17th July 2020
eWallets: AML Risks & How to Comply
AML Risks & How to Comply
eWallets are online storage systems that hold users’ banking information and can be used to pay for goods and services, often in conjunction with mobile payment systems. Use of eWallets and “mobile money” has grown rapidly since 2017 as the use of cash has declined, and research suggests that eWallet payments could constitute up to 28% of all global transactions by 2022. Numerous financial and technology firms provide eWallet services: major platforms include Apple Pay, Google Pay, and Paypal and the market is also populated with a variety of start-ups. In addition to in-person transactions using a mobile device, many eWallets can also be used to facilitate payments online.
The use of eWallets, mobile money and online financial services has led to the development of criminal methodologies that exploit those services to launder money and finance terrorist activities. While developers can implement a range of security measures to protect users from cyber-criminals, eWallets remain at risk thanks to certain traits inherent in the technology.
Those risks mean that eWallet service providers must put AML/CFT measures in place to respond to potential criminal threats. To ensure that those measures are effective, service providers should understand both the risks that they face and how to comply with the relevant legislation within their jurisdiction.
The money laundering risk associated with eWallets and mobile money derives from the relative anonymity offered by online financial services and other aspects of the technology, including the speed with which transactions can take place and a lack of regulation from national and international authorities. In more detail, those risks involve:
Anonymity: eWallet firms may implement inadequate customer identity verification measures, allowing criminals to use their services anonymously to launder money. In this context, money launderers may be deceptive about their identities when applying for accounts, use proxies to open accounts or open multiple different accounts as part of their criminal enterprise.
Transaction obscurity: Criminals may manipulate eWallet services to disguise their efforts to launder money. Multiple eWallet accounts may be accessed from a single mobile device to conceal the identity of users, or, similarly, criminals may attempt to make a number of small transactions in an effort to disguise a larger sum of transferred money. eWallets can also quickly facilitate the transfer of money from one country to another to elude the attention of financial authorities.
Speed: Like all digital financial services, eWallet transactions take place quickly and, in some cases, in real time. This means that money launderers are able to move illegal funds around rapidly, evading supervisory safeguards and investigations. Speedy transaction times can help criminals structure their transactions: using multiple transfers across multiple accounts to disguise the illegal origin or their funds more effectively.
Lack of oversight: Some countries do not have effective legislation in place to deal with AML issues arising from the use of eWallets. In this context, money launderers may be able to exploit regulatory blind-spots and disparities or a general lack of understanding of the criminal methodology associated with eWallet technology. Similarly, criminals may seek to transfer illegal funds between eWallets in different countries, avoiding reporting thresholds and suspicious activity reporting rules.
The Financial Action Task Force (FATF) sets out a risk-based AML/CFT framework that member states must implement in domestic legislation. This means that firms, including eWallet service providers must conduct risk assessments of their customers and adjust their AML/CFT response proportionately. In practice, anti-money laundering for eWallets should include the following measures:
- Customer due diligence: In order to accurately establish customer identities, eWallet firms should run customer due diligence (CDD) checks to verify information such as names, addresses and dates of birth. Under the risk-based approach, higher-risk customers should be subject to enhanced due diligence (EDD) measures.
- Transaction monitoring: eWallet service providers must monitor their customer transactions for suspicious activity that could indicate money laundering. Where suspicious activity is detected, firms should have a suspicious activity report (SAR) process in place to notify the authorities in a timely manner.
- Screening and monitoring: eWallet firms must screen customers to ensure that they are not subject to international sanctions or involved in adverse media stories that could elevate their risk of money laundering. Similarly, firms should screen their customers for politically exposed person (PEP) status.
In order to improve AML compliance, eWallet service providers should be vigilant for “red flag” behaviors, including:
- Discrepancies or inconsistencies in customer identity verification at account registration.
- Unusual transaction patterns or transactions involving high-risk customers or PEPs.
- Frequent and rapid cash withdrawals of funds transferred to eWallets.
- Frequent transfer of funds to third-party accounts following deposits to eWallets.
- Transactions consistently above or just below reporting thresholds.
- Multiple account registrations, deposits or transfers that seem connected.