a point of view on bank secrecy act/aml issues for mobile payments law seminars international mobile...
TRANSCRIPT
A Point of View on Bank Secrecy Act/AML Issues for Mobile Payments
Law Seminars InternationalMobile Payment SystemsSeptember 9-10, 2013
Andrew J. Lorentz, PartnerWashington, D.C. Office
Agenda
Perspective
Key issues and challenges
Enforcement and regulatory trends
2
Business of banking / Deposit-Taking
Truth in Lending Act / Reg Z
Reg
ulat
ion
B
Bank Secrecy Act
OFAC Reg D
Truth in Savings Act
Regulation II
Gramm-Leach-Bliley Act
Fair Credit Reporting Act
Data breach/security
FDIC Deposit Insurance
E-SIGN Act
Unfair, Deceptive or Abusive Acts and Practices Laws
State Money Transmitter Laws
State Privacy and Security Statutes
Card brand rules Gift
car
d
Anti-Money Laundering Compliance
OFAC
TISA/Reg DD
Reg CC
Escheat
Durbin Amendment Identity-Theft Red Flags
Check 21
Truth in Billing Electronic Fund Transfer Act / Regulation E
Regulation DD
Bank Secrecy Act/Anti-Money Laundering*
Intent of the BSA/AML laws is to abate money laundering
Major Provisions– 3 R’s: Registration, Record-Keeping and
Reporting– Requires Anti-Money Laundering (“AML”)
programs – the “Four Pillars”– Criminalizes money laundering
*(Lots) more (real) information on Paymentlawadvisor.com
4
Bank Secrecy Act/Anti-Money Laundering
Applies to “financial institutions”
Types most relevant to mobile:
• Banks and other depository institutions• Money Service Businesses (“MSBs”)
AML criminal prohibitions apply more broadly
5
BSA Compliance SummaryDeposito
ry Institutio
ns
Money Transmitte
rs
Agents of Money
Transmitters*
Providers of Prepaid
Access
Sellers of Prepaid Access
Registration X X X
Records X X X X X
Reports
SARs X X X X X
CTRs X X X X X
CMIRs X X X X X
Others X
AML Program X X X X X
6
* Principals and agents may allocate responsibility but both are responsible for compliance.
PERSPECTIVE
Dispro-portionate impact
Risk-based – except
for getting customers?
Where roles unsettled – a game of
compliance hot potato
7
PERSPECTIVE
• Physical retail outlets of carriers
• Pre-existing customer relationships
• More and better data (geo-location)
• Handset for authentication (“something you have”)
Mobile Potenti
al
8
9
New Approaches Verification by carrier customer
accounts
Payfone’s “Mobile Authentication” leverages customer’s existing relationship with mobile carriers.
10
New Approaches
Prepaid accounts with mobile carriers
Boku mobile carrier billing leverages SMS authentication for payments
Customer Acquisition
Often both bank and MSB customer verification obligations triggered
Banks cannot formally rely on non-banks for CIP
11
Customer Acquisition
12
Verification Requirements
Must obtain identifying information when…
What information?
Depository institution
“Formal banking relationship established to provide or engage in services….”
Customer Identification Program (“CIP”) (name, address, ID #, DOB)
Money Transmitter
AML policy must provide for… “Verifying customer identification”
Customer Acquisition
13
Verification Requirements
Must obtain identifying information when…
What information?
Provider of Prepaid Access
A “person” “obtains prepaid access under a prepaid program” [even closed loop if > $2,000 per “vehicle or device” per day]
Name, address, ID #, DOB (same as CIP)
Seller of Prepaid Access
(1)A “person” “obtains prepaid access under a prepaid program,” or
(2)A “person” “obtains prepaid access to funds that exceed $10,000 during any one day”
Name, address, ID #, DOB (same as CIP)
EFFECTS
Mobile environment is challenging for customer acquisition and verification
Small form factor may introduce an inefficient or awkward registration process
Interface may not be optimized for mobile
Increased risk of abandoned accounts
Disputes over ownership/use of customer information in new ecosystem
14
EFFECTS
(Most) mobile payments solutions fit into defined boxes
– Prepaid, credit, debit– Merchant aggregation
Bewilderment as to who does what
Overkill: Everybody is an MSB or acts like one– Where does mobile carrier billing fit?
15
Enforcement and regulatory trends
• FDIC, FinCEN, DoJ, $15MM civil money penalty, “death penalty” (terminated FDIC insurance, revoked charter)
• Activities at issue were those of third party payment processor customers of bank
• Bank failed to monitor and control RCC and ACH returns
First Bank of
Delaware (Nov. 2012)
16
Enforcement and regulatory trends
Lessons• Duty to police customer and activities of
customer• Customer’s customer… and so on
• Enforcement squeeze at bank level ripples down the compliance chain, to MSB customers of banks and beyond
• First Delaware part of a major enforcement sweep targeting payment processors and their banks• Risks to banks and their officers (FIRREA
liability) 17
Enforcement and regulatory trends
FinCEN ANPRM on customer due diligence (CDD) (Mar. 5, 2012)• Intended to “codify, clarify, consolidate, and
strengthen existing CDD regulatory requirements and supervisory expectations, and establish a categorical requirement for financial institutions to identify beneficial ownership of their accountholders”
• Banks plus others covered – but not MSBs at this time
So much for a risk-based regime?
Bank risk committees
18
Enforcement and regulatory trends
HSBC Holdings (Dec. 2012)
“HSBC is being held accountable for stunning failures of oversight – and worse – that led the bank to permit narcotics traffickers and others to launder hundreds of millions of dollars through HSBC subsidiaries…The level of dysfunction at HSBC for many years was astonishing.”
$1.921 billion in forfeiture and fines –largest BSA penalty ever
Changes to management, systems Must submit to ongoing monitoring
19
Enforcement and regulatory trends
Remind me why mobile payments are so risky?
20
Enforcement and regulatory trends
• Digital currency company that facilitated money laundering
• Did no verification of its customers• Allowed account to account transfers;
funding and cash out only through “exchangers” added more anonymity
• 17 country takedown – “largest ever”• Avowedly “illegal” activity• 200,000 U.S. users • 55 million transactions• Laundered $6 billion
Liberty Reserve (May 2013)
21
Enforcement and regulatory trends
Lessons
• Srsly?*• Don’t be a crook• Don’t be an idiot – this activity
was not in the regulatory grey zone
22
*“Bitcoin” and “srsly” were both added to the Oxford Dictionaries Online on Aug. 28, 2013. Coincidence?
http://blog.oxforddictionaries.com/2013/08/new-words-august-2013/
Enforcement and regulatory trends
FinCEN Virtual Currency Guidance (March 2013)
“Exchangers” and “administrators” of “convertible virtual currency” are money transmitters
“Virtual currency” is a medium of exchange that operates like currency in some environments, but does not have all the attributes of real currency
“Convertible virtual currency” has an equivalent value in real currency, or acts as a substitute for real currency
23
Disclaimer
This presentation is a publication of Davis Wright Tremaine LLP. Our purpose in making this presentation is to inform our clients and friends of recent legal developments. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations.
Attorney advertising. Prior results do not guarantee a similar outcome.
Davis Wright Tremaine, the D logo, and Defining Success Together are registered trademarks of Davis Wright Tremaine LLP. © 2013 Davis Wright Tremaine LLP.
25