Presentation on theme: "A Point of View on Bank Secrecy Act/AML Issues for Mobile Payments Law Seminars International Mobile Payment Systems September 9-10, 2013 Andrew J. Lorentz,"— Presentation transcript:
A Point of View on Bank Secrecy Act/AML Issues for Mobile Payments Law Seminars International Mobile Payment Systems September 9-10, 2013 Andrew J. Lorentz, Partner Washington, D.C. Office
Agenda Perspective Key issues and challenges Enforcement and regulatory trends 2
Business of banking / Deposit-Taking Truth in Lending Act / Reg Z Regulation B Bank Secrecy Act OFAC Reg D Truth in Savings Act Regulation II Gramm-Leach-Bliley Act Fair Credit Reporting Act Data breach/security FDIC Deposit Insurance E-SIGN Act Unfair, Deceptive or Abusive Acts and Practices Laws State Money Transmitter Laws State Privacy and Security Statutes Card brand rules Gift card Anti-Money Laundering Compliance OFAC TISA/Reg DD Reg CC Escheat Durbin AmendmentIdentity-Theft Red Flags Check 21 Truth in Billing Electronic Fund Transfer Act / Regulation E Regulation DD
Bank Secrecy Act/Anti-Money Laundering* Intent of the BSA/AML laws is to abate money laundering Major Provisions – 3 Rs: Registration, Record-Keeping and Reporting – Requires Anti-Money Laundering (AML) programs – the Four Pillars – Criminalizes money laundering *(Lots) more (real) information on Paymentlawadvisor.com 4
Bank Secrecy Act/Anti-Money Laundering Applies to financial institutionsTypes most relevant to mobile: Banks and other depository institutions Money Service Businesses (MSBs) AML criminal prohibitions apply more broadly 5
BSA Compliance Summary Depository Institutions Money Transmitters Agents of Money Transmitters * Providers of Prepaid Access Sellers of Prepaid Access RegistrationXXX RecordsXXXXX Reports SARsXXXXX CTRsXXXXX CMIRsXXXXX OthersX AML Program XXXXX 6 * Principals and agents may allocate responsibility but both are responsible for compliance.
PERSPECTIVE Dispro- portionate impact Risk-based – except for getting customers? Where roles unsettled – a game of compliance hot potato 7
PERSPECTIVE Physical retail outlets of carriers Pre-existing customer relationships More and better data (geo-location) Handset for authentication (something you have) Mobile Potential 8
9 New Approaches Verification by carrier customer accounts Payfones Mobile Authentication leverages customers existing relationship with mobile carriers.
10 New Approaches Prepaid accounts with mobile carriers Boku mobile carrier billing leverages SMS authentication for payments
Customer Acquisition Often both bank and MSB customer verification obligations triggered Banks cannot formally rely on non-banks for CIP 11
Customer Acquisition 12 Verification Requirements Must obtain identifying information when… What information? Depository institution Formal banking relationship established to provide or engage in services…. Customer Identification Program (CIP) (name, address, ID #, DOB) Money TransmitterAML policy must provide for…Verifying customer identification
Customer Acquisition 13 Verification Requirements Must obtain identifying information when… What information? Provider of Prepaid Access A person obtains prepaid access under a prepaid program [even closed loop if > $2,000 per vehicle or device per day] Name, address, ID #, DOB (same as CIP) Seller of Prepaid Access (1)A person obtains prepaid access under a prepaid program, or (2)A person obtains prepaid access to funds that exceed $10,000 during any one day Name, address, ID #, DOB (same as CIP)
EFFECTS Mobile environment is challenging for customer acquisition and verification Small form factor may introduce an inefficient or awkward registration process Interface may not be optimized for mobile Increased risk of abandoned accounts Disputes over ownership/use of customer information in new ecosystem 14
EFFECTS (Most) mobile payments solutions fit into defined boxes – Prepaid, credit, debit – Merchant aggregation Bewilderment as to who does what Overkill: Everybody is an MSB or acts like one – Where does mobile carrier billing fit? 15
Enforcement and regulatory trends FDIC, FinCEN, DoJ, $15MM civil money penalty, death penalty (terminated FDIC insurance, revoked charter) Activities at issue were those of third party payment processor customers of bank Bank failed to monitor and control RCC and ACH returns First Bank of Delaware (Nov. 2012) 16
Enforcement and regulatory trends Lessons Duty to police customer and activities of customer Customers customer… and so on Enforcement squeeze at bank level ripples down the compliance chain, to MSB customers of banks and beyond First Delaware part of a major enforcement sweep targeting payment processors and their banks Risks to banks and their officers (FIRREA liability) 17
Enforcement and regulatory trends FinCEN ANPRM on customer due diligence (CDD) (Mar. 5, 2012) Intended to codify, clarify, consolidate, and strengthen existing CDD regulatory requirements and supervisory expectations, and establish a categorical requirement for financial institutions to identify beneficial ownership of their accountholders Banks plus others covered – but not MSBs at this time So much for a risk-based regime?Bank risk committees 18
Enforcement and regulatory trends HSBC Holdings (Dec. 2012) HSBC is being held accountable for stunning failures of oversight – and worse – that led the bank to permit narcotics traffickers and others to launder hundreds of millions of dollars through HSBC subsidiaries…The level of dysfunction at HSBC for many years was astonishing. $1.921 billion in forfeiture and fines –largest BSA penalty ever Changes to management, systems Must submit to ongoing monitoring 19
Enforcement and regulatory trends Remind me why mobile payments are so risky? 20
Enforcement and regulatory trends Digital currency company that facilitated money laundering Did no verification of its customers Allowed account to account transfers; funding and cash out only through exchangers added more anonymity 17 country takedown – largest ever Avowedly illegal activity 200,000 U.S. users 55 million transactions Laundered $6 billion Liberty Reserve (May 2013) 21
Enforcement and regulatory trends Lessons Srsly?* Dont be a crook Dont be an idiot – this activity was not in the regulatory grey zone 22 *Bitcoin and srsly were both added to the Oxford Dictionaries Online on Aug. 28, Coincidence?
Enforcement and regulatory trends FinCEN Virtual Currency Guidance (March 2013) Exchangers and administrators of convertible virtual currency are money transmitters Virtual currency is a medium of exchange that operates like currency in some environments, but does not have all the attributes of real currency Convertible virtual currency has an equivalent value in real currency, or acts as a substitute for real currency 23