56622 FOCUS NOTE AML/CFT: Strengthening Financial Inclusion and Integrity O ver the past 30 years, access to formal financial services for low-income people has increased dramatically. However, misguided efforts · AML/CFT measures should be tailored to the domestic environment and the domestic risks of money laundering and financing of to reduce criminal behavior threaten to slow the terrorism (ML/FT). pace of that progress. · AML/CFT controls should be proportionate to the prevailing or likely risks. International standards on anti-money laundering · AML/CFT obligations should be matched to the (AML) and combating the financing of terrorism capacity of both public and private institutions. (CFT) promote financial integrity and support the · Where institutional capacity is lacking, a plan fight against crime. However, the inappropriate should be developed to improve capacity and implementation of these standards--especially phase in AML/CFT obligations as institutional in emerging markets--plays a role in excluding capacity increases. millions of low-income people from formal financial · Law enforcement should be reserved as services. It can relegate the unserved majority to primarily the responsibility of the state, and the informal world of cash, undermining social and law enforcement responsibilities should not be economic advancements and denying regulators unnecessarily shifted to private institutions. and law enforcement a key means of strengthening financial integrity: the ability to trace the movement International AML/CFT standards of money. and financial services for low- income people It need not be this way. Financial inclusion and an effective financial integrity regime can--and FATF Recommendations should--be complementary national policy objectives. International AML/CFT standards have some flexibility, The 40 recommendations of the Financial Action Task enabling countries to craft effective and appropriate Force (FATF), along with its special recommendations controls. The challenge is finding the right level of regarding CFT, are the international standard for protection for a particular financial environment. AML/CFT regulations (see Box 1).2 Fortunately, a growing body of analysis and positive Although the recommendations are not legally examples from countries around the world is beginning binding on a country, noncompliant countries risk to point the way. This Focus Note shares insights being regarded as havens for criminals and their illicit gained from studying some early experiences. proceeds and harming their standing as an investment destination. Financial institutions operating in Building on earlier studies, including a CGAP analysis countries that are in compliance are required to give (Isern et al. 2005), the FIRST Initiative funded a five- special attention to dealings with any persons and No. 56 August 2009 country study (Bester et al. 2008) to analyze the institutions of a noncompliant country. In practice, effects of AML/CFT regulation on access to finance in this often slows the pace of transactions; it may even Indonesia, Kenya, Mexico, Pakistan, and South Africa.1 lead to a decision to avoid business relationships with Jennifer Isern and Louis de Koker It concludes that AML/CFT measures can negatively those persons and institutions. affect access to, and use of, financial services if the measures are not carefully designed. The study The FATF recommendations outline measures that identifies factors that may intensify this impact, provides countries, financial institutions, and certain other approaches on the design of appropriate AML/CFT businesses and professions should adopt to counter controls that complement financial access policies, and ML/FT. Countries are advised to do the following: suggests key design principles for AML/CFT controls. Some of these suggestions are as follows: 1 The study also includes case studies on the United Kingdom, the United States, and the Philippines. 2 See the FATF Web site (http://www.fatf-gafi.org) for the complete set of recommendations and related guidance. 2 Box 1: What is FATF? FATF is an intergovernmental body that sets global with eight FATF-style regional bodies in Africa, AML/CFT standards, assesses member compliance Asia/Pacific, the Caribbean, Europe, Eurasia, the with those standards, promotes global compliance Middle East and North Africa, and South America, with the standards, and identifies AML/CFT threats. representing the majority of countries in the world. Its members include 32 jurisdictions and two regional Globally, about 180 jurisdictions have directly organizations (the Gulf Cooperation Council and endorsed the FATF recommendations. the European Commission). FATF works closely · Adopt laws that criminalize laundering the are in place to enable the institution, its officers, and proceeds of crime and providing financial or its employees to meet their compliance obligations. material support to terrorists. · Establish a financial intelligence unit (FIU) to AML/CFT laws and regulations are normally enforced receive, analyze, and disseminate information with serious penalties, such as large fines and regarding potential ML/FT transactions or imprisonment. A convicted institution's reputation activities. may suffer; it may lose customers and business · Ensure appropriate and effective oversight of relationships and may even lose its license. financial institutions. · Cooperate with one another in investigating and Financial service providers working with prosecuting crimes. low-income clients The measures required of financial institutions often FATF recommendations cover a broad range of have the most direct impact on financial access. services and activities, including accepting deposits For example, financial institutions are required to from the public, providing consumer credit, and maintain customer due diligence (CDD)3 measures, transferring money or value in the formal and informal such as the following: sector. The scope of the recommendations includes financial service providers that serve low-income · Identify their customers and verify their identities clients (e.g., the diverse grouping of microfinance using reliable, independent source documents, institutions [MFIs] and new entrants such as branchless data, or information (in practice, by verifying banking operators).5 personal details, such as their names, available national identity numbers, date of birth, and This Focus Note addresses some of the negative contact information).4 impacts of inappropriate AML/CFT controls on the · Obtain information on the purpose and intended services and client base of these providers. However, nature of the business relationship. well-designed AML/CFT controls also provide them · Maintain comprehensive records of customer with protection and opportunities. The following are information and transactions. some examples of this: · Monitor customer transactions, and file a report with the FIU or other appropriate authorities if · AML/CFT controls can help institutions funds are suspected to be the proceeds of crime understand their customers better, thereby or linked to the financing of terrorism. enabling them to design and market better products and support better customer service Institutions must also ensure that employees in general. understand their legal obligations and that measures 3 Some regulatory regimes and practitioners use the term "know your customer" (KYC) interchangeably with CDD. 4 CDD measures also include the duty to take reasonable steps to identify and verify the identity of a beneficial owner. The beneficial owner is the natural person(s) who ultimately owns or controls a financial services customer (for instance, the individual who owns the majority of the shares in the corporation that wishes to open an account) and/or the person on whose behalf a transaction is being conducted. 5 MFIs include a range of financial service providers that serve low-income clients. Examples include savings and postal banks, financial cooperatives, nongovernmental organizations, associations, community and rural banks, commercial banks with broad retail services, money transfer companies, etc. Branchless banking operators include mobile phone companies (mobile network operators), retail agents, and other companies that provide financial services outside of a traditional bank branch. Branchless banking could use a variety of delivery channels, including mobile phones, payment cards (credit, debit, prepaid), automatic teller machines, point of sale machines, and other existing infrastructure. Depending on the country, MFIs and branchless banking operators may be included in broader banking regulation or may be covered by separate regulation. 3 · If AML/CFT controls are confined to standard, A country's implementation plan for AML/CFT controls regulated financial institutions and services, may allow for some measures to be phased in or then informal service providers could be left sequenced. Sequencing allows a country to implement vulnerable, and they may be subjected to a key AML/CFT measures while improving its capacity disproportionate amount of criminal abuse. to implement the remaining recommendations.8 · Providers find it easier to engage regulated financial institutions that may otherwise avoid Access-friendly AML/CFT controls doing business with them for fear of ML/FT. · AML/CFT controls can help strengthen overall Country-specific factors could unintentionally create anti-fraud controls. barriers to financial access. The FIRST study identified the following examples. Risk-based approach to AML/CFT Limitations in identification FATF's recommendations envisage AML/CFT controls infrastructure that are sufficiently uniform across the globe to prevent displacing ML/FT from one jurisdiction to another. Identity verification is easier and cheaper when there is a However, countries may follow a risk-based approach trusted, standardized national identification (ID) system, when they implement key recommendations. This for instance a system based on national ID cards or a enables countries to design and implement effective system combining various government and commercial AML/CFT controls that are appropriate to their risks databases. Many countries do not have such a system, and national context. and even in nations that do issue ID documents, the documents may not be perceived as reliable. FATF encourages countries and institutions to focus their attention and resources on people and activities If there is no national ID system, or if the system lacks that pose a high risk of ML/FT (FATF 2007).6 Countries integrity, or if the database is not accessible, financial may decide that reduced or simplified controls are institutions often incur additional costs to verify CDD sufficient to safeguard low-risk activities against abuse. information. This may cause institutions to withdraw If a country finds that some financial services for low- from low-value, lower profit transactions and markets. income people meet FATF criteria for exemption, it Furthermore, even countries with reliable national ID may even exclude those activities, wholly or partially, systems may fail to cover a significant percentage of from its national AML/CFT regime. low-income people or people in remote rural areas, leaving them without formal proof of identity and/or Guidance for low-capacity countries proof of formal residential addresses.9 FATF recognizes that some countries lack the The dynamic can be even more pronounced with resources to immediately implement a comprehensive some new business models that could expand access system that effectively regulates all areas posing to financial services. For example, in some branchless material risk.7 For these countries, FATF (2008a) banking models, clients may register and/or conduct suggests designing controls around their risks as transactions at a distance rather than face to face. well as their resources. The design process should be These models rely on a minimum amount of client ID supported by political commitment to comprehensive information that must then be verified against third- AML/CFT measures and informed by a proper party databases, such as a national ID database or appraisal of institutional capacity and an assessment credit bureau databases. If such systems do not exist of the ML/FT risks. or if they lack integrity, regulators may not approve the business model. 6 In 2007 FATF issued guidance on the risk-based approach for financial institutions. Similar guidance was since issued for accountants, dealers in precious metals and stones, real estate agents, trust and company service providers, legal professionals, casinos, and money service businesses. 7 FATF defines "low capacity countries" as low-income countries that face challenges such as competing priorities for scarce government resources, a severe lack of resources and skilled workforce to implement government programs, overall weakness in legal institutions, a dominant informal sector, a cash-based economy, poor documentation and data retention systems, and a very small financial sector. See FATF (2008a). 8 Key measures include the criminalization of ML/FT, CDD and record keeping duties, and the reporting of suspicious transaction. 9 FATF does not require institutions to request and verify a customer's address; however, this is common practice in developed countries and is required by some developing countries. 4 Limited government capacity to use discretion and to decide which document is best to verify the details of a particular client. Government capacity to supervise and enforce AML/CFT measures can affect its financial inclusion Extent of informal financial services policy. This is particularly relevant in three areas. Especially in lesser developed economies, financial · Supervision. With limited capacity, supervisors services are often provided informally through will tend to supervise entities that are easily money lenders, informal money transfer operators, accessible--typically the largest regulated unregistered community finance organizations, and entities. They may pay little attention to small, others. Low-income people often prefer to use informal, and unregulated institutions. As a informal financial services because of convenient result, the compliance cost for supervised locations, familiarity with the institutions and their institutions will increase, with no similar increase services, and often fewer restrictions (such as ID for unsupervised institutions. This may cause requirements). Inappropriate AML/CFT measures can well-supervised institutions to withdraw from inadvertently push people away from formal financial low-income markets where they compete services or create unnecessary barriers to those who with unsupervised institutions. It may also want to begin using formal financial services. lead businesses to seek relationships with well-supervised institutions rather than riskier Linkages to international partners and unsupervised/unregulated institutions. markets · Law enforcement. Law enforcement deficiencies usually mean that risk assessments are not based Countries have varying degrees of openness to on actual information, but instead on hypotheses international financial markets through cross-border or international typologies. Without an objective commercial relationships, cross-border transactions, understanding of the risks in their country, and foreign ownership of domestic institutions. regulators tend to "play it safe," often adopting Countries with more openness are likely to face control measures that are more onerous than more direct and indirect pressure to adopt AML/ required. CFT controls that reflect those implemented by their · Using AML/CFT controls to advance the main international investors and trading partners. formalization of the economy. AML/CFT The recommendations guide financial institutions to controls require financial institutions to disclose ensure that AML/CFT principles are applied to their client information to authorities to combat branches and majority-owned subsidiaries located ML/FT. However, if this information is used for other abroad, especially in countries that do not apply purposes, such as combating tax evasion, clients or insufficiently apply FATF recommendations.10 As whose tax affairs are not in good order may decide a result, foreign parent companies often require to remain outside the formal financial system. domestic financial subsidiaries to implement controls that are designed abroad. If those controls are Strict application by formal financial stricter than required by the ML/FT risks of the institutions particular country, they may undermine its financial inclusion policy. Large formal financial institutions tend to apply AML/CFT controls more rigidly than intended by the Policy approaches and recommendations regulator. For instance, although national regulations may allow discretionary use of alternative documents Several countries designed their AML/CFT laws to to verify customers, institutions tend to limit discretion minimize unnecessary adverse affects on financial and the types of documents accepted. When access and to promote both financial inclusion and mistakes can lead to vast penalties and costs for the financial integrity. Drawing on initial experiences in institution (and in some cases, for the compliance these countries, the FIRST study identified several officer personally), frontline staff may not be trusted measures that facilitate the design of appropriate 10 Application in remote branches and subsidiaries must be done to the extent that local laws and regulations permit. If such implementation is prohibited, financial institutions should advise competent authorities in the country of the parent institution that they cannot apply the FATF recommendations (Recommendation 22). 5 Box 2: Different risks for institutions serving low-income people A risk assessment may show that the risk profile of Financial service providers working with low- financial service providers working with low-income income clients may be targets of very small customers is relatively low and justifies simplified structured transactions (micro- or nanostructuring). AML/CFT measures or even an exemption from However, the coordination and effort involved measures that would otherwise create unnecessary make this relatively unattractive. Transaction limits barriers to access. The risk profile of such institutions or caps appropriate to a low-income market and/ may be lower because of the following: or monitoring of transactions can reduce the risk even further. · Clients are generally natural persons (not complex corporate clients where ultimate Different types of financial services have different control can be obscured). risk profiles. Cross-border money transfer services · Providers traditionally have a more personal may pose a higher risk than domestic transfers. relationship with their clients and know Likewise, payment services normally pose a higher far more about their clients' activities than ML/FT risk than microcredit services, because the standard financial service providers. This receiving party may not be personally known to knowledge enables the provider to detect and the service provider, and the provider often knows prevent abuse. less about the sender than a lender knows about · The transactions normally involve relatively its customers. small amounts, making them less attractive for large-scale abuse. The potential for abuse also varies by institution and provider type. For instance, a bank that offers Of course, these factors do not mean that there microfinance services may have a world-class is no risk of abuse. Smaller institutions may not risk management system to mitigate its risks. A have adequate control systems, exposing them to small MFI may have a limited customer base and potential abuse. Money launderers and terrorism may know each of its customers by name. Both financiers often split large transactions into providers may therefore have adequate measures several smaller transactions, schemes referred in place and, as a consequence, a lower risk of ML/ to as "splitting," "smurfing," or "structuring." FT abuse. national AML/CFT controls that support financial as a whole to effective and proportional controls. inclusion. These measures work best when used The policy should be comprehensive and reflect the together and within a comprehensive policy approaches outlined in the following. framework. To get the right balance, consult with In the examples presented here, implementation of the private sector and other key actors. the approaches is considered to be work in progress. The examples are not used to illustrate proscriptive To ensure that the AML/CFT framework is addressing measures but rather to highlight some experiences appropriate risks while supporting financial inclusion, to date. it is critical to consult financial service providers, law enforcement agencies, financial regulators, the FIU, Develop a policy to support effective and other key role players. Because financial security and proportional AML/CFT controls and and financial access are ongoing concerns, these financial inclusion. discussions also should be ongoing. Many government agencies and departments It is especially important to engage those who are are involved in different aspects of the AML/CFT knowledgeable about social exclusion, financial framework and of financial inclusion. The core inclusion, and informal financial services. Unregistered business of these agencies and departments often financial service providers, social welfare providers, give them very different perspectives on AML/CFT ID agencies, and credit bureaus have important approaches, policies, and priorities. To ensure a perspectives to share about ML/FT risk and cohesive approach, the country should adopt a clear, appropriate risk control measures. overarching policy that commits the government 6 Assess the specific ML/FT risks of Understand the causes and impact your country. of financial exclusion. A risk assessment helps governments design To understand the potential impact of AML/CFT appropriate and proportional AML/CFT controls. controls on financial inclusion, policy makers should It attempts to determine the nature and scale of understand the main causes of exclusion and the ML/FT in the country as well as vulnerabilities main groups affected. In many countries, a significant in existing controls (FATF 2007, FATF 2008c). percentage of the population is unbanked. Often, a Developing countries with low capacity should find large percentage of the population comprises low- a risk assessment particularly useful because it will income people, rural and periurban residents, and help them to use their limited resources to address informal or undocumented migrants. key risks (FATF 2008a). Assess available resources to implement In practice, assessments tend to focus on high-risk AML/CFT controls. activities. However, governments need balanced risk assessments that consider the relative risks To ensure effective implementation of AML/CFT and vulnerabilities of high-, medium-, and low-risk controls and support for financial inclusion, policy activities (De Koker 2009a). It is especially important makers should assess the capacity of financial service to develop an informed view of the nature and providers and financial sector regulators, as well the relative level of risk posed by financial services as the coverage and integrity of the country's ID typically available to low-income clients. Information system. sources include government and development agencies and formal and informal financial service Careful analysis can help a country design controls providers. Risks categorized by financial subsectors, around the existing capacity of the relevant institutions, transactions, client groups, and other government agencies and service providers: relevant characteristics (e.g., geographic area) will help governments formulate proportional risk-control · Indonesia's AML provisions regarding transaction measures. Risk assessments should be done regularly monitoring take into account the level of technical and should be accompanied by an assessment of ability of financial services providers, requiring the likely impact of proposed AML/CFT controls on that they have an information management service providers and clients. system (MIS) in place, but not prescribing any Box 3: Causes of exclusion It is important to look at the size of the country's in going to informal financial service providers. informal sector and understand why clients are Often, informal services are perceived as excluded: less costly, requiring less documentation, conveniently located and welcoming to this · Clients denied access. Lack of physical access market segment. to service points may prevent people from · Market inefficiency. Formal financial institutions seeking formal financial services, especially may not yet see a market advantage to in rural areas or locations with few branches, providing access, or they may be discouraged automatic teller machines, or other ways of from expanding their clientele by regulatory accessing an account. Affordability is another burdens. At the same time, informal financial barrier; it includes minimum balances for deposit institutions (e.g., NGOs, associations, etc.) may accounts imposed by financial institutions, not be allowed to receive licenses, or access account fees, transaction fees, and other other benefits of the formal financial sector if costs of using the product. Finally, regulatory appropriate regulations are not available. barriers, such as ID requirements based on · Regulatory costs. Providers may exit markets documents that are not freely available to low- and potential providers may be barred from income people, may block access. entering a market if the regulatory compliance · Clients opting out. People may opt out of formal costs are too high. If there are fewer providers, services if they see more benefits, in terms of customers may find it more difficult to access cost, convenience, confidence, or cultural links, appropriate products at an affordable price. 7 Box 4: How to assess capacity The following questions can be posed to help assess Capacity of financial sector regulators a country's capacity to implement appropriate · Which agencies are mandated to regulate and AML/CFT controls: implement AML/CFT controls? What is--and should be--their reach? Capacity of financial services providers · Is coordination effective among agencies? · Are information and management systems · Do the agencies have adequate experienced manual or electronic? Are they appropriate to staff, training, systems, and budget? the institutions' operations? · Does an FIU exist? What is its capacity and · Can transaction limits, product restrictions, resources? and monitoring for suspicious transactions be supported by software? Capacity of national ID system · What customer information is generally · Is there a national ID system or sources of ID available? information? · What is the institutions' current and feasible · What percentage of the population is covered reporting capacity? by the system? · What compliance requirements are already · What factors limit people from obtaining an being met? What is the capacity for increased official ID document? compliance measures? · What is the integrity of the system? How can risks be mitigated? · Does the agency responsible for national identification have adequate experienced staff, training, systems, and budget? particular type or level of technology. Where requirements, simplifying complex record keeping appropriate, even manual systems are allowed, requirements, and launching new service channels. which is particularly helpful for small institutions that lack technical MIS capacity but are able Client documentation and verification. Low-income to monitor transactions effectively through a customers often maintain small account balances manual system. and conduct low-value domestic transactions that · South Africa's AML/CFT system required financial present lower risk for ML/FT. Several countries have institutions to identify and verify all their existing adopted proportional controls for these accounts clients in accordance with the new rules within and transactions, where customers are exempted 12 months from the date the CDD obligations from some of the more onerous standard controls. If took effect. Long-standing clients who were not customers wish to conduct higher value transactions identified in accordance with the new rules risked above a specific threshold, they are then required to having their accounts frozen. Clients and institutions comply with full standard verification requirements. struggled to comply, and banks found it very costly to meet such a tight deadline. The government Where risk is lower, reduced controls can facilitate therefore adjusted the timeline for identifying financial inclusion. South Africa introduced a clients based on risk. Financial institutions were compliance exemption (Exemption 17) that relaxes required to meet the CDD requirements for higher its residential address verification requirement for risk clients first, but were given two additional years those bank clients who hold low account balances to complete the procedures for lower risk clients. (under US$ 3000), who conduct small transactions, and who do not conduct international transactions. These Develop AML/CFT controls proportional "mass banking clients" were considered relatively low to lower risk transactions and providers. risk even though it is typically difficult to verify their residential addresses. A recent study investigated Where the risk of ML/FT is lower, countries can use the criminal abuse of these products. It found that the flexibility built into the FATF recommendations while some abuse did occur, the level of abuse was to design approaches that do not impede financial substantially lower and the amounts involved were access. A proportional approach could include much less compared to the abuse of standard, non- modifying client documentation and verification exempted products (de Koker 2008b). 8 Box 5: Potential proportional controls for client identification Proportional controls, such as the following, might information, such as the person's source of be considered for lower risk clients: income, the intended use of the account, additional contact particulars, etc., it can draw · Allow verification from a range of documents a profile of that client and form an impression available to low-income people that matches of the transactions that can be reasonably the low risk of ML/FT abuse. expected. That profile can be used to build the · Simplify verification for low-value transactions client relationship and monitor for suspicious under a specified threshold. For example, transactions. Improved monitoring of the clients may not be required to show proof of account on the strength of the client profile address or may be allowed to use alternate may offset risks introduced by simplified forms of identification to conduct a transaction verification requirements. below a specified limit. · Allow verification of information through · Focus on client profiling, especially where reliable third-party databases, such as credit the national ID system is absent or weak. information registries (credit bureaus) and Where an institution collects additional client government databases. Record keeping for financial service providers. introduces higher AML risk, clients who use the Requiring advanced MIS and paper copies of client nonface-to-face registration process cannot transact verification and transaction records will increase against their accounts for more than R1,000 (US$120) costs of compliance and especially affect smaller a day. Given the unknown nature of the risk, the institutions. Flexibility on MIS requirements could regulator therefore chose to limit the functionality include allowing paper-based or simplified electronic of the account rather than to prohibit the business MIS that meet AML/CFT reporting requirements, model. The control measures also allow for flexibility: particularly for smaller institutions with limited clients who wish to transact for larger amounts can numbers of clients and branches. be released from the restrictions after submitting to regular face-to-face CDD procedures. (South African Branchless banking using new technologies and Reserve Bank 2008).13 business models. Some new approaches, such as mobile phone banking,11 present specific risks, Through ongoing consultation and monitoring, these but they also allow advanced MIS to facilitate proportional AML/CFT controls can be refined as risk even more comprehensive client and transaction and market conditions evolve. monitoring.12 Given the readily available information on transactions from mobile banking, flexibility on Phase in AML/CFT implementation, other controls may be reasonable. One option for where necessary. domestic low-value transactions through mobile phone banking is to employ authorized agents who All countries should strive to meet FATF standards verify customer identity for new accounts. Another within a reasonable time and should ensure that option is that taken by South Africa, which approved primary processes are in place before secondary nonface-to-face client registration within the limits processes are imposed. If processes are not properly of Exemption 17. A bank offering the mobile phone aligned, controls may be costly but have only limited product is required to obtain a name and a national effect. ID number from the client and then cross-reference these against an acceptable third-party database Countries that do not have the resources to effectively and undertake additional electronic CDD measures. regulate all areas of potential risk can use a risk-based However, since the regulator feels this model and sequenced approach.14 Implementing AML/CFT 11 Mobile banking is a subset of branchless banking. This business model presents distinct AML/CFT issues because of the portability of the device, ability to track the movement of particular SIM cards, and increased information to monitor and link financial and telecommunications transactions. 12 See Chatain et al. (2008) for an in-depth discussion of mobile phone banking and AML/CFT issues. 13 Identification requirements for mobile phone users were introduced in mid-2009. These requirements (in terms of the Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002, as amended) are less flexible than the mobile banking measures and pose a challenge to transformational mobile banking in South Africa. 14 See FATF (2008a). 9 Box 6: Mitigating ML/FT risks from mobile phone services Mobile phones hold great potential to increase creating a level playing field for providers of all financial access, but they are also potential channels types. of criminal activity. To balance perceptions against · Differentiate AML/CFT measures among four the fear of over-regulation, actual risks--rather than major types of mobile financial services. The perceived risks--need to be identified using the four core mobile financial services are mobile following approaches: financial information (m-fINFO), mobile bank and securities account (m-BSA), mobile payment · Focus on services, not providers. The lines (m-Payments), and mobile money (m-Money). differentiating financial providers in the banking, These services are often provided jointly and, telecommunications, credit card, and mobile in some instances, one acts as a foundation for commerce sectors have become blurred. the others. The less the service models have But the potential risks of mobile phone and in common with traditional financial service payment systems operators more likely depend models, the more their associated risks and their on the characteristics and complexity of services potential to increase financial inclusion. M-fINFO provided than on the service provider. A service- has the most in common with traditional models based approach is also more conducive to while m-Money is the furthest removed. Source: Chatain et al. (2008) controls based on risk, country context, and capacity Promote market-based reforms to of regulators and financial service providers is the encourage people to seek formal most effective approach. AML/CFT controls can be financial services. phased in for nonregulated providers, building on these four increasing levels of responsibility and Policy makers should promote measures that (i) allow control measures: informal financial service providers to formalize and (ii) encourage clients to migrate to formal providers. Level 1: Require basic nonprudential registration Clients who move to formal providers generally benefit of financial service providers. This is a first step for from greater consumer protection, including certainty institutions that have not been publicly regulated or and proof of transactions. The financial sector benefits previously supervised. from a more stable system and formal intermediation of deposits and loans in the economy. Policy initiatives Level 2: Ensure traceability of clients and transactions. that promote financial inclusion and support AML/CFT Requiring client identification and standardized client controls include the following: records will enable supervisors and investigators to trace transactions if needed. This is appropriate for · Create simplified nonprudential registration or community-based institutions and institutions with no licensing procedures for informal financial service previous experience with supervision. providers, especially those serving low-income clients. Level 3: Increase requirements for client profiling, · Encourage codes of conduct for formal financial verification, and monitoring. As institutional capacity service providers to increase their visibility and increases, requirements can be added commensurate level of service to low-income clients. with the institution's product and client risk levels. · Reduce the incentives to use informal channels, This is typically appropriate for institutions that have for instance, exchange rate policies that may a history of financial sector supervision. influence client behavior. · Facilitate the use of formal financial services Level 4: Enhance verification and interdiction. by undocumented migrants, especially for Where the national system allows a high level of client remittances and money transfers. verification and transaction monitoring, suspicious · Encourage new market entrants that have cheaper transactions may be interdicted by law enforcement and more convenient business models, such as before they are finalized. This level of control is mobile banking and the use of nonbank agents. appropriate only where institutions and regulators have extensive capacity. 10 A government can encourage people to use formal Develop the national ID system. financial services and create an environment that facilitates access to financial services. It is, however, While a national ID document is not a precondition difficult to change consumer behavior patterns. for an effective AML/CFT framework, the absence of Examples of government efforts include formalizing reliable ID documentation or accessible verification remittances and tying inclusion to private sector sources complicates CDD processes, increases incentives: compliance costs, and undermines the effectiveness of AML/CFT controls. To address shortcomings in · The Indonesian government tries to protect the national ID infrastructure that might pose barriers migrant workers by encouraging them to use to financial access, there are several early examples formal financial services. It requires migrant of innovative AML/CFT controls that do not impose workers to open a formal bank account overly burdensome requirements: before working abroad. This approach has had some success; however, many workers still use · Most Indonesian adults have a national ID card. informal services because they struggle to meet However, these cards are not issued centrally, documentation requirements in the sending and various institutions issue acceptable forms country and/or because they prefer to carry cash of identification. A person may have more than home with them. one ID document, and the information on them · Pakistan has a high inflow of remittances, and the may differ. Concerns about corruption and ease State Bank of Pakistan has done much to increase of falsification further undermine the integrity the flow of remittances through formal channels of the documents. Nevertheless, the ID card is by reducing transfer costs and ensuring better accepted for CDD purposes because it is the official exchange rates. best available means of identification. Indonesia · As one of the top three remittance-receiving requires banks to use the information contained countries in the world, Mexico has been an on the card and additional information requested active facilitator of remittance flows. The from the client to develop a profile of the client Mexican government has lobbied hard for U.S. and the client's expected transactions. Typically institutions to accept the Matricula consular clients are asked questions to ascertain their card as proof of identity for Mexican immigrants occupation, income, and expected transactional who lack formal U.S. residency documents. activity, although this information is not verified. Because of these efforts, it is estimated that as Client profiles enable the bank to identify much as 90 percent of the remittances between transactions that may be suspicious because they the United States and Mexico flow through are inconsistent with the client's profile. Profiling formal channels. is a useful enhancement to the limitations of · The South African government, in conjunction upfront identification using the card. Meanwhile, with the business community, labor, and Indonesia is taking steps to improve the integrity community constituencies, created the conditions of its national ID system. in which the South African financial services · South Africa has an extensive national ID industry adopted the Financial Sector Charter system, but its general AML/CFT requirement in 2003. The Charter committed the banking that a client's residential address be verified industry to providing basic banking services to was a potential problem for a significant 80 percent of lower income clients. The ability number of low-income people who did not to secure government contracts is tied to these have proper documentation (e.g., utility bills, social targets, so institutions have an incentive rental agreements). As a result, South Africa to reach them. The Charter was a major policy modified its AML/CFT regulations, allowing intervention that spurred banks to cooperate in financial institutions to verify a person's identity offering a highly successful basic bank account, using the national ID document without having the Mzansi account. More than 6 million of these to verify the person's residential address if accounts were opened to date. the financial product meets a certain balance 11 limit (US$3000) and transaction restrictions Conclusion (US$600 per day). This modest relaxation of the standard CDD requirements, which proved The pursuit of financial inclusion and the combating very helpful in increasing financial inclusion, was of ML/FT can be--and should be--complementary favorably considered by FATF in its 2009 mutual national policy objectives. When low-income clients are evaluation of South Africa's compliance with excluded from formal financial services, the goals of the FATF recommendations. AML/CFT policy cannot be achieved. It is challenging · The United Kingdom is implementing a national to advance both objectives, but customizing AML/CFT ID card system. Currently, a financial institution policies to the local context, and implementing them must obtain a client's full name, residential sensitively, can deliver significant benefits to clients address, and date of birth. This information is and financial services providers. typically verified with a valid passport or photo drivers license and/or by accessing appropriate Sources electronic databases. However, the system allows people who have difficulty meeting the Bester, H., D. Chamberlain, L. de Koker, C. Hougaard, standard requirements and who wish to open R. Short, A. Smith, and R. Walker. 2008. Implementing a basic banking account to present alternative FATF standards in developing countries and financial documents. For example, individuals in assisted inclusion: Findings and guidelines. The FIRST Initiative. living accommodations may produce a letter from Washington, D.C.: The World Bank. the facility manager and homeless individuals may produce a letter from an employer or the Chatain, P-L, R. Hernández-Coss, K. Borowik, and manager of a homeless shelter. A. Zerzan. 2008. Integrity in mobile phone financial services: Measures for mitigating risks from money If the existing ID system lacks adequate coverage or laundering and terrorist financing. Washington, D.C.: integrity or if it is not easily usable for CDD purposes, The World Bank. government agencies could adopt the following initiatives: De Koker, L. 2006. Money laundering control and suppression of financing of terrorism: Some thoughts · Define conditions, including reasonable fees, for on the impact of customer due diligence measures on authorized financial institutions to access existing financial exclusion. Journal of Financial Crime, Vol. public databases. 13 No.1, 26. · Ensure that accurate data are collected and stored safely. ------. 2009a. Identifying and managing low money · Facilitate the establishment of new databases, laundering risk: Perspectives on FATF's risk-based such as private credit information registries guidance. Journal of Financial Crime, Vol. 16 No. 4. (credit bureaus), and allow the use of their records for CDD purposes. ------. 2009b. The money laundering risk posed by · Evolve toward biometric means of ID low risk financial products in South Africa: Findings verification. and guidelines. Journal of Money Laundering Control, Vol. 12 No. 4. Alongside national identification, countries should also ensure that their consumer data privacy rules Financial Action Task Force. 2007. Guidance on meet international privacy standards. Unless personal the Risk-based Approach to Combating Money data are protected, clients (and especially unbanked Laundering and Terrorist Financing--High Level clients) may prefer informal (untraceable) financial Principles and Procedures. Paris: FATF. services. The right of various government agencies to access the data, must also be considered. For ------. 2008a. Guidance on Capacity Building for example, potential clients may be reluctant to use Mutual Evaluations and Implementation of the FATF formal financial services if their data are accessed by Standards Within Low Capacity Countries. Paris: local or national tax authorities. FATF. No. 56 August 2009 ------. 2008b. Terrorist Financing. Paris: FATF. Lyman, T., M. Pickens, and D. Porteous. 2008. Regulating transformational branchless banking: Please share this ------. 2008c. Money Laundering and Terrorist Mobile phones and other technology to increase Focus Note with your Financing Risk Assessment Strategies. Paris: FATF. access to finance. Focus Note 43. Washington, D.C.: colleagues or request CGAP. extra copies of this Isern, J., D. Porteous, R. Hernandez-Coss, and C. paper or others in Egwuagu. 2005. "AML/CFT regulation: Implications South African Reserve Bank. 2008. Cell-phone this series. for the financial service providers that serve poor Banking. Guidance note 6/2008 issued in terms of CGAP welcomes people". Focus Note 29. Washington, D.C.: CGAP. section 6(5) of the Banks Act, 1990. your comments on this paper. All CGAP publications are available on the CGAP Web site at www.cgap.org. CGAP 1818 H Street, NW MSN P3-300 Washington, DC 20433 USA Tel: 202-473-9594 Fax: 202-522-3744 Email: cgap@worldbank.org © CGAP, 2008 This Focus Note presents key findings of a recent report (Bester The authors of this Focus Note are Jennifer Isern, CGAP Lead et al. 2008. Implementing FATF standards in developing countries Microfinance Specialist, and Louis de Koker, CGAP Policy Advisory and financial inclusion: Findings and guidelines. FIRST Initiative. Consultant and Professor of Law, Deakin University, Australia. They Washington, D.C.: The World Bank) and provides additional are grateful for helpful comments on the draft paper from Latifah perspectives on issues pertinent to access to finance. The study was Merican, Stuart Yikona, and Emiko Todoroki of the World Bank financed by the FIRST Initiative and undertaken by Genesis Analytics. Financial Integrity Unit and Rich Rosenberg, Tim Lyman, Jeanette Jennifer Isern of CGAP chaired the international steering committee Thomas, Michael Tarazi and Anna Nunan of CGAP. for the study. The suggested citation for this Focus Note is as follows: Isern, Jennifer, and Louis de Koker. 2009. "AML/CFT: Strengthening Financial Inclusion and Integrity." Focus Note 56. Washington, D.C.: CGAP. The Financial Sector Reform and Strengthening (FIRST) Initiative is a multi-donor grant facility providing technical assistance to low- and middle-income countries to promote financial sector development. Technical assistance grants from FIRST enable national policy making and regulatory bodies to define strategies, sharpen policies, improve legal frameworks, build domestic financial markets, and strengthen capacity to regulate, supervise, and develop the financial sector in their countries. Strengthening Financial Sectors