To combat evolving threats associated with the various sectors Payset serves, the company needed a transaction monitoring solution to evaluate risks associated with a client’s account and specific transactions. Additionally, the solution would need to perform pattern-level analysis across a range of data sets and timelines simultaneously and be able to immediately suspend all movement of funds on a client account as required.  

From Seamless Integration to Sandbox

After partnering with ComplyAdvantage, Payset’s in-house development team collaborated with their appointed implementation manager to integrate the company’s data into its new transaction monitoring platform seamlessly. Following this, Payset was able to utilize ComplyAdvantage’s sandbox environment, where real-life transaction monitoring data could be screened to ensure any proposed changes were effective before altering the configuration of the live platform. Once live, Payset’s dedicated customer success manager provides ongoing expert guidance, ensuring compliance operations are aligned with wider business goals. 

In addition to the quick and efficient implementation process, Payset partnered with ComplyAdvantage due to its wide-ranging transaction monitoring rules library. The compliance team could deploy these individually and collectively within the company’s designated customer risk segments, meaning Payset can now take more of a risk-based approach in its analysis of transaction monitoring data.

Tailored Fraud Detection

With ComplyAdvantage’s Fraud Detection solution, Payset is now able to more effectively handle scenarios that pose a particular threat in light of the company’s offerings and the sectors it serves. These include:

• Smurfing
• Payment fraud
• Business trading fraud
• Financial investment fraud

Mackulin also noted the solution’s capability to detect transactions inconsistent with a customer’s risk profile, stated business model, and flow of funds presented during the onboarding stage. By implementing ComplyAdvantage’s advanced behavioral analytics, Payset can detect unexplained and inconsistent account activity and map out associations between multiple client accounts and counterparties. 

Efficiency Gains

With ComplyAdvantage, Payset has experienced an improvement in the efficiency and effectiveness of its compliance team. In keeping with the company’s risk-based approach to compliance, the transaction monitoring alert process has allowed Payset analysts to prioritize and focus on the cases that require the most immediate and detailed attention. “We can now easily identify tasks and assign which ones need to be analyzed live or in retrospect,” said Mackulin.  

Additionally, thanks to ComplyAdvantage’s built-in report generation and data analysis tools, Payset can quickly summarize and assess its performance against various metrics. This information is then incorporated into the company’s senior management discussions to inform future strategy and decision-making.

Looking forward, Payset can update its platform in keeping with its ever-evolving transaction monitoring processes and working procedures. As the company’s client numbers and transaction volumes continue to grow, Payset is confident it has invested in a scalable solution and a long-standing partnership that will grow and adapt in tandem.

The post Payset Boosts Analyst Efficiency Through Transaction Monitoring Alert Prioritization appeared first on ComplyAdvantage.

The change was announced by way of a new policy document (and corresponding implementation guidance) that Malaysia’s central bank published on June 30, setting out the specific requirements and standards MSBs must follow when onboarding customers in this way. First and foremost, Bank Negara Malaysia (BNM) is requiring MSBs that would like to implement non-face-to-face verification processes to seek approval from both BNM and the MSB’s own board of directors. Approval is contingent upon an MSB’s ability to ensure that their digital processes are just as effective at identifying and verifying a corporate customer’s identity as their face-to-face processes — an ability that the MSB must be ready to continually prove. Monitoring and reporting processes that can identify risks related to money laundering and terrorist financing must also be put into place.

In short, BNM makes it clear that all previously established AML/CFT requirements apply: MSBs, for example, must ensure they fully understand “the nature of the corporate customer’s business, its ownership, and control structure” and can verify “the corporate customer’s identity against independent and credible sources.”

To accomplish this and mitigate the risks associated with digital verification processes, MSBs will need to meet with the CEO, directors, or another authorized person via an unannounced video call, during which the customer must show proof of business. Likely recognizing that the logistics of an unannounced video call may complicate verification, BNM makes it explicit that MSBs are permitted to call the customer by phone first (though the phone call must also be unannounced), then follow up immediately via video. Afterward, the MSB must use at least one other verification method — such as comparing the customer’s information against a credible database or confirming the customer’s location matches its registered business address — to confirm a customer’s identity.

BNM’s announcement that it would expand digital KYC measures to include corporate customers speaks to a growing trend within Malaysia’s financial sector: BNM is looking to innovate. In the face of shifting consumer expectations around what banking should look like, it’s seeking out ways to ensure Malaysia stays competitive in a technology-first world.

For example, BNM also just closed its application period for digital banking licenses — another move that shows the bank’s embrace of technology. On December 30, 2020, BNM had released its licensing framework for digital banks and encouraged digital banks to submit an application to operate within the country. At least 40 parties had expressed interest in obtaining a license — including the telecommunications company Axiata, the airline AirAsia and the US company MoneyLion — although it’s unclear how many banks formally applied.

BNM plans to award up to five licenses by early 2022, with more soon to follow.

The post Malaysia Expands MSB’s Ability to Digitally Onboard Customers appeared first on ComplyAdvantage.

To manage the threat posed by virtual assets to the financial system, the Hong Kong Financial Services and Treasury Bureau (FSTB) recently moved to regulate virtual asset service providers (VASP), including cryptocurrency exchanges. Under proposed new VASP AML rules, Hong Kong will extend existing AML/CFT rules as part of a proposed new regulatory regime: accordingly, Hong Kong firms that deal in virtual asset services should understand the new regulatory landscape and how their compliance obligations may change.

VASP AML Regulations in Hong Kong

Hong Kong’s existing AML regime is primarily set out in two main articles of legislation, the Anti-Money Laundering and Counter Terrorist Financing Ordinance (AMLO) and the Banking Ordinance, which require firms to put risk-based AML measures in place and to observe certain record-keeping and reporting obligations. In practice, this means implementing suitable customer due diligence measures based on the level of risk they present and monitoring their transactions throughout the business relationship based on their risk profiles. 

Hong Kong’s AML regulations also extend to virtual asset and cryptocurrency providers. In 2019, the Securities and Futures Commission (SFC) introduced the 2019 Regulatory Framework which outlined the risks associated with virtual assets and introduced a licensing process for VASPs that met robust regulatory criteria. The Framework operates on a voluntary, opt-in basis and is limited in scope since it applies only to products regulated under Hong Kong’s Securities and Futures Ordinance, which focuses on ‘traditional’ assets such as stocks, bonds, futures contracts, and funds (and services related to these products). The Framework does not cover platforms that trade only in non-security virtual assets, which means popular cryptocurrencies such as Bitcoin fall outside its regulatory scope. 

To address the limitations of the 2019 Regulatory Framework, FSTB recently proposed a new licensing regime that will apply to all VASPs including virtual asset exchanges.

2021 VASP AML Regulations

In November 2020, the FSTB began a consultation period on a proposed new regulatory framework for VASPs. The consultation period ran until 31st January 2021 and a bill is expected to be introduced at some point in 2021 via an update to AMLO. The proposed regime will introduce a requirement for all VASPs in Hong Kong to obtain an SFC license, and will cover any firms that buys, sells, or exchanges virtual assets or that controls virtual assets as part of its business. 

Key highlights of the proposed VASP AML regulatory framework include:

• Comprehensive regulatory powers for the SFC including the power to assess, monitor and investigate cryptocurrency exchanges and VASPs. 
• Cryptocurrency exchanges licensed under the regime will have to adhere to the same regulatory and supervisory standards as traditional financial service providers. 
• The new regulations will apply only to centralized cryptocurrency exchanges (those operating under a central authority). Decentralized cryptocurrency exchanges will continue to be regulated under the opt-in regime. 
• Licensed cryptocurrency exchanges will only be able to serve professional investors. Retail investors may have to use decentralized exchanges in order to continue performing cryptocurrency transactions.

Comply with VASP AML Regulations in Hong Kong

Discover how our AML solutions can ensure your organization is protected.

Request a Demo

VASP Licensing Compliance

Under the proposed regime, in order to obtain a VASP license from the SFC, cryptocurrency firms must:

• Be locally incorporated within Hong Kong.
• Appoint 2 officers who will be personally responsible for overseeing compliance. 
•  Pass a ‘fit and proper’ test that involves criminal background checks, AML/CFT performance history, and financial standing. 

Similarly, licensed VASPs must meet a range of conditions that are applicable in addition to existing anti-money laundering regulations:

• Professional investors: The restriction of licensed VASP services to professional investors means individuals with portfolios of HK$8 million or more, corporations with portfolios of HK$40 million or more, or licensed institutions such as banks and broker-dealers.
• Financial and business soundness: Licensed VASPs must demonstrate they have adequate financial resources (a minimum amount has not yet been specified) and can operate their business in a prudent and sound manner. 
• Risk assessment: VASPs must conduct appropriate assessments of the AML/CFT risk that their customers present. 
• Record-keeping and reporting: VASPs must comply with relevant record-keeping and reporting, audit, and disclosure requirements.

VASP AML Compliance

The proposed VASP licensing regime in Hong Kong will be implemented in addition to AMLO, which requires firms to put a range of risk-based VASP AML/CFT controls in place, including:

• Customer due diligence: VASPs should establish and verify the identities of their customers prior to commencing business relationships. The CDD process should involve names, addresses, dates of birth although, in a cryptocurrency context, digital identifiers such as scans of official documents and biometric information may also be necessary. 
• AML Transaction monitoring: VASPs should monitor the transactional behavior of their customers in order to spot activity that does not match their established risk profile and that could indicate criminal activity. 
• Screening and monitoring: VASPs should screen their customers against international sanctions and watchlists, for politically exposed person (PEP) status, and for their involvement in adverse media stories. 

Smart technology tools: Given the vast amount of digital transaction data involved in digital regulatory compliance, VASPs should seek to implement a suitable technological solution to meet their AML/CFT obligations. 

Smart technology solutions, including artificial intelligence and machine learning systems bring automated speed, efficiency and accuracy to compliance processes, and reduce the prospect of costly human error. As an added benefit, smart technology also allows firms to adapt to a changing regulatory landscape such as the proposed VASP AML regime to be introduced in Hong Kong in 2021, and to emergent criminal methodologies.

The post VASP AML – Regulations for Virtual Asset Service Providers in Hong Kong appeared first on ComplyAdvantage.

eWallets are online storage systems that hold users’ banking information and can be used to pay for goods and services, often in conjunction with mobile payment systems. Use of eWallets and “mobile money” has grown rapidly since 2017 as the use of cash has declined, and research suggests that eWallet payments could constitute up to 28% of all global transactions by 2022. 

Numerous financial and technology firms provide eWallet services: major platforms include Apple Pay, Google Pay, and Paypal and the market is also populated with a variety of start-ups. In addition to in-person transactions using a mobile device, many eWallets can also be used to facilitate payments online. Read on to learn about AML eWallet risks, considerations and compliance.

eWallets and criminal activities

The use of eWallets, mobile money and online financial services has led to the development of criminal methodologies that exploit those services to launder money and finance terrorist activities. While developers can implement a range of security measures to protect users from cyber-criminals, eWallets remain at risk thanks to certain traits inherent in the technology.

Those risks mean that eWallet service providers must put AML/CFT measures in place to respond to potential criminal threats. To ensure that those measures are effective, service providers should understand both the risks that they face and how to comply with the relevant legislation within their jurisdiction.

AML eWallets: Money Laundering Risks

The money laundering risk associated with eWallets and mobile money derives from the relative anonymity offered by online financial services and other aspects of the technology, including the speed with which transactions can take place and a lack of regulation from national and international authorities. In more detail, those risks involve:

Anonymity: eWallet firms may implement inadequate customer identity verification measures, allowing criminals to use their services anonymously to launder money. In this context, money launderers may be deceptive about their identities when applying for accounts, use proxies to open accounts or open multiple different accounts as part of their criminal enterprise.

Transaction obscurity: Criminals may manipulate eWallet services to disguise their efforts to launder money. Multiple eWallet accounts may be accessed from a single mobile device to conceal the identity of users, or, similarly, criminals may attempt to make a number of small transactions in an effort to disguise a larger sum of transferred money. eWallets can also quickly facilitate the transfer of money from one country to another to elude the attention of financial authorities.

Speed: Like all digital financial services, eWallet transactions take place quickly and, in some cases, in real time. This means that money launderers are able to move illegal funds around rapidly, evading supervisory safeguards and investigations. Speedy transaction times can help criminals structure their transactions: using multiple transfers across multiple accounts to disguise the illegal origin or their funds more effectively.

Lack of oversight: Some countries do not have effective legislation in place to deal with AML eWallet issues. In this context, money launderers may be able to exploit regulatory blind-spots and disparities or a general lack of understanding of the criminal methodology associated with eWallet technology. Similarly, criminals may seek to transfer illegal funds between eWallets in different countries, avoiding reporting thresholds and suspicious activity reporting rules.

How to Comply with AML Regulations

The Financial Action Task Force (FATF) sets out a risk-based AML/CFT framework that member states must implement in domestic legislation. This means that firms, including eWallet service providers must conduct risk assessments of their customers and adjust their AML eWallet response proportionately. In practice, anti-money laundering for eWallets should include the following measures:

• Customer due diligence: In order to accurately establish customer identities, eWallet firms should run customer due diligence (CDD) checks to verify information such as names, addresses and dates of birth. Under the risk-based approach, higher-risk customers should be subject to enhanced due diligence (EDD) measures.
• Transaction monitoring: eWallet service providers must monitor their customer transactions for suspicious activity that could indicate money laundering. Where suspicious activity is detected, firms should have a suspicious activity report (SAR) process in place to notify the authorities in a timely manner.
• Screening and monitoring: eWallet firms must screen customers to ensure that they are not subject to international sanctions or involved in adverse media stories that could elevate their risk of money laundering. Similarly, firms should screen their customers for politically exposed person (PEP) status.

In order to improve AML eWallet compliance, service providers should be vigilant for “red flag” behaviors, including:

• Discrepancies or inconsistencies in customer identity verification at account registration.
• Unusual transaction patterns or transactions involving high-risk customers or PEPs.
• Frequent and rapid cash withdrawals of funds transferred to eWallets.
• Frequent transfer of funds to third-party accounts following deposits to eWallets.
• Transactions consistently above or just below reporting thresholds.
• Multiple account registrations, deposits or transfers that seem connected.

AML eWallet Data Solutions

To provide effective compliance, eWallet service providers should implement a suitable AML software solution to ensure that they can collect and analyze the necessary customer and transaction data. Automated AML data solutions not only ensure speed and efficiency but reduce the likelihood of human error and other potentially costly drains on an AML program. AML software also helps firms deliver ongoing compliance by adapting to changes in legislation or new money laundering methodologies.

The post AML & eWallets – The Risks & How To Comply appeared first on ComplyAdvantage.

Financial institutions which transmit or convert money fall into the classification of ‘Money Services Business’ (MSB). While they provide some of the same services, MSBs are not banks: thanks to the variety of cheaper, more diverse commercial product options available to anyone seeking to convert or transmit money, the term ‘MSB’ now covers a wide range of organizations – including those offering crowdfunding, e-commerce, and cryptocurrency products.Money services businesses often represent a significant portion of an economy: in the United States, for example, transactions handled by MSBs in 2017 amounted to over $1 trillion. Given the levels of criminal risk associated with the conversion of currency and transmission of money, MSBs are required to follow strict compliance regulations pertaining to the anti money laundering and counter terrorist legislation of the territory in which they operate.

With that in mind, employees of financial institutions should aim to understand how MSBs work, and the relevant legislation which may apply when doing business with them.

What does a Money Services Business do?

Money services businesses come in a variety of shapes and sizes – ranging from small, niche-market startups, to large enterprise organizations with international footprints. The commercial currency exchange and transfer landscape is evolving and so businesses which classify as MSBs might include anything from traditional bureau de changes and post offices, to the latest innovative smartphone payment app.

Although the term ‘MSB’ varies between territorial jurisdictions, it is generally used to describe any business which engages in the following financial services:

• Acting as a bureau de change or office of currency exchange
• The transmission of money (or representation of money)
• Cashing cheques payable to customers
• Taking intermediary payments between a payer and a supplier through telecommunication, digital, and IT devices
• Offering payment services for bills – e.g gas and electricity, or tax payments

From a practical perspective, an MSB might provide a customer with a short-term loan, money for a holiday, a cash remittance to family members abroad, or a facility for conducting business with an institution in a foreign location. MSBs may also deal in less-conventional or emerging financial services, like crowdfunding projects, cryptocurrencies, or other types of online payment.

Money Services Business AML Compliance

Operating a money services business involves compliance with a complex legislative environment, and in particular with anti money laundering (AML) regulations.

Financial authorities place such a strong focus on MSBs because the nature of the services they offer puts them at particular risk of being used in a financial crime. Amongst a range of possible criminal enterprises, money exchange services are attractive options for money launderers, online scammers, and terrorist groups who may wish to transmit money to affiliates overseas.

Although the specifics of AML obligations vary by jurisdiction, they generally involve developing and implementing an AML policy which corresponds to an institution’s risk profile – along with reporting obligations to authorities. MSBs are a common feature of financial landscapes in every part of the world – examples of global MSB regulators include:

• The United Kingdom: MSBs must register with either the Financial Conduct Authority or HMRC, depending on the specifics of their business.
• The United States:  In the United States, MSBs must register with the Financial Crimes Enforcement Network (FinCen), be reviewed by the Internal Revenue Service (IRS), and comply with any relevant state and federal laws.
• Canada: Broadly similar to the United States in terms of regulations, MSBs in Canada must register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).
• Hong Kong: In Hong Kong, MSBs are known as money service operators (MSO), and are required to apply for a licence from the Customs and Excise Department in order to conduct business. MSOs in Hong Kong must abide by the Anti-Money and Counter-Terrorist Financing (Financial Institutions) Ordinance.

The post What Is A Money Services Business? appeared first on ComplyAdvantage.

What are PEP Red Flags?

The FATF has developed a list of PEP red flags / indicators that can assist in the detection of misuse of the financial system by PEPs during a customer relationship. This list of indicators is useful in detecting those PEPs that abuse the financial system and does not intend to stigmatise all PEPs. How to interpret these indicators depends heavily on context. Often, matching one or two of these indicators simply indicates a statistically-raised risk of doing business with a particular customer, and several indicators may need to be met before serious suspicion is warranted. However, in some cases—again, depending on specific circumstances—matching just one or more of these indicators could lead directly to suspicion of illegal activity, such as money laundering.

PEPs Attempting to Shield Their Identity

PEPs are aware that their status as a PEP may facilitate the detection of any illicit behaviour. This means that PEPs may attempt to shield their identity to prevent detection. Examples of ways in which this is done are:

• Use of corporate vehicles (legal entities and legal arrangements) to obscure the beneficial owner
• Use of corporate vehicles without valid business reason
• Use of intermediaries when this does not match with normal business practices or when this seems to be used to shield identity of a PEP
• Use of PEP relatives and close associates as legal owner

Behaviors that are PEP Red Flags

Some PEP red flags include specific behaviors and characteristics that may raise risk levels or cause suspicion:

• Use of corporate vehicles (legal entities and legal arrangements) to obscure (i) ownership, (ii) involved industries, or (iii) countries
• The PEP makes inquiries about the institution’s AML policy or PEP policy
• The PEP seems generally uncomfortable to provide information about source of wealth or source of funds
• The information that is provided by the PEP is inconsistent with other (publicly available) information, such as asset declarations and published official salaries
• The PEP is unable or reluctant to explain the reason for doing business in the country of the financial institution or DNFBP (Designated Non-Financial Businesses and Professions).
• The PEP provides inaccurate or incomplete information
• The PEP seeks to make use of the services of a financial institution or DNFBP that would normally not cater to foreign or high value clients
• Funds are repeatedly moved to and from countries to which the PEP does not seem to have ties with.
• The PEP is or has been denied entry to the country (visa denial)
• The PEP is from a country that prohibits or restricts its/certain citizens to hold accounts or own certain property in a foreign country

The PEP’s Position or Involvement in Business

The position that a PEP holds and the manner in which the PEP presents his or her position are important factors to be taken into account.

Possible PEP red flags are:

• The PEP has substantial authority over or access to state assets and funds, policies and operations
• The PEP has control over regulatory approvals, including awarding licences and concessions
• The PEP has the formal or informal ability to control mechanisms established to prevent and detect ML/TF
• The PEP (actively) downplays importance of his/her public function, or the public function s/he is associated with
• The PEP does not reveal all positions (including those that are ex officio)
• The PEP has access to or control or influence over government or corporate accounts
• The PEP (partially) owns or controls financial institutions or DNFBPs, either privately or ex officio
• The PEP (partially) owns or controls the financial institution or DNFBP (either privately or ex officio) that is a counterpart or a correspondent in a transaction
• The PEP is a director or beneficial owner of a legal entity that is a client of a financial institution or a DNFBP

Industries & Sectors that are PEP Red Flags

A connection with a high risk industry may raise the risk of doing business with a PEP. Under the FATF’s Recommendation 1, competent authorities, financial institutions and DNFBPs are required for determining which types of clients may be higher risk. For this, financial institutions and DNFBPs will also be guided by national guidance or risk assessments. Which industries are considered at risk depends on the risk assessments and other industry safeguards that are in place and varies from country to country.

Examples of higher risk industries that are PEP red flags include:

• Arms trade and defence industry
• Banking and finance
• Businesses active in government procurement (i.e., those whose business is selling to government or state agencies)
• Construction and (large) infrastructure
• Development and other types of assistance
• Human health activities
• Mining and extraction
• Privatisation
• Provision of public goods and utilities

Product, Service, Transaction or Delivery Channels

FATF recommendations also contain examples of product, industry, service, and transaction or delivery channel factors that suggest higher risk, irrespective of the type of customer.

These examples are:

• Private banking
• Anonymous transactions (including cash)
• Non-face-to-face business relationships or transactions
• Payments received from unknown or unassociated third parties

If these industries, products, services, or transaction or delivery channels are used by PEPs, then this adds an additional risk factor (depending on the nature of the PEP). In addition to the examples already listed in the FATF recommendations, there are other products, industries, services, and transaction or delivery channels that can become particularly vulnerable when used by PEPs.

Examples of these PEP red flags are:

• Businesses that cater mainly to (high value) foreign clients
• Trust and company service providers
• Wire transfers to and from a PEP account that cannot be economically explained or that lack relevant originator or beneficiary information
• Correspondent and concentration accounts
• Dealers in precious metals, precious stones, and other luxurious goods.
• Dealers in luxurious transport vehicles (such as cars, sports cars, ships, helicopters, and planes).
• High end real estate dealers

Country-Specific PEP Red Flags and Indicators

The FATF recommendations contain examples of higher risk countries and other geographic risk factors that are irrespective of the type of customer. Additionally, the following red flags and indicators relating to countries can be taken into account when doing business with a PEP:

• The foreign or domestic PEP is from a higher risk country
• Additional risks occur if a foreign or domestic PEP from a higher risk country would in his/her position have control or influence over decisions that would effectively address identified shortcomings in the AML/CFT system
• Foreign or domestic PEPs from countries identified by credible sources as having a high risk of corruption
• Foreign or domestic PEPs from countries that have not signed or ratified relevant anti-corruption conventions (or otherwise have not or have only insufficiently implemented these conventions), such as the UNCAC and the OECD Anti-Bribery Convention.
• Foreign or domestic PEPs from countries with mono-economies (economic dependency on one or a few export products), especially if export control or licensing measures have been put in place

Source: FATF Guidance on Politically Exposed Persons (2013)

The post Detecting PEP Red Flags in the Financial System appeared first on ComplyAdvantage.