Managing the Risks of Fintech Clients

On Monday, July 12, 2021 the ACAMS New York Chapter hosted a virtual event on Managing the Risks of Fintech Clients. The event was moderated by Kelly Cooper (Senior Vice President, AML Compliance at Citi and ACAMS New York Chapter Board Member), and included the following panelists: Sarah Beth Felix (CEO & Founder, Palmera Consulting); Robin Garrison (Compliance Program Manager, Rize); Gabriel Hidalgo (Managing Director, K2 Integrity); and James Vivenzio (Director for BSA/AML Policy, Office of the Comptroller of the Currency).

The event began with an overview of key terms and concepts, and a discussion of how partnerships between banks and fintech companies can promote responsible innovation. The OCC panelist noted that the agency supports these relationships that are safe and sound and designed to meet the evolving needs of consumers, businesses, and communities. Banks are encouraged to coordinate early and often with the OCC in line with the 2018 Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing. For this and any type of innovative collaboration/relationship with a third party (including FinTechs), the OCC’s supervisory focus remains on the quality of the bank’s third-party risk management.

Risks associated with fintechs include that in many instances these companies don’t give the proper considerations for data schema/integrity and compliance. Additionally, there can be the appearance of full compliance with siloed country-specific processes, and there may be multiple parties in the payment flow that further obfuscate participants. Panelists discussed best practices for controls to perform appropriate KYC and transaction monitoring, given the risks of such clients. Some banks are using technological solutions, such as AI/ML, to either supplement or replace their existing SAR systems to reduce false positives or identify new suspicious activities. In some cases, banks have implemented other processes or technology to gain efficiencies, such as populating certain SAR fields or entering certain customer and transaction activity information in the SAR narrative section.

Key takeaways from panelists included advice to “whiteboard” transaction flows in order to best understand financial crime risks, and to make sure that cross-border risks are assessed, given the global nature of fintechs.

Documents referenced during the event:

OCC Publications:

• OCC Interpretive Letters on Virtual Asset Services: IL #1170; IL #1172; IL #1174

• OCC Interpretive Letter on National Bank Trusts: IL #1176

• The OCC anchorage conditional approval is here: OCC Conditionally Approves Conversion of Anchorage Digital Bank | OCC

• Protego approval: OCC Conditionally Approves Conversion of Protego Trust Bank | OCC

• Paxos approval: OCC Conditionally Approves Chartering of Paxos National Trust | OCC

• OCC Interpretive Letter on Internet gateway providers (IL #1175): Interpretations and Actions: December 2020 | OCC

FATF Publications:

• MVTS - https://www.fatf-gafi.org/media/fatf/documents/reports/Guidance-RBA-money-value-transfer-services.pdf

• NPPS - https://www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-RBA-NPPS.pdf

• NPM - https://www.fatf-gafi.org/media/fatf/documents/reports/ML%20using%20New%20Payment%20Methods.pdf

FinCEN Publications mentioned for loopholes/exemptions:

• FIN-2009-R004

• FIN-2013-R002

• FIN-2014-R009

• FIN 2003-8

World Bank Publication:

• Fintech: The Experience So Far