SWIFT Institute meets the Compliance Forum
“Banks need full confidence in their relationships with customers. KYC and due diligence form the basis of fighting financial crime. If it is not done well or policies and procedures are not reviewed regularly, a bank can face significant challenges in terms of AML and sanctions regulations.”
By Patricia Jouan, Head of Compliance, Financial Crime, Société Générale
The growing trend of internet commerce and the emergence of non-bank payment services providers (PSPs), combined with the evolution in ways to settle transactions (such as bitcoins) carry significant risk in terms of financial crime. This is because to date, non-bank providers have not been as heavily regulated as banks in areas such as anti-money laundering (AML), anti-terrorist financing (ATF) and embargos and sanctions. This poses a challenge for banks because they have to be able to identify the beneficial, or ultimate, owner of any relationship they establish. They must also know for what purpose the account that is being opened will be used.
In correspondent banking, identification of the beneficial owner relies on the fact that the relationship is with another bank. All banks are subject to the same types of AML and ATF laws as well as Know Your Customer (KYC) rules. In correspondent banking, institutions are working with customers in which they have high levels of trust. We all have the same obligation to be vigilant and to meet certain policies and procedures that are in line with AML, ATF and KYC rules.
Working with the new PSPs requires banks to adjust their level of vigilance to ensure the beneficial owner of the relationship is legitimate and is not conducting any activities that would violate AML, ATF or sanctions rules. Processing payments for third-party payments providers is relatively high risk for banks because the PSPs are themselves processing payments for someone else. At present, there is no regulatory framework for what is a high risk area for banks.
The good news is that this situation is likely to change because regulators are aware of the problems. Regulations to govern these types of PSPs will be developed but in the meantime, banks cannot rely on any external measures that will provide comfort in developing relationships with such providers. In the absence of a regulatory framework, the onus is on banks to ensure they have strong KYC processes to implement when establishing relationships with these providers. The approval program is a key part of this process. It is similar to what a bank undertakes when selecting a fund distributor for financial products. This requires a high level of vigilance to ensure that any distributor that sells a bank’s products will adhere to certain rules and that the contract shows all the protecting clauses
Banks must implement detailed policies that will govern the approval of these new PSPs. They need to understand what types of services these providers will offer and to what types of customers. Policies and procedures must be put in place to govern the relationship and ensure compliance with AML, ATF and KYC requirements. Knowing who the ultimate customer is has become very important in all areas of correspondent banking. Knowing the customer of your customers is also becoming paramount. This is difficult when the PSP is operating in a relatively anonymous fashion.
Once approval of a relationship has been established, the account needs to be regularly monitored for suspicious or illicit activity. Banks must make sure that the flows into and out of the account are in line with what the PSP has stated they would be. As this is a high risk area, these relationships also must be regularly reviewed. Documentation should be updated and policies and procedures also renewed. Technology plays an important role and account monitoring tools enable banks identify suspicious transactions.
The compliance programs of banks exist to prevent accounts or products being used for illicit transactions. It is our duty to make sure these accounts are not used illegally. There are always risks associated with banking activity but because at present the third party PSPs are unregulated, these risks are higher than in other areas of payments. But the general principle of the regulations that govern banks is that we must apply a risk-based approach to our customers and implement the necessary policies and procedures.
Banks will be more comfortable establishing relationships with third party PSPs once they are regulated. These providers will become more numerous as internet commerce grows, so regulation will be inevitable.