13th July 2021
Fintech AML Compliance Checklist
While fintechs offer innovative products and enhanced customer experiences in every part of the world, they also face complex compliance challenges. The elevated criminal risks associated with online financial services mean that fintechs must think carefully about their regulatory responsibilities and ensure that their anti-money laundering (AML) and counter-financing of terrorism (CFT) measures suit both their business needs and risk profile.
Protect your business and your customers from criminal risks with our fintech AML compliance checklist:
Compliance in fintech (and other financial service businesses) should be built on a foundation of technical and regulatory understanding.
- Compliance program: Under the risk-based approach, fintechs must develop and implement an AML/CFT program in accordance with their regulatory obligations. An AML compliance program should cover every stage of a firm’s compliance response from the detection of threats to the submission of reports to the authorities.
- Compliance Officer: Fintechs must appoint a dedicated Compliance Officer to provide oversight for their AML/CFT program. The Compliance Officer must have sufficient industry expertise and the authority within their firm to carry out their duties effectively.
- Risk-based: Under Financial Action Task Force (FATF) guidance, banks and other financial service providers such as fintechs, must take a risk-based approach to AML compliance. This means that fintechs must assess the specific money laundering risks that they face in their business space, and then deploy proportionate AML/CFT measures.
The day-to-day demands of AML compliance require fintechs to put the following measures and controls in place:
- Due Diligence: Customer due diligence (CDD) is a crucial stage in the AML process and requires firms to acquire identifying data about their customers in order to build accurate risk profiles. For fintechs, CDD should reflect the specific speed and anonymity risks of online transactions, and include enhanced identification procedures, including (potentially) the use of biometric checks such as fingerprint, voice, or face scans.
- Transaction monitoring: Fintechs may handle high volumes of transactions with customers all over the world. To detect and prevent money laundering, fintechs must monitor their customers’ transactions for suspicious activity, which might include unusually high volumes of transactions, transactions with high risk countries, transactions associated with suspect accounts, or transactions that don’t match a given risk profile.
- SAR: When potential criminal activity is detected, firms must inform the relevant authorities as quickly as possible by submitting a suspicious activity report (SAR). Fintech compliance employees should be familiar with the SAR process to ensure timely submission: the process should be straightforward and clear, and be informed by input from senior management.
- Sanctions screening: Since fintechs may engage with customers from all over the world, they must screen to ensure they are not doing business with customers that are subject to international sanctions. Effective sanctions screening solutions should be updated with the relevant sanctions list data, and take into account regional spellings and naming conventions and the use of nicknames and aliases.
- PEP screening: Politically exposed persons (PEP) pose a higher money laundering risk. Given the potential for PEPs to exploit online services to avoid AML scrutiny, fintechs must establish their customers’ PEP status by screening at onboarding and then throughout the business relationship in case that status changes.
- Adverse media monitoring: Media stories are often a good indicator of the risk that customers present. With that in mind, the fintech AML process should include adverse media monitoring on an ongoing basis, checking specifically for stories that connect customers to financial crime. The screening process should include screen and print media along with online sources.
Ongoing AML compliance should form part of a firm’s compliance culture and evolve with the regulatory landscape
- Training: While the day-to-day responsibilities of compliance are crucial to managing threats, FATF guidance suggests that employees should receive AML training as part of their firm’s wider compliance program. In practice, this means that fintechs should implement an ongoing training schedule that reflects the risks of the digital financial landscape – and ensure that employees at every level of seniority understand the firm’s AML culture and protocol.
- Technology: Fintech AML compliance requires firms to integrate technology solutions capable of managing vast amounts of customer and transaction data. Smart technology solutions should not only add speed and efficiency to core AML processes but help firms adapt to the rapidly changing regulations concerning emergent fintech services such as cryptocurrencies, and manage increasingly sophisticated criminal methodologies.