trends and typologies update: mitigating the security ... and... · trends and typologies update:...
TRANSCRIPT
Trends and Typologies Update:
Mitigating the Security Risks of
Mobile Payment Products
Mercy Buku, CAMS, ACIB,
Senior Manager, Money Laundering Reporting,
Safaricom Limited Kenya
Solomon Abiakalam, CISA,
Regional Compliance Officer, Anglophone Africa,
MoneyGram International
s presentation.)
2 3rd Annual AML & Financial Crime Conference, Africa
Mitigating the Security Risks of Mobile Payment Products
This session will cover a review of the following discussion topics
Identifying the money laundering risks (vulnerabilities) and typologies
associated with mobile money
Applying appropriate AML controls once vulnerabilities have been
identified
Performing regular monitoring of transactions for suspicious activity and
fraud
Analyzing best practises learnt from the M-PESA mobile payment
service – M-pesa Case Study: Kenya Experience
INTRODUCTION
3 3rd Annual AML & Financial Crime Conference, Africa
Mobile Money Transfer (MMT) Services and Financial Inclusion
Single most effective contributor to global financial inclusion
initiatives, particularly in the developing countries.
Have facilitated access to cheap and reliable financial services
to an ever increasing formerly unbanked population segment.
Innovations in mobile transfer services in countries such as Kenya, have
heralded unprecedented success in financial inclusion initiatives.
Escalation of Mobile Frauds has given rise to an increasing need to
implement comprehensive AML Programmes in the Mobile Transfer and
Electronic payments sector, in line with the FATF recommendations and to
promote the sharing of information on AML best practises including
Suspicious Transactions Reporting, for the prevention of AML related
fraud and Financing of Terrorism
INTRODUCTION
4 3rd Annual AML & Financial Crime Conference, Africa
Mobile Money Transfer Services :
Rapidly becoming the preferred conduit by fraudsters for the
perpetration of fraud
Banks and mobile money providers have become a soft target for
mobile banking fraudsters largely due to:
Prevalence of mobile phones and the wide acceptance of MMT as an
alternative tool for financial inclusion in developing countries,
Lack of Fully automated Fraud Prevention/Transaction Monitoring
systems and controls
Ease of delivery and cash less service
Non face to face service - Few or no front line KYC
checks on an on-going basis.
Mobile Money Vulnerabilities to Money Laundering and Terrorist
Financing Risks
5 3rd Annual AML & Financial Crime Conference, Africa
1. Geographic Risk – Countries with Deficiencies in AML
controls, Corruption, Sanctions, Terrorist background
2. Customer Risk : Countries with largely unbanked
illiterate rural population, no identification regimes,
difficulties in carrying out KYC due diligence
3. Agent Risk : Due Diligence, High Volume/High Value
Transactions, Multiple Registrations, Irregular
Registrations, No infrastructure, Compliance Violations
4. Product Risk : Non Face to Face,
Un-registered Users, No transaction limits,
IMT, Partnerships with third parties
Summary of Mobile Money Risk Categories
6 3rd Annual AML & Financial Crime Conference, Africa
Informal International Agents – Use of unregistered Money Transfer
services to effect International Transfers
Suspicious Agent Activity outside the norm – Frequent deposits,
transfers, Multiple Registrations, Remote Withdrawals, Direct Deposits
etc
Customers holding Multiple lines/carrying out Multiple high value/high
volume transactions
Hoaxes and Scams/Schemes to defraud unsuspecting Customers and
agents
Bribery and Corruption Payments
Facilitation of Drug and other illegal activities – cashless facility,
Kidnapping – Ransom payments demanded through MT
COMMON MOBILE MONEY ML TYPOLOGIES
7 3rd Annual AML & Financial Crime Conference, Africa
Customer Identification & Verification
• Providers understand who their customers are
• Exceptions conditional on the availability of other controls
• Non-face to face verifications accompanied by additional steps to
verify customers’ claims
• Recipients of p2p remittances don’t remain anonymous
Awareness
• Providers using third parties to establish customer contact (e.g.,
retailers or money remittance businesses), ensure these are:
• Appropriately trained and qualified in AML/CFT compliance
• Subject to regulation and supervision themselves
OVERVIEW OF AML CONTROLS FOR MOBILE MONEY .
8 3rd Annual AML & Financial Crime Conference, Africa
Monitoring & Reporting:
• System driven transactions analysis to detect:
• Unusual or suspicious transactions
• Cases where the same account is used by multiple users
• Cases where the same user opens multiple accounts
• Cases where several products are funded by the same source
• System monitoring of thresholds set around due diligence exemptions.
• Effective monitoring systems are the basis for effective reporting of SARs.
Limits:
• Risk based restrictions: account balance, transaction amounts and frequency of
transactions.
• Combining value and transaction limits with other controls renders a product less
attractive to abusers.
• Restricting the number of funders as well as funding methods to sources where
providers can rely on another institution´s CDD measures.
OVERVIEW OF AML CONTROLS FOR MOBILE MONEY .
9 3rd Annual AML & Financial Crime Conference, Africa
• Providers should:
• Conduct system monitoring to detect suspicious transaction patterns
• Monitor agents (third parties) and implement controls: additional training, reduction in
their transaction limits or termination of agency
• Locate and analyze trends of consumer frauds reported from a variety of sources
• Some suspicious indicators include:
• An account is receiving funds from multiple sources.
• An account is sending to multiple receivers.
• An individual is receiving/sending multiple transactions within small time intervals.
• An account receives multiple transactions and immediately sends funds to new destinations.
• There doesn’t appear to be a business purpose for the transaction.
• There are so many sources/destinations that it seems unlikely the owner of the account actually knows that number of people.
TRANSACTION MONITORING FOR SUSPICIOUS ACTIVITY AND FRAUD .
10 3rd Annual AML & Financial Crime Conference, Africa
• In Africa, perpetrators of consumer frauds remain the greatest abusers of rapid
payment methods!
• Consumer fraud is the potential or actual theft of funds from a consumer by
means of deceit, trickery, or manipulation.
• Internet Purchase Scams
• Person-in-need Scams
• Lottery/Sweepstakes Scams
• Employment/Secret Shopper Scams
• Loan and Investment Scams
• Romance Scams
TRANSACTION MONITORING FOR SUSPICIOUS ACTIVITY AND FRAUD .
11 3rd Annual AML & Financial Crime Conference, Africa
About Safaricom
Out of 4 Mobile Telcos in Kenya, Safaricom has
an 80% Market share with a coverage of 75% of
Kenyan population
Public company registered on the Nairobi Stock
Exchange and is an affiliate of Vodafone UK.
Currently the largest Mobile Service Provider in
Kenya today with over 3000 employees and offers
multiple services to over 16 million customers.
Safaricom is a Reporting Institution under the
Proceeds of Crime and AML Act 2009
Designated Payment Service Provider under the
National Payments Act 2011
Case study : Mpesa in Kenya
12 3rd Annual AML & Financial Crime Conference, Africa
About Kenya
Population approximately 39 Million
Over 42% are under the age of 14
78% of the population is rural
22.6 % adults have a formal Bank
Account
Literacy at 85 %
80% have access to a mobile phone
40% of Kenyans unemployed while
17.94 million constitute the labor
force in Kenya
13 3rd Annual AML & Financial Crime Conference, Africa
As at 30th September 2013, M-PESA in Kenya had
over 18.1 Million customers (65% of the adult
population) conducting over 6 million
transactions daily
Compared to 1,272 bank branches and 16,333
bank agents in Kenya in December 2012, there
are about 80,000 M-PESA agents spread all over
the country
The introduction of lower bands and tariffs to
meet the needs of our customers has led to
increased transactions.
Over 98% of all mobile money transactions in
Kenya are conducted through M-PESA
Note: Kenya is still a cash heavy economy with
over 90% of transactions being cash based
M-PESA Data & Facts – a Global First
14 3rd Annual AML & Financial Crime Conference, Africa
Our latest service, LIPA NA M-PESA, has been
designed to allow the collection of payments by
SMEs traders at their business premises. One of
the key benefits of this product is that it is
cashless, therefore reducing risks associated with
handling cash. The service has no transaction
fees and has settlement on demand (same day)
for merchants.
Over 160 financial institutions linked to M-PESA
M-PESA penetration among women population
more than doubled from 24% to 51% (2008-2009)
There has been a significant increase in the
number of women using M-PESA. This has led to
Financial Independence for the Kenyan Woman
M-PESA Data & Facts – a Global First
15 3rd Annual AML & Financial Crime Conference, Africa
For every M-PESA transaction customers save:
3 hours per transaction, ploughed back into
economic productivity.
US$ 3, spent mainly on food and savings **
M-PESA provides greater convenience, speed
and lower costs of transferring cash.
M-PESA has enhanced personal security as it
reduces the need to carry physical cash.
M-PESA CHANGING LIVES
16 3rd Annual AML & Financial Crime Conference, Africa
M-PESA Core Services
Person to Person (P2P) transfers with cumulative value of 2.3 trillion since
launch
Airtime purchase : From M-PESA
ATM Withdrawal: M-PESA funds available at over 1000 ATM’s countrywide
M-Shwari: Bank account accessible via M-PESA
Customer to Business (C2B) This is a service that allows registered M-PESA users to make payments through
their M-PESA enabled Safaricom lines. It offers convenient and fast means of
payment collections
M-PESA to bank: Funds transfer from M-PESA account to bank
Loans repayments for SACCO’s , MFI’s ,HELB, Banks
Credit card payments e.g Barclays, Coop Bank
Insurance premiums payments: e.g CIC, Britam,
Managed payment collections services on behalf of other organizations e.g KPLC and Nairobi Water
Fundraising Initiatives : Kenyans for Kenya Famine Relief Initiative spearheaded by Safaricom and other business partners in August 2011, raised USD 8.5 m of
which USD 2.1 million – 25%) was contributed through Mpesa.
M-PESA Services
17 3rd Annual AML & Financial Crime Conference, Africa
Retail payments :
Retail Distribution : Examples EABL, Unilever, MoloLink
Lipa na M-PESA: collection of payments by SME’s at their business premises.
Business to Customer (B2C): This service enables an organization to disburse
payments to multiple M-PESA accounts.
M-PESA Payroll: Major Corporates
Bank to M-PESA: Barclays, KCB, Standard Chartered e.t.c
M-PESA Dividends payment e.g. Safaricom, and other PLC’s
M-PESA promotional payments: Coca Cola, Unilever, Safaricom
Loan Disbursements: All major Micro finance institutions
We have over 1,600 Pay bill partners and over 540 bulk payment partners
International Money Transfer: This is a service that enables transfer of money from
another country into M-PESA accounts in Kenya. In partnership with Western
Union, M-PESA is available in over 95 countries globally
M-PESA Services
18 3rd Annual AML & Financial Crime Conference, Africa
What does this mean for us in the Money Laundering Reporting
Office ?
Business Innovation must go hand in hand with appropriate controls
Need to balance controls with business expediency
Avoid Legal Risks with attendant penal sanctions
Product Risk assessment must be incorporated in every AML
Programme in order to ensure all risks are identified and adequately
mitigated against with appropriate controls
M-PESA Services – Balancing Controls with Business Expediency
19 3rd Annual AML & Financial Crime Conference, Africa
The Safaricom AML Programme for Mobile Money comprises
the following controls:
Mandatory Registration of all Subscribers
Enhanced due diligence for all corporate and business partner accounts
Risk based agent compliance monitoring programme focused on agents with
high registrations, or in high risk locations
KYC Data Integrity/Verification against Government Registration Data base
Automated Transaction Monitoring (High Value, high volume transactions
above set limits, inconsistency, PEP activity etc)
Link analysis of transactions and call records to establish call and transactional
patterns
Transactional Limits set to prevent High Value transactions
Watch list screening against international watch lists
M-PESA AND AML/CFT INITIATIVES
20 3rd Annual AML & Financial Crime Conference, Africa
Adoption of Risk based Tiered KYC - full residential details, and ID
copy requirement on accounts with high level transactions
Higher controls on IMT transactions and business usage
Technology to capture KYC copies on higher risk accounts,
(scanners/ camera phones etc)
Penal sanctions such as suspension and/or termination of customer
accounts and agents warnings, fines, claw back of commissions
arrest and prosecution and other sanctions for violations of the AML
Policy
Blocking/suspension of accounts with poor or duplicated KYC or
accounts/lines that appear linked or have been used for fraud
Profiling, arrest and prosecution of suspects involved in mobile fraud
M-PESA AND AML/CFT INITIATIVES
21 3rd Annual AML & Financial Crime Conference, Africa
BEING VIGILANT AND DILIGENT COSTS LITTLE BUT SAVES
MILLIONS;
PREVENT MONEY LAUNDERING, TERRORISM FINANCING AND
FRAUD