Financial crime is rising, but are financial institutions prepared? Julie Myers Wood of Guidepost Solutions and Gemma Rogers of Fintrail discuss the impact on digitisation
According to the recently published US Department of Treasury report Nonbank Financials, Fintech, and Innovation, the digitisation of financial services is a trend that the Trump administration wants to accelerate.
Go deeper with GlobalData
A key part of the digitisation revolution is the growing sophistication of digital payments : they are currently the largest segment of the US fintech market, with an expected transaction value of $927bn in 2018, and an annual growth rate in that value of 11%.
From digital wallets such as PayPal, mobile payments such as ApplePay, social media payment methods such as SnapChat’s SnapCash, to cryptocurrencies such as Bitcoin and Ethereum, the types of non-cash payment are proliferating rapidly. And, as these names indicate, US fintechs are amongst the world market leaders.
However, digital payments remain vulnerable to abuse by financial criminals seeking to make fast and undetected payments through the financial system. There are multiple ways in which digital payments can be used by those laundering money, committing fraud or financing terrorism.
What are some of the risks fintechs should be thinking about? Because financial crime risks properly mitigated are, in fact, business opportunities, fintechs who take this seriously can give themselves a competitive advantage over those who have not done so.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataHere are notable examples and typologies we have come across in our own research:
- Transaction laundering: Here, criminals set up an internet store that purports to sell legitimate goods but is, in fact, laundering funds and/or selling illicit goods. These fake front stores are on-boarded by unsuspecting merchant processor systems, which process the transactions in good faith. Recent research by cyberintelligence firm EverCompliant suggests that transaction laundering for online sales of products and services in the US for all financial services – of which fintech is only a part – reaches over an estimated $200bn a year, with $6bn going on illicit goods;
- Buyer/seller collusion: As these figures suggest, there is often no underlying trade taking place. In these instances, there is likely to be collusion between the ‘buyers’ and ‘sellers’. In a November 2017 report, it was claimed that online house-rental platform Airbnb had been exploited by Russian criminals who laundered funds by booking fake stays in rooms with complicit Airbnb hosts. Once the booking was processed, the two parties divided the payments, and fake online reviews were posted to create an aura of authenticity;
- Authorised pushed payment fraud: This occurs when fraudsters mislead consumers or businesses through false documentation, or manipulation through ‘social engineering’ techniques, into sending a digital payment to an account that appears to be legitimate but is, in fact, controlled by the fraudster, and
- Terrorist financing: Experts have suggested for some time that online stores could be used as fronts by terrorist groups, and the March 2018 conviction of US citizen Mohamed Elshinawy provided an example of this. Elshinawy, a self-professed member of the Islamic State, was believed to have received over $8,000 from Islamic State facilitators via PayPal, ostensibly for sales of printers via his eBay account.
These kinds of crime raise two key fintech financial crime risks in the digital payments sector: genuinely ‘knowing your customer’ (KYC), and identifying unusual patterns in transactions.
Regulation technology, or regtech, is an important means of addressing these issues. There are an increasing range and variety of sophisticated online or virtual document-verification firms, such as UK firm Onfido, which can test document validity through a range of techniques, from visual analysis to verifying against publicly available information and ‘scraping’ from social media. Other firms have focused on the second problem, developing transactional monitoring tools – some using machine learning – to seek to identify unusual patterns of transactions.
However, before turning to technology, any firm working in the fintech sector should undertake a customer risk assessment during onboarding. Such an assessment should use factors relevant to the customer type and business model, to ensure it assesses credible indicators of risk. An assessment also provides an invaluable future benchmark for whether account and client conduct can be considered ‘normal’, and should be regularly refreshed as the relationship continues.
In terms of transactions, there is also a range of common ‘red flags’ of which digital payments fintechs should be aware, including:
- Turnover ‘mismatch’: At the opening of an account, it is common to ask the client what kind of turnover is likely in the account. Substantial differences in expected patterns of use are worthy of investigation;
- Possible payment ‘structuring’: Accounts might receive a large amount of similar-sized funds, possibly in, or close to, round figures. This might be indicative of the ‘structured’ payments of illicit funds in smaller batches, to avoid suspicion, and
- Frequent cross-border transactions: Numerous cross-border payments from different jurisdictions might also be of concern, especially when those jurisdictions – such as known tax havens – might be considered higher risk from a financial crime perspective.
None of these individual indicators should be sufficient on its own to show an elevated risk. However, in increasing combination, they should be of concern to any digital payment provider. The key question is: ‘does this make sense?’ If it does not, act accordingly.
Combining this information with that gathered at onboarding and during the life cycle of the customer is key to helping to establishing, and sifting out, the potentially unusual from the downright suspicious.
