Payments Compliance: Managing Complexity in the International Environment

The global population is more mobile than ever – families and broader communities are migrating across an ever-increasing number of countries. Refugees, economic migrants, peripatetic individuals taking advantage of reductions in border controls (for example across an expanded EU) work opportunities for high skilled professionals, even owning a second home in another country no longer the preserve of the very rich.

Such increased travel and relocation means that the business of international payments is, necessarily, a growth area. People need low-cost, secure, efficient cross-border financial services to pay wages into home bank accounts, to support family members and to pay bills to suppliers abroad, from their ‘in-country’ account.

Against this backdrop of opportunity, institutions processing electronic transactions must navigate a complex, often indeterminate, occasionally conflicting, multi-jurisdictional set of rules and regulations. Penalties for failure can be severe. Is this fair, appropriate, sustainable, or even effective? And are the unintended consequences acceptable?

The challenges come to a head around peer to peer (P2P) transfers and remittances. People’s identities are far harder to verify than corporate entities, and the average value per transaction, and associated revenue opportunity, is much smaller than in the business to business (B2B) environment.

In several jurisdictions, notably the UK, the cost and risk of implementing and monitoring anti-money laundering (AML) and counter-terrorism financing (CTF) diligence compliance has resulted in many banks choosing to withdraw from serving some market segments; notably Money Service Businesses (MSBs). The break point occurs at the gateway to the financial system; regulated payment service providers have seen their bank accounts closed, not because of any regulatory transgression, but because of the changed risk appetite of provider banks. These specialist firms are being excluded from access to correspondent banking and thus their customers are ‘financially excluded’.

The Financial Action Task Force (FATF), in its paper ‘Anti-Money Laundering and Terrorist Financing Measures and Financial Inclusion’, recognised that overly prescriptive legislation has caused payment facilitators to be so risk-averse that millions of people are becoming excluded from global remittances. Easily identified, but less easily resolved, when fines can be in excess of US$1bn, and the ability to operate in markets as big as the US and/or Europe is at risk.

Indeed the UK’s International Development Secretary recently said that the challenge of money transfers and remittances to developing nations is: “one of the most important things I have dealt with in my political career.”

Global Intricacies

The necessary objective of deterring criminals and terrorists from accessing the financial system and abusing electronic funds transfer mechanisms in particular, has led to a global plexus of AML/CTF legislation and enforcement activities.

Navigating this multi-jurisdictional risk matrix is no simple feat, and doing so requires particular expertise. Inevitably, the nature, implementation and enforcement of legislation vary widely across multiple jurisdictions.

For example EU based providers facilitating payments to/from Cuba, would be in breach of US regulation, but complying with that US embargo would breach EU legislation. There is a similar disconnect when it comes to identifying and reporting suspicious activity. The US requires reports of all transactions above designated amounts (Threshold Reporting) while the UK imposes a subjective assessment requirement (Suspicion Reporting).

In the UK, the regulation, categorisation and authorisation of specialist payment service providers by the Financial Conduct Authority (FCA) brings a significant degree of assurance to the market, by guaranteeing minimum capital holdings and ensuring protection of client funds through the mandated use of segregated accounts. Directors and officers of these institutions must meet the FCA fit-and-proper-person tests, and the companies themselves are subject to regulatory audit.

But beyond the EU, similar categorisation of financial institutions and the level of supervision accorded to them does not always exist. ‘Non-banks’ tend to be grouped into a single category; thus a regulated firm with appropriate compliance functions, protected client funds, and fit-for-purpose boards may find itself in the same group as a virtual currency. Categorisation therefore ceases to be of help and counterparty’s must be individually risk-assessed.

And there are other practical challenges; automated solutions for sanction screening Cyrillic or Chinese characters are immature or as yet unavailable, and manual solutions would be cost prohibitive.

With all this to contend with, any firm wishing to offer an international service or product needs to be highly skilled and generously resourced to meet its regulatory obligations and manage associated risks.

Meeting the Challenges

To overcome the challenges, industry participants need to understand that compliance is not only about adhering to legislation; it is a journey, the aim of which is to get closer to what we all want – assurance that legitimate financial services are not abused by criminals and terrorists.

To progress we must constantly develop new tools, reassess operations, devise better products and solutions, put in place more secure systems and improve IT and communications. Above all, perhaps, service providers, their clients, regulators and law enforcement need to be in constant communication.

As identified in the FATF paper, a risk-based approach offers the best way forward, but stakeholders need to recognise this does mean the occasional materialisation of risk. When this occurs, learning must be used to feed a cycle of improvement.


Related reading