Over the last 5 years, the financial services world has drastically changed. Traditionally, most of financial services were handled by banks.

Today, a new generation of businesses is emerging rapidly like payment services, robot advisors or virtual currencies. Sending money to a person on another continent can now be processed in seconds at very low cost. Having your investment portfolio managed by a robot analysing market news and taking appropriate investment decisions to maximize profits or minimize losses has also become possible.

We can assume that it is only the beginning of the transformation process of the financial industry. Every day, banks are losing business and new players emerge throughout the world to the advantage of the end consumer.

However, the emergence of these new businesses raises new questions to regulators. They are part of the financial system and must be regulated and supervised. Consequently, new regulations are issued every year in the fast-changing financial sector (AML Directives, Payment Services Directives, …).

In to order allow these new players to comply with regulations, another new category of providers has recently emerged in the financial world, the Regtechs. Their role is to bring solutions for companies to be compliant with the regulations.

CDDS is one of them and offers solutions to AML/CTF regulatory questions.


Why should a Payment Service Provider (PSP) be compliant with AML/CTF regulations?

First, it is a legal obligation.

Second, and this is probably the major threat as PSPs usually process a high number of transactions of limited amounts, PSPs processing money transfers from individuals to individuals are exposed to the risk of Terrorism Financing.

Third, PSPs could be used to launder money of criminal origin. Here, we distinguish two types of PSPs:

- those processing transfers for their clients

- those processing payments of vendors

PSPs processing transfers for their clients could be used to launder the proceeds of a crime through an important volume of transactions of low amounts, while those processing payments for vendors could be used to give a licit appearance to criminal money.

Not implementing necessary monitoring in terms of AML/CTF implies a legal, reputational as well as financial risk for the PSP with the consequences that we all know.


What are your AML/CTF obligations as a PSP?

The law requires you to implement a strong AML/CTF framework well documented in your internal procedures. The main parts of this framework consist in:

- identification of your client – is he who he pretends to be?

- Risk Based Approach – what risk does this client represent in terms of AML?

- screening and monitoring – am I able to identify threats?

- training of your staff – your staff must be regularly trained on AML/CTF.


Identification of your client

The identification of the client seems quite simple and many professionals resume this in its simplest way, verifying an ID document or legal documents of a corporate client. This is indeed the first step of the identification process.

Depending on the involved amount (cumulated transactions, assets on the account, destination or origin of transactions, …) it will imply the setup of a full KYC (Know Your Customer) document that will detail the client’s activity, geographical risk, behaviour risk, risk linked to the credit cards used, etc.

This will help you to identify potential AML/CTF risks your client represents and the level of monitoring you will apply to each specific case.


The Risk Based Approach

Introduced in the 90’s, its goal is to encourage the professionals of the financial sector to implement a monitoring of their clients based on the risk they represent.

Thus, the goal is not to monitor each client the same way, but focus on clients that represent a real risk based on their risk profile (KYC).


Screening and monitoring

How could you implement AML/CTF monitoring without a proper constant screening of your clients against sanctions, black- and PEP lists? Are you able to instantly identify if a client makes a payment to a person listed on a sanctions list or has been listed himself? Do you monitor the transactions to make sure they fit with the client’s profile? Did you set up thresholds as of which a client will be subject to a full KYC report?

These should all be part of your AML/CTF framework and of course you must be able to demonstrate through proper reporting that an efficient monitoring is in place.

This seems like a hell of a work but, using Regtechs can considerably ease the implementation of a proper AML/CTF framework with limited costs implied.

CDDS Luxembourg SA, a founding member of the International RegTech Association (IRTA), has all experience and systems to help you to implement your AML/CTF framework and be compliant.


Communicated by CDDS

Publié le 04 octobre 2017