Money moves the economy, and the world. By making it easier to move money, we make it easier to foster entrepreneurship, and we create opportunities for growth. Hence, it’s natural to feel very optimistic about the current boom in digital payments. 

In 2023 the total transaction value of digital payments is estimated to reach USD 9.46 trillion, up from USD 5.44 trillion in 2020. Such exponential growth is driven by unprecedented technological advancements and historic changes in people’s behaviours, especially in the course of the recent  pandemic. 

The industry segment that is both responding to and responsible for these era-defining shifts is the one of Fintech and payment providers. This is an incredibly vibrant and ever-expanding space with more than 900 payment providers worldwide as of 2022.   

However, while the ubiquity of digital payment methods has made life easier for billions of people, it also raises concerns about the heightened risk of financial crime, including money laundering and consumer scams. 

According to a recent McKinsey report, criminals are increasingly utilising digital payments to launder money. Rather than ignoring or minimising the problem, it is in each payment provider’s best interest to start addressing it head-on. The strength and stability of the broader financial system hinge on this engagement and benefits all legitimate participants. Beyond the collective system’s integrity, it is a pressing matter of individual risk for each payment service provider (PSP). Should they be implicated in the flow of illicit funds, the resulting reputational and regulatory repercussions could threaten their existence. 

A closer look at financial crime risks in payments 

Money muling is one of the simplest yet most widespread tactics in the vast space of financial crime in payments. It usually relies on individuals moving small amounts of money through their accounts for a fee. Such “mules” will usually be asked by criminals to send money received from a third party on to a designated account while retaining the agreed fee for their service. This way, the transaction will not generate suspicion by the payment processor as the mules’ accounts are usually standard digital wallets or bank accounts that do not raise any specific red flags in the financial institutions’ systems. Prepaid cards are also extremely popular for this purpose, as they can be easily purchased and distributed to money mules at scale and across jurisdictions. 

Banks seem to agree that the younger generation is the most vulnerable to money muling, but older generations’ involvement is also on the rise. In the UK, while Santander reported that the mean age of a mule in 2022 was 31, data from Lloyds highlighted a 29% increase in people over 40 getting involved in this criminal practice. 

While the growth in conventional mules is a huge problem, the sums involved in this type of schemes are usually quite limited. Arguably the more significant money laundering risks are related to payments that involve merchants and businesses, where the sums involved and the frequency of transactions tend to be much higher. 

Due to commercial pressure to ensure better conversion rates, newly established payment vendors might be tempted to prioritise speed over the thoroughness of compliance checks during merchant and corporate onboarding. While understandable, this approach leaves minimal room for comprehensive due diligence. In fact, it’s not uncommon to see fraudulent organisations being set up specifically to “look normal” and then used to launder proceeds from illegal activities via payment services worldwide.  

Hence, before everything else, it is essential not to let the bad actors enter the room and sit at the table. And that’s where robust and continuous corporate Know Your Customer (KYC) or Know Your Business (KYB) processes come in. To be truly effective, these checks should rely on official information sources and automated processes that can quickly and accurately identify suspicious information or unnecessarily convoluted corporate structures.  

But it would be wrong to think that risk management stops at onboarding. Clean accounts at onboarding might quickly turn dirty if not adequately monitored. That’s why PSPs need to also screen every transaction to automatically flag any suspicious ones and ensure that none of the entities involved are sanctioned companies or owned by a sanctioned ultimate-beneficial owner. 

The use of cryptocurrencies in digital payments poses another risk, providing an opening for criminals looking to hide in plain sight. The decentralised nature of cryptocurrencies and the potential for anonymous transactions certainly make crypto exchanges an attractive avenue for money launderers. To counteract this trend, for the past few years, international bodies like the Financial Action Task Force (FATF) have put a lot of effort into educating and guiding local regulators on these risks and the necessary controls to limit them. However, the road to full supervision is still long, as most jurisdictions have just begun implementing and enforcing any dedicated regulation. 

Risk mitigation through technology 

So, after identifying the risks, what can payment providers do to limit them? As it is often the case, technology represents their most effective weapon. 

Vendors of regulatory technology, or RegTech, have made it their mission to facilitate risk management and compliance through intelligent automation and cutting-edge innovations. Thanks to their highly specialised expertise, they are best positioned to help payment providers quickly implement solutions that are fit for purpose. From their side, payment companies appear to have a higher propensity for using RegTech solutions compared to other regulated sectors, making this type of collaboration extremely fruitful. The reason for this might be that payment service providers are also tech companies at heart, always looking to increase efficiencies through automation. 

By working closely with experienced RegTech vendors, PSPs have the best chance to manage each financial crime risk we previously identified without hindering their business growth.  

When it comes to having thorough KYC and KYB checks in place to stop bad actors from entering the financial system, there is no lack of solutions on the market. However, not all providers are created equal, so it is essential that PSPs ask the right questions when evaluating a RegTech provider to digitise onboarding checks. Especially with merchant and business onboarding, it’s key to know the origin of the information that each KYB vendor is using for verification.  

While databases of static corporate information might seem like the cheaper option, they do not provide the level of reliability and accuracy needed to prevent financial crime or compliance breaches. Furthermore, they often have limited coverage of the important SME and newly incorporated entity segments. On the other hand, official company registries from local governments represent the ultimate source of truth and, as such, should be the first port of call for any KYB investigation. To properly manage onboarding risk, the best option will be to opt for an aggregator of real-time registry connections and a provider that offers time-stamped digital copies of documents alongside automatically extracted shareholder information. 

After onboarding comes transaction monitoring. Here investment in superior technology with real-time capabilities, AI components and a low false-positive rate should be a priority for PSPs. This investment will help reduce the number of human reviewers and the time needed to review and adjudicate potentially suspicious transactions.  

The two RegTech approaches outlined above apply to standard payment transactions as much as to cryptocurrency ones. Due to the anonymous and instantaneous nature of these transactions, it is essential to be highly vigilant of who gets access to crypto wallets and their level of transactions. And once again, the answer lies in thorough KYC and KYB checks powered by RegTech solutions. 

Another important caveat to remember: when selecting RegTech vendors, choosing modular, configurable and easy-to-integrate solutions is smarter than monolithic and hard-coded systems. Great onboarding or transaction monitoring solutions that can only work in silos and don’t connect in any way will cause more problems than solving them due to operational inefficiencies and high costs for the PSPs. So, it should be a priority to opt for providers with well-documented and fully functioning APIs and a dedicated and responsive IT and customer support team to help during implementation. 

In conclusion, the risks posed by financial crimes in the payment industry are real and should not be underestimated, but a strategic and highly integrated use of RegTech can provide a solution to manage these risks effectively. There are a lot of elective affinities between payment and RegTech providers, from their mostly agile way of working to their openness to using new technologies to solve old problems. By working together, these two sectors can strengthen the booming digital payment revolution while protecting the integrity of the global financial system.