Internet financial services have been in the world for years. As a result, criminals have taken advantage and used these services to facilitate money laundering and other financial crime. The following article will discuss how criminals use internet financial services and what China is doing to prevent crime in this realm.
The Internet Finance Business Is Developing Rapidly Worldwide
In the 1960s, American Airlines and IBM used a computer to create an airplane booking system composed of more than 2,000 terminals across the U.S., a rudimentary version of a remote information-processing, resource-sharing platform. Fast forward to the 1980s and information technology is being gradually integrated into various fields such as manufacturing, energy, trade, medical care, transportation, finance and public services, and presenting many new development models and business forms.
Regulating internet finance has become a key focus for regulatory agencies worldwide
In the 1990s, the first pure internet bank, Security First Network Bank, was established, launching a new era of digital finance. Subsequently, peer-to-peer (P2P) lending rose and the internet began to penetrate the traditional financial services industry. Online wealth management, online insurance, online payment, e-commerce microfinancing, crowdfunding and other subdivisions of the digital financial model offered consumers more choices for financial services.
In the 2000s, internet finance boomed and improved the efficiency of financial services by reducing transaction costs, meeting diversified investment and financing needs, and improving the inclusiveness of microfinance and rural finance. However, throughout its rapid development, there was an increase in market penetration as well as constant violations of laws and regulations. Now, regulating internet finance has become a key focus for regulatory agencies worldwide. In an interview, the National Internet Finance Association of China (NIFA) concluded that, “the illegal nature of money laundering, terrorist financing activities, social harm, and behavioral patterns remain similar across the fields of internet finance and traditional finance. The basic ideas, methods, and techniques of anti-money laundering and anti-terrorism financing are also interchangeable.”1
Criminals Favor the Rapid, Convenient and Customer-Oriented Model of Internet Financial Services
The following are the main reasons why internet financial services have become a high-risk area for money laundering.
The Services Are Not Conducted in Person
Digital transactions are based on a virtual environment, using authentication instead of human encryption technology. This protects customer privacy to an extent, but also causes the subject of the transaction to become virtual, which allows criminal behavior to be more covert. In the internet insurance business, the customer does not need to communicate with sales personnel face to face. Instead, a policyholder can apply for insurance by logging onto a website to select a product, fill in an application, pay the premium and download the policy. Often there is no effective verification of the name, ID number, contact details, contact address, occupation, residence, and relationship between the policyholder and the beneficiary the customer enters on the website, making it easier for money launderers to conceal criminal funds.
Internet Financial Crimes Are Unconstrained By Time and Space
The internet is open to all countries and their citizens. Any computer with internet access can engage in network activities without geographical or temporal restrictions, and the effect can be felt directly in the domain of another country or multiple countries at any time. For example, money laundering through the internet circumvents the traditional financial industry’s restrictions on transaction time and location. Money launderers could extract the proceeds of crimes at any time and any place, through online payment and other means.
The Ease of Transactions Facilitates Criminals’ Actions
Due to the immediacy of the internet, criminals can easily make several monetary transfers over a short period of time. Shorter crime durations, increased speed of fund movement, as well as more convenient cross-border fund transfers have reduced the cost of money laundering for criminals, made fund audit trails more complex, and resulted in greater difficulty for cross-jurisdictional law enforcement investigations. For example, cross-border credit card fraud is a new type of criminal activity in which criminals obtain the credit card information of others in one jurisdiction, make counterfeit cards based on that information, and then make unauthorized transactions or commit online payment theft in another jurisdiction.
Open Data and Big Data Development Have Become New Targets for Criminals
Open data has led to more diverse data development scenarios, and the conflict between the enormous value of data in various industries and the protection of privacy has become increasingly prominent. Criminals use various strategies to steal, transfer or claim data, and they as conduct blackmail, extortion and fraud using data. Illegal intermediaries can purchase personal information and data on the internet and use facial recognition data, bank cards, ID cards and other documents to apply for loans. There have been many cases of loans or overdrafts using fake cards on the internet.
The lack of compliance and risk control personnel at fintech companies is the reason for their generally inadequate risk prevention capabilities
Companies Engaged in Internet Finance Do Not Have Rigorous AML and Anti-Financial Crime Capabilities
Companies engaged in or carrying out internet-finance-related businesses can be broadly divided into two categories: traditional financial institutions (FIs) and financial technology companies.
Traditional FIs have a higher awareness of compliance and have more comprehensive and robust risk management measures than fintech companies. However, most of the AML personnel in FIs come from financial or legal professional backgrounds, thus they cannot sufficiently analyze and understand forward-looking technologies. They are also not as strong in foreseeing risks related to internet financial products and have less ability to respond to and handle unexpected risk events. Both prevention control measures and ex post facto monitoring need to become more targeted and effective.
On the other hand, fintech enterprises are mostly set up by internet companies. They emphasize customer service, financial segmentation and product innovation. They do not pay enough attention to the risks associated with the financial nature of products and services. The lack of compliance and risk control personnel at fintech companies is the reason for their generally inadequate risk prevention capabilities.
China’s Practices in Tackling Internet Financial Money Laundering and Prevention of Financial Crime Risks
Sound Regulatory Framework
Institutions engaging in internet financial business in China must obtain approval from, or be registered with, the competent authorities before they can establish and operate internet financial businesses. They generally fall into two broad categories. The first category is FIs that conduct internet banking business and the second category is enterprises engaged in internet financial services.
The People’s Bank of China serves as an industry leader by supervising internet FIs in fulfilling their AML obligations, as well as formulating relevant regulatory rules. The Ministry of Public Security takes the leading role in fighting internet financial crimes.
The People’s Bank of China established the Internet Financial Anti-Money Laundering and Anti-Terrorist Financing Network Monitoring Platform (hereinafter referred to as the network monitoring platform) to improve its online AML monitoring mechanisms and enhance information sharing.2 Branches of the People’s Bank of China and the China Anti-Money Laundering Monitoring and Analysis Center (China’s financial intelligence unit) may use the data and information from the network monitoring platform within the scope of their responsibilities.
China’s Measures for the Administration of Anti-Money Laundering and Anti-Terrorist Financing for Internet Finance Practitioners (Trial Implementation) details the obligations of internet finance practitioners with regard to AML and counter-terrorist financing (CTF); internet finance practitioners must take effective measures to identify customers, actively monitor and report suspicious transactions, adequately preserve customer information and transaction records, and implement a monitoring list for targeted sanctions.3
Furthermore, regulators have strengthened the AML requirements for internet companies within traditional FIs. FIs are expected to sign cooperation and agency agreements that include AML and financial crime prevention requirements in accordance with relevant laws and regulations when collaborating with internet companies. They should also ensure that the AML and financial crime enforcement standards are not lowered due to cooperation and agency relationships.
Synergistic Strength of Industry Associations
NIFA was established on December 31, 2015, thus creating a national self-regulatory organization for the internet finance industry. Since its establishment, industry rules applicable to the implementation of these measures by various types of institutions engaged in the industry have been formulated and published. These include provisions to cooperate with the People’s Bank of China and its branches to perform online and offline operations related to AML, conduct money laundering and terrorist financing risk assessments, and issue risk assessment reports as well as risk warning information. NIFA also promotes the development and implementation of self-regulatory conventions on AML and CTF by various types of institutions.
Regulators have strengthened the AML requirements for internet companies within traditional FIs
In June 2019, NIFA released the “Manual on Risk Management and Internal Control Framework for Internet Financial Practitioners Against Money Laundering and Terrorist Financing” (the Manual), which summarizes the best AML practices for domestic and foreign enterprises.4 It also integrates the latest developments of internet finance and AML work, a reference for practitioners to carry out AML risk management systems and construct of internal controls.
To promote AML and CTF information sharing in internet finance, NIFA built an internet network monitoring platform. Regulatory authorities, institutions and self-regulatory organizations can exchange AML work information through monitoring platforms, share work experience, jointly discuss industry problems, develop AML compliance technologies and tools, and share relevant data resources while complying with relevant confidentiality system requirements.
NIFA has established a standard platform for internet financial identity verification. One end of the platform connects data sources of various channels and the other end connects with over 400 internet finance enterprises in China. Through collaboration between associations and relevant mainstream channels, it integrates ID information, operator information, bank card information and a variety of authentication channels to achieve identity verification. The platform can now verify capabilities on 13 interfaces in five aspects, namely citizenship information verification, bank card account information verification, network operator information verification, digital certificate verification and facial recognition. The platform is connected to commercial banks, third-party payment processors, internet lending information agencies and other institutions to help perform customer identification tasks effectively.
Institutional Investment in AML Science and Technology
The Financial Action Task Force (FATF) has been encouraging countries to reduce the risks posed by financial innovation and take full advantage of new technologies to implement preventive measures more effectively. In terms of the internet finance business, Chinese FIs (as well as fintech companies) place great emphasis on investing in technology to fight money laundering.
In the traditional banking industry, the Industrial and Commercial Bank of China was the first to implement a corporate application of process robots with a comprehensive artificial intelligence (AI) platform that covers mainstream AI technologies such as perception, thinking and control.5 Ping An Bank has world class facial recognition technology (recognition accuracy of 99.8%), voice recognition technology (recognition accuracy of 99.7% within one second) and micro-expression recognition technology (recognition accuracy of 95.8%, ranked first in the One-Minute Gradual [OMG] international micro expression evaluation), which have been successfully applied in AML risk management.6
AML work in the internet finance industry is still in its infancy worldwide
In the financial technology industry, the Ant Group leveraged smart data investigation and applied smart screening methods upon discovery of suspicious transactions, thus greatly improving efficiency and reducing false alarms.7 LianLian Pay has developed AI technologies such as biometric authentication, AI+brain and semantic recognition for voice systems, thus creating a risk diagram of customers, products and businesses that greatly reduces the difficulties and pain points of risk adaptation.8 Tencent’s TenPay uses big data and AI to verify users’ real identities, track transaction paths, identify transaction risks and implement intelligent AML practices. In 2019, TenPay, through big data screening, discovered that criminals had used pornographic services, online dating sites and other methods to induce victims to scan fraudulent payment QR codes. When the user would click on the receipt page, it would show payments of 8 or 6 yuan ($1.1 or $1), when the actual payment made was 800 or 600 yuan ($110 or $100). Through highly deceptive sourcing methods, recruited users would be induced to click on fraudulent links for external promotions and lured to make payments.9
AML work in the internet finance industry is still in its infancy worldwide, and overall the industry has not yet formulated a set of mature AML risk control and compliance technology systems. Many technologies and methods are still subject to further testing in the market. It is helpful to refer to the AML practices of internet finance in China while implementing these systems.
Lynn Li, CAMS-Audit, AML Director—China, ACAMS, China, firstname.lastname@example.org