BSA in a Fintech World
There are two areas that will always be among the “hot topics” when it comes to compliance. The first is an institutions’ system for compliance with the requirements of the Bank Secrecy Act/Anti-Money laundering (“BSA/AML”) laws. Regulated financial institutions have been well aware of the fact that a well-developed system for compliance is a critical component of ongoing operations. A second area that is becoming increasingly important is the use of technology to transact business by financial institutions. This area is often known as “fintech”. Although fintech is often a broadly used term, there are generally accepted definitions such this one offered by Fintech magazine:
Financial technology, also known as FinTech, is a
line of business based on using software to provide financial services.
Financial technology companies are generally startups founded with the purpose
of disrupting incumbent financial systems and corporations that rely less on
software.[1]
PayPal, Apple Pay and Venmo are just a few examples of
popular software applications that allow consumers to transfer money to one
another with a just a few relatively easy steps.
As the number of firms that offer variations of fintech
transactions grow, so does the need for a financial institutions’ BSA/AML
system to adapt.
The Heart of BSA/AML- CIP and KYC
Although there are numerous components that make up a strong
and complete BSA compliance program, the heart of all programs is the ability
of the financial institution to know complete information about its
customers. The two components of the BSA program that perform
this function are the Customer Identification program (“CIP”) and the Know Your
Customer (“KYC”) programs. The CIP program is made up of the policies
and procedures established by an institution for the purpose of collecting
identifying information about their new customers. The FFIEC BSA
manual details the requirements of the CIP regulation and notes that at a
minimum, a financial institution must obtain the following information before
opening an account:
· Name
· Date
of birth for individuals.
· Address.
· Identification
number.[2]
There are well established rules for the types of
identification that are considered acceptable. The goal of the CIP
program must be that a financial institution has to establish with a
reasonable certainty that the person who is attempting to open an account is
who they say they are. For business accounts, the requirements
are the same although the form of identification takes on different forms e.g.,
name would be the legal name of a business and identification number would be
the tax identification number.
Once the identity of a customer is established; the KYC
portion of a compliance program comes into play. Depending on the
types of transactions that the customer says that they will conduct additional
information is necessary. For example, if the customer is a flower
shop, then information about how long they have been in business, who their
customers are, how the flowers are sold and the means for payment, etc. are all
pieces of information that are necessary for a financial
institution. Using this information, the financial institution can
keep transactions conducted by the customer in context. In other
words, if the flower shop sells mostly orchids, it is reasonable that there
would be wires to regions of the country where orchids are grown.
It is through CIP and KYC that all of the information that
gathered on a client is filtered. Individual transactions may
or may not be considered suspicious based upon the KYC and CIP obtained about a
client. Using the flower shop example above, wires or ACH activity
to war-torn regions of the world would seem at least very unusual for
orchids.
CIP and Unintended Consequences
The need for complete CIP and KYC has been at the heart of a
delicate balancing act for financial institutions and the customers that they
serve. The FDIC separates people who do not use banks to fully serve
their financial needs into two distinct categories. The unbanked have
no ties to an insured economic institution. Essentially, they have no checking
or savings account and no debit or ATM card. Meanwhile, the underbanked do
use some of these services – often a checking account – but they also used
alternative financial options within the past year.
When customers are the “unbanked” and “underbanked”
communities, the issue of complete documentation of identification can be
tricky. These customers may not have complete or traditional
documentation available. For many institutions, the clash between the desire to
serve underbanked and unbanked and the need for complete documentation has
created an unintended consequence. The law of unintended
consequences is defined as:
The law of unintended consequences is the outgrowth of many
theories, but was probably best defined by sociologist Robert K. Merton in
1936. Merton wrote …a treatise which covers five different ways that actions,
particularly those taken on a large scale as by governments, may have
unexpected consequences. These “reactions,” may be positive, negative or merely
neutral, but they veer off from the intent of the initial action.”
In the case of BSA, the desire to monitor and mitigate risk
had the unintended consequence of shutting out entire industries that often are
critical to unbanked or underbanked communities. MSB’s such as
combination grocery stores and check cashers often serve as the bank and
remittance service for migrant workers and expatriates of other
countries. When the local bank makes a decision to stop proving services
to these entities, the customers of the MSB are forced into transactions with
entities that are completely underground.
Fintech to the Rescue?
Fintech companies have developed many products that allow
customers to have many of the same services and abilities as a bank
account. Digital wallets for example, allow customers to receive
payroll, reload debit cards, payment bills and purchase gift cards among other
things. These platforms also allow customers to send wires,
ACH’s or other transfers.
The very nature of fintech relationship is often that the
customer and the provider are not in physical contact with one
another. The identification process is completed through various
means such as texts to telephones, IP address verification and scanned copies
of documents. The ability of fintech companies to discern
fraud and detect unauthorized use of an account has become increasingly
adept.
The development of fintech products gives financial
institutions that opportunity to reach out to customers that have been largely
overlooked due to BSA/AML concerns. The time has come to reconsider
the possibilities.
For a detailed review of how Fintech can improve overall
Community Reinvestment Act performance, non-interest income and BSA/AML
compliance please go to www.vcm4you.com and
fill out the “Contact Us” form
[1] FinTech
– A definition by FinTech Weekly https://www.fintechweekly.com/fintech-definition
