ekyc, instant on-boarding, digitisation, fintech, regtech, sandbox – these are the buzz words that are often thrown around. Spoken by many but understood by few.
Every payment provider is looking at some form or shape ways to reduce the time to issue QR codes, install contactless terminals or provide access to their internet payment gateway. Some banks have even attempted to slap on a “web form” and subsequently calling it a day.
Here are the nuts and bolts to make your instant merchant on-boarding closer to reality.
The golden SEVEN in mitigating AML/CFT risk
Let’s begin with FATF (Financial Action Task Force) guidance for a risk based approach for New Payment Products & Services (NPPS). The inter-governmental body have published guidelines on how to mitigate AML/CFT risk specific to NPPS.
In the following FATF-NPPS risk matrix table, there are total of seven broad criteria and we have mapped out the content in lowering the risk score for each of these.
(Click to enlarge)
Step 1: Form your BART team
FATF guidance actually recognises the need for a risk based approach on NPPS given that an overly cautious approach to AML/CFT set of controls may result in unintended consequences of excluding entities from the financial system and thereby compelling them to use services that are not subject to regulatory and supervisory oversight.
The very first thing that needs to be done is for stakeholders within your organisation is to form a steering committee with senior leaders from the payments business, audit, risk and technology (Let’s call them BART). A senior management buy-in is a must as a successful NPPS project will require risk based approaches that will likely entail policy changes.
Start by stating the business objectives. Be specific. Instant on-boarding can mean many things to many people. State clearly if it’s instant approval, provisional approval, instant collection, instant activation, next day etc.
Step 2: FATF Risk Matrix mapping
A risk based approach requires your BART committee to focus on risk exposure mapped to the probability factor. Implement all the required controls to mitigate this exposure. A BART team that consist of experienced risk professional team members will be able to propose sophisticated controls to not only address AML/CFT requirements but also fraud risk and new business requirements.
For example, on the value limits risk criteria, you should consider having dynamic transaction amounts and frequency limits based on merchant categories; where more stringent controls are implemented on new accounts vs. known accounts. These controls should be as automated as possible.
Step 3: Use technology to enable your process and controls
The technology should support the processes and controls that you wish to implement. NOT the other way around.
Work with a technology provider that understands how to enable your payments business. There are lots of ground to cover as far as AML/CFT is concerned. Having deep tech and deep expertise across payments risk management will make the journey towards instant on-boarding a lot smoother. A robust origination platform will allow you to implement flexible AML controls, talk to other core systems, manage legacy platforms and deal with exception flows.
The biggest mistake that a financial institution can make is to first purchase some payment technology that has a “KYC” / “Digitisation” module and then figuring out how to make everything else revolve around it.