As digital payment penetration and volumes continue to grow fast, digital payment service providers (PSPs) have become important players in the global financial ecosystem. However, this sector is still considered to be a weak link in addressing systematic risks, upholding anti-money laundering (AML) prerogatives and combating the financing of terrorism (CFT).

Digital PSPs face multi-fold challenges today. They often have to deal with a more fragmented regulatory landscape compared to traditional financial institutions (FIs), such as banks, where regulators impose different licensing and regulatory oversight requirements. As a result, digital PSPs become more vulnerable targets for criminals who have the capabilities to exploit this “regulatory arbitrage”. In addition, there are unique risks and challenges emerging in the digital era that require further attention, such as handling high-volume short-turnaround-time transactions, detecting digitally savvy “money mules”, managing the risks of cryptocurrency-related payments, and more.

Given the ever-increasing scrutiny from regulators globally, the stakes are high for digital PSPs to step up their AML/CFT measures. Beyond their own financial and reputational risks, digital PSPs also face the possibility to be “de-risked” by other players in the broader financial ecosystem, such as banks, that would cease to work together with non-compliant or high-risk players in the payment sector.  It is therefore essential for digital PSPs to act now to address their AML/CFT challenges. 

Future-proof enablers for digital PSPs

As financial services firms’ business models and ways of serving customers have evolved toward a digital landscape, risk management and compliance should not be left behind. Leveraging data and technology to better address the existing and emerging risks will be critical for a more risk-robust, compliant, and scalable digital proposition. Digital PSPs — and the wider digital banking community — can follow these three building blocks to help uplift and future-proof their capabilities.

1. Rules-based to risk-based, analytics-enabled monitoring approach

Digital PSPs can leverage advanced analytics, such as machine learning, to move from a rules-based to a risk-based approach on transaction monitoring. This would help optimize the PSPs’ resource allocation to high-risk cases while minimizing the volume of false-positive cases.

There are many examples of this: a machine learning-based behavioral analysis and anomaly detection which helps identify financial crime patterns by creating triage-level alerts based on risk levels, a dynamic customer risk assessment which combines historical and real-time transactional behavior with external data verification and existing rules-based alerts to calculate individual risk score, and a network analysis leveraging large volumes of payment data to identify clusters of linked accounts within the PSPs’ customer base.   

2. Automation at scale to manage costs and uplift efficiency

The sheer volume and scale of digital operations make traditional, manual-based controls and testing less applicable to digital PSPs. Digital PSPs therefore need to think through their end-to-end workflow automation and case management flow, including exploring digital solutions on “know your customer” (KYC) and risk assessments, and data extraction and ingestion to quickly aggregate disparate information sources together so as to supplement post-scenario analytics and investigations.

3. Control by design by embedding AML/CFT checks in the customer journey

Digital PSPs, as well as broader digital banks, need to consider AML/CFT controls as an integral part of their digital customer experience design. Examples of this can include changing the sequence of the controls to decrease churn and optimize lead times along the customer journey, improving data capturing by deriving or extracting instead of asking for input from customers, and leveraging external data sources to cross-reference digital customer touchpoints.

While the above enablers are critical and innovative ways to address the emerging challenges, it is important to start the whole uplift journey with a comprehensive assessment of risk. By doing so, digital PSPs can properly understand where their challenges lie and the specific regulatory expectations they need to meet.

Additional contributor Jacky Tam, engagement manager at Oliver Wyman.