Written by Pekka Dare on Friday March 14, 2014
The past decade has seen an explosion in the scale of the New Payments Products and Services (NPPS) sector. Let’s just be clear what we mean by this. Typically NPPS are defined as:
From Bitcoin to Paypal, the growth in consumer and media interest has been dramatic in the past few years, (for example, in Kenya the M-PESA mobile financial service has transferred more than $32.25 billion since 2007) and this change is not just confined to developing jurisdictions.
So what are the implications for “bricks & mortar” firms with more traditional business models and why should they care?
It’s a fact that customers of “traditional” financial services firms are using these products, as direct customers/consumers (for example purchasing Bitcoins or stored value cards) or that traditional firms have customers that are linked in some other way to NPSS, for example by acting as intermediaries or brokers for NPPS providers. Firms may also have a relationship with individuals or entities directly providing NPPS.
Without understanding the real risks and features of these new products and services firms are exposed. The Liberty Reserve case demonstrates the potential for traditional financial services firms to be caught up in criminality (albeit indirectly) linked to NPPS.
There are also enormous commercial opportunities linked to NPPS.
Consumer behaviours are rapidly changing and the expectations of new generations in respect of accessing financial services will centre on the use of emerging technologies. Firms need to understand the opportunities, in terms of either providing NPPS (perhaps directly or by white-labelling) or through entering into partnership with NPPS providers (for example many mobile network operators now partner with banks to deliver mobile money products).
Finally the legal and regulatory framework covering NPPS is rapidly crystallising. From FATF’s paper of June 2013 “Guidance for a Risk Based Approach to Prepaid Cards, Mobile Payments and Internet Based Payment Services” which sets out a proposed approach to regulation , to the more recent Wolfsberg Guidance on Mobile and Internet Payments Services which provides guidance on managing the risks of NPPS. By way of illustration the new Wolfsberg Guidance considers the various risk factors of NPPS such as whether a service has any restrictions on “reloadibility” of value, or operates on a “closed” or “open loop“funding basis.
The Wolfsberg Guidance goes on to consider the specific challenges in undertaking Customer Due Diligence (CDD) in the NPPS context. The Guidance reflects the need to undertake due diligence on agents and intermediaries (who are a common feature of most mobile money services’ operating models) as well as undertaking CDD on the ultimate customers.
So, from traditional financial services firms, to NPPS providers, to law enforcement agencies to regulators, there is a pressing need to understand the reality of NPPS, not the hype. In my experience too few understand the actual way the products and services work, the delivery channels and the appropriate controls. Only when this information is more widely understood by all parties, will we be likely to see the arrival of an effective and proportionate regulatory framework and a truly risk based approach to NPPS.
That’s why it is a timely announcement form the ICA that after consultation with NPPS providers, subject matter experts and other stakeholders the ICA Specialist Certificate in Money Laundering Risk in NPPS has been launched.
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.
Help and support
Alternatively contact us on: +44(0)121 362 7534 / firstname.lastname@example.org (Course information)
or +44(0)121 362 7533 / email@example.com (Enrolled learners)
or +44(0)121 362 7747 / firstname.lastname@example.org (Membership)
or +44 (0) 121 362 7503 / email@example.com (End Point Assessment)