Study Paper: ‘AML/CFT Regulations for Mobile Money: Global Standards, Practices & Recommendations for Bangladesh’

Executive Summary

Access to financial system by the lower segment of the society is assumed as one of the seminal steps to establish a poverty free equitable society. Serving the poor through Mobile Financial Services is a much-praised agenda in the global development forum. Bangladesh is playing flagship role in using this vehicle to expedite investment activities of the poor through quick delivery of financial resources. However, like many other countries, the country is also experiencing abuse of Mobile Financial Services (MFS) for criminal purposes. Consequently, it has become necessary to address this issue from the regulatory and supervisory perspectives so that maximum benefits of this sector can be enjoyed by the stakeholders of the economy. To this end, Bangladesh Financial Intelligence Unit (BFIU) has formed a Focus Group with participation from the key stakeholders and industry practitioners. The Focus Group has developed this study paper in line with global standards and practices related with Anti Money Laundering and Combating Financing in Terrorism (AML/CFT) related regulations and provides policy recommendations for concern authorities of Bangladesh to promote an effective and sustainable supervisory regime for MFS.

1.0 Global AML/CFT standards and practices for MFS

FATF (Financial Action Task Force), the global standard setter for AML/CFT regulations, provides specific recommendations to minimize customer related risk as well as agent risk. To address customer level risk, they provide the following recommendations: (i) countries need to follow risk-based approach to address ML/TF risks for MFS. Depending on the degree of risk, limit needs to be imposed on the frequency and amount of transactions in m-money services. (ii) The countries should consider applying a “progressive” or “tiered” KYC approach whereby low transaction/payment/balance limits could reduce ML/TF vulnerabilities. A point-based progressive KYC approach presumes that the more KYC evidence a customer is able to provide, the more the customer can be trusted. Services will be offered to an extent proportional to the identification provided. However, the lower risk circumstances will have to be confirmed based on a thorough and documented risk assessment. (iii) FATF assumes non-face-to-face business relationships or transactions as potentially higher risk categories. They suggest collection of verifiable identification information to minimize risk.

In branchless banking and mobile money business models, agents are viewed by the FATF as simply an extension of the financial services provider. The duties of the agents commonly include providing cash-in and cash-out services, account opening, customer care, perform specific AML/CFT checks, record-keeping and reporting obligations, etc. As the m-money provider maintains Customer Due Diligence (CDD) and comprehensive record of the transactions of customers, the main monitoring obligation should remain on the provider. In this respect, agent monitoring is viewed as a significant element in an effective AML/CFT program. FATF therefore suggests that institutions must scrutinize their agents closely and manage the potential ML risk by performing appropriate due diligence measures when engaging agents. It is also essential that the regulatory supervisors review MFS providers’ oversight functions by examining the relevant policies, procedures and training. They need to ensure that monitoring system of agents is put in place by the MFS provider along with inspection of a representative sample of retail outlets.

The World Bank has emphasized that some issues need to be addressed by the country policy makers while designing AML/CFT regulatory framework for mobile money. They suggest that countries should conduct risk assessment prior to drafting AML/CFT regulation for m-money activities. The assessment should aim to identify all role players in the jurisdiction, understand the products that are offered and are likely to be offered, and potential future patterns and trends. It should also assess the nature, types, and levels of ML/TF risk, identify the main vulnerabilities that are specific to m-money and address them accordingly.

AML/CFT guidelines for m-money services should be implemented through ongoing collaboration and dialogue between the public and private sectors. Customize guidelines to specific local circumstances and conditions considering the financial infrastructure of the country (both formal and informal sector), number of unbanked population with demographic composition, etc. is also equally important.

World Bank further suggests that AML/CFT regulatory framework should encompass a clear delineation of responsibilities between providers and agents. The regulators should consider drafting agency regulations or guidelines that delineate minimum provisions to be included in agency agreement, basic eligibility criteria, technical and operational requirements, limits of transaction, customer authentication procedures and agent network management, etc.

2.0 Mobile money in Bangladesh

Mobile money was introduced in Bangladesh in 2011 and earns rapid growth within a very short period of time. Bangladesh Bank has issued 19 licenses to commercial banks to rollout mobile money. Among them, 17 banks have launched their operation till December, 2016. The total number of registered clients is 41.08 million and daily average number and value of transaction is 4.46 million are 7,737.90 million respectively as of December, 2016. The service is now even available to the poorest segment of the population and mainly serves as low value domestic money transfer system. Other types of services are also expanding slowly.

Risk assessment for m-money in Bangladesh has been conduced based on the risk matrix developed by FATF. Considering the m-money operational models, maturity and regulatory approaches of Bangladesh, some high risk elements have been identified. Due to absence of verification of customer’s identity on the basis of reliable, independent source documents, data or information, CDD verification has been identified as high risk. CDD monitoring is also determined as high risk due to inadequate KYC; and large number of micro transaction made effective monitoring quite hard. Absence of regulation on maximum amount of e-money stored per account and lack of enforcement on number of account per person creates a high risk scenario. Predominance of anonymous funding source (e.g. cash) and person to person transfer (P2P) are also pose high risk. However, most of the high risk elements discussed above can be mitigated through effective regulation, enforcement and monitoring.

Recent trend of abuse of MFS in Bangladesh has also been analyzed as part of risk assessment. We have seen several ways of abuse of MFS such as collection of ransom of vehicle theft, abduction/kidnapping; fraud by promising fake lottery prize, gift, job or hidden treasure from ‘genier badsha’; marriage with expatriate bride; extortion by the name of top terrorists. In most cases, account with fake KYC or personal accounts of agents have been used by the criminals. In recent times, we have observed declining trend of foreign remittance in Bangladesh and MFS based Hundi (M-hundi) through MFS has been identified as one of the major causes of it. Ample opportunities of virtually anonymous transaction is contributing significantly for such criminal abuse of MFS.

There are several factors which are contributing for the abuse of m-money in Bangladesh. Agents acquire and register multiple SIM cards to conduct anonymous transaction (ATr) of the customers. Customers, having low academic qualification, find it difficult to navigate the mobile menu (in English language) required to conduct transaction. Customer acquisition based on previous falsely registered SIM along with lack of unique identification documents for all citizens and verification tools for the MFS providers; and inadequate monitoring mechanism for the agents are contributing heavily for the abuse of MFS.

3.0 Proposed recommendations to strengthen AML/CFT regulations for MFS in Bangladesh

Based on the analysis of international standards, practices and local circumstances, Focus Group recommends the following policy options for the regulatory and supervisory authorities of Bangladesh:

(a) Proposed AML/CFT compliance structure for MFS providers

All MFS Providers (MFSPs) should have their own AML & CFT Policy/Manual. MFS companies should set up a Central Compliance Unit (CCU) headed by a ‘Chief Anti Money Laundering Compliance Officer’ (CAMLCO). The CCU should consist of at least 5 (five) members who will be high officials of different departments. Banks, which are providing MFS within their existing organizational structure, should nominate an AML/CFT Compliance Officer for their MFS operation and include him in Central Compliance Unit (CCU). The CAMLCO or AML/CFT Compliance Officer should have at least 5 (five) years of experience on AML/CFT compliance. S/he should ensure compliance of AML/CFT policies and strategies of the organization. MFSPs which have more than 20 thousand agents should form a separate AML/CFT Compliance Unit/Department in addition to CCU. MFSPs should nominate Field Compliance Officer (FCO) against each Distributor’s office and field level offices who will monitor transactions of customer, agent and distributor accounts, compliance during account opening and submit STR/SAR, etc.

(b) Proposed regulations for personal account

MFSPs should collect sufficient customers’ information as per unique Account Opening Form. Physical presence of the customer in front of the agent/concern officer of MFSP is necessary except in permissible exception cases. At least a verifiable photo identification document issued by any government authority should be collected from the customer and verified by MFSP. The intended customer should have mobile SIM registered in his name and necessary verification should be made.

Progressive KYC: At least three types of information should be required among seven types of KYC information for opening a MFS account. Required KYC information are: a) collection of information properly as per prescribed account opening form, b) Collection and verification of government issued photo identity document, c) recent photograph or real time electronic photograph of the customer, d) SIM registration information, e) presence of the customer at the customer care point of the MFSP, f) MFS account linked with any bank account of the customer and, g) biometric information as part of e-KYC. One point shall be obtained for each KYC information collected from a customer. If KYC information of an account receives three (3) points, it will be termed as Level-1 account and four/five (4-5) points recipient will be termed as Level-2 account and more than five (6-7) point recipients will be termed as Level-3 account. Based on the risk involved due to variation of quality of KYC discussed above, daily and monthly transaction limit and highest account balance should be determined by Bangladesh Bank.

MFS account can be linked with any existing bank account of the same customer upon request. Additional KYC should not be required for the Link Account, if both the accounts are operated within the same bank or with subsidiary of the same bank. Both inward and outward transfer can be done between bank and MFS A/C. A customer should not operate more than 01 (one) personal account in a MFS platform. However, a person having government issued photo identity document may introduce his/her ‘relatives’ while opening an MFS account and KYC of both person would be necessary. In such cases, account title and SIM registration would remain in the name of the verifiable photo ID holder, but operated by his/her relative. Non-resident Bangladeshis and foreign nationals living in Bangladesh may open MFS account with copies of valid passport and visa.

(c) Proposed regulations for impersonal/merchant/institutional account

Any entity or organization may open MFS account for its operational/business purposes. Information of the organization and relevant individuals along with specific documents should be collected as per specific Forms for opening such accounts. Higher transaction in such accounts would require additional KYC information and those should be linked with a bank account of the organization. Physical verification of the business premise of the customer along with transaction profile should be collected. However, MFSP should implement Risk Based Approach (RBA) and take additional measures as appropriate to monitor transaction in such accounts.

(d) Proposed regulations for agents and distributors

MFSPs should collect information and documents described in specific Forms as minimum requirements while opening an agent/distributor account. MFSPs should collect NID of relevant individuals and trade license of the business premise along with other information/documents. MFSP should conduct visit of the business premise of the agent/distributor before appointment and verify information/documents. Agents should have knowledge and skills to comply with AML/CFT compliance requirements and at least one day long training should be provided to them. MFSPs should report rogue customers/agents to Bangladesh Bank and one central depository should be developed and shared with MFSPs. Any customer/agent blacklisted in the database should not be appointed as agent/distributor.

Risk assessment procedures for agents and distributors should be developed by the MFSPs based on volume of business, geographical location, previous records and any other information available to the MFSP and apply CDD/EDD accordingly. MFSPs should develop automated mechanism for monitoring of transactions of agent and distributor account and should ensure that every agent point and distributor office is visited at least once in every year. One agent should not maintain more than one agent A/C and one personal A/C in his/her name. MFSP should develop operational procedures in line with circular/guidelines of regulatory/supervisory authorities regarding selection and monitoring activities of agents and distributors.

MFSPs should develop own policies and procedures to conduct on-site inspections covering at least 10% of the agents in every year. The provider may use “mystery shoppers”—staff of the provider who visit agents and pretend to be regular customers to test the agent’s integrity and competence in carrying out its roles. The CCU should review the inspection reports and submit a summary report to BFIU annually.

(e) Proposed transaction monitoring mechanism

MFSPs should develop automated system based monitoring mechanism for analysis of transactions and identification of suspicious transactions. If any transaction is found to be suspicious, STR/SAR should be submitted to BFIU immediately. MFSPs should adopt Risk Based Approach (RBA) for transaction monitoring based on risk assessment. While conducting risk assessment, geographical locations, nature of customers and agents, quality of KYC information, previous records of MFS abused etc. should be taken into consideration along with any indicators informed by BFIU. Based on the risk assessment, transaction monitoring tools and procedures should be developed.

(f) Proposal for prevention of anonymous transaction

Ensuring physical presence of customer during Cash In and Cash Out at the agent point is the most important tools to prevent anonymous transaction (ATr) and some other types of abuse of m-money, such as MFS based hundi (M-hundi). When sender’s and/or beneficiary’s information is absent in any transaction trail, there are high risks of abuse of such transactions by criminals. A criminal will certainly be encouraged if s/he knows that nobody can identify her/him after fraud/crime. To mitigate such risks, biometric authentication (as part of e-KYC) of customer during Cash In and Cash Out transaction are the most effective tools to ensure presence of customer at the agent point. Bangladesh may consider implementation of biometric identification and authentication for financial inclusion customers in phase.

Alternatively, MFSP should develop/establish functionality so that customer’s name appear in the agent’s device from the MFSP’s database after account number is entered by the agent during Cash In and Cash Out. The customer shall be present in the agent premise and will show a photo ID document to the agent. The name of the customer in the ID document and customer’s name as appeared in the agent’s device must be matched along with photo of ID document with customer’s appearance. MFSPs should inspect their agent points as mystery shoppers to identify agents’ misconduct/noncompliance and agency agreement should be cancelled in appropriate cases.

(g) Other recommendations

Field Compliance Officers (FCO), distributors and agents should follow the procedures set by MFSPs to identify and report suspicious transactions/activities. Service providers may consider a toll free AML/CFT related hotline for agents and distributors and provide incentives to encourage them for submission of STR/SAR. MFSPs should provide training to their staffs, agents and distributors on ML/TF issues. MFSPs should also take awareness programs on a regular basis to aware customers, agents and distributors regarding AML/CFT issues. The Focus Group also developed unique Account Opening Forms for personal a/c, impersonal a/c, agent or distributor a/c, format for transaction profile, STR/SAR format and STR/SAR indicators for MFS.

 

The study paper would be available in Bangladesh Bank website very recently and the weblink would be provided hare. For further information or clarification, please mail me: rashedsoc@yahoo.com