Money laundering and terrorist financing risks for SVF Licensees
Faster payment systems (FPS) continue to evolve across much of the world: the FASTT Project at the World Bank monitors the development of FPS and predicts growth in the sector of 35.5% from 2023 to 2030. This growth opens opportunities for technological advances and enhances the structural rails of payments. Payment Service Providers (PSPs) have stepped up to the challenges of this brave new world of payments and have driven broad adoption of FPS. Within this expanding ecosystem sit Stored-Value Facilities, or SVFs, acting to diversify and expand the channels and services available through FPS.
However, risk is always a part of any technological and structural advance. Regulations attempt to address this risk; in the case of the inherent risk added to the payment ecosystem by an SVF, any PSP that utilizes an SVF must look to regulatory guidance; specifically, risks associated with anti-money laundering and countering financing of terrorism (AML/CFT) are implicit risks that must be addressed. Here, Eastnets looks at the Stored-value facilities | CBUAE Rulebook (centralbank.ae) as an example of the risks associated with SVFs and how a SVF Licensee can mitigate these risks.
SVF regulation and the Central Bank of UAE Rulebook
The CBUAE Rulebook sets out the framework for regulating digital payments in the UAE. The rulebook was updated from an earlier 2016 framework on 30 September 2020 to take account of technological advances in payments and enhanced supervisory powers. The updated framework covers the licensing, supervisory, and deployment requirements of an SVF in the UAE. Notably, whereas the previous framework set out four PSP categories, there is now just a single licensing category, the SVF Licensee, helping to streamline and simplify the framework's impact on PSPs. To apply for an SVF License, vendors must adhere to the rulebook's strict requirements, including mitigating risk. Article 14 focuses on the risks around AML/CFT that an SVF licensee must address.
CBUAE Rulebook Article 14 specifics on AML/CFT
Article 14 of the CBUAE Rulebook focuses on the regulatory requirements and legal obligations addressing money laundering and terrorist financing. Like other AML/CFT regulations, the CBUAE Rulebook aims to reduce the risks associated with financial crime, with an SVF acting as a conduit for the movement of illicit funds.
Article 14 specifies using "appropriate preventive measures" to mitigate these risks. Also, the rulebook requires that any suspicious transactions are reported to the Financial Intelligence Unit at the Central Bank.
Core requirements of the CBUAE Rulebook center around the design of the SVF and how this design impacts the risk profiling and risk factors of the SVF. Risk factors are compounded by the following design features, which can increase the risk of money laundering and terrorist financing:
Maximum stored value: higher stored value limits are associated with an increased likelihood of financial crimes such as money laundering.
Funding methods: cash funding can be associated with increased money laundering risk as there are few audit trails. Also, the Central Bank points out that funding that does not utilize robust customer identification/verification also increases the risks of money laundering and terrorist financing.
Cross-border risks: the complexity added to payments from differing jurisdictional regulations when payments are made across borders also offers an opportunity for money laundering signals to go undetected. Information sharing to mitigate these risks can also be problematic when doing cross-border transactions.
Fund transfers: person-to-person fund transfers can increase the risk of money laundering and terrorist financing.
Withdrawals: the use of automated teller machines for cash withdrawal increases financial crime risks.
Multiple cards and accounts: this SVF functionality, especially if linked cards are anonymous, increases money laundering risks.
High-risk activities: payment activities in certain areas, such as gaming, can be associated with increased money laundering and terrorist financing.
The CBUAE Rulebook expects that SVF licensees carry out regular risk assessments and risk profiling around AML/CFT requirements.
Risk mitigation measures for SVF vendors
The general SVF risk areas captured by the CBUAE Rulebook apply to any SVF, regardless of the vendor's jurisdiction. Adherence to the rules to reduce the risk of money laundering and terrorist financing requires that anti-financial crime measures are applied comprehensively across the entire ecosystem. AML/CFT, by design, is part of the integrated view of risk reduction required by the Central Bank as applied to SVF Licensees.
- Apply limits on the maximum storage values, cumulative turnover, or transaction amounts.
- Disallow high-risk funding sources and high-risk activities, such as gaming.
- Prevent cash access.
- Detect multiple SVF accounts held by the same customer or group of customers.
- Identify business relationships and assign risk ratings to monitor and control the risk of suspicious activities within these groupings.
The CBUAE Rulebook also lists "Enabling Technologies," focusing on sound design practices to help mitigate money laundering and terrorist financing activities that exploit SVFs. Amongst technologies such as cloud computing, the Central Bank identifies certain intelligent and next-gen technologies as part of the tech ecosystem used by SVFs. The CBUAE Rulebook provides "Guidelines for Financial Institutions adopting Enabling Technologies." Some of these Enabling Technologies included in this advisory include the following:
Distributed Ledger Technology (DLT): DLT has various uses, including access to real-time updated sanction lists that help to mitigate fraud and ensure compliance with AML/CFT regulations.
Data Analytics and Artificial Intelligence (AI): complex layers of fraudulent activities require the capabilities of AI to unravel. Trade-Based Financial Crime requires Natural Language Processing (NLP) and AI to monitor and identify connected accounts and suspicious financial activity.
Biometrics, including behavioral biometrics: used for customer identification and verification at on-boarding and for ongoing customer authentication.
Real-time transaction monitoring: to help detect and report suspicious transactions, and for anti-fraud efforts.
SVF licensees must adhere to strict AML/CFT requirements wherever they do business. SVF support, however, offers excellent customer experiences in an era where omnichannel choice and speed are important. Fortunately, anti-financial crime solutions that use the Enabling Technologies mentioned in the CBUAE Rulebook help handle the complex fraud chains and money laundering transactions that cybercriminals use when they exploit an SVF.
