Trends and Typologies Update:

Mitigating the Security Risks of

Mobile Payment Products

Mercy Buku, CAMS, ACIB,

Senior Manager, Money Laundering Reporting,

Safaricom Limited Kenya

Solomon Abiakalam, CISA,

Regional Compliance Officer, Anglophone Africa,

MoneyGram International

s presentation.)

2 3rd Annual AML & Financial Crime Conference, Africa

Mitigating the Security Risks of Mobile Payment Products

This session will cover a review of the following discussion topics

Identifying the money laundering risks (vulnerabilities) and typologies

associated with mobile money

Applying appropriate AML controls once vulnerabilities have been

identified

Performing regular monitoring of transactions for suspicious activity and

fraud

Analyzing best practises learnt from the M-PESA mobile payment

service – M-pesa Case Study: Kenya Experience

INTRODUCTION

3 3rd Annual AML & Financial Crime Conference, Africa

Mobile Money Transfer (MMT) Services and Financial Inclusion

Single most effective contributor to global financial inclusion

initiatives, particularly in the developing countries.

Have facilitated access to cheap and reliable financial services

to an ever increasing formerly unbanked population segment.

Innovations in mobile transfer services in countries such as Kenya, have

heralded unprecedented success in financial inclusion initiatives.

Escalation of Mobile Frauds has given rise to an increasing need to

implement comprehensive AML Programmes in the Mobile Transfer and

Electronic payments sector, in line with the FATF recommendations and to

promote the sharing of information on AML best practises including

Suspicious Transactions Reporting, for the prevention of AML related

fraud and Financing of Terrorism

INTRODUCTION

4 3rd Annual AML & Financial Crime Conference, Africa

Mobile Money Transfer Services :

Rapidly becoming the preferred conduit by fraudsters for the

perpetration of fraud

Banks and mobile money providers have become a soft target for

mobile banking fraudsters largely due to:

Prevalence of mobile phones and the wide acceptance of MMT as an

alternative tool for financial inclusion in developing countries,

Lack of Fully automated Fraud Prevention/Transaction Monitoring

systems and controls

Ease of delivery and cash less service

Non face to face service - Few or no front line KYC

checks on an on-going basis.

Mobile Money Vulnerabilities to Money Laundering and Terrorist

Financing Risks

5 3rd Annual AML & Financial Crime Conference, Africa

1. Geographic Risk – Countries with Deficiencies in AML

controls, Corruption, Sanctions, Terrorist background

2. Customer Risk : Countries with largely unbanked

illiterate rural population, no identification regimes,

difficulties in carrying out KYC due diligence

3. Agent Risk : Due Diligence, High Volume/High Value

Transactions, Multiple Registrations, Irregular

Registrations, No infrastructure, Compliance Violations

4. Product Risk : Non Face to Face,

Un-registered Users, No transaction limits,

IMT, Partnerships with third parties

Summary of Mobile Money Risk Categories

6 3rd Annual AML & Financial Crime Conference, Africa

Informal International Agents – Use of unregistered Money Transfer

services to effect International Transfers

Suspicious Agent Activity outside the norm – Frequent deposits,

transfers, Multiple Registrations, Remote Withdrawals, Direct Deposits

etc

Customers holding Multiple lines/carrying out Multiple high value/high

volume transactions

Hoaxes and Scams/Schemes to defraud unsuspecting Customers and

agents

Bribery and Corruption Payments

Facilitation of Drug and other illegal activities – cashless facility,

Kidnapping – Ransom payments demanded through MT

COMMON MOBILE MONEY ML TYPOLOGIES

7 3rd Annual AML & Financial Crime Conference, Africa

Customer Identification & Verification

• Providers understand who their customers are

• Exceptions conditional on the availability of other controls

• Non-face to face verifications accompanied by additional steps to

verify customers’ claims

• Recipients of p2p remittances don’t remain anonymous

Awareness

• Providers using third parties to establish customer contact (e.g.,

retailers or money remittance businesses), ensure these are:

• Appropriately trained and qualified in AML/CFT compliance

• Subject to regulation and supervision themselves

OVERVIEW OF AML CONTROLS FOR MOBILE MONEY .

8 3rd Annual AML & Financial Crime Conference, Africa

Monitoring & Reporting:

• System driven transactions analysis to detect:

• Unusual or suspicious transactions

• Cases where the same account is used by multiple users

• Cases where the same user opens multiple accounts

• Cases where several products are funded by the same source

• System monitoring of thresholds set around due diligence exemptions.

• Effective monitoring systems are the basis for effective reporting of SARs.

Limits:

• Risk based restrictions: account balance, transaction amounts and frequency of

transactions.

• Combining value and transaction limits with other controls renders a product less

attractive to abusers.

• Restricting the number of funders as well as funding methods to sources where

providers can rely on another institution´s CDD measures.

OVERVIEW OF AML CONTROLS FOR MOBILE MONEY .

9 3rd Annual AML & Financial Crime Conference, Africa

• Providers should:

• Conduct system monitoring to detect suspicious transaction patterns

• Monitor agents (third parties) and implement controls: additional training, reduction in

their transaction limits or termination of agency

• Locate and analyze trends of consumer frauds reported from a variety of sources

• Some suspicious indicators include:

• An account is receiving funds from multiple sources.

• An account is sending to multiple receivers.

• An individual is receiving/sending multiple transactions within small time intervals.

• An account receives multiple transactions and immediately sends funds to new destinations.

• There doesn’t appear to be a business purpose for the transaction.

• There are so many sources/destinations that it seems unlikely the owner of the account actually knows that number of people.

TRANSACTION MONITORING FOR SUSPICIOUS ACTIVITY AND FRAUD .

10 3rd Annual AML & Financial Crime Conference, Africa

• In Africa, perpetrators of consumer frauds remain the greatest abusers of rapid

payment methods!

• Consumer fraud is the potential or actual theft of funds from a consumer by

means of deceit, trickery, or manipulation.

• Internet Purchase Scams

• Person-in-need Scams

• Lottery/Sweepstakes Scams

• Employment/Secret Shopper Scams

• Loan and Investment Scams

• Romance Scams

TRANSACTION MONITORING FOR SUSPICIOUS ACTIVITY AND FRAUD .

11 3rd Annual AML & Financial Crime Conference, Africa

About Safaricom

Out of 4 Mobile Telcos in Kenya, Safaricom has

an 80% Market share with a coverage of 75% of

Kenyan population

Public company registered on the Nairobi Stock

Exchange and is an affiliate of Vodafone UK.

Currently the largest Mobile Service Provider in

Kenya today with over 3000 employees and offers

multiple services to over 16 million customers.

Safaricom is a Reporting Institution under the

Proceeds of Crime and AML Act 2009

Designated Payment Service Provider under the

National Payments Act 2011

Case study : Mpesa in Kenya

12 3rd Annual AML & Financial Crime Conference, Africa

About Kenya

Population approximately 39 Million

Over 42% are under the age of 14

78% of the population is rural

22.6 % adults have a formal Bank

Account

Literacy at 85 %

80% have access to a mobile phone

40% of Kenyans unemployed while

17.94 million constitute the labor

force in Kenya

13 3rd Annual AML & Financial Crime Conference, Africa

As at 30th September 2013, M-PESA in Kenya had

over 18.1 Million customers (65% of the adult

population) conducting over 6 million

transactions daily

Compared to 1,272 bank branches and 16,333

bank agents in Kenya in December 2012, there

are about 80,000 M-PESA agents spread all over

the country

The introduction of lower bands and tariffs to

meet the needs of our customers has led to

increased transactions.

Over 98% of all mobile money transactions in

Kenya are conducted through M-PESA

Note: Kenya is still a cash heavy economy with

over 90% of transactions being cash based

M-PESA Data & Facts – a Global First

14 3rd Annual AML & Financial Crime Conference, Africa

Our latest service, LIPA NA M-PESA, has been

designed to allow the collection of payments by

SMEs traders at their business premises. One of

the key benefits of this product is that it is

cashless, therefore reducing risks associated with

handling cash. The service has no transaction

fees and has settlement on demand (same day)

for merchants.

Over 160 financial institutions linked to M-PESA

M-PESA penetration among women population

more than doubled from 24% to 51% (2008-2009)

There has been a significant increase in the

number of women using M-PESA. This has led to

Financial Independence for the Kenyan Woman

M-PESA Data & Facts – a Global First

15 3rd Annual AML & Financial Crime Conference, Africa

For every M-PESA transaction customers save:

3 hours per transaction, ploughed back into

economic productivity.

US$ 3, spent mainly on food and savings **

M-PESA provides greater convenience, speed

and lower costs of transferring cash.

M-PESA has enhanced personal security as it

reduces the need to carry physical cash.

M-PESA CHANGING LIVES

16 3rd Annual AML & Financial Crime Conference, Africa

M-PESA Core Services

Person to Person (P2P) transfers with cumulative value of 2.3 trillion since

launch

Airtime purchase : From M-PESA

ATM Withdrawal: M-PESA funds available at over 1000 ATM’s countrywide

M-Shwari: Bank account accessible via M-PESA

Customer to Business (C2B) This is a service that allows registered M-PESA users to make payments through

their M-PESA enabled Safaricom lines. It offers convenient and fast means of

payment collections

M-PESA to bank: Funds transfer from M-PESA account to bank

Loans repayments for SACCO’s , MFI’s ,HELB, Banks

Credit card payments e.g Barclays, Coop Bank

Insurance premiums payments: e.g CIC, Britam,

Managed payment collections services on behalf of other organizations e.g KPLC and Nairobi Water

Fundraising Initiatives : Kenyans for Kenya Famine Relief Initiative spearheaded by Safaricom and other business partners in August 2011, raised USD 8.5 m of

which USD 2.1 million – 25%) was contributed through Mpesa.

M-PESA Services

17 3rd Annual AML & Financial Crime Conference, Africa

Retail payments :

Retail Distribution : Examples EABL, Unilever, MoloLink

Lipa na M-PESA: collection of payments by SME’s at their business premises.

Business to Customer (B2C): This service enables an organization to disburse

payments to multiple M-PESA accounts.

M-PESA Payroll: Major Corporates

Bank to M-PESA: Barclays, KCB, Standard Chartered e.t.c

M-PESA Dividends payment e.g. Safaricom, and other PLC’s

M-PESA promotional payments: Coca Cola, Unilever, Safaricom

Loan Disbursements: All major Micro finance institutions

We have over 1,600 Pay bill partners and over 540 bulk payment partners

International Money Transfer: This is a service that enables transfer of money from

another country into M-PESA accounts in Kenya. In partnership with Western

Union, M-PESA is available in over 95 countries globally

M-PESA Services

18 3rd Annual AML & Financial Crime Conference, Africa

What does this mean for us in the Money Laundering Reporting

Office ?

Business Innovation must go hand in hand with appropriate controls

Need to balance controls with business expediency

Avoid Legal Risks with attendant penal sanctions

Product Risk assessment must be incorporated in every AML

Programme in order to ensure all risks are identified and adequately

mitigated against with appropriate controls

M-PESA Services – Balancing Controls with Business Expediency

19 3rd Annual AML & Financial Crime Conference, Africa

The Safaricom AML Programme for Mobile Money comprises

the following controls:

Mandatory Registration of all Subscribers

Enhanced due diligence for all corporate and business partner accounts

Risk based agent compliance monitoring programme focused on agents with

high registrations, or in high risk locations

KYC Data Integrity/Verification against Government Registration Data base

Automated Transaction Monitoring (High Value, high volume transactions

above set limits, inconsistency, PEP activity etc)

Link analysis of transactions and call records to establish call and transactional

patterns

Transactional Limits set to prevent High Value transactions

Watch list screening against international watch lists

M-PESA AND AML/CFT INITIATIVES

20 3rd Annual AML & Financial Crime Conference, Africa

Adoption of Risk based Tiered KYC - full residential details, and ID

copy requirement on accounts with high level transactions

Higher controls on IMT transactions and business usage

Technology to capture KYC copies on higher risk accounts,

(scanners/ camera phones etc)

Penal sanctions such as suspension and/or termination of customer

accounts and agents warnings, fines, claw back of commissions

arrest and prosecution and other sanctions for violations of the AML

Policy

Blocking/suspension of accounts with poor or duplicated KYC or

accounts/lines that appear linked or have been used for fraud

Profiling, arrest and prosecution of suspects involved in mobile fraud

M-PESA AND AML/CFT INITIATIVES

21 3rd Annual AML & Financial Crime Conference, Africa

BEING VIGILANT AND DILIGENT COSTS LITTLE BUT SAVES

MILLIONS;

PREVENT MONEY LAUNDERING, TERRORISM FINANCING AND

FRAUD

22 3rd Annual AML & Financial Crime Conference, Africa

THANK YOU