These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
Debate at the intersection of business, technology and culture in the world of digital money, both commercial and government, a blog born from the Digital Money Forum in London and sponsored by Consult Hyperion
This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.
Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
There's something odd about a conference on Mobile Money & Migrant Remittances held in a hotel with no mobile coverage and a $25/day charge for wifi, but despite that I thoroughly enjoyed popping along and meeting up with friends from around the world there. I was on the Strategy Panel covering financial inclusion, and this coincidentally, the day after I had been quoted in Warren's "Washington Internet Daily":
Mobile payment systems are often treated with a lighter regulatory touch than mobile banking, to reach as many users as possible, Birch said. The need to integrate the "unbanked" into society should "tip the value" toward less regulation of low-value transactions, he said.
An entirely accurate representation of my views. A correspondent wrote in response:
Very sensible words! Not sure if you have actually read FATF’s NPM report from October 2010, but it is actually pretty good, and recommends the right thing: a light KYC regime (including no verification) for specific low risk accounts, praising the power of transactions limits and monitoring.
As it happens, I hadn't read the FATF New Payment Methods report, so I downloaded it to take a look and discovered some surprisingly sensible conclusions. By "New Payment Methods", or NPM, the FATF means specifically internet payment systems, mobile payment systems and prepaid card products. My correspondent had noted, to my surprise, that some of their conclusions echo my own ranting on the topic: that is, a light-touch KYC regime (including no verification for specific low risk accounts), with attention paid to setting the right transaction limits and appropriate monitoring and reporting requirements. The report is based on a number of case studies, so the conclusions are based in practical analysis, however it must be said that they are probably not statistically utterly sound.
The project team analysed 33 case studies, which mainly involved prepaid cards or internet payment systems. Only three cases were submitted for mobile payment systems, but these involved only small amounts.
Personally, I found many of the case studies in chapter four of the report uninteresting. Yes, in some cases prepaid cards, or whatever, were used as a part of a crime, but in many of the frauds so were cash and bank accounts. One of the case studies concerned the use of multiple prepaid cards by an individual found to have 12 legally-obtained driving licences in different names (and $145,000 in cash). I'd suggest that cracking down on the driving licence issuing process ought to be more of a priority! The issue of access to transaction record is, I think, much more complicated than many imagine. You could, for example, imagine transaction records that are encrypted with two keys -- your key and the system key -- so that you can go back and decrypt your records whenever you want, but the forces of law and order would need to obtain a warrant to get the system key. Sounds good. But I might not want a foreign, potentially corrupt, government department to obtain my transactions for perfectly good reasons (like it's none of their business).
The report says very clearly that the overall threat is "difficult" to assess (so some of the rest of it, I think, is necessarily a trifle fuzzy) but also that the anti-money laundering (AML) and counter terrorist financing (CTF), henceforth AML/CTF, risks posed by anonymous products can be effectively mitigated. I agree. And I also strongly agree with chapter three of the report notes that electronic records give law enforcement something to go on where cash does not. This is something that I've mentioned previously, both on this blog and in a variety of other fora, because I think it's a very important point.
I said that I was not sure that keeping people out of the "system" was the best strategy (because if the terrorists, drug dealers and bank robbers on the run stay in the cash economy, then they can't be tracked, traced or monitored in any way)[From Digital Money: Anti-anti money laundering]
The report goes on to expand on the issue of mitigation and, to my mind, deals with it very well. It says that:
Obviously, anonymity as a risk factor could be mitigated by implementing robust identification and verification procedures. But even in the absence of such procedures, the risk posed by an anonymous product can be effectively mitigated by other measures such as imposing value limits (i.e., limits on transaction amounts or frequency) or implementing strict monitoring systems.
Why is this so important? As well as keeping costs down for industry and stimulating the introduction of competitive products, the need for identification is a barrier to inclusion. This link between identification and inclusion is clear, whatever you think about the identification system itself. India is turning out to be a fascinating case study in that respect.
The process would benefit beneficiaries of welfare schemes like old-age pension and NREGA, enabling them to draw money from anywhere as several blocks in Jharkhand have no branches of any bank and would save them from travelling to distant places for collecting money.[From Unique numbers will save duplication in financial transactions - Ranchi - City - The Times of India]
But I can't help cautioning that while customer identification is difficult where no national identity scheme exists, but there is a scheme it may give a false sense of security because obtaining fraudulent identities might be easier than obtaining fraudulent payment services in some jurisdictions or where officials from dodgy regimes (like the UK) are at work...
Prosecutor Simon Wild told the court Griffith abused his position by rubber stamping work permit applications that were obviously fake or forged using false names and references.[From British embassy official 'nodded through scores of visa applications' | Mail Online]
For low risk products, then, the way forward is absolutely clear: no identification requirements, potentially strong authentication requirements and controlled access to transactions records. One small problem, though, that the report itself highlights: there are no uniform, international, cross-border standards for what constitutes a "low risk" product. But that's for another day.
Finally, I couldn't help but notice that the payment mechanisms that scored worst in the high-level risk table (on page 23) and therefore the one that FATF should be working hardest to crack down on is cash.
P.S. I apologise to the conference organisers for my radio silence during the event, but I belong to the #canpaywontpay tendency: I can afford $25/day for wifi (since I'm not paying, I just expense it to the compnay) but I won't pay it, because it's outrageous. No wifi means no twitter, no blog, no buzz. That's not how conferences should be in 2011.
William Long and Kai Zhang, from our friends at Sidley & Austin, present a typically good summary of the main issues raised in the consultations preceding the implementation of the new E-Money Directive (EMD) in the UK in the recent issue of E-Finance & Payments Law & Policy (December 2010).
Generally speaking, things look very positive. The capital requirements are being relaxed so that anyone who wants to provide e-money services probably can do with too much trouble, so I predict that you'll see some major companies moving in now. The prime candidates to offer services are probably telecommunications operators and retailers, but transit operators, event managers, corporate "campus" suppliers and others will surely seize the opportunity. Some have already declared their intentions.
O2 will apply for an e-money licence this year, signalling its commitment to support contactless payments in the UK in the near future.[From O2 to apply for e-money licence to support NFC payments - 2/2/2011 - Computer Weekly]
The French operators announced a similar move this week. I can't resist noting that this is precisely the strategy that we recommended to mobile operators a couple of years ago (that is, use the upcoming PSD/ELMI changes to start their own payment businesses). Competition is good for innovation, and bringing these new players into the payments business will be very positive for all of us.
The interest of mobile operators is natural, and they have to move quickly to avoid being cut out of the loop by handset-based secure element providers (eg, Apple) who may move quicker than the UICC-based secure element providers (eg, mobile operators). The interest of the transit operators is also natural, since they have the cards out there in peoples' pockets. I still think that we've yet to see the really big plays yet: these will come from the retailers, just as they are in the US.
Kmart has begun testing check cashing, money transfers and prepaid cards in stores in Illinois, California and Puerto Rico, with plans to roll out the services nationally later this year. Best Buy has installed kiosks in its stores for shoppers to pay utility, cable and phone bills. Wal-Mart has opened roughly 1,500 MoneyCenters that process as many as 5 million transactions each week.[From Retailers offer financial services to 'unbanked']
The use of retailer-issued e-money pre-paid products as a low-cost alternative to bank accounts for the excluded is a win-win. It takes unprofitable customers away from the banks and gives those customers more convenient services. And the retailers could steer customers to use these products at POS, thus saving on their payment processing costs. Personally, I think the prepaid market is not competitive enough (the charges are still too high) but new entrants enabled by the ELMI, new entrants with economies of scale (such as high street retailers), could open up the market and drive down costs very quickly.
Finally, I was also very excited to note in the article that the Treasury is considering my idea of making the balance limit for simplified due diligence (under the Third Anti-Money Laundering Directive) for low-value electronic money "accounts" the same as the value of the largest banknote: in this case, €500. Although they are only looking at this for non-reloadable devices, I think this should be the guiding principle for reloadable devices as well. The link between the two, the "magic number", is entirely symbolic: it doesn't mean anything at all, but it's a good focus for debate.
[Dave Birch] As many people have noted, the Russia e-payments landscape is really
According to Victor Dostov
There are 25 million active "e-purses" (web wallets containing pre-paid value) and the market is growing at 20%.
The market is now going to be shaped by regulation. It's a difficult problem for regulators, to take a rapidly growing market and add prudent regulation without disrupting
The government has approved a bill to regulate e-payments, a market that is growing at 40% per annum.
Under current framework, there is no equivalent of the European "Payment Institution" or "Electronic Money Institution". One of the key aspects of European regulation is that it has allowed non-banks to bring innovation to the sector
Yota, Russia's leading 4G networks operator (offering WiMax, battling for LTE frequencies and thinking about brand-name handset), launched a partnership with Mobi. Dengi (a mobile money transfer scheme working closely with Beeline, a Russian MNO) and Tavrichesky Bank - to allow its subscribers to use the money they have topped up to their prepaid account - to pay for other services like utility bills, TV, mobile top-up.[From Retail Banking in Russia: Innovation Unfolded: Each decent Internet service provider strives to create its own payments wallet]
[Dave Birch] There is a looming deadline for SEPA compliance in the cards business: by 31st December 2010, all payments cards and ATM cards in the EU27 plus Norway, Switzerland, Iceland, Liechtenstein and Monaco must be EMV-compliant and all POS and ATM terminals in those countries must support EMV applications. This is extremely unlikely to happen as far as I (and other observers) can see. Currently Germany, Portugal, Italy and Slovenia have less than 80% of their cards converted and Romania, Greece, Bulgaria, Hungary, Spain, Portugal and Malta have less than 40% (according to Banking Automation Bulletin for September 2010). Apart from the UK & Ireland, France and Luxembourg, no countries have 100% POS compliance (in Germany it's not even 10%). Additionally, many countries do not have ATM compliance, including Germany, Belgium, Italy and Portugal.
Why the slow progress? And what does it mean for the future? Well, I was invited along to a meeting of experts to discuss the progress towards SEPA and eSEPA (SEPA for the internet and mobile payments), but unfortunately I've been told by the Commission that the discussions were confidential and so I can't comment on them here.
[Dave Birch] I opened my first bank account, with Bank X, when I went to university. I walked in to my local branch on the second or third day after arriving in Southampton and opened an account. When I started work, I transferred that account to Cobham in Surrey, near where I was working. A couple of decades ago, that branch was closed and the accounts transferred to Walton-on-Thames, which is where my relationship banker was based when they were first invented about 15 years ago. I've probably been to that branch three times since then, about once every five years. I'm a premium customer and pay a few quid per month for my account, so my personal banker would periodically ring up me to see if they could sell me insurance or whatever. I quite liked my first personal banker and probably met him three or four times over the decade. A few days ago I got a letter from my new personal banker, who is based in Leicester. (A note for foreign readers: I live in the south of England, southwest of London, and Leicester is in the midlands, about 150 miles away.)
I'm note sure how "personal" this relationship will be. In any case, the last time I called (in order to get a bank loan to cover some building work we were having done) I had to go through half an hour of questions about name, address, salary, monthly outgoings etc, so having a personal banker (and having had the account for 33 years) didn't really seem to help. They still wanted to know (as my mother would always say) "the ins and outs of a cows behind" before giving me the money. To be fair to the banks, in this case, they don't want to annoy and inconvenience customers in this way, they are being made to by the government, because they have to comply with "Know Your Customer" (KYC) and "Anti Money Laundering" (AML) rules. Generally speaking, the banks do not suffer too greatly because of this as everyone has to just grin and bear it. Had I hung up in annoyance and called Bank Y (who don't know me from Adam) instead, I would still have had to answer the same questions. But there are cases where the implementation of KYC and AML rules may end up costing banks more than customers' opprobrium.
In the case of Shah and another v HSBC Private Bank (UK) Ltd, the Court of Appeal has ruled that Jayesh Shah and Shaleetha Mahabeer have the right to challenge HSBC Private Bank for having delayed a $28 million transfer... the bank asserted that it had suspected that the transaction constituted money-laundering for the purposes of the Proceeds of Crime Act 2002, meaning that the transfer had to be delayed while reported to the Serious Organised Crime Agency.
Eventually, the transaction was completed and Mr Shah claimed the delay cost him over $300 million. The claimants subsequently challenged the grounds on which the bank’s suspicions were raised but a case brought by Mr Shah for compensation was thrown out at an earlier court hearing. However, last week’s Court of Appeal ruling means that Mr Shah can now pursue HSBC for his losses.[From HSBC customer claims for anti money-laundering delay]
Interesting. As the article notes, the plaintiffs are questioning the basis on which the bank determined that the transfer was suspicious. But what I'm curious about is the cost/benefit analysis that underlays this whole raft of e-payment regulation.
According to an IFA I spoke to recently, there is not a single case of any would-be launderer being caught by this system. As you'd kinda guess, real launderers are quite capable of cobbling together the necessary fake docs, and ticking all the right boxes.[From Burning our money: A Problem With The Laundry]
So inconveniencing everyone from billionaire businessmen to peasant farmers has not caught a single money launderer? This seems statistically unlikely, doesn't it? Surely they would catch the odd one or two by accident given the enormous size of the money laundering market. The latest figure I could find (given only a quick Google, since I couldn't be bothered to go downstairs to the bookcases) shows that it's a huge and growing business.
The NCIS ‘United Kingdom Threat Assessment of Serious and Organized Crime’ in 2003 stated that the overall size of criminal proceeds in the country – and the amount that is laundered is unknown. However, customs authorities had estimated that the annual proceeds from crime in the UK were anywhere between £19 billion and £48 billion – with £25 billion being a realistic figure for the amount that is laundered each year.[From : : Money Laundering Statistics : :]
£25 billion! This is certainly an underestimate and it comes despite all of the rules imposed on the industry.
[Dave Birch] Plans are afoot in the US to increase financial exclusion by making prepaid products more expensive and less available by forcing non-bank pre-paid card providers to comply with the same rules as banks, presumably treating a $100 pre-paid card to the same degree of scrutiny and reporting as multi-million dollar bank accounts.
FinCEN has applied a limited regulatory framework since 1999 to certain prepaid products as part of the money services businesses regulations applicable to sellers, issuers, and redeemers of stored value. Under FinCEN’s proposal, non-bank providers of prepaid access would be subject to comprehensive Bank Secrecy Act (BSA) regulations similar to depository institutions.[From FinCen Proposes New Rules for Prepaid Card Programs]
Prepaid cards are already under attack from ill-thought through regulation of the payments industry anyway. This is a bad thing, because prepaid cards -- or, more generally, pre-paid transaction accounts of one form or another -- are a key tool for increasing participation in financial networks. We should be looking for ways to increase financial inclusion, not reduce it.
The Center for Financial Services Innovation (CFSI) has written to Rep. Barney Frank and Senator Chris Dodd asking that prepaid cards – including government benefits cards, general purpose prepaid cards, payroll cards – be exempt from the fee determination set by the Federal Reserve Board under pending legislation.[From Center for Financial Services Innovation Asks for Prepaid Card Exclusions]
Encouraging people to remain the cash economy does not help in the "war on terror", or the war on tax evasion, the war on corrupt politicians or anything else. There is a net social benefit to getting people to use cards instead of cash, and we should be making it is a simple and inexpensive as possible for the excluded to participate. We should be easing the regulatory burden on non-bank prepaid schemes with a maximum balance of, say under $500 or so.
[Dave Birch] A couple of years ago, I expressed some scepticism as to whether the tight know-your-customer and anti-money laundering rules would actually achieve anything and suggested that the net welfare attending a more relaxed structure might be significantly greater. In particular, I commented on the potential for mobile payments to help or hinder.
The use of mobiles to make payments is clearly a boon to terrorists (or, at least, terrorists who have never heard of 500 euro notes) as Rachel Ehrenfeld, founder of the Terror Finance Blog has noted. She calls the hook-up between the GSMA and MasterCard a “terrorist dream”. David Nordell, another finance terror blogger, says, “Person-to-person transfers via mobile phones will be almost anonymous, and completely uncontrollable unless the regulators intervene and block these new services until ways are devised to track the flow of funds.”[From Digital Money Forum: The prepaid backlash]
A year ago, I expanded on this discussion in an article for the Journal of Internet Banking and Commerce. David Nordell was kind enough to read the whole article and recently provided a considered response. I asked him for his permission to excerpt part of it and he agreed, and I think it's worth quoting a few passages in full. David says...
I’m afraid that you have reached entirely the wrong conclusions. For all that I agree that there is indeed an element of ‘security theatre’ in the regulatory regime for anti-money laundering and counter-terror finance there is also a great deal of genuine value in the at least some of the regulations, and they are not there just to oppress the general public. The amounts of money that are needed to actually carry out terrorist operations of the kind we saw in London in July 2005 or that planned against the airliners two years ago are small, in the order of a few thousand pounds, and therefore well within the range of a dozen e- or m-payments.
This is a point well taken. Suspicious Activity Reports (SARs) that focus on transactions above £10,000 will not, under any regime, actually catch any more than mildly unintelligent criminal, terrorists, corrupt politicians or child pornographers. According to the Serious Organised Crime Agency (SOCA) here in the UK, there were 228,834 SARs filed last year and of these 703 were referred on to the terrorist finance investigation. Naturally, the report can't say how many of these 703 (0.3% of the SARs filed) were actually related to terrorist activity (although it does note that one of the terrorist SARs was filed by a charity and one by an estate agent, just to indicate the spread). So far as money laundering goes, and financial crime, I can't find any figures that show whether the money spent on SARs is a good investment or not. In the Royal Society of Arts debate on white collar crime, one of the researchers put total fraud in the UK last year at about £60 billion so it doesn't look as if SARs are making much of a dent in that, although hopefully they are deterring some major crimes. David continues...
No financial intelligence unit or police force that I know supports the idea of monitoring every possible financial transaction, whether through conventional banking or technology-enabled services; and all the professionals I know in this field understand perfectly well that the SAR regime, which is based on arbitrary reporting limits, will inevitably produce far more noise than signal. However, there is a lot of value in carrying out KYC checks, in e-money services just as much as in conventional banking: these can help to provide predictive intelligence about people who may be planning to carry out financial fraud, launder money from other criminal activity, or finance terrorist operations in planning.
I wasn't not arguing that we should have no KYC checks, but what I was arguing for was a sensible floor below which KYC checks are not needed. I happened to be in a local branch of national financial services organisation a few weeks ago when, for dreary reasons, I had to get into a queue. The person in front of me in the queue was trying to send fifty pounds to a relative in Liverpool. The clerk told him that couldn't, because he didn't have a passport and a utility bill. The chap complained that he had been sending this birthday money every year for decades. The clerk was unmoved. So who benefits from this? I didn't stop the 911 terrorists (who used credit cards in their own names) or the crotchbomber (who paid for one-way air ticket in cash) or the tube bombers (who were carrying identity documents). My argument was, and is, that we should decide where the balance should be in order to get the best result for society as a whole.
My suggestion is that we fix on 500 euros as the breakpoint. People should be allowed prepaid cards, prepaid accounts, money transfer accounts or whatever with no identification provided that the maximum balance is limited to 500 euros (it is currently 150 euros) and a maximum annual turnover over 10,000 euros (it is currently 2,500 euros). This will lower costs and ease accessibility -- I might even go and get an O2 Money card -- thus achieving a variety of goals including social inclusion and reduced transaction costs for the poor.
The problem, of course, is that the existing system makes it extremely difficult to cope with forged identity papers and stolen identities, which are used in the majority of cases of serious financial crime. I certainly agree with you that AML regulations do make access to the conventional financial system more difficult for people, such as recent immigrants, who don’t have the right papers to satisfy what are basically unintelligent regulatory requirements. I’ve actually witnessed an example of the stupidity of these requirements while waiting at a counter at Lloyds Bank – stupidity that the bank official himself didn’t agree with but left the prospective customer unable to open an account. Is there a better way? Yes, but I don’t agree that it should be based on just dropping KYC requirements, because this will just encourage the growth of fraud. On the contrary, I believe it should be based on making KYC more rigorous in order to exclude as many fake and stolen IDs as possible, and then as easy as possible to use in order to make the financial system inclusive.
This is a very different approach. I didn't suggest dropping KYC requirements completely, to be fair, but I did suggest raising the requirements for the financial products that need KYC. Specifically, I suggested that there should be no KYC prepaid card or mobile money transfer accounts that have a maximum allowable balance of €500. But David's approach suggests that pursuing the "identity is the new money" meme further might be
[Dave Birch] As I said on Twitter, Australia is the Large Hadron Collider (LHC) of the payments world, where an expensive experiment is underway to smash payment card companies and retailers together at high energy. At the LHC, physicists have a number of competing ideas about how the universe might work and they are looking at the results of collisions to find evidence for one theory or another. In Australia, there are no ideas about the system should work. No-one knows what the correct level of interchange should be. But what is the experiment telling us? Well, for one thing (and this is a message that needs to be transmitted around the European Commission) it is telling us that the results of the collisions tend to be the unexpected.
Perhaps more vexing, Australian merchants, including retailers, restaurants and airlines, are imposing surcharges for each credit card transaction, even though fees the merchants pay card companies have fallen.[From U.S. Looks to Australia on Curbing Credit Card Fees - Series - NYTimes.com]
Well, well. Now this can't be because all Australian merchants are corrupt and are trying to get paid in cash in order to avoid taxes, so there must be something else going in and if I were to ask an economist about this, I suspect the answer might be something to do with the imperfect nature of the competition between payment choices at the point of sale and an information asymmetry between retailers and consumers.