Compliance Challenges in Alternative Payments
Neil Katkov, PhD, is Senior Vice President, Asia, for Celent, a division of Oliver Wyman based in the firm’s Tokyo office. His areas of expertise include the Asian financial services industry, financial services distribution channels, and compliance issues including anti-money laundering and business continuity planning.
Alternative payments are the most active and complex ecosystem in financial services today. A quick look at AngelList recently showed a bewildering 1,477 payments startups. These include many familiar names like Square (m-POS) and The Currency Cloud (international payments) to newer entrants such as Coin Drive (stored value exchange), OpenCuro (secure payments), and niche players like LeaguePals (which bills itself as the “PayPal of League Bowling”). 238 of these start-ups are providing various services around cryptocurrencies, including 134 companies focused on Bitcoin.
When banking, brokerage and non-bank money services started going online ten or fifteen years ago, there was concern that e-channels would be vulnerable to abuse by money launderers, identity thieves, fraud rings and other malefactors. This drove the development of an array of security, authentication, and anti-money laundering and anti-fraud solutions and techniques specifically for online channels.
So far so good. But today the alternative payments area is expanding and evolving at a dizzying pace, creating new challenges for compliance and security for both the non-banks themselves, as well as banks and other traditional financial services providers. Below we take a look at some of the major areas in the alternative payments space, and the challenges they pose.
- Mobile and digital wallets. The digital wallets ecosystem has expanded to encompass a broad range of sectors, from retail superstores to online ecommerce to support for international payments. Schemes have evolved from the controlled environments of single-merchant schemes to open loop models, which make the schemes more broadly fungible and convenient for consumers, but also more susceptible to abuse.
- Money transfer. Traditional money services businesses have invested heavily to develop customer identification and AML techniques and systems for handling their often international, unbanked and transient clientele. E-money transfer businesses pose similar but far more complex challenges due to the potentially broader reach of online business models.
- Virtual currencies. The potential for abuse of BitCoin and other virtual currencies is obvious, as cryptocurrencies can circulate freely in virtual reality sites and other online environments, and then be exchanged for cold hard cash on virtual currency exchanges. Regulators are likely to crack down by making the activity of the virtual currency exchanges subject to AML monitoring.
- m-POS (mobile point of sale). m-POS providers such as Square make it possible for anybody to collect payments like a merchant, with or without a business license. This is liberating for small businesses, but potentially lowers the bar for abuse as individuals can set up cover “storefront” operations just by getting an m-POS dongle.
- Gift cards. At first glance, gift cards and loyalty points may look like small change and not susceptible to abuse. However gift cards bear value, and as such can play the role of a pseudo-currency. In China, for example, gift cards are often used as a vehicle for bribery and as such have come under regulatory scrutiny.
- Points. For the businesses that offer them, loyalty points are a tangible product with real value and form the basis of commercial arrangements between, for example, airlines and credit card companies. The development of points exchanges is now turning loyalty points into a fungible vehicle for value exchange between consumers. And as frequent flyers know, points are not limited to small ticket items. As an extreme example, but one we will see more of, earlier this year, an art collector earned 422 million American Express points when he used his credit card to buy a Chinese ceramic cup at auction for $36 million.
Any payments startup that gets traction and grows will have to implement effective security and compliance measures to guard against the vulnerabilities described above. But the explosive growth—in terms of the number of new services if not yet in terms of transaction volumes—of alternative payments poses a challenge for traditional financial institutions as well.
The reason is that alternative payments services intersect with mainstream financial services at some point. Digital wallets are funded from a bank or credit card account. P2P payments authenticate their clients through bank or credit card accounts. From a regulatory point of view mainstream financial institutions may not necessarily be on the hook for abuse of alternative payments systems. Yet it will still behoove banks to monitor such payments flows through their system in order to identify risky customers that might next abuse the bank’s own transaction services.