AML/CFT Regulation

Challenges for Financial Service Providers Working with Low-Income Clients

The main challenges for financial service providers in complying with AML/CFT measures arise from the requirement to undertake customer due diligence and to absorb the potential costs involved in implementing new regulation. Additional challenges include internal control and surveillance and record keeping.

Special Features and Risk Profiles of Financial Service Providers that Serve Low-Income Clients

Microfinance clients are typically low-income, do not own assets that are conventionally accepted as collateral, may be self-employed, or may have uneven streams of income. In general, the majority of clients served by these institutions are "natural persons," not legal persons or entities such as companies or trusts. This client profile reduces the risk of such institutions being used for money laundering.

Microfinance transactions are also generally very small - whether they are savings, credit, or transfer. Given the predominant small loan sizes, sudden flows of large amounts would stand out easily. In the financing of terrorism, however, authorities are increasingly concerned about even small transactions.

The type of financial service offered also affects the institution's risk. Some institutions are legally authorized to mobilize savings. Some may have restrictions on providing money transfers, leasing, and/or insurance. Non-depository institutions with no access to the national payment system may present relatively lower risk from an AML/CFT perspective. Among financial services for low-income people, money transfers may pose higher risks of money laundering and financing of terrorism. For criminals to succeed, they usually need access to institutions that facilitate domestic and international funds transfers, exchange currencies, and convert these proceeds into different financial instruments and other resources. Terrorist financiers and money launderers may pose as legitimate entities to transfer funds that later may be diverted to criminal purposes or to disguise funds from illicit activities. Countries therefore need to regulate providers of transfer facilities appropriately to reduce or prevent abuse for money laundering and the financing of terrorism. Further analysis is needed to distinguish the risk that each type of financial service provider presents depending on their financial services.

Some institutions serving low-income clients, such as financial cooperatives and NGOs, have ownership structures that may require additional information and verification by authorities. Financial cooperatives are member-owned institutions with a board and other oversight committees, while NGOs typically have no share-based ownership and appointed boards and management.

Compliance Costs

Like any other financial regulation, the costs of complying with AML/CFT measures may increase the cost of services. For example, the cost of monitoring suspicious transactions may be high if suitable automated systems are not in place. Financial institutions serving low-income people may have to purchase and install new technology or increase their human resource capacity to comply with the requirements in their jurisdiction. In addition, rules for reporting and record keeping may obligate institutions to save all physical documentation of transactions for defined periods, usually at least five years. Microfinance institutions in particular will need to develop systems, aided by available software, to reduce the operational cost and time required to comply with this requirement. Industry associations can play a valuable role by helping members keep costs to a minimum as they comply with regulations. For example, they could consult with the banking association in a country to see if AML/CFT software is available. They could work with national authorities to provide such software and take the lead in offering training on AML/CFT awareness and compliance.

Although there are always costs associated with regulations, these costs tend to be greater in countries where there is generally a culture of poor compliance. Developing or encouraging wider acceptance of compliance, not only for AML/CFT systems, is more cost effective because it reduces risk of fraud, helps protect savers and investors, and increases the integrity of the institution.

Box 5 gives examples of two types of financial services providers that serve low-income clients in Mexico, a FATF member country. Both BANSEFI and Compartamos have implemented policies and systems in line with international standards and national law. In addition, the Mexican National Association of Non-bank Financial Institutions (AMSFOL) has been proactive in forming new members institutions about AML/CFT issues, offering courses in new AML/CFT regulations, and developing a procedures manual to help members ensure AML/CFT compliance.

Customer Due Diligence

It is a universal challenge for financial service providers to identify clients according to international standards. In developing and middle-income economies, for example, it is difficult for many clients to comply with certain "customer due diligence" identification requirements, such as national identity numbers or third-party verification of physical home address. These requirements are already part of customer due diligence regulations in South Africa, but financial institutions there are experiencing problems with them because at least one-third of South African households do not have formal addresses. The issue at stake is how to devise customer due diligence requirements that are tailored to specific categories of clients, such as those the Basel Committee proposes for banks in member countries (see box 4). In particular, a certain level of stringency could be applied to the institution's "normal" or low-risk clients, and an enhanced due diligence applied to the riskier clients.

Since the FATF recommendations do not specify how to establish and verify the identity of clients, it is important that financial service providers that serve low-income clients work with regulators to develop appropriate rules in each national jurisdiction to ensure:

that current or potential low-income clients are not excluded from access to services, and
that the regulations do not limit the ability of banks to use microfinance providers as agents to accept or pay out remittances and other money transfers.

Box 4 Basel Criteria for Customer Due Diligence

The Basel Committee document on customer due diligence (BIS 2001) provides some guidelines to financial institutions on how to implement CDD practices: "Banks should develop graduated customer acceptance policies and procedures that require more extensive due diligence for higher risk customers ... It is important that customer acceptance policy is not so restrictive that it results in a denial of access by the general public to banking services, especially for people who are financially or socially disadvantaged".**

These general principles were taken further in the Basel Committee's General Guide to Account Opening and Customer Identification, issued in February 2003.*** This statement of international best practice defines what a bank needs to know about a client to build a risk profile. The list includes obtaining and verifying name, permanent address, date and place of birth, nationality, occupation and/or name of employer, identity number, type of account and nature of the banking relationship, and signature.

** Bank for International Settlements, "Customer Due Diligence for Banks," www.bis.org/publ/bcbs85.pdf.

*** www.bis.org/publ/bcbs85annex.htm

Box 5 AML/CFT Implementation in Mexico by Two Different Financial Service Providers

Mexico has been a member of FATF since 2000, although money laundering and related offences were criminalized in 1996. Banks there have been required to report suspicious transactions over US $10,000 since 1997. In May 2004, Mexican authorities issued more detailed AML/CFT regulations and extended compliance to non-bank financial institutions. These two different financial service providers, BANSEFI and Compartamos, which both serve low-income clients in Mexico, implemented policies and systems in line with international standards and national law.

BANSEFI is a national savings bank established by the federal government of Mexico in 2001 to support the development of popular savings and credit institutions. It has an active client base of more than 2 million clients, almost all individuals at the lower end of the income spectrum. BANSEFI has developed an AML/CFT policy and appointed a compliance officer as well as an AML/CFT committee. Internal controls, policies, and procedures were upgraded in 2004, and suspicious transactions are actively monitored, especially money transfers. Implementing some of the current laws has been challenging, particularly verifying physical addresses and re-identifying existing customers. BANSEFI puts "know-your-customer" procedures at the heart of detecting and preventing money laundering and terrorist financing.

It added these specific procedures to implement AML/CFT:

BANSEFI developed a new IT system to support the implementation of AML/CFT measures.
A new manual of enhanced internal controls, policies, and procedures was approved in June 2004.
It performs customer due diligence on new and existing customers, which includes client interviews, and verification of photo ID, physical address, and tax numbers.
It monitors all transactions, and reports suspicious transactions to the local financial intelligence unit, including transactions of US $10,000 and over.
BANSEFI employees are trained in AML/CFT compliance and kept up-to-date. Potential employees are screened before being hired.
It maintains all transaction records for at least ten years.
It also receives outside technical assistance to better comply.

Financiera Compartamos, a specialized MFI, began operations in Mexico as a non-governmental organization in 1990 and transformed to a regulated financial institution in 2000. (Financiera Compartamos is legally registered as a sociedad financieras de objeto limitado, a non-bank regulated financial institution.) It currently serves over 300,000 clients - mainly individuals who operate microenterprises that usually employ one or two people of the same family, who often are the main income source for the family. Compartamos offers loans with an average outstanding balance of US $310.

When it implemented the new AML/CFT regime for non-banks in 2004, Compartamos benefited from already being a regulated institution. This meant that compliance systems, staff, and procedures were already in place. Furthermore, part of the Compartamos loan methodology included weekly visits to clients by loan officers, who already knew their clients well. Use of credit is monitored through the group lending system whereby clients disclose the use of their loans to other group members.

Since 2000, Compartamos has been obliged to report any client transaction larger than US $10,000 to the Mexican banking authority, although it has not yet processed any transaction of this size. Compartamos, too, instituted additional procedures for AML/CFT:

Transaction records are maintained for ten years.
Compartamos monitors all transactions using customized software that identifies any unusual, complex, or large transactions by clients.
It appointed a formal AML/CFT compliance officer, the risk manager. In compliance with regulation, a special AML/CFT committee was appointed consisting of the general manager, the risk manager, the internal auditor, and legal officer.
All employees have been trained in AML/CFT issues and compliance requirements, and refresher courses are offered annually. In addition, when hiring new staff, Compartamos screens their legal history before making an employment offer.
The internal audit department and annual external audits verify compliance with AML/CFT regulations.