“[I]llicit actors within the construction industry are using shell companies and other tactics to commit workers’ compensation fraud and avoid payroll taxes,” explained FinCEN Acting Director Himamauli Das. “Today’s Notice provides information that financial institutions can use to remain vigilant in monitoring, detecting, and reporting suspicious activity.”

The Fight Against Shell Companies and Organized Fraud

According to FinCEN, the notice aligns with its ongoing efforts to curb the use of shell companies to conceal illicit activity, as well as with the Anti-Money Laundering/Countering the Financing of Terrorism National Priorities.

In line with the Corporate Transparency Act, in 2022 FinCEN issued a final rule requiring most corporations, limited liability companies, and entities created or registered for business in the US to report their beneficial owners to the regulator. FinCEN expects this rule – effective January 2024 – to support the current notice’s objectives by discouraging the use of shell companies to conceal illegal activity by actors including:

• Oligarchs
• Kleptocrats
• Drug traffickers
• Human traffickers
• Illicit individuals in the construction sector

Notice Details: Typologies, Red Flags, and Reporting

Although the notice addresses all financial institutions, FinCEN notes that the type of fraud and tax evasion it deals with primarily affects banks and check cashers. The scheme is typically a two-part process involving workers’ compensation fraud followed by tax evasion. 

A criminal entity typically creates a shell company posing as a legitimate subcontracting business with just a few employees. It takes out a workers’ compensation policy for those employees. Meanwhile, the shell company contacts real subcontractors with a much larger number of employees. The subcontractors can give their employees discounted (and fraudulent) access to the shell company’s policy for a fee. 

It also helps the subcontractors avoid paying payroll tax. The subcontractors write checks to the shell company instead of their employees, thus concealing that they’re for payroll. The shell company then either obtains cash at a check casher or deposits the money into its company account before withdrawing it in bulk. It returns this money to the subcontractors, minus a small fee, so they can pay their employees under the table and avoid taxes.

The notice outlines several red flags for this typology, including:

• Construction company customers that are younger than a year, have little to no online presence, and specialize in one type of construction trade.
• A non-US citizen without prior construction history who opens an account in the name of a construction company.
• Despite receiving large volumes of client payments, the customer account shows no evidence of paying payroll taxes.
• The customer receives deposits outside the expected amount for their account type, all from other construction companies and in multiple states.

The notice also reminds firms of their reporting requirements and information-sharing protections under the Bank Secrecy Act (BSA) and the USA Patriot Act section 314(b). Instructions on pages 7-9 of the notice include:

• An overview of suspicious activity reporting (SAR) requirements.
• Other BSA reporting requirements, such as currency transaction reports (CTR) and Form 8300 filing.
• A reminder of the information-sharing safe harbor under the Patriot Act.

Next Steps for Firms

Firms – especially banks and check-cashing institutions – may want to study the notice in greater detail to familiarize themselves with red flags for construction industry tax evasion and workers’ compensation fraud. 

To ensure they remain abreast of FinCEN’s most current guidance and requirements, firms can sign up for updates from the regulator.

The notice asks firms to report current information on payroll fraud-related activity to their local tax authorities or the closest IRS CI field office. For reports of information related to workers’ compensation fraud, wire fraud, or labor exploitation, contact Homeland Security Investigations at 1-866-347-2423.

The post FinCEN Seeks Data from Financial Institutions to Curb Construction Sector Fraud & Tax Evasion appeared first on ComplyAdvantage.

According to Chris Hemsley, Managing Director at the PSR, “The two aspects we’re consulting on now will help to strike the right balance between encouraging people to be careful when making payments, while ensuring they have confidence in knowing they’ll be better protected if they do fall victim to fraud.” The changes also seek to encourage firms to invest in helping customers.

The PSR invites industry professionals to contribute their views by September 12, 2023 on the rule’s provisions for consumer responsibility, as well as reimbursement maximums and claim excess.

Reimbursement Rule Requirements

The reimbursement rule targets APP fraud, which tricks victims into sending funds to a fraudster posing as a legitimate recipient. This can occur through the impersonation of a legitimate financial institution or fraudulent sellers who never deliver purchased goods.

According to PSR, the rule will:

• Require firms to reimburse most customers victimized by APP fraud.
• Split reimbursement costs equally between sending and receiving payment institutions.
• Add more protections for vulnerable customers.

When the rule comes into force in 2024, it will apply to firms including payment service providers (PSPs) and focus additional consumer protections on faster payments. Among other things, the document detailing the rule explains: 

• Which customers qualify for reimbursement. 
• Exceptions when firms don’t have to issue a reimbursement – generally, when the customer has acted fraudulently or negligently.
• Time limits for the requirement. 

Approval of the Financial Services and Markets Bill, expected this year, will provide the PSR with the authority to require firms to reimburse customers.

Industry Views Sought in Consultations

Through the consultations, the PSR seeks industry feedback on: 

• The regulator’s proposed approach to consumer responsibility (the consumer standard of caution).
• Its reimbursement limit proposal.
• The best way to structure claim excess – the amount a victim would have to cover in case of a reimbursement.

Consumer Standard of Caution Consultation

According to the PSR’s proposed standard, customers must meet three basic responsibilities to be eligible for reimbursement in the case of APP fraud:

• Pay attention to warnings – If the PSP gives the customer a specific warning before a transaction occurs that the recipient is probably a fraudster, the customer must take it into account.
• Report the scam promptly – A customer victimized by APP fraud must notify their PSP promptly, and within13 months.
• Share information – The customer must comply with their PSP’s reasonable request for information to allow them to assess the situation accurately and prevent unnecessary losses.

A customer shown to have failed in this standard of care through gross negligence would forfeit their right to reimbursement. However, the burden of proof would remain with the PSP.

Maximum Reimbursement and Claim Excess Consultation

Excluding vulnerable victims, the regulator has acknowledged firms’ right to levy a claim excess as encouragement for customers to conduct responsible transactions. The consultation invites views on the excess – including deciding factors and the most effective value structure, which could be fixed or a percentage.

The PSR also requests industry feedback on the proposed reimbursement limit of £415,000, which would match the current ombudsman service limit.

How Firms Can Respond

Firms in the payments industry – especially banks and PSPs – are encouraged to study the consultations in-depth and contribute their views on the outlined proposals. This will help the PSR ensure its policy reflects industry realities. It will also help firms become familiar with the details of their upcoming reimbursement obligations to customers.

Firms may also want to review their fraud and loss prevention processes to ensure they are taking vulnerable customer groups into account. This should include robust customer education and timely warnings to customers suspected of vulnerability to a scam.

The post UK PSR Invites Industry Feedback on APP Fraud Reimbursement Rule appeared first on ComplyAdvantage.

MAS Deputy Managing Director (Financial Supervision), Ms Ho Hern Shin, acknowledged financial institutions’ (FIs) indispensable role in reporting the suspicious activity leading to the raids. She continued, “Singapore remains vulnerable to transnational ML/TF risks and …MAS and FIs need to continue to work together to strengthen our defences against these risks.”

How STRs Helped Catch a Crime Ring

MAS and CAD facilitated the investigation due to suspicious transaction reports (STRs) filed by firms that had noticed suspicious activity. Thanks to the information, authorities identified a criminal group suspected of laundering the proceeds of foreign illicit activity, including fraud and gambling. 

Multiple red flags led the FIs to report possibly tainted funds, including:

• Suspicious flows of funds.
• Questionable source of wealth documentation.
• Other inconsistent customer information.

The regulator is actively communicating with the reporting FIs regarding the illicit activity. In addition to emphasizing the importance of FI cooperation and reporting of suspicious transactions, MAS has announced that it will crack down on firms discovered to have lax or noncompliant anti-money laundering and counter-terrorist financing (AML/CFT) controls. It reminds firms that it actively works with FIs to curb illicit activity.

Specifically, the authority announced it is conducting AML/CFT inspections of wealth management firms.

Laundering Millions through Luxury Goods

None of the individuals arrested were Singapore nationals or permanent residents. They are suspected of being part of an organized criminal network and came from Cyprus, China, Vanuatu, Turkey, and Cambodia. They face various charges, including:

• Using a forged document under Section 471 of the Penal Code.
• Forgery for the purpose of cheating under Section 468 of the Penal Code.
• Money laundering under Section 54(1)(c) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA).

The police are still looking for eight additional individuals who have evaded arrest. Four more are assisting police with their investigation.

During the raids, Singapore authorities seized goods and cash worth close to S$1 billion. Items seized included:

• Cash worth over S$23 million, and two gold bars.
• Over 270 pieces of jewelry.
• Fifty luxury vehicles and 94 properties estimated at over S$815 million.
• Collectible toys.
• Over 250 luxury watches and bags.

During this ongoing investigation, more assets may be seized or frozen. 

Key Takeaways

MAS has reemphasized its high expectations for firms’ AML/CFT processes. All firms, especially wealth management firms, should ensure their current frameworks align with regulator requirements and their individual risk profiles.

Singapore authorities provide valuable resources to help FIs comply with these standards. The Singapore Police Force has released an in-depth list of key ML red flags firms can consider in their due diligence processes. 

In addition, firms are encouraged to consult the MAS AML resource page, which includes links to the latest guidance, notices, and guidelines, as well as STR forms, the AML/CFT Industry Partnership best practice papers, and details on Collaborative Sharing of ML/TF Information & Cases (COSMIC). 

Still in development, COSMIC will be an information-sharing digital platform allowing FIs to collaborate in tackling financial crime. 

The post Singapore Police Seize Millions, Arresting 10 for Forgery and Money Laundering appeared first on ComplyAdvantage.

To combat evolving threats associated with the various sectors Payset serves, the company needed a transaction monitoring solution to evaluate risks associated with a client’s account and specific transactions. Additionally, the solution would need to perform pattern-level analysis across a range of data sets and timelines simultaneously and be able to immediately suspend all movement of funds on a client account as required.  

From Seamless Integration to Sandbox

After partnering with ComplyAdvantage, Payset’s in-house development team collaborated with their appointed implementation manager to integrate the company’s data into its new transaction monitoring platform seamlessly. Following this, Payset was able to utilize ComplyAdvantage’s sandbox environment, where real-life transaction monitoring data could be screened to ensure any proposed changes were effective before altering the configuration of the live platform. Once live, Payset’s dedicated customer success manager provides ongoing expert guidance, ensuring compliance operations are aligned with wider business goals. 

In addition to the quick and efficient implementation process, Payset partnered with ComplyAdvantage due to its wide-ranging transaction monitoring rules library. The compliance team could deploy these individually and collectively within the company’s designated customer risk segments, meaning Payset can now take more of a risk-based approach in its analysis of transaction monitoring data.

Tailored Fraud Detection

With ComplyAdvantage’s Fraud Detection solution, Payset is now able to more effectively handle scenarios that pose a particular threat in light of the company’s offerings and the sectors it serves. These include:

• Smurfing
• Payment fraud
• Business trading fraud
• Financial investment fraud

Mackulin also noted the solution’s capability to detect transactions inconsistent with a customer’s risk profile, stated business model, and flow of funds presented during the onboarding stage. By implementing ComplyAdvantage’s advanced behavioral analytics, Payset can detect unexplained and inconsistent account activity and map out associations between multiple client accounts and counterparties. 

Efficiency Gains

With ComplyAdvantage, Payset has experienced an improvement in the efficiency and effectiveness of its compliance team. In keeping with the company’s risk-based approach to compliance, the transaction monitoring alert process has allowed Payset analysts to prioritize and focus on the cases that require the most immediate and detailed attention. “We can now easily identify tasks and assign which ones need to be analyzed live or in retrospect,” said Mackulin.  

Additionally, thanks to ComplyAdvantage’s built-in report generation and data analysis tools, Payset can quickly summarize and assess its performance against various metrics. This information is then incorporated into the company’s senior management discussions to inform future strategy and decision-making.

Looking forward, Payset can update its platform in keeping with its ever-evolving transaction monitoring processes and working procedures. As the company’s client numbers and transaction volumes continue to grow, Payset is confident it has invested in a scalable solution and a long-standing partnership that will grow and adapt in tandem.

The post Payset Boosts Analyst Efficiency Through Transaction Monitoring Alert Prioritization appeared first on ComplyAdvantage.

PingPong’s advanced technology platform allows business to be conducted in any market and currency worldwide. The company’s products include e-commerce and B2B trade payments, acquiring services, card issuing, FX management, supply chain finance, VAT tax services, enterprise solutions, business intelligence software, and more. 

PingPong needed to accelerate the pace at which it was able to create new accounts and onboard customers. This had to be done without compromising response times for existing customers.

At the same time, PingPong needed a solid solution to streamline its due diligence checks to meet its compliance obligations across many different jurisdictions and build trust with its new and expanding customer base.

Prioritizing Cost-Effectiveness, Speed, and Responsiveness

With PingPong’s previous name-screening solution, the company experienced slow response times and a lack of customer support. These frustrations pushed PingPong to look for an alternative that could match their needs in terms of cost-effectiveness, speed, responsiveness, customer support, and usability.

“ComplyAdvantage stood out against legacy providers in the market and gave us the confidence that it could deliver – more like a partner than a vendor.”
– Cyrus Tong, Regional Chief Compliance Officer, PingPong

Complementing Business Philosophies 

PingPong chose to partner with ComplyAdvantage because the solutions on offer matched its customer-centric business philosophy.

“We want our partners to have the heart to do things like us – always wanting to do things better and faster for our customers. Just as we provide the best experience for our customers, we believe ComplyAdvantage can provide the same thing for us.”
– Cyrus Tong, Regional Chief Compliance Officer, PingPong

PingPong saw the benefit of its partnership with ComplyAdvantage following Russia’s invasion of Ukraine. “In the Russia and Ukraine war, we saw a swift reaction from ComplyAdvantage,” said Cyrus Tong. “They immediately uploaded all the names and requirements into their network, proving that they too value the importance of speed and accuracy for their customers.”

Streamlining the Review Process

With the ComplyAdvantage customer screening solution, PingPong was able to implement an automated process to reduce the human resources required for transaction reviews. This also limits the potential for human error in its compliance teams.

At the beginning of the relationship, PingPong used ComplyAdvantage for 20-25% of its compliance operations. Since then, this has increased to 100%. According to Tong, this increase is due to the relationship that was deepened through PingPong’s dedicated local customer success manager. “Having our customer success manager in the same time zone as us helped ComplyAdvantage better understand our business models, needs, and internal systems,” said Tong. 

As PingPong’s business continues to expand across the world, the company plans to roll out its ComplyAdvantage customer screening solution across its global businesses. 

The post PingPong Payments Streamlines Compliance Process Through Automation appeared first on ComplyAdvantage.

To remain compliant with these regulations while responding to emerging overseas payments threats, Lumon partnered with ComplyAdvantage for its customer screening and monitoring and transaction monitoring solutions.

A Long-Standing Partnership

Lumon’s relationship with ComplyAdvantage stretches back many years. Initially, the company was looking to replace its legacy customer screening solution, having grown tired of the limited connectivity between the company’s compliance function and its systems. Lumon wanted a solution with API-led connectivity and the ability to manually upload transaction data.

Lumon found many of the products provided by incumbent providers were not suitable for FinTechs. But in ComplyAdvantage, Giorgi says the team “saw a business that knew there was a gap in the market to support FinTech businesses.”

Over the years, the two firms have scaled successfully together. According to Giorgi, ComplyAdvantage’s adoption of artificial intelligence (AI) and machine learning was key to solidifying the partnership. Automation at speed, accurate data, and the ability to categorize and organize relevant risk data allowed Lumon to generate better insights and apply them throughout its system more efficiently.

Game-Changing Solutions

ComplyAdvantage’s payment screening functionality in its Amazon Web Services (AWS)-based transaction monitoring solution was a “game-changer” for Giorgi, allowing Lumon to centralize its payment screening and transaction monitoring activities within one team, connected to one system via a single API.

The solution’s connectivity and ComplyAdvantage’s quick response times provide Lumon with peace of mind when managing its risk exposure. The reliability of ComplyAdvantage’s customer success team was also lauded by Lumon. Giorgi explained he’s able to share his concerns, questions, and problems with his dedicated customer manager, knowing a response with proposed solutions will be in his inbox the following morning.

“ComplyAdvantage is supportive, responsive, and has a solution that is at the forefront of RegTech.”

– Alessio Giorgi, Head of Compliance and MLRO at Lumon

Managing Pandemic Fraud Risks

ComplyAdvantage’s transaction monitoring solution has allowed Lumon to uncover new insights into customer activity, enabling the payments firm to detect new or emerging typologies and then build rules to mitigate them.

“ComplyAdvantage’s solutions help us sleep better at night, knowing that we’ve got the right systems and controls in place and that they are effective.”

– Alessio Giorgi, Head of Compliance and MLRO at Lumon

For example, during the early stages of the pandemic, Lumon saw a sudden increase in COVID-related investment fraud. Within 48 hours of identifying this, Lumon developed and deployed new rule sets to combat the threat and prevent more customers from falling victim to scams.

“Deploying the ComplyAdvantage solutions has given us more control over our overall financial crime risk management framework,” said Giorgi. “I would definitely recommend ComplyAdvantage to other businesses, particularly those with ambitions to grow at pace.”

The post Lumon Tackles Money Laundering Typologies with New Rule Sets Deployed in 48 hours appeared first on ComplyAdvantage.

The 2022 AFP® Payments Fraud and Control Survey reports that 71% of organizations were victims of payment fraud attacks/attempts in 2021, costing businesses billions of dollars globally.

Customers must trust that their money is in safe hands. But one of the most challenging aspects of recognizing and tackling payment fraud is the complexity of the interconnected networks that underpin it.

Payment Fraud: Part of a Broader Ecosystem

To understand payment fraud risks, it’s important to situate the typology in its broader context. Payment fraud is committed within a broader ecosystem of crimes. It depends on previous offenses (such as identity theft or data breaches) to occur. After it’s been committed, it often becomes a predicate offense to money laundering or is used to fund further criminal activity. 

Payment Fraud – A Predicate Offense for Money Laundering

The EU has identified fraud as one of the 22 key predicate offenses leading to money laundering and terrorist financing (ML/TF). Therefore, to understand payment fraud, it’s equally necessary to understand the ML/TF crimes that often follow it. This is crucial to grasping how payment fraud risk feeds into firms’ anti-money laundering and countering of terrorist financing (AML/CFT) risks.

Laying the Groundwork – Data Theft

In order to commit payment fraud, criminals rely on the theft of personally identifiable information (PII). Although some types of transaction fraud depend on guessing or forging this information, obtaining it directly is a straightforward way to successfully execute a fraud event. The fraudster can use this information to commit identity theft – or even forge a synthetic identity out of a blend of PII – which then facilitates subsequent fraud schemes. Although data theft is a crime that often leads to fraud, it does not constitute fraud on its own. 

Some of the most popular methods for obtaining this information rely on social engineering – using deceptive tactics to trick people into divulging information they normally would protect. By means of fraudulent emails, texts, calls, or web and social media pages, phishing convinces its victims to divulge sensitive data, download malware (such as ransomware), or even send funds. Its variations have earned a range of nicknames, including smishing (SMS scams), vishing (phone scams), whaling and spear phishing (targeting specific groups of people), and pharming (website impersonation). 

At times, this information may be obtained by other means – sometimes aided by phishing – such as point-of-sale (POS) hacks and other data breaches. One of the more pernicious types of data breach is an Advanced Persistent Threat (APT) attack, which involves infiltrating a network to engage in illegal data mining. Distributed Denial of Service (DDoS) attacks, while not themselves data breaches, can provide cover for them.

Types of Payment

The two main categories of payment types are card-present (CP) transactions and card-not-present (CNP) transactions. Despite the self-explanatory terms, these payment types are identified by more than the physical presence of a debit or credit card.

Card-present (CP)

CP transactions occur when electronic payment data is captured in-person, at the time of sale. This includes cards that are physically swiped via a card reader or digital wallets that are tapped on a contactless-enabled terminal. Examples include point-of-sale (POS) systems, card readers connected to tablets or smartphones, and contactless payments such as Apple Pay.

Card-not-present (CNP)

CNP transactions occur when the data on a card’s magnetic strip or chip is not provided with the transaction. CNP transaction methods include online shopping carts, subscription billing, phone orders, and payments on apps or smartphones that don’t require a card reader.

Types of Payment Fraud

After obtaining sensitive data, a fraudster can exploit it with various transaction fraud schemes. Though in-person fraud can and does occur, more schemes are remote – part of the global digital fraud trend.

CP fraud occurs through the use of stolen credit and debit cards, cloned cards, or cards that were applied for fraudulently. Given the accessibility of fake IDs, this type of fraud can be difficult to spot in the moment, relying on legitimate cardholders making a report. 

CNP fraud occurs when a customer does not physically present a bank card during the fraudulent transaction. With the rise of digital payments, this type of fraud represented 80% of all card fraud as of 2019, according to the European Central Bank’s Seventh Report on Card Fraud. It can take multiple forms, including:

• Fraudulent payment at point-of-sale (POS) – The fraudster convinces the clerk to manually key payment information in for a card they do not have with them. Manual entry creates a force-posted transaction, which bypasses the normal authentication checks required in a standard card transaction. The transaction will go through even if there are not sufficient funds and may even bypass security measures for a card that’s been reported stolen – leaving the merchant vulnerable to chargebacks for breach of terms.
• Fraudulent payment online or over the phone – The fraudster submits payment information as though they were the true card owner. This is sometimes known as a carding attack when it’s done via a rapid-fire, automated process. If the transaction is executed without flagging transaction monitoring, the act can go undetected unless the actual account holder reports it.
• Prepaid card fraud – Stolen payment information is used to activate prepaid cards, which are often anonymous or low-security. This is a popular carding fraud target and can involve multiple automated orders at once. Alternatively, a scammer may activate the cards without paying by tricking a store clerk over the phone (vishing) or in person.
• Bank Identification Number (BIN) attacks – This is an example of a type of payment fraud that doesn’t require the theft of PII. In this case, fraudsters use a Luhn algorithm and other tactics to automatically generate and test a series of possible card numbers by attempting transactions until valid cards go through. This is partly based on publicly accessible BIN lists.

Outside of CP and CNP fraud, several other schemes are worth noting. Some of these methods are on the rise. They include:

• Authorized push payment (APP) fraud – In this scheme, a fraudster uses phishing tactics to trick a customer into authorizing a real-time payment to an account controlled by the fraudster.  In 2021, APP fraud rose by 40% in the UK, accounting for 44% of all fraud as compared to card fraud, which sat at 40%.
  
• Account takeovers – In short, this involves an account being hacked such that the fraudster has direct access to funds that are not theirs. In the case of bank and credit card accounts, this allows them to request replacement cards to use physically. But other accounts can be hacked, including peer-to-peer payment and crypto accounts. 
• POS cloning – This involves duplication of a merchant’s real payments terminal to allow the fraudster to commit illicit transactions. These may include fraudulent returns, as detailed in a report by Visa.
• Refund and chargeback fraud – Consumers fraudulently attempt to secure a refund through the chargeback process by contacting the merchant directly. This is sometimes known as “friendly fraud.”
• Advanced fee and wire transfer scams – In this scheme, fraudsters target victims to make upfront or advanced payments for goods or services that do not materialize. This can include career opportunity scams and psychic scams

Additional kinds of payment fraud involve digital wallets, double-dipping, and triangulation fraud. These and other schemes expose customers and firms to risks that are important to evaluate and mitigate.

How to detect and prevent payment fraud? 

Having established the interconnected nature of payment fraud – including how it can contribute to money laundering and terrorist financing – firms can better consider how to incorporate this understanding into an effective risk program.

What is payment fraud’s place in a firm’s wider risk management system? Here’s how to think about payment fraud as part of a holistic risk and compliance framework.

1. Update Risk Assessments

A regularly-updated, company-wide risk assessment is crucial for a solid AML/CFT program – as well as for fraud prevention and mitigation. ACAMS includes fraud risk in its comprehensive AML-based risk assessment for firms, and the Australian government considers it so important that it’s published a comprehensive fraud risk assessment guide for firms. Given fraud’s status as a predicate crime, it’s critical to ensure all risk assessments are updated to include fraud risks, anti-money laundering, and terrorist financing risks.

2. Recognize Red Flags

Once a reliable risk assessment has been performed, fraud and risk teams will be better equipped to evaluate relevant red flags in line with their firm’s risk appetite. Although risk indicators are highly contextual, and often rely on a combination of other factors to establish high risk, there are some general areas of concern to be on the lookout for. Warning signs to bear in mind include behavior deviations atypical for a customer profile, such as: 

• Shipping addresses too far from an IP address
• Atypical transaction amounts, volumes, or velocities
• Atypical transaction types or merchant categories
• ID document or other PII discrepancies
• Transactions exceeding the account balance or credit limits
• Unusual cross-border transactions
• Repetitive refunds or chargebacks
  

3. Implement Effective Measures

A risk-based approach built around customer profiles, security, and payment flows is key to a robust payment fraud risk-mitigation program – alongside employee and customer awareness of red flags. 

Proactive KYC and customer due diligence can help firms better understand their customers, but managing payment fraud risks needs to take place at every stage of the customer journey and throughout firms’ functions, from back-end to customer-facing.

Online payment fraud, in particular, is dynamic and will keep changing as criminals access new technology and techniques to circumvent controls – and firms need to be able to detect changing tactics.

Alongside encryption of transactions, regular changing of login credentials, and the use of up-to-date software, there are other measures that firms should consider: 

1. Integrate biometrics and advanced identity verification (IDV) solutions during onboarding. Face, voice, fingerprints, or even veins in the hand or eyes, can enable strong authentication. However, consider if the technology is user-friendly, cost-efficient, and can be integrated into the broader KYC process.
2. Dynamic transaction monitoring solutions can monitor risks in real-time, with practical case management that helps analysts prioritize the most high-risk alerts. 
3. Optimize with artificial intelligence (AI). While firms have adopted machine learning to automate processes, many are not optimizing their ability to help detect and tackle payment fraud. AI overlays can enable alert prioritization by risk – reducing operational costs and false positives and processing large datasets more efficiently to help analysts detect fraud more quickly and effectively. 
4. Identify and complete regular training programs. Europol, for example, has organized courses on the forensics of payment card fraud. Topics include examining skimming devices, ATM logical attacks, and malware attacks.
5. Share fraud intelligence and information on incidents amongst firms and regulators – and with AML/CFT compliance departments. 

In our 2022 State of Financial Crime survey, we identified fraud among the top 3 predicate offenses of concern for firms around the world. Fraud’s connection to money laundering and terrorist financing is becoming so clear that some firms have begun to refer to fraud and anti-money laundering as FRAML.

This highlights the vital importance of close communication and cooperation between fraud and AML/CFT departments within an establishment – yet all too often, these departments’ data and communications remain siloed. To ensure seamless collaboration and mitigation of FRAML risks, firms should consider an approach that opens the lines of communication and embraces active collaboration between both departments.

Payment Fraud Success Story: RealPage

Property management firm RealPage processes up to 100 million transactions annually across a portfolio of more than 19 million properties worldwide. As a payments provider, it has a regulatory obligation to monitor transactions through its payment product, to ensure property management companies and their residents are effectively protected from illicit activity such as payment fraud. 

RealPage needed a transaction monitoring solution that could screen for evolving fraud typologies in near real-time. The ability to do this using custom scenarios not used by traditional financial institutions was key. Effective case management was also critical to enable analysts to manage and triage alerts effectively. 

To find out more, read the full RealPage story.

The post What is Payment Fraud? appeared first on ComplyAdvantage.

The post A Guide to AML for Cross-Border Payments & Remittance appeared first on ComplyAdvantage.

ekko is a new challenger fintech that responds to this concern by “turning the tide on climate change” through built-in eco-initiatives that allow users to track their carbon footprints. We caught up with co-founder and Head of Operations Manish Vara to learn more.

Introducing ekko 

“The idea behind ekko came about in early 2020 when my three co-founders and I were talking about climate change in the pub,” says Vara. “We were all from a financial services background and knew a lot about retail banking etc., […] and we asked ourselves how we could combine something that everyone does on a day-to-day basis (banking), with the climate crisis and create a solution – not the solution, but a solution. 

“As we discussed this we realized that we all faced the same problems – we all wanted to do our bit for the environment but felt constrained by time, money, and/or knowledge to do it well. […] And when we expanded our conversation to others, we found that a lot of people revert to thinking it’s a problem for the government or big businesses to fix – which is definitely true but we wanted to provide a solution for the individual.”

With an ekko account, every five transactions pays for one ocean-bound plastic bottle to be collected, and every fifty transactions pays for a tree to be planted in partnership with the Mastercard priceless planet coalition. 

“To make the user’s impact as tangible as possible,” continues Vara, “with ekko they’ll be able to see how their personal transactional behavior affects the environment and what their carbon footprint looks like in light of the tree planting and bottle collecting done in their name.” 

Mitigating mindless consumption

In addition to its banking services, ekko also has its own marketplace. “We’re trying to bring together a curated list of sustainable retailers to help our customers make more informed, conscious decisions about how and where they spend their money.”

“Our goal is to make it as easy as possible for people to be more carbon conscious. Hopefully, they’ll be educated along the way which will help them make better choices and continually progress towards making a long-term positive impact.”

Increased investor control

“One of the things I love most about building ekko is the fact that it’s a greenfield project,” shares Vara. “When we started, the whole concept was totally new and we didn’t have any legacy things to hold us back or bring us down. […] All the decisions we make are totally environmentally conscious and we have the freedom and flexibility to make sure this is maintained for maximum positive impact.

“But what’s also great about ekko is the amount I have learned about my own transactional behavior. Because I have increased visibility of the impact my spending has, I have a much clearer idea of what makes up my carbon footprint and how to make much smarter decisions when it comes to where I spend my money.”

From idea to reality

“My proudest achievement has to be my first transaction on my ekko card. I mean, don’t get wrong, my first transaction wasn’t a big one – I bought a bar of chocolate from Tesco! […] But the whole journey built up to that moment and it was incredible.” 

Positive engagement

“When you educate people the wrong way about climate change, everything becomes very negative. Everything is doom and gloom and, from a branding perspective, you have an overload of dark colors and negative imagery. We want to be a positive voice to encourage others to be positive about their impact and the potential they have to individually make a difference. 

“This is why our brand colors are so vibrant! The card’s design is different and it catches people’s attention. […] We don’t want to be like everyone else. We don’t want to be all doom and gloom. We don’t want to be another bank. We want to be a positive change.”

What’s next for ekko?

“Right now we are onboarding customers across the UK. We’re actively listening to our customers as we want to make sure we are delivering what they want first, in terms of prioritizing some of the things we want to work on, and getting it completely right for them.”

Are you an early stage fintech and need a KYC and AML solution?

Ready your start-up for scale with free access to our transaction monitoring and customer screening tools through ComplyLaunch.

Register for ComplyLaunch today

Follow ekko:

Website
Facebook
Twitter
LinkedIn
Instagram
Connect with Manish Vara

The post ComplyLaunch Customer Spotlight: ekko appeared first on ComplyAdvantage.

What are payment service regulations?

Payment service regulations are the rules set out to ensure PSPs complete comprehensive due diligence to mitigate the risk of financial fraud. 

Payment service regulations differ across jurisdictions. Some countries and international bodies – including the European Union, Singapore, and Canada – have modernized their frameworks in recent years, using a risk-based approach to address new business models based on offering multi-faceted services subject to both overlapping regulations and, in places, gaps in regulatory oversight. 

Payment service regulations in the UK

The main piece of legislation governing payment services in the UK is the Payment Services Regulations 2017 (PSRs 2017). PSRs 2017 broadened the extent of payment services regulations in the UK and brought third-party payment service providers (TPPs) within the scope of regulation for the first time. 

To improve consumer protection and competition, PSRs 2017 also introduced changes to the way businesses manage client relationships, including client documentation and communicating with clients if a security incident occurs that might impact their financial interests. These changes not only brought regulations into line with developments in the market for payment services, but also introduced better assistance from PSPs to victims of fraud.  

In 2021, the UK’s regulator, the Financial Conduct Authority (FCA), set out a further set of rules to help protect customers from e-commerce fraud. As a result, strong Customer Authentication (SCA) will be expected of all banks and other payment service providers by the extended deadline of March 14th, 2022. 

Payment service regulations in the EU

Becoming law in 2018, the Second Payment Services Directive (PSD2) is an integral European regulation for electronic payment services that builds on the legislative framework set out by the previous Payment Services Directive established in 2009.

Promoting open banking and intending to improve consumer choice and reduce fraud, two of the directive’s main objectives relate to Strong Customer Authentication (SCA) and the emergence of new regulated PSPs. However, under the PSD2 TPPs are also able to access account information held by banks, mitigating their need to go through an intermediary service provider when they need to process a payment.

Although the UK left the European Union on December 31st 2020, PSD2 remains applicable in the UK as it was transposed into national law in 2017. As a result, the UK broadly aligns with the guidelines and recommendations in PSD2, in order to maintain steady relations with European financial institutions. 

Payment service regulations in the US

Payment service regulations in the US are distributed across multiple state and federal regulators, creating a patchwork of charters firms need to understand and adhere to. 

At the federal level, there are numerous agencies charged with regulating and overseeing financial institutions in the United States. These include the Federal Reserve Board (FRB), the Securities and Exchange Commission (SEC), and the Federal Deposit Insurance Corp. (FDIC).

Unlike the UK and the EU, the US has not yet developed or formalized a legal regime for “open banking”. However, the Biden administration is urging the Consumer Financial Protection Bureau (CFPB) to establish regulations that “allow customers to download their banking data and take it with them”. As a result, further payment service regulations are expected to come into effect, especially related to digital assets and FinTechs. 

Due to rapid technological advancement, updated payment service regulations can be expected to continue for the foreseeable as jurisdictions seek to enhance payment structures, improve payment efficiency and safety, and future-proof regulatory frameworks in a way that promotes innovation. 

Payment service regulations in Singapore

Regulated by the Monetary Authority of Singapore (MAS), the Payment Services Act (PSA) took effect in 2020 to create a safe, innovative environment for FinTechs in Singapore. 

The PSA combines the previous Payment Systems (Oversight) Act 2006 and the Money-Changing and Remittance Businesses Act 1979 to create an “omnibus framework”, which covers both new and traditional licensable payment activities. 

Before the PSA, virtual currencies, cryptocurrencies, and utility tokens had not been defined in legislation in Singapore. However, with the commencement of the PSA, “digital payment token exchanges” now require a payment institution license from MAS and must comply with a range of AML/CFT requirements.

Explore our anti-money laundering solutions

Screen payments and onboard customers faster with confidence with our AML solutions.

Learn about our AML solution

The post Payment Service Regulations appeared first on ComplyAdvantage.