How Payment Service Providers Can Shape Their Anti-Financial Crime Strategy


Posted on by Isla Sibanda

Technology is increasingly accessible and democratized. Everything is becoming commercialized, packaged, and sold for consumption. The common thread? Rapid creation and expansion of payment service providers (PSPs).

Before, behemoths like Visa, American Express, and Mastercard dominated the PSP landscape. Gradually, challengers to these incumbents, like PayPal and, later, Stripe Inc, rose to face the old guard head-on. Today, innumerable PSPs are rising from the ashes of the pre-pandemic world to meet a new series of challenges with often-novel solutions. Here are a few:

  • Increased globalization and expanded remote work mean that currency transactions are a norm, and markets are increasingly intertwined despite physical non-geolocation.

     

  • New and nascent generations are increasingly tech natives who know only digital PSP services; digital adoptees in older generations are on the rise.

     

  • Companies realize the legacy payroll, invoicing, and billing methods are needlessly expensive as they’re effectively subsidizing third-party buildings, staff, etc., that don’t improve the end product compared to digital PSP solutions.

So, to meet these and other needs, more PSPs are arising throughout the world. Unfortunately, some rush to market and fail to do essential due diligence on best security practices. To remediate that issue before it becomes a legal quandary, here are some strategic big-picture considerations for PSPs shaping an anti-financial crime strategy.

Compliance

First, firms must understand the legal and regulatory framework they operate under. These frameworks vary by locality, so it’s important for PSPs to know their requirements and the regulatory landscape as increased focus shifts to financial crimes. The United Nations’ most recent estimate pins money laundering values at 5% of the global GDP, or nearly $2T. This global rise means international scrutiny at all levels, and PSPs are the first that agencies interrogate when a crime is suspected.

No matter the PSP’s core business, whether facilitating personal loans for low-credit families, helping overseas workers send money home, or one of many other innovations, the actual core of a successful PSP is compliance.

Assess Risk in Specific Context

Often, PSPs adopt a broad and undifferentiated approach to risk assessment and management. This means they take an industry-standard product, slap their logo on it, and call it due diligence. This was never acceptable and is now becoming increasingly exposed.

Firms must know and understand the financial crime they are most exposed to and have the highest likelihood of being part of. These considerations can include currency denomination, anonymity controls, and region. Thus, a good understanding of the criminal landscape is critical. A third-party consultant is likely the best bet to conduct a thorough analysis of this type.

After analysis, PSPs must effectively implement controls. An implementation best practice includes segmenting clients and transaction flows. With the sheer amount of data available, it is best to assign a machine-learning algorithm to simulated or real-life cases of financial fraud to identify trends.

Then, using the data, PSPs can home in on the flagged transactions and customers indicated by the modeling. This helps make monitoring for financial crime manageable and more time-efficient for all involved while also increasing the likelihood of capture before it becomes a problem for the PSP.

Make a Playbook and Follow It 

Often, newer PSPs freeze in the face of substantial financial crime and need help knowing how to proceed. Even with a series of pre-determined controls and actions in place, some have never seen the process executed, and inefficiencies or missteps grind the measures to a halt. 

Compared to banks operating in a rigidly vertical transactional and managerial hierarchy, many PSPs are nimble and flexible. This is a clear benefit when considering innovations like deferred payment structure, invoicing, and cross-border transaction facilitation. But this can be a detriment when reacting to financial crime, as “is that my job” becomes a common refrain during a crisis. 

This is why a clear delineation of responsibility and requirements is critical before a financial crime happens. And it is insufficient to have a playbook handed to employees during onboarding and forgotten until a crisis. These steps must be iterated without notice as if an actual crime was occurring. This battle drill-style approach is the only way to effectively identify and fix issues in sequencing or reaction before it’s too late.

Create a Culture of Iterative Risk Management 

Finally, newer PSPs must operate within a cultural framework of managing risk. While innovative and novel solutions to uncommon problems might be the driving ethos behind operations, risk management must be the driver of success. 

Analytics and data let PSPs understand broader spectrums of customer behavior better than ever before, and that can also enable iterative learning—modeling past incidents, reactions, and results to improve systems is critical under a construct of risk management. But in the end, the human capital factor is vital. Without executive emphasis, there will be no employee buy-in and, ultimately, disaster and dissolution for the PSP, ill-prepared to face financial crime. 

 


Contributors
Isla Sibanda

Freelance Writer,

Anti-Fraud

secure payments & cryptocurrencies risk management virtualization, containerization & segmentation government regulations compliance management controls

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs