What Do You Know About KYC in the Telecommunication sector?
8 January 2019, Bachir El Nakib
Regulation and compliance requirements are still evolving in many markets when it comes to mobile commerce.
This is not a new channel for operators alone: Many banks also lack experience with mobile payments, remittance and other transactions. Various government bodies that regulate both mobile operators and financial services are also learning their way around mobile. Many regulators simply rely on existing rules for older types of transactions, such as card or cash payments. Regulation of mobile commerce as an industry is still a way off.
As the line blurs between typical operator services and those that are considered to be more part of the financial services industry, operators should be careful to ascertain exactly what Know Your Customer (KYC) really means.
Mobile operators cannot just rely on the telecommunications authority rules and adopt them for mobile commerce, as many of the service offerings may fall clearly within review of the monetary authority or central bank. Mobile operators need to work with both regulators to implement a KYC process that works for their country. KYC is not just about preventing fraud: It encompasses several aspects that the consumer, service operator and even the government must be safeguarded against. Fraud is one issue, but KYC also involves anti-money laundering efforts, combating the financing of terrorism and even prevention of identity theft. These are all equally important reasons why your KYC process should conform to the rules.
KYC regulations vary from country to country, so there are no global standards to adopt. In the United States, for example, KYC policies typically include a customer identification program, as mandated by the Bank Secrecy Act and the US Patriot Act. Even these rules require interpretation of exactly how they should be implemented. Some systems are as simple as a thumbprint and a photo sent to the central bank; more complex systems can include a “points” system that requires users to provide several documents to prove their identities, with a minimum number of points to qualify. There are even partial-KYC and full-KYC implementations.
Emerging Markets on the Leading Edge
To a certain extent, the emerging markets have led the way when it comes to KYC. In most developed (and highly banked) countries, most of the population has already been through some form of KYC. Citizens of developed countries typically have several forms of identification (such as a passport, driving license or utility bills). So KYC in developed countries merely needs to emulate established procedures for opening a bank account.
Many mobile operators also are forced to perform KYC these days, because it is important to know who is using prepaid phones and for what purpose. However as a mobile operator, the KYC you perform to identify a customer is not necessarily up to the same standard as a bank performed KYC process.
In contrast, it is a much bigger challenge to perform KYC on a resident who has no identification and may also be illiterate. This is where many operators, banks and even central banks have had to really look at different ways to implement KYC for mobile commerce, as they simply cannot follow rules that may be in place for a “banked” customer.
Most people who have a history of banking, paying bills, driving and so on typically end up in one or more databases that attest to attributes such as their creditworthiness. It is easier to perform KYC tests on people who have this kind of paper trail. People who have never paid their bills by electronic means (such as credit or debit cards or the Internet) are not documented via trusted sources such as the credit-reporting agencies, making it harder to find reliable data about them. This makes it even more important for mobile commerce service providers to ensure that their KYC process is thorough and that they truly do “know your customers.”
Another advantage that banks have is that in a typical bank branch, the staff performs KYC checks on people opening bank accounts. Mobile operators typically have a large network of agents. While this is a good thing for mobile commerce business, for things like cash out, payments and remittance, it represents a challenge in the KYC process. As mobile operators in emerging markets have grown, so has their agent base. Many of the strict trading rules and regulations that govern retail in the established economies are still not present in the emerging markets. It is not uncommon for a high percentage of fraud to take place in the emerging markets, as the retail network itself is still in its infancy.
Hence, it is very important that the agent network is capable of performing the KYC process correctly and that the service provider minimises the risk of rogue agents poorly performing a KYC— or worse, performing outright fraud.
In emerging markets, regulators have had a real challenge in devising KYC processes. Typically they have emulated e-money or similar regulations, not just in the KYC registration process but also in the limits that are typically placed on these systems. Limits have been set for the amount of money that can be transferred per day, the number of transactions that can be performed, and more.
Most regulators, be they banks or telecommunications, post their guidelines for KYC on their websites. However they are a moving target and at best open to interpretation. So a team approach is best.
Perhaps your KYC implementation will consist simply of a photograph or a signature taken on a mobile device and stored in a database—or it could be a points system that requires some compliance; either way, it is a crucial step in the mobile commerce process. Time and care should be taken to reach out to regulators before you finalise your mobile commerce plan. Also, be prepared to adapt as the regulatory framework evolves.
To meet AML/CFT requirements, lawyers need to :
- Appoint a Compliance Officer
- Undertake a risk assessment of their business. This will enable lawyers to identify the risk of money laundering in different aspects of their practice. The level of risk identified will determine the particular compliance steps a lawyer must take in relation to a particular client matter.
- Prepare a compliance programme which includes internal procedures, policies and controls to detect and manage the risks of ML/CFT
- Ensure they know their clients by undertaking customer due diligence (CDD). This includes verifying the identity of their clients and in some cases the sources of client wealth or funding for a transaction. It also includes on-going account monitoring
- Report suspicious activity through filing a Suspicious Activity Report (SAR) with the Police’s Financial Intelligence Unit (FIU).
- Submit an annual report to the DIA which is the AML/CFT supervisor for the legal profession.
- Arrange a bi-annual independent audit of the firm’s AML/CFT compliance programme.
- Establish a recording keeping system.