The Nexus of BSA
& Fintech
Two areas that will always be among the “hot topics” when it
comes to compliance. The first is an
institutions’ system for compliance with the requirements of the Bank Secrecy
Act/Anti-Money laundering (“BSA/AML”) laws.
Regulated financial institutions have been well aware of the fact that a
well-developed system for compliance is a critical component of ongoing operations. A second area that is becoming increasingly
important is the use of technology to transaction business by financial
institutions. This area is often known
as “fintech”. Although fintech is often
a broadly used term, there are generally accepted definitions such this one offered
by Fintech magazine:
Financial technology, also known as FinTech, is a
line of business based on using software to provide financial services.
Financial technology companies are generally startups founded with the purpose
of disrupting incumbent financial systems and corporations that rely less on
software.[1]
PayPal, Apple Pay and Venmo are just a few examples of
popular software applications that allow consumers to transfer money to one
another with a just a few relatively easy steps.
As the number of firms that offer variations of fintech
transactions grow, so does the need for a financial institutions’ BSA/AML
system to adapt.
The Heart of
BSA/AML- CIP and KYC
Although there are numerous components that make up a strong
and complete BSA compliance program, the heart of all programs is the ability
of the financial institution to know complete information about its customers. The two components of the BSA program that
perform this function are the Customer Identification program (“CIP”) and the
Know Your Customer (“KYC”) programs. The
CIP program is made up of the policies and procedures established by an
institution for the purpose of collecting identifying information about their
new customers. The FFIEC BSA manual
details the requirements of the CIP regulation and notes that at a minimum, a
financial institution must obtain the following information before opening an
account:
·
Name
·
Date of birth for individuals.
·
Address.
There are well established rules for the types of
identification that are considered acceptable.
The goal of the CIP program must be that a financial institution has to
establish with a reasonable certainty
that the person who is attempting to open an account is who they say they are. For business accounts, the requirements are
the same although the form of identification takes on different forms e.g.,
name would be the legal name of a business and identification number would be
the tax identification number.
Once the identity of a customer is established; the KYC
portion of a compliance program comes into play. Depending on the types of transactions that
the customer says that they will conduct, additional information is
necessary. For example, if the customer
is a flower shop, then information about how long they have been in business,
who their customers are, how the flowers are sold and the means for payment,
etc. are all pieces of information that are necessary for a financial
institution. Using this information, the
financial institution can keep transactions conducted by the customer in
context. In other words, if the flower
shop sells mostly orchids, it is reasonable that there would be wires to
regions of the country where orchids are grown.
It is through CIP and KYC that all of the information that
gathered on a client is filtered.
Individual transactions may or may not be considered suspicious based upon
the KYC and CIP obtained about a client.
Using the flower shop example above, wires or ACH activity to war-torn
regions of the world would seem at least very unusual for orchids.
CIP and Unintended
Consequences
The need for complete CIP and KYC has been at the heart of a
delicate balancing act for financial institutions and the customers that
they serve. The FDIC separates people
who do not use banks to fully serve their financial needs into two distinct
categories. The unbanked have no ties to an insured economic
institution. Essentially, they have no checking or savings account and no debit
or ATM card. Meanwhile, the underbanked do use some of these
services – often a checking account – but they also used alternative financial
options within the past year.
When customers are the “unbanked” and “underbanked”
communities, the issue of complete documentation of identification can be
tricky. These customers may not have
complete or traditional documentation available. For many institutions, the
clash between the desire to serve underbanked and unbanked and the need for
complete documentation has created an unintended consequence. The
law of unintended consequences is defined as:
The law of unintended consequences is the outgrowth of many
theories, but was probably best defined by sociologist Robert K. Merton in
1936. Merton wrote …a treatise which covers five different ways that actions,
particularly those taken on a large scale as by governments, may have
unexpected consequences. These “reactions,” may be positive, negative or merely
neutral, but they veer off from the intent of the initial action.”
In the case of BSA, the desire to monitor and mitigate risk
had the unintended consequence of shutting out entire industries that often are
critical to unbanked or underbanked communities. MSB’s such as
combination grocery stores and check cashers often serve as the bank and
remittance service for migrant workers and expatriates of other
countries. When the local bank makes a decision to stop proving services
to these entities, the customers of the MSB are forced into transactions with
entities that are completely underground.
Fintech to the
Rescue?
Fintech companies have developed many products that allow
customers to have many of the same services and abilities as a bank
account. Digital wallets for example,
allow customers to receive payroll, reload debit cards, payment bills and
purchase gift cards among other things.
These platforms also allow customers to send wires, ACH’s or other
transfers.
The very nature of fintech relationship are often that the
customer and the provider are not in physical contact with one another. The identification process is completed
through various means such as texts to telephones, IP address verification and scanned
copies of documents. The ability of
fintech companies to discern fraud and detect unauthorized use of an account
has become increasingly adept.
The development of fintech products gives financial
institutions that opportunity to reach out to customers that have been largely
overlooked due to BSA/AML concerns. The
time has come to reconsider the possibilities.
For a detailed review of how Fintech can improve
overall Community Reinvestment Act performance, non-interest income and BSA/AML
compliance please go to www.vcm4you.com
and fill out the “Contact Us” form
No comments:
Post a Comment