Sunday, August 1, 2021

                                            BSA in a Fintech World 






There are two areas that will always be among the “hot topics” when it comes to compliance.  The first is an institutions’ system for compliance with the requirements of the Bank Secrecy Act/Anti-Money laundering (“BSA/AML”) laws.   Regulated financial institutions have been well aware of the fact that a well-developed system for compliance is a critical component of ongoing operations.  A second area that is becoming increasingly important is the use of technology to transact business by financial institutions.  This area is often known as “fintech”.   Although fintech is often a broadly used term, there are generally accepted definitions such this one offered by Fintech magazine:   

Financial technology, also known as FinTech, is a line of business based on using software to provide financial services. Financial technology companies are generally startups founded with the purpose of disrupting incumbent financial systems and corporations that rely less on software.[1]

PayPal, Apple Pay and Venmo are just a few examples of popular software applications that allow consumers to transfer money to one another with a just a few relatively easy steps.    

As the number of firms that offer variations of fintech transactions grow, so does the need for a financial institutions’ BSA/AML system to adapt.  

The Heart of BSA/AML- CIP and KYC

Although there are numerous components that make up a strong and complete BSA compliance program, the heart of all programs is the ability of the financial institution to know complete information about its customers.   The two components of the BSA program that perform this function are the Customer Identification program (“CIP”) and the Know Your Customer (“KYC”) programs.  The CIP program is made up of the policies and procedures established by an institution for the purpose of collecting identifying information about their new customers.  The FFIEC BSA manual details the requirements of the CIP regulation and notes that at a minimum, a financial institution must obtain the following information before opening an account:

·         Name

·         Date of birth for individuals.

·         Address.

·         Identification number.[2]

 

There are well established rules for the types of identification that are considered acceptable.  The goal of the CIP program must be that a financial institution has to establish with a reasonable certainty that the person who is attempting to open an account is who they say they are.  For business accounts, the requirements are the same although the form of identification takes on different forms e.g., name would be the legal name of a business and identification number would be the tax identification number.  

Once the identity of a customer is established; the KYC portion of a compliance program comes into play.  Depending on the types of transactions that the customer says that they will conduct additional information is necessary.  For example, if the customer is a flower shop, then information about how long they have been in business, who their customers are, how the flowers are sold and the means for payment, etc. are all pieces of information that are necessary for a financial institution.  Using this information, the financial institution can keep transactions conducted by the customer in context.  In other words, if the flower shop sells mostly orchids, it is reasonable that there would be wires to regions of the country where orchids are grown.  

It is through CIP and KYC that all of the information that gathered on a client is filtered.   Individual transactions may or may not be considered suspicious based upon the KYC and CIP obtained about a client.  Using the flower shop example above, wires or ACH activity to war-torn regions of the world would seem at least very unusual for orchids.  

CIP and Unintended Consequences

The need for complete CIP and KYC has been at the heart of a delicate balancing act for financial institutions and the customers that they serve.  The FDIC separates people who do not use banks to fully serve their financial needs into two distinct categories. The unbanked have no ties to an insured economic institution. Essentially, they have no checking or savings account and no debit or ATM card. Meanwhile, the underbanked do use some of these services – often a checking account – but they also used alternative financial options within the past year. 

When customers are the “unbanked” and “underbanked” communities, the issue of complete documentation of identification can be tricky.  These customers may not have complete or traditional documentation available. For many institutions, the clash between the desire to serve underbanked and unbanked and the need for complete documentation has created an unintended consequence.    The law of unintended consequences is defined as:

The law of unintended consequences is the outgrowth of many theories, but was probably best defined by sociologist Robert K. Merton in 1936. Merton wrote …a treatise which covers five different ways that actions, particularly those taken on a large scale as by governments, may have unexpected consequences. These “reactions,” may be positive, negative or merely neutral, but they veer off from the intent of the initial action.”

 

In the case of BSA, the desire to monitor and mitigate risk had the unintended consequence of shutting out entire industries that often are critical to unbanked or underbanked communities.  MSB’s such as combination grocery stores and check cashers often serve as the bank and remittance service for migrant workers and expatriates of other countries.  When the local bank makes a decision to stop proving services to these entities, the customers of the MSB are forced into transactions with entities that are completely underground.  

Fintech to the Rescue? 

Fintech companies have developed many products that allow customers to have many of the same services and abilities as a bank account.  Digital wallets for example, allow customers to receive payroll, reload debit cards, payment bills and purchase gift cards among other things.   These platforms also allow customers to send wires, ACH’s or other transfers.  

 

The very nature of fintech relationship is often that the customer and the provider are not in physical contact with one another.  The identification process is completed through various means such as texts to telephones, IP address verification and scanned copies of documents.   The ability of fintech companies to discern fraud and detect unauthorized use of an account has become increasingly adept.    

The development of fintech products gives financial institutions that opportunity to reach out to customers that have been largely overlooked due to BSA/AML concerns.  The time has come to reconsider the possibilities.

For a detailed review of how Fintech can improve overall Community Reinvestment Act performance, non-interest income and BSA/AML compliance please go to www.vcm4you.com and fill out the “Contact Us” form




[1] FinTech – A definition by FinTech Weekly https://www.fintechweekly.com/fintech-definition 

[2] See FFIEC BSA examination manual – Customer Identification Program- Overview

No comments:

Post a Comment