payment processors provide them with timely access to the necessary information. Banks should regularly review their payment processing relationships with third parties; including the review of merchant customer lists and confirmation that the subcontractor is fulfilling contractual obligations to verify the legitimacy of its merchant customers and their business practices. New criminal methods: As payment service providers integrate new technologies, criminals have developed new methods of money laundering. In a digital payments landscape, businesses need to consider multidimensional approaches to the transaction monitoring process to adapt to these changes, including digital IDENTIFICATION methods and the integration of smart anti-money laundering tools. A bank should implement appropriate policies, procedures and processes that address compliance and fraud risks. Policies and procedures should set bank performance thresholds and establish processes to mitigate risk to payment processors, as well as possible actions that can be taken against payment processors that exceed these standards. Technically, most fintechs simply use existing payment channels such as the Automated Clearing House (ACH) to transfer money.
These companies are also only responsible for part of the payment flow. This ACH movement – as well as the purpose of moving funds (payment for goods or services) – could qualify them as non-monetary fundraisers at the federal level. Several FinCEN administrative decisions offer various ways in which payment processors, payment intermediaries, merchant payment companies and “profit agent” companies may benefit from not qualifying as a money services company (MSB) under federal regulations and therefore not subject to strict anti-money laundering (AML) programs. There is also a multi-billion dollar fintech market for “parallel lending” that is booming in the United States. These loan products are offered in a variety of ways, some of which are underwritten by large banks, others by private lenders, but all without anti-money laundering requirements. “When we look at the emergence of payment intermediaries, the goal is to break down barriers to entry into a particular market or sector. When we look at the purpose of money laundering, it`s usually about finding weak barriers that we can achieve,” Mark said. Given the threat to the payments industry, it is essential that service providers understand their AML/CFT compliance obligations and take the right steps to monitor payments to uncover criminal activity. All of this is described and addressed in the Financial Action Task Force `SMB) Guidelines on Money Transfer Services (FSMS)1 and its new Guidelines for Payment Products and Services (NPPS).2 This short list is certainly not exhaustive and it is likely that a technology company will create a new payment method at the time of publication of this article. New fintech cash flows disrupt the transaction from start to finish, with some parties regulated and others not involved in the transaction flow. Depending on the rails (type of transaction vehicle) used by the fintech, they could take advantage of the exceptions available after FinCEN decisions.
From 2003 to 2014, four letters or decisions were issued that could provide for various exemptions for fintechs as a whole or for a group of payment methods within fintech. For example, some fintechs offer their customers various products such as payment processing for e-commerce or physical stores.
