Managing Financial crimes in the age of digital payments

In the past two decades, specialized payment providers expanded the market beyond traditional banking services. Global payments revenues reached $1.9 trillion in 2020, driven by increased adoption of payment services by individuals and e-commerce businesses. About half of the recent growth was in consumer-to-business and business-to-consumer payments. Electronic payments are growing rapidly in North America and Europe, twice the GDP growth rates, and even faster in Asia. This growth is fueled by the shift away from cash payments and the rise of e-commerce and m-commerce, utilizing digital payment mechanisms, including cards and digital wallets, with this trend expected to persist.

The success of payment service providers (PSPs) brings increased financial crime risk, potentially posing an existential threat. Weak controls may attract regulatory attention. Banks expect strong anti-money laundering and fraud controls from PSPs. PSPs can proactively address this by learning from banks and utilizing advanced technology for an effective strategy against financial crime while maintaining a positive customer experience.

The rising threat of financial crime, including money laundering and fraud, has led to increased regulatory attention. The UN Office on Drugs and Crime reports substantial global money-laundering amounts, reaching up to 5% of global GDP annually. Financial-crime incidents have increased during the pandemic, with regulators updating requirements. Payment service providers (PSPs) must strengthen controls to counter financial crime, maintain reputation, and meet regulatory expectations. The European Union is creating an Anti-Money Laundering Authority (AMLA) to address these challenges. PSPs need robust anti-money laundering, sanctions, and fraud controls to navigate the evolving regulatory landscape effectively.

Payment service providers (PSPs) need to adopt three key design principles for effective financial crime management. First, they should establish a proportionate control framework aligned with their business model, considering which risks to accept and which to mitigate. Second, PSPs should challenge traditional banking control models, recognizing that more controls don't always equate to better protection. This encourages creative solutions that align with regulatory requirements while preserving customer experience. Lastly, PSPs should proactively address exposures by anticipating risks and integrating protections into core services, continuously updating their approach to stay ahead of the evolving financial crime landscape and design innovative mechanisms for countering it.

Payment service providers (PSPs) and similar service providers need a tailored risk assessment to determine their risk appetite. They must identify specific financial-crime risks their business models face and build internal infrastructure accordingly. Effective risk identification requires detailed, data-driven analysis of merchant roles, customer segments, business models, product offerings, and transaction flows. This analysis helps set risk appetite and tolerance thresholds, continuously monitored with data capture and trigger-based controls to address deviations from the risk appetite. It's essential for PSPs to understand and mitigate unique financial crime risks related to their specific operations.

Segmentation in risk management allows for targeted measures and prioritization. Detecting and preventing prohibited transactions and bad actors can be costly, so focusing resources on the small percentage of potentially risky transactions and customers is essential. This requires nuanced, real-time segmentation models based on various data points, including historical transactions, KYC records, and external data, to effectively rank customers and transactions by risk level.

Payment service providers (PSPs) excel in creating unified infrastructure and integrated teams across various risk types like fraud, AML, sanctions, and cybersecurity. Their structure allows for quicker decision-making and more effective controls compared to traditional banks. PSPs can leverage data from these related risk areas to inform decision-making and should invest in solutions that bring multiple controls together, ensuring compliance within their processes. This integrated approach can lead to better outcomes, as these risks are interconnected.

Payment service providers (PSPs) should leverage innovative technologies and data for continuous and tailored monitoring solutions, shifting from solely relying on expert judgment. They can design intelligent automated processes, incorporating machine learning and analytics to enhance efficiency by reducing false positives and labor-intensive tasks.

PSPs are adopting an always-on approach, using dynamic and static data for better customer risk assessment. AI models, historical investigation learning, and machine learning for transaction monitoring optimization are also being deployed. Basic descriptive analyses using customer and transaction data aid in saving time, improving decision-making, and deploying targeted controls effectively.

Strong anti-financial crime controls can enhance the customer experience and trust in payment service providers (PSPs). Critical journeys like onboarding can be improved with faster transactions and user-friendly digital interfaces. Aligning business and risk objectives involves developing controls alongside new products or journeys, reusing documents to assess risks, and providing transparency to customers about requirements and their purpose, ultimately ensuring a seamless customer experience.

The approach to countering financial crime within payment service providers (PSPs) will have wide-ranging implications, influencing their business model, customer experience, and internal operations. Balancing the need for speed and risk reduction is crucial, especially regarding due diligence on new merchants in e-commerce platforms. Operational decisions must consider customer experience, cost, and responsiveness, with technology investments to lower false positives and improve efficiency.

PSPs must incorporate compliance into product design and engage in collaborative efforts with e-commerce platforms and customers to combat financial crime. PSPs can expect increased regulatory scrutiny and should proactively engage with regulators and market participants to shape regulatory agendas and build credibility. Learning from banks' reactive approaches, PSPs should aim for a robust and effective infrastructure to combat financial crime.