Asia’s move into the real time payments space will open up a whole new world of convenience for consumers and banks alike, but will it also make them vulnerable to threats? Xiou Ann Lim reports
It has been an interesting and rocky 2016 so far for the payments space in Asia. Recent developments in Bangladesh, Vietnam and the Philippines have exposed vulnerabilities within the SWIFT network. The Monetary Authority of Singapore’s (MAS) decision to shut down operations of Swiss private bank BSI in the city-state following its involvement with scandal-ridden Malaysian fund 1MDB through money laundering activities has also uncovered weaknesses within the system despite having anti-money laundering (AML) checks in place.
Coming at a time when Asia is on the cusp of a purported revolutionary real time payments era, this begs the question of whether the industry is ready for it.
Brett King, author of Bank 3.0 and founder of Movenbank, is of the opinion that the industry is consumer-driven and will remain so. Comparing the convenience and immediacy of M-Pesa in Kenya to writing cheques that take three to five days to clear in the US, he says consumers look for efficiency gains and technology that “takes friction out of the system”.
“The basic ecosystem has to be real time,” he emphasises. That may be so, but is security keeping pace with innovation to ensure that all parties are protected? According to Jan Bellens, EY Asia-Pacific banking and capital markets and global emerging markets leader, typical anti-fraud tools and processes currently utilised by banks are not equipped to manage real time payment fraud.
“You cannot have faster payments without orchestrating a very careful fraud risk management programme,” he says.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataFacilitating almost instantaneous fund transfer presents new challenges for managing fraud risk.
“For instance, banks would no longer have time to filter through transactions to identify those that need to be reviewed manually for potential fraud, as customers now expect almost instant confirmation that their funds have been sent or received,” Bellens explains.
“The better banks are obviously cognisant of the associated risks and paying attention in ensuring that their people, processes and technologies are scaling up – and in integrating their risk controls and protocols for real time payments with the rest of their existing fraud infrastructure,” he observes.
Risk mitigation
In order to deploy faster – but still secure – payments, Bellens believes that comprehensive monitoring and detection are needed to identify unusual financial activity and then fast-track compliance.
“This includes usage of strong dual-factor authentication along with comprehensive tools for real time behavioural analysis against customer’s typical historical activity to identify suspicious activities,” he continues.
Given the evolving and growing nature of financial crime, Bellens says that a proactive AML capability with centralised control and standardised investigation processes as well as advanced analytics with expertly defined rules and custom-trained neural network models are also critical to detect and respond to increasingly complex cross-channel fraud and AML cases.
Meanwhile, Chrisol Correia, director of international AML compliance at LexisNexis Risk Solutions, says it is increasing dialogues with banks, payments companies and other financial services businesses about the global need for economic inclusion and transparency. “They are two sides of the same coin,” according to him.
“When more people – and non-human entities such as small businesses – are included in the financial system, financial services companies are better able to identify bad players,” says Correia.
He adds that payments companies must be able to identify and assess risks promptly and effectively without causing avoidable customer friction to accomplish the goal of economic inclusion and transparency.
“Using proven technology and data enables these processes to take place in seconds, allowing payments to customers to transact quickly,” he elaborates, adding that the ability to link people together and people to businesses through the use of analytics also helps to mitigate risks.
LexisNexis Risk Solutions recently deployed intelligence tools through Terra – a mobile-first payment network – to monitor transactions for risk in real time. The LexisNexis financial crime control framework enables payment companies to onboard and service customers by providing risk insights to comply with international compliance regulations.
This capacity enables payments companies to address global opportunities in providing payment services to customers that do not participate fully in the formal banking system in a way that prevents criminals or terrorists from abusing its products – in other words, economic inclusion and transparency.
The cost of compliance
Will real time AML checks add on to the already escalating compliance costs?
AML compliance spend is set to increase 20% in Asia this year, according to LexisNexis Risk Solution’s True Cost of AML Compliance: Asia Edition.
“But that spend enables companies to operate more efficiently, which will reduce costs over time,” counters Correia.
“It’s more costly to not invest in compliance, when you think about enforcement fines – which we’ve seen reach into the billions of dollars, as well as reputational risk,” he adds.
With real time payments, authenticating and verifying all the information before a payment is approved has to be done quickly – but security cannot be compromised for speed.
“Therefore, increased compliance expenses are unavoidable if the country’s banking sector wants to move toward faster payment and keep pace with the global market and countries like Sweden, Singapore and the UK that already offer that option,” says Bellens.
Asia’s readiness
Bellens thinks there are a number of hurdles to clear before Asia is really ready for real time monitoring. He says: “There are infrastructure challenges from legacy technologies, funding issues, perhaps even a lack of senior executives’ buy-in, limitations in direct connection to the automated clearing house rails, and the sheer volume of various payments transactions that have to be monitored.”
Bellens believes these issues make real time AML checks impractical even in developed countries – let alone emerging markets.
“We would expect this to be a measured process, especially as banks also need to deal with internal friction, talent shortages, and factor in challenges with organisational culture and acceptance,” he says.
Meanwhile, Correia thinks that different regions around the world and different industries are at different maturity levels in terms of the technology and data that they are using.
“Asia is no different, in that there are institutions with very advanced AML controls and others that are just starting to implement this compliance infrastructure,” he says.
But he also believes that some Asian banks may have a strategic advantage in that they are unencumbered by old systems that are difficult to manage.
“Some institutions have started to develop their own tools using in-house IT resources, while other companies are looking to proven technology that is already being used by the biggest banks in the world and that regulators already know and trust,” Correia adds.
How regulators in Asia can help
Bellens believes that if markets are pushing for faster and more secure payments, respective central banks need to expand their operational oversight where required.
“We’d like to see regional regulators actively engage with payment stakeholders – for example via a faster payment or payment security task force – to incorporate their feedback on payment system improvements,” Bellens adds.
“Discussions should cover core infrastructure, security and operational changes to interface with the infrastructure, projected cost, and time to implement.”
Bellens also says regulators need to coordinate with the security task force to focus on solutions for fraud risk reduction and support the adoption of relevant payment security standards, such as the ISO 20022 standard for greater end-to-end efficiency for domestic and cross-border payments.
Apart from that, he thinks some other initiatives that will help include channelling investments towards payment security research and sharing the results with payment stakeholders, as well as expanding on publicly available payment fraud data.
The prescription
Correia says companies offering payment services must fully understand their compliance obligations.
“Fintech firms entering this space often assume that banks are responsible for ensuring compliance with AML regulations, but this is not the case: best practice is that all customers must be checked for AML risk before they start to transact,” he adds.
But not only do all parties have to chip in, there must be collaboration too – and “the core issue is in getting payments providers and institutions to collaborate”, according to Bellens.
“I think mandates or regulation can kick-start that integration, so regulators need to encourage payment stakeholders to initiate discussions on how they can collectively undertake improvements to their payment systems”, he advises.
Correia also emphasises that the Asian landscape is very complex and that the regulators are stepping up enforcement: “Just look at the recent BSI situation in Singapore,” he points out.
“Asian banks are investing in compliance technology, data and analytics so that they can operate more efficiently and be more productive,” he observes, adding that they also see some very positive regional initiatives aimed to support more international regulatory cooperation and the cross-border transfer of data, so that financial crimes can be detected more quickly and efficiently.
Bellens agrees: “This requires collaboration along every part of the payments value chain – from the issuers to the acquirers, processors, switches and merchants.
“One way to reduce fraudulent transactions and further refine fraud strategies in a more cost-effective manner is by collectively engaging a data-sharing service provider to support multiway, near-real time exchange of information for faster detection and response to suspicious transactions.”
But whatever the remedy, real time payments are here to stay. As King puts it: “As a consumer, I don’t care about AML until my funds are stolen.
“Most people are not going to be affected by it most of the time, so the utility is going to outweigh concerns on security and these concerns will not slow its adoption.”