260 likes | 433 Vues
World Bank/APG workshop for bank supervisors on AML/CFT supervision Integrity in Mobile Phone Financial Services Jakarta, Indonesia, May 11-14, 2009. Pierre-Laurent Chatain Lead Financial Sector Specialist Financial Market Integrity. What are mobile phone financial services (m-FS)?
E N D
World Bank/APG workshop for bank supervisors on AML/CFT supervision Integrity in Mobile Phone Financial Services Jakarta, Indonesia, May 11-14, 2009 Pierre-Laurent Chatain Lead Financial Sector Specialist Financial Market Integrity
What are mobile phone financial services (m-FS)? • The Global Potential • Methodology • New Framework for Analysis • ML-TF risks associated to m-FS • Observed Control Measures • Applying the FATF 40+9 • Lessons Learned • Policy Recommendations Contents
What are m-FS? Vendor Receipts Sometimes called “m-banking” or “m-commerce” Mobile Phone Financial Services = m-FS Definition: The remote delivery of financial services by a mobile phone Remittances Stock Trades Checking Account Balance Bill Payments Access bank or credit card Transactions
Enormous Potential for Development Problem: Poor countries fall way behind in terms of giving access to financial services Solution: Mobile signal covers over 80% of the world’s population
Potential is huge: All Regions Booming 3.5 Billion people with access to a mobile phone in 2008 Source: World Bank analysis of Wireless Intelligence Data provided March 2008.
Mobile payment and commerce projections • Research predicts that users of contactless mobile payment and mobile banking will reach nearly 900 million users by 2012. These users will complete 62 billion transactions over the phone (source: mFoundry).
World Bank’s Research on M-FS WB’s contribution to policymakers’ discussions on the development of mobile financial services in a safe and sound AML/CFT environment The Mobile Phone Financial Services (m-FS) and the perceived ML/FT risks Proposed Paradigm for ML/TF Risk Analysis for m-FS Managing Risks of the Different Uses of Mobile Phones for Financial Services Conclusions on perception, actual and mitigation for ML/FT risks Recommendations to policy makers, TelCos, financial institutions and regulators South Africa, The Philippines, Brazil, Hong Kong, Malaysia, Macau and South Korea
Plan: • Identify the unique risks • Mitigation measures Which are real? Methodology Perceptions Macao China South Africa Seven Leading Markets Hong Kong China Brazil Malaysia Philippines South Korea
- BSA - Money - Payments - fINFO - BSA - Money - Payments - fINFO 1. New Framework for Analysis From a ML/TF risk analysis all business models could be grouped into 4 types of services: No interaction with costumer Anchored by a bank or securities account Bank or Non-bank services (not anchored by a bank account) Offers alternative settlement systems Mobile Financial Information Mobile Banking and Securities Accounts Mobile Payments Mobile Money
-fINFO TelCo FIs Gives access to view personal financial information Client • Services Received • Account Balance • Credit Limit Alerts • Confirmation of Transaction • Security Quotes and Positions • Exchange Quotes and Positions
-BSA TelCo Client FIs 3rd Party CCC Permits user to make transactions with a bank account CCC : Credit Card Company FI : Financial Institution • Services Received • Account transfers • Bill payments • Settling balances • Security quotes and positions • Exchange quotes and positions • Access to credit lines 3rd Party: Any other individual or other financial entity. Dotted line indicates entity which provides the transaction
-Payments TelCo FIs 3rd Party CCC Allows user to make payments without pre-existing bank accounts Client • Services Received • Merchant payments • Settling balances • Non-bank account transfers • Security quotes and positions • Exchange quotes and positions • Access to credit lines Dotted line indicates entity which provides the transaction
-Money TelCo 3rd Party CCC Empowers user to work in electronic money through mobile phone FIs Client • Services Received • Allows access to all services available through other m-FS. • Electronic storage of value (i.e. “e-Wallet) • Remittances (domestic and international) Dotted line indicates entity which provides the transaction
4. Sample of AML/CFT best practices (KYC/CDD) . Several examples of risk mitigation practices in the jurisdictions visited reflect the FATF Recommendations: Korea: ►A customer needs to hold a bank account, ► come in person to a bank branch, ► provide identification, and fill in a form (including details of predefined accounts to transfer money) to receive an e-banking ID and password. ► A letter is then issued by the bank so that the customer can obtain the SIM from the TelCo. ► Service is available only to post-paid individual subscribers, not corporate clients ► A foreign citizen is required to present a valid passport. ► A copy of the letter is retained by the TelCo for billing purposes.
4. Sample of AML/CFT best practices (KYC/CDD) Philippines: ► Customers using G-Cash need to register via their mobile phones or the Internet. However, they may not deposit or withdraw funds until undergoing face-to-face CDD, which can take place at a retail shop, an accredited business partner, or a partner bank. Hong Kong SAR of China: ► customers willing to use the mobile remittance service need to register their SIM card face-to-face with the mobile phone operators. ► Subscribers are required to present their national ID, which is equipped with security features and a chip with biometric information.
4. Sample of AML/CFT best practices (Record Keeping) • m-FS providers keep customer activity records (Customer Detailed Records- CDRs) similar to banks, payment system providers and RSPs. • CDRs contain data related to a mobile operator’s system usage and include identification of each mobile call’s originating and receiving phone, duration, and other information Malaysia: ►Maxis keeps records of transactions for active customers on an ongoing basis. Once the relationship is terminated, the information is archived for seven years.
4. Sample of AML/CFT best practices (Reporting Obligations) Hong Kong: TelCos are reporting entities under the AML and CFT regime. Korea: m-FS providers are also subject to the regime as reporting institutions to the Korean FIU (KoFIU). Macao: Providers are required to indicate in the STR the channel used, including m-FS. Philippines: Reporting of STRs by m-FS providers is conducted electronically, and is required for all transactions above 500,000 Pesos (US$ 11,200)
Varying Provider Obligations Ambiguous • Fieldwork shows that TelCo AML and CFT obligations are applied unequally in the observed jurisdictions. • The majority of TelCo m-FS perform some KYC and CDD measures • Virtually none are designed specifically to address ML and TF concerns. • There is no consensus on how to implement AML and CFT international standards among the telecom industry
Providers should be classified as FIs • FATF 40+9 Rec. contain no specific provisions governing AML/CFT obligations for Telcos • Grounds to believe that Telcos are subject to AML/CFT obligations: • m-fINFO & m-BSA: no ambiguity • m-Payment & m-Money: ambiguity lifted by applying the “functional definition”
Providers should be classified as FIs • Problem: Are Telcos providing m-FS DNFBPs or FI? • Telcos do not fit into DNFBPs category • According to the FATF, “financial institution” means, among other things, any person or entity who provides its customers with transfer of money or values services, or issues and manages means of payment, inter alia, electronic money. • ¾ business models consist of TelCos providing a means to transfer money • TelCos providing m-FS should be considered as FATF “financial institutions”
5. Lessons Learned FATF standards • Address m-FS vulnerabilities • No need for new standards Regulations do not • Address full spectrum of entities (Telco, Credit Card Company) • Provide clarity on the licensing process TelCos providing financial services are not explicitly subjected to AML/CFT regulations Although many m-FS providers are already applying measures consistent with AML/CFT, their purposes are commercial and not targeted to prevent ML/TF.
6. Policy Recommendations • Policy Makers • All m-FS providers should be subject to AML regulations in accordance with risk-based approach. • Conduct risk assessment prior to legislating controls. • FIU/Law Enforcement • Develop clear rules and guidelines for m-FS transaction providers. • Consider requiring STR to include data on the type of channel used • Sector Regulators • Set clear licensing criteria and monitoring procedures that are commensurate with services and risks. • Define transaction limits giving each m-FS providers flexibility to take advantage of market opportunities • Supervisors • Include the associated risks into the scope of their on and off-site duties • Private Sector • Consult with regulators on the development of new services • Introduce robust internal controls and risk management practices
Thank you Pierre-Laurent Chatain pchatain@worldbank.org Lead Financial Sector Specialist The World Bank