MSBs: Get serious about AML compliance
Once upon a time, money services businesses (MSBs) could be lax about diligently fulfilling anti-money laundering (AML) requirements. Regulators were much more interested in the banking sector, and focused their attention on cracking down on the failures of those businesses. But times are changing.
As MSBs and fintech companies continue to disrupt traditional banking services with innovative payment methods such as e-wallets, peer-to-peer payments and in-app purchasing that don’t charge customers the traditional banking fees of 5%–10%, regulators have taken note.
The ease and accessibility of these services make it possible for almost anyone to quickly move even large sums of money to virtually anywhere and to anyone. For MSBs this leads to an increased risk of being involved in criminal activity, and also makes their operations more complicated due to additional regulations that regulators are beginning to enforce with increasing frequency.
Regulatory authorities have made this crackdown on MSB clear. Big names such as Western Union have made headlines for failures relating to its AML compliance program (namely for aiding and abetting wire fraud and helping individuals use the company’s services for fraudulent purposes and to avoid detection). As punishment for these failures, Western Union has agreed to pay a settlement of more than USD $500 million.
A Unique Landscape
When it comes to AML compliance for MSBs, there is a variety of challenges that are unique to these businesses, making it difficult—and impractical—for MSBs to mimic how banks build their compliance programs. Some of these challenges include the following:
1. Reporting Requirements
When it comes to regulatory reporting, MSBs have different requirements than banks. For example, some regulators (such as FinCEN) require that for every currency transaction report (CTR) an MSB creates, a matching suspicious activity report (SAR) must also be generated. In addition, the lack of good quality data can make it impossible for an MSB to properly complete their reports. The inability to group transactions from the same person because identification data is not exact adds complexity, and risks regulatory non-compliance.
Because many MSBs operate in retail storefronts and are not the core business, they have many detached, remote employees who must be trained in AML compliance. Given the nature of retail businesses, employees often come and go, making it more difficult to keep up with training.
3. Data Quality
Data quality is a major challenge for MSBs, mainly due to relatively relaxed rules around the identification needed to use an MSB’s services (for example, no ID is needed to send or receive small amounts of money, and larger amounts may only require that one piece of ID). Anyone trying to commit fraud or launder money can present various or even fake IDs on separate occasions. In addition, many MSBs don’t maintain customer profiles, making it is easier for structuring to be obscured.
Solving the Problem
To effectively address these challenges, MSBs need to implement AML technology. However, much of the technology available today is geared toward banks rather than MSBs. These solutions are simply overkill for an MSB, and can also lack key capabilities.
Many AML solutions are highly dependent on having excellent customer information, which MSBs often lack. For example, customer risk profiling is more challenging for MSBs than banks because it is hard for an MSB to get a true picture of all their customers. Unlike banks, MSBs are not customer-centric and tend to be transaction focused.
The best solutions for MSBs integrate every compliance component into a single platform, enabling an effective AML process. The chosen solution should effectively monitor transactions, maintain customer risk scores, automatically complete and submit regulatory reports, and provide for sanctions list screening and filtering. To catch up to their counterparts in the banking sector, most of which have had robust compliance programs in place for years, MSBs must also choose a technology that will grow with the business well into the future. This means that their technology must also be equipped with advanced analytics models that are well on their way to becoming industry best practices. This includes the following:
1. Anomaly detection
Anomaly detection is a data science technique that is used to identify outliers. To begin detecting anomalies, the subjects (senders and receivers) in the network are first segmented. Segmentation can be based on several factors, including customer type (e.g., business or individual), industry codes, location, transaction patterns (frequency, amounts, etc.). Depending on what is the best fit for the MSB, an appropriate clustering approach to the data can be developed. The model is then trained using historical transactions and validated. The data can also be further enriched using third-party sources.
2. Predictive analytics
A growing field, machine learning is already impacting AML compliance practices. MSBs can expect to apply machine learning algorithms to their historical data set to create, test, validate and optimize predictive models. As alerts are investigated over time, the results will be able to provide more labeled data, which will improve the value of the models.
3. Link/network analysis
Being able to look at subjects’ (i.e., senders and receivers) static data (e.g., telephone number, address and name) and transactional data to identify links is key to uncovering high-risk subjects in a payment network. High-risk behaviors tend to have an identifiable pattern that makes it possible to detect schemes and criminal activity, including human trafficking, drug smuggling and terrorist financing.
4. Other fraud layers – Authentication
Implementing a fraud detection layer for online transactions better protects an organization. Several authentication attributes can be used in creating anomaly detection models, such as IP address, operating system (OS), browser, browser version and language. The MSB’s software solution should then be able to learn normal authentication behavior and assign an anomaly score to new sessions.
Other key attributes can be created by enriching the data with IP address locations of login attempts. Consecutive login attempts can be analyzed based on the time difference between those attempts and the distance between the locations, helping to determine if it is physically possible to reach those places in that time duration to perform those login attempts.
The Clock is Ticking
Given the speed at which regulations are changing and criminals are finding new ways to launder money, it’s time for MSBs to step up their AML compliance game. Fortunately for MSBs, they are not alone in this challenge and can turn to technology to help address it. The key, of course, is to find the best solution. With the right technology, MSBs can equip themselves to build an effective compliance program that will ensure they avoid the plight of fines, penalties and reputational damage.
About Andrew Simpson
Andrew Simpson (LinkedIn | Twitter) is Chief Operating Officer at CaseWare RCM and has more than 20 years of experience building businesses in the fields of information systems audit and security, data analytics, Anti-Money Laundering and forensics. He is a regular contributor to conferences and a recognized thought leader in financial crime management.