Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
March 14, 2012
How do new faces affect risks in money transfer business?
According to a February 21 American Banker article, Facebook has officially entered into the money transfer business. Facebook reported in its S-1 filing last month that it generated about $555 million dollars in 2010 (or 15 percent of its revenue that year) from payments, and that it holds money transmitter licenses in 15 states. Facebook credits are a digital currency that companies use on the site's online applications and games such as Farmville.
Facebook is not the only nonbank business entering the money transmittal business, though it certainly may be one of the more prominent. But as money transmitters are playing an increasingly larger role in our nation's payments system, now may be the time to take stock of the risk environment and continue our discussion on an appropriate strategy for risk governance.
FinCEN SAR filings on the rise for money transfer services
According to FinCEN's May 2011 report The SAR Activity Review: By the Numbers, depository institutions have a greater potential of exposure to money laundering crimes than do nondepository institutions. Nondepository institutions include money service businesses (MSBs), securities and insurance firms, and even casinos. You can see from the following table that over the last five years, the number of depository institution SARs decreased as of December 2010, while nondepository institution SARs have increased.
The report's findings for MSBs in particular are startling. It says, for example, that “in 2010, suspicious activity filings by the MSB industry hit an all time high with 596,494 SARs filed in 2010, up 12% from the prior year and over 18,000 more forms submitted than the previous high in 2007.” In fact, money transfer SAR filings in 2010 comprised 70 percent of all financial services filings by MSBs. SARs by MSBs listing money transfers increased 23 percent from 2009, while money order SARs fell 3 percent for the same period.
Under the radar: When MSBs fail to file
When MSBs were subject to enforcement actions in 2011, their primary infraction often involved failure to register with FinCEN. In addition, according to FinCEN's 2011 Annual Report, filing failures were often accompanied by other legal violations, such as failing to file currency transaction reports and currency structuring.
To help industry partners, regulators, and law enforcement monitor MSBs, FinCEN recently announced the launch of a new MSB registration website. FinCEN updates the database weekly.
As nonbank companies, including social media firms like Facebook, enter the payments business, it will be critical to keep an eye on small innovative and possibly unlicensed start-up money transmitters.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
October 24, 2011
Keeping pace as money transmitters proliferate
As the United States migrates from paper-based retail payments to electronically enabled methods, we are witnessing a proliferation of entrepreneurial and innovative nonbank stakeholders entering the retail payments market. As my colleague discussed in a previous post, these nonbanks provide a variety of services that banks can use to create more efficient payment systems. But the fast pace of technological change and the ease with which these new companies can enter the retail payments arena may also be translating into new risk vulnerabilities for the nation's retail payments systems.
There are many different types of nonbanks in U.S. payments systems today, including technology developers, aggregators, agents, third-party service providers, and money service businesses (MSB) and transmitters. As technology enables more nimble and innovative payments, the role of MSBs and, in particular, money transmitters is growing more important.
Am I an MSB?
According to this table from the Financial Crimes Enforcement Network (FinCEN), certain products or service offerings may dictate the capacities in which a business might fit the definition of an MSB. Note that money transmitters represent a specific type of MSB that engages primarily in funds transfer services.
Source: "Am I an MSB?," www.fincen.gov/financial_institutions/msb/amimsb.html
The innovations that PayPal introduced illustrate the value that transmitters add to the payment system through the provision of nimble service offerings that respond to consumer payment needs. Over time, PayPal has evolved into a mainstream payment service provider and household name, and has demonstrated a commitment to risk management and regulatory compliance across all the jurisdictions in which it operates. But PayPal's commitment contrasts with the overall state of the industry of MSBs, whose efforts are not completely transparent. MSBs and transmitters today operate in a fragmented regulatory environment determined by the specific governing laws, licensing requirements, and permissible business activities of each U.S. state.
As money transmitters become more prevalent players in our nation's payment system, is it time to reassess their regulatory environment and consider the potential benefits of a national supervisory framework?
Transmitters and the U.S. regulatory structure
Money transmitters are required to register with FinCEN and to comply with federal laws for anti-money-laundering and counterterrorist-financing provisions of the Bank Secrecy Act. In addition, 48 states require the licensing of money transmitters before they can do business. For money transmitters that operate in more than one state and across state lines, differences in state legal requirements create challenges to developing effective enterprise-wide compliance and risk-management programs. Furthermore, monitoring changes in various state legal regimes can be extremely complicated, not to mention costly.
Ironically, state regulatory authorities governing money transmitter businesses are generally budget-strapped in today's economically distressed environment, and lack the financial resources for taking action against all but the most egregious of bad actors. Unlike the prudential regulatory governance employed by the agencies of the Federal Financial Institutions Examination Council for the nation's mainstream financial institutions, regulatory response for the oversight of money transmitters is prompted instead by complaints to state authorities, or by the filing of suspicious activity reports to FinCEN.
Future regulatory considerations
There are many risks to consider in this nascent segment of the retail payments industry. With the ease of entry into the market for money transmitters and the potential lack of funding in some states for comprehensive regulatory oversight, some startups may circumvent licensing and capital requirements by merely opening for business, undetected by state authorities. FinCEN has issued advisories requesting that financial institutions that discover such businesses file suspicious activity reports (SARs) as a means of mitigating unlicensed and potentially illegal activity. Unfortunately, as technology supports more sophisticated advancements in electronic payments as well as new alliances between carriers and money transmitters, regulatory efforts will become increasingly difficult.
The newly established Consumer Financial Protection Bureau is empowered to exercise enforcement authority for improper conduct on behalf of money transmitters, but the task is daunting, considering the disproportionate state-by-state regulatory framework currently in place. Is it time to consider a more consistent, national approach to the legal and regulatory oversight of money transmitters? And, considering the onerous compliance costs that the current environment imposes, would money transmitters in fact welcome a more consistent, uniform environment?
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
March 28, 2011
The nitty gritty of money transfer operators (MTOs)
When a friend of mine was travelling across Cambodia last year, he had a common, yet frightening, experience of the solo voyager: his wallet was stolen. Luckily, despite the seeming remoteness of his beach vacation, there were several Western Union agents in Sihanouk Ville. His parents were able to send him enough cash to finish out his trip. While losing his identification was still stomach-gnawing, he at least had the money to pay for lodging, food, and transportation. The global reach of money transmitters offers a clear value to travelers and migrants, but may also be valued by those wishing to exploit the companies for more nefarious purposes.
The reach of MTOs across the globe is a remarkable business accomplishment. Western Union or MoneyGram agents can be in from the smallest American town to the remotest corners of the globe. Western Union currently boasts 445,000 locations worldwide, and MoneyGram offers another 227,000. This already expansive agent network is quickly growing, with Western Union adding 150,000 locations since 2007. These MTOs serve the financial needs primarily of migrants—a significant portion of the worldwide population—offering not only money transfers but also ancillary services like prepaid cards, money orders, and walk-in bill payment. Immigrants in any given country are often unbanked or underbanked, yet often need to send cash remittances to family back home. MTOs are able to charge a premium for services that customers see as reliable, fast, and private.
But how exactly are these international money transfers executed? In Western Union's case, agents take cash from remitters and enter confirmation of cash receipt into Western Union's messaging system. The agents also collect data on both the sender and recipient. On the receiving end, the recipient in most cases presents photo identification at his or her local agent to pick up the cash. Western Union net settles with agents at the end of the day via ACH, if that service is available in the country, or by wire otherwise. Western Union has some intraday credit exposure to the transaction, as they commit to reimbursing the receiving agent regardless of the sender's solvency at the end of the day. Therefore, a Western Union transfer consists of three different streams: the flow of information between the sending and receiving agents via their messaging system, the separate communication between sending and receiving customers, and the final flow of funds between Western Union and the agents. MoneyGram's system operates similarly, but typically at a somewhat lower price point.
What are the risks?
The primary concern of regulators and law enforcement vis-à-vis MTOs is the risk of illicit use—bad actors taking advantage of these global networks to launder money and finance terrorism. Unlike banks that establish long-term account relationships with their clients, MTOs offer one-off transactions with more limited customer data. Consequently, MTOs may lack the relationship-level depth of customer data that banks have access to for risk mitigation purposes. Western Union has proactively led anti-money laundering (AML) compliance efforts in response to such fears. In 2010 testimony to Congress, Western Union reported spending more than $35 million annually on AML compliance. Although MTOs are global in scope, regulatory oversight is inherently limited to specific jurisdictions, and therefore the firms must interact with many different regulators and law enforcement agencies. MTOs currently operate under a complex structure of state, federal, and foreign regulation. Western Union has advocated for more consolidated regulation at the federal level, which may be in the cards, as the new Consumer Financial Protection Bureau (CFPB) will have jurisdiction over MTOs. Of greater concern may be unregistered MTOs, which operate outside the rule of law, and against whom FinCEN regularly brings enforcement.
Another concern facing MTO regulators is fraud. Social engineers sometimes use MTOs to try to part victims from their money. For example, a scam artist might convince a victim that he or she has won a cash prize but must first send a money transfer to cover the taxes before collecting the winnings. Of course, after the target sends the irreversible transfer, he or she never sees any winnings. We have previously covered MoneyGram's remedial efforts in this area, and Western Union calls out this risk as a special concern in their annual report:
The remittance industry has come under increasing scrutiny from government regulators and others in connection with its ability to prevent its services from being abused by people seeking to defraud others.... [T]he ingenuity of criminal fraudsters, combined with the potential susceptibility to fraud by consumers during economically difficult times, make the prevention of consumer fraud a significant and challenging problem. (p. 27)
The global ubiquity that lies at the heart of MTOs' value proposition is also a key risk factor for illicit use and fraud, as criminals may leverage the systems to divert illicit gains outside the jurisdiction of their crimes. While some companies have recognized this risk and actively worked to mitigate it, others may need regulatory encouragement. How can we most effectively monitor such expansive entities? How can industry and regulators better collaborate to bring unregistered MTOs into compliance with existing laws? These questions will be increasingly important as the CFPB moves to more rationally and comprehensively supervise this dynamic industry.
By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference The nitty gritty of money transfer operators (MTOs):
January 10, 2011
Nonbanks and payments innovation: Because that's where the money is
In the past decade, nonbank companies have driven most payments innovations. For the most part, banks have left Silicon Valley startups and other third-party players to develop cool new payments gadgets and platforms that attract venture capital and YouTube views. While this dynamic and free market has allowed for great creativity, it has also meant that many of these new payments tools emerged outside the extensive system of regulations and consumer protections that exist in the banking industry.
This blog previously covered the lack of uniform regulation of the money services business (MSBs), a significant gap given the expansion of financial services offered by MSBs like Western Union and MoneyGram in recent years. While providing a vital service for money transfer, MSBs may be vulnerable to money laundering and fraud schemes, as they lack the robust regulatory oversight that governs mainstream financial institutions. Through a series of industry partnerships, MSBs and other less-regulated nonbank payment companies are integrating with bank operations. For example, CashEdge, a relatively new alternative payment service provider, and MoneyGram recently announced one such partnership that could have implications for anti-fraud efforts.
Last year, MoneyGram paid $18 million in a Federal Trade Commission (FTC) settlement that charged the company had known about fraud on their system but did not work to address it, disregarding law enforcement warnings and willfully ignoring customer fraud complaints against agents. Consumers reported $84 million in losses between 2004 and 2008, but it is likely that many victims did not come forward, and the FTC claims that losses may actually have run into the hundreds of millions of dollars. Since the settlement, MoneyGram has invested heavily in anti-fraud measures, including enhanced agent training, improved communication with consumers, and greater partnership with law enforcement and the FTC. In response to questions from the Connecticut Watchdog, MoneyGram explained that these efforts have prevented $30 million in fraud this year and resulted in a 75 percent decrease in fraudulent transactions between the United States and Canada.
However, con artists continue to exploit Americans, evidenced by the recent Make-A-Wish scam. This scam has already defrauded victims of $20 million, with the thieves again using Western Union and MoneyGram to receive payments. Although these companies provide a valuable service to those sending money abroad to family and others, they are still vulnerable to threats from bad actors.
In light of this vulnerability, MoneyGram's announcement this past fall of a partnership with CashEdge to integrate with their POPmoney service bears scrutiny. POPmoney is a bank-initiated peer-to-peer payments service that went live late in 2009 and allows users to send friends and family money through text, e-mail, or online banking. The product has been very popular, with more than 100 banks adopting the service within six months of launch. The new partnership means that POPmoney users will be able to transfer money not just to other bank accounts, but also to any MoneyGram location around the world. These POPmoney-to-MoneyGram transactions will likely be fast and irreversible, using CashEdge’s convenience and MoneyGram's global presence. Furthermore, users will initiate all transactions via online or mobile banking, funding them directly from their primary bank account. Although MoneyGram launched enhanced anti-fraud technology last year for scanning risky transactions, these online transfers would bypass live agents whose training is one line of defense against fraud.
Although there may be considerable risks in integrating MSBs directly to a financial institution's online banking services, doing so could also be an opportunity to fight fraud in these channels. If banks' extensive experience in fraud detection and mitigation were applied to the money transfer business, it could significantly improve consumer safety and experience. If there are lessons to be learned here, they could be applied to a variety of similar partnerships across the industry, improving banks' access to innovation and enhancing the risk management capabilities of new payments products.
By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Nonbanks and payments innovation: Because that's where the money is:
November 8, 2010
Proposed rule targets cross-border wire transfers
In its simplest terms, money laundering generally involves the creation of an intricate series of financial transactions designed to conceal the identity, source, and destination of illicitly obtained funds. The success or failure of the laundering process generally turns on whether the launderer successfully minimizes or eliminates the trail that would lead law enforcement to trace the illicit proceeds back to their illegal source.
One common method for laundering money is wire transfers, particularly cross-border wire transfers, as they permit funds to move instantaneously from one account to another within and among international financial institutions. The Financial Crimes Enforcement Network (FinCEN) recently took action to address the money laundering risks commonly associated with cross-border wire transfers by proposing more stringent reporting requirements for financial institutions.
Expanded reporting for cross-border wire transfers
On September 27, 2010, FinCEN issued a notice of proposed rulemaking that would lower the reporting threshold on cross-border electronic fund transfers (CBEFT) from $10,000 to $1,000. FinCEN based its proposed rule on the conclusions of two studies: Feasibility of a Cross-Border Electronic Funds Transfer Reporting System under the Bank Secrecy Act, and Implications and Benefits of Cross-Border Funds Transmittal Reporting. The proposed rule would also require certain depository institutions and money services businesses to provide records to FinCEN of certain cross-border electronic transmittals of funds. Banks directly transacting with foreign financial institutions would be required to report all cross-border wire transfers to FinCEN.
The proposal would also require financial institutions to report the taxpayer identification numbers (TIN) of individuals who make CBETFs. Banks would file a list of these numbers annually for all CBETFs, regardless of the amount. MSBs would file TINs for CBETFs of $3,000 or more.
Currently, financial institutions are subject only to reporting suspicious wire transfers and maintaining and making available upon request to FinCEN records of cross-border wire transfers. According to FinCEN, the proposed rule will most likely affect larger financial institutions that use centralized message systems like SWIFT (Society for Worldwide Interbank Financial Telecommunication), Fedwire, and CHIPS (Clearing House Interbank Payments System).
The challenge in monitoring cross-border wire transfers
Monitoring cross-border wire transfers can present unique challenges since their processing can sometimes involve several intermediary financial institutions before the intended funds are received by the beneficiary. Effectively monitoring these transfers for anti-money laundering purposes generally requires that banks and nonfinancial institutions be knowledgeable of an account's normal and reasonable activity so they are better armed to identify transactions that may fall outside a known pattern.
According to a paper by the Basel Committee on Banking Supervision, there is need for improved transparency in cross-border wires due to the variance with the existing wire structure, which has done little to enable institutions to report the difference between cross-border and domestic wire transfers. The paper states that existing messaging practices can impair an institution's risk management and compliance obligations.
The proposed cross-border wire transfer reporting requirements are intended to improve transparency by facilitating more information gathering and enhancing money laundering due diligence. The proposed rule may also further assist law enforcement with the arduous task of unraveling the launderers' intricate web of tracing laundered proceeds back to their illegal source. FinCEN estimates that the proposed rule will spur 500 million to 700 million new reports a year. Currently, financial institutions and MSBs file more than 15 million reports per year.
Containing existing loopholes
FinCEN indicates that the enhanced reporting requirements will help close certain loopholes in the existing wire transfer rules that are exploited for money laundering, terrorist financing, and tax evasion—for instance, money launderers often purposefully send funds in increments below the current reporting threshold and use multiple institutions to avoid detection. Nevertheless, it is hoped that heightened reporting of account activity will help law enforcement and regulatory authorities detect, mitigate, and investigate money laundering and other illicit financial crimes. Or will the increased reporting requirements only serve to flood FinCEN with massive amounts of wire transfer data? But that is the topic of a future post.
The proposed rule is open for comment until December 29, 2010.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Proposed rule targets cross-border wire transfers:
October 4, 2010
Has existing regulation of money services businesses kept pace with their enhanced financial services options?
Most businesses that meet the definition of money services business (MSB) offer financial services such as wire transfers, currency exchange, check cashing, traveler's checks, money orders, or stored-value cards. In the past, MSBs mostly served consumers without an established banking relationship—that is, the unbanked. Today, consumers with established banking relationships may also use these services on occasion because the MSBs sometimes offer cheaper services, such as wire transfers, than banks do.
Well-established MSBs such as Western Union and MoneyGram have provided the traditional services—wire transfers, currency exchange, check cashing, and so on—for years. Over the past few years, MSBs have rapidly grown and expanded their financial services offerings with options such as Internet-directed services for person-to-person (P2P) and person-to-business (P2B) payments, stored-value products, and, most recently, mobile money transfer service, which permits users to send funds cross-border and domestically using their mobile phone.
But are these expanded financial services within the coverage of the existing regulatory framework for MSBs? Are there new money laundering risks with the introduction of new financial services options not previously anticipated by the existing regulatory framework?
Conforming MSB regulation to mirror MSBs enhanced services
Although states have regulated check cashers and money transmitters for years, regulation of these nonbank financial institutions has not been uniform. The Uniform Money Services Act (UMSA) was adopted in an effort to provide a framework to deal with money laundering issues unique to nondepository providers of financial services. UMSA applies to businesses that provide money services and requires that MSBs be licensed, maintain extensive records of their transactions, and submit to audits. Although some MSBs may only offer one or more of the services listed above, all MSBs are subject to the provisions of UMSA because of the interrelated group of services they offer and because they are not regulated in the same manner as depositary institutions.
UMSA expanded existing MSB regulatory coverage to include what was considered at the time a new type of payment service: Internet-based service. It was believed that this new type of financial service posed the same concerns as did traditional financial services, such as wire transfers and check cashing, for example.
A patchwork of regulation
MSB compliance is a complex patchwork of regulations that involve federal restrictions on money laundering as well as state consumer protection mandates. MSBs are required to follow Bank Secrecy Act/Anti-money Laundering (BSA/AML) regulations that require them to file "Currency Transaction Reports," implement AML programs, and file "Suspicious Activity Reports." The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has delegated authority to the IRS to examine MSBs for compliance with BSA requirements. State agencies may evaluate MSBs for compliance with BSA, though they may not directly enforce the BSA. Generally, State agencies are charged with enforcing their own MSB state statutes and regulations, which sometimes may impose requirements that overlap with the BSA.
Navigating through MSB regulations
In 2009, FinCEN conducted outreach meetings with some of the largest MSBs in an effort to better understand how MSBs navigate through these numerous regulations. The meetings resulted in the production of a report that stated that as MSBs navigate through these regulations, they place significant emphasis on agent oversight and compliance, value their reputation and consumer trust as the core objective of their business models, and feel that being in compliance with BSA regulations is consistent with their business model. The results of this report do not certify that the participating MSBs were in compliance with MSB regulations.
In the last year, legislation was proposed that would centralize MSB anti-money laundering compliance with the Treasury and authorize that office to recognize a self-regulatory organization similar to the private nonprofit Financial Industry Regulatory Authority (FINRA) that regulates broker dealers. The goal of the bill is to bring about uniform registration and supervision of MSBs without preempting state laws.
MSBs play a vital role in domestic and foreign economies, particularly by providing the needed financial services that facilitate the transmission of money to foreign countries. Establishing uniform legislation may strengthen the continued work of combating money laundering and help prevent the use of MSBs as channels for money laundering or other illicit activities.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Has existing regulation of money services businesses kept pace with their enhanced financial services options?:
- Hiding in Plain Sight
- A New You: Synthetic Identity Fraud
- Card Fraud Values Often above Average
- A Look in the Rearview Mirror of Payments for 2018
- Building Blocks for the Sandbox
- Smaller FIs Weigh In on Mobile Financial Services
- In Payments, What I Say May Not Match What I Do
- Organizational Muscle Memory and the Right of Boom
- Remote Card Fraud: A Growing Concern
- Three Views of Noncash Payments Fraud
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- payments fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud