Author’s note: The discussion of “fintechs” in this article will be referring to digital bank accounts (e.g., Monzo) and other e-wallets account services (e.g., Apple Pay).

Fintechs are digital bank accounts and e-wallet services. There are more and more digital players in the market offering payment accounts, money pots or remittances services. What is new is that end-user adoption is growing quickly too.¹ There is not a week without the media mentioning that challenger banks (aka “neo banks”) like Monzo, Revolut or N26 are increasingly enrolling more and more customers.²

At the same time, the number of customers that traditional banking institutions are losing does not seem so alarming. So what is happening? Why is there no net transfer from traditional banks toward fintechs?

Some of the reasons cited by end users for adopting fintech accounts include the ease of use, competitive prices and better quality of service

Customers are adopting these new payment systems and platforms without leaving their traditional bank.³

Most can think of reasons depending on their own situations and behaviours as to why they should keep both a traditional bank account and a fintech account. Indeed, many of the people deciding to switch to fintech banking simply do not close their “traditional” bank accounts but rather maintain both for different reasons.For instance, users may need a way to fund their fintech accounts, thus making their traditional bank accounts just a way to funnel funds into their digital accounts, or their traditional bank proposes services that their fintech account providers do not yet provide, such as investment, loans, etc. Another reason could be if users do not yet completely trust their fintech account provider. In the European Union (EU), until a fintech account provider gets an actual banking licence, the funds deposited by their customers are not guaranteed through the EU deposit guarantee schemes,⁴ which protect depositors’ savings by guaranteeing deposits of up to €100,000.

On the other hand, some of the reasons cited by end users for adopting fintech accounts include the ease of use, competitive prices and better quality of service.⁵

But could the myriad of new alternatives that allow anyone to open a fintech account and be granted with payments (typically, a payment card) in a matter of minutes be facilitating financial crimes?

Raising Awareness on the Use of Fintechs for Possible Financial Crimes Purposes

How many readers already have a fintech account? Anti-money laundering (AML) professionals may be curious about these (sometimes only supposedly) disruptive ways of conducting customer registration, ID collection and vertification, and in general know your customer (KYC) and may even have more than one fintech and/or challenger’s account. But what information is being requested when registering for a new account?

Basically, the same information amongst the different providers: personal data supported by a government-issued ID and sometimes a national tax ID supported by nothing.

One can virtually open as many accounts as there are fintech providers able to do so (essentially providing you with an international bank account number).

What is the difference between regular or more traditional banks, financial institutions and fintechs?

Opening a bank account in a country one does not reside in and/or where one’s salary is not domiciled takes no more than a few minutes.

In fact, in most EU banks despite being an EU citizen, the following information is requested when trying to open a bank account as a local non-resident:

• Proof of employment (work contract or proof of company incorporation, if self-employed)
• Proof of registration (with the local authorities) within the country
• The regular set of information and documentation (usually consisting of an ID and a proof-of-address)

A Temptation for Criminals to Abandon the Traditional Banking System

The recent media headlines will not contradict this fact: traditional banks are under strong pressure from the authorities to beef up their AML controls.

Emerging payments players from their ends—although they do not evolve in a lawless area since they need licenses (mostly payment institution or electronic money institution licences)—still take advantage of the EU regulation through the passporting mechanism, allowing them to operate in any European Economic Area while being supervised in another.

This consequently makes it much more difficult for both home and host regulators to supervise their activities across the EU, especially without an EU-wide supervisor. Financial criminals know this.

For example, a criminal could be willing to evade €100,000 of illegally obtained funds going through the easy account-opening process described earlier. Opening 10 accounts with 10 different fintech account providers, each licenced in different EU jurisdictions, would take them no more than 5-10 minutes per account with a smartphone and an ID. Now, even if the fintech does its job in terms of anti-money laundering/counter-terrorist financing (AML/CTF) measures, there is a high probability that the criminal would not be asked for more information nor documentation if they deposit up to €10,000 in each of these accounts.

Going one-step further, imagine that the amount to be evaded by the criminal would no longer be €100,000, but rather €1,000,000. The criminal would still open 10 different accounts at 10 fintechs, again each licenced in different EU jurisdictions, but instead of depositing €10,000 in each, they would deposit €100,000 structured into several smaller deposits.

Hopefully, this would trigger alerts within the fintech’s monitoring systems. The criminal may even be asked to justify the source of these funds with further documentation. On top of that, the AML teams of fintechs may even fill and submit a suspicious activity report (SAR) to their local financial intelligence unit (FIU), but then what?

Ten different FIUs located in 10 different EU jurisdictions may be notified independently that one individual is conducting structured depositing into a licenced fintech account (e.g., Types of licenses: PI, EMI, specialised bank), within their jurisdiction.

Given the current workload of FIUs across Europe, the chances of a further investigation being triggered based on this piece of information—in isolation of what may have happened in other European countries—is very low.

Moreover, local FIUs within the EU still cannot rely on an EU-wide FIU that would centralise the information received from across member states.

Now the financial crime risks that these fintech/challenger banks pose are clear through the ease of opening multiple accounts all over Europe in a matter of minutes.

Virtual Assets: A Legal Uncertainty That Benefits Criminals

Imagine that the fintech account providers discussed are, for the most part, regulated entities and as such, must abide by the same AML/CTF requirements as regular banking institutions. This is not yet the case across the EU for virtual asset providers (exchanges, wallet providers, etc.). Consequently, the following measures considered for fintech providers may not necessarily be applied by these players:

One can virtually open as many accounts as there are fintech providers able to do so

• KYC/customer due diligence
• AML/CTF transaction monitoring
• SARs

In fact and fortunately, the main virtual assets providers already do so. This does not just happen because these are “nice people” but because without it, they would have little to no chance of working with any of the financial institutions they partner with (acquiring banks, commercial banks, etc.) to facilitate their activity.

What are the possible solutions to tackle this new threat?

From the Authorities’ Perspective

Despite the successive versions of EU AML Directives—since there are still quite a lot of differences among member states in terms of AML/CTF regulations and their enforcement—the EU passporting system could actually be weakening the overall AML/CTF measures.

To mitigate the risk of dirty money circulating via various online payment players that are sometimes not very vigilant and/or sufficiently controlled, one of the solutions would be for EU authorities to strengthen the powers of national supervisors. In addition, the creation of a common EU-wide supervisory body could allow the transition from a somewhat standardised regulatory framework to a possibly more standardised law enforcement policy.

From the Fintechs’ Standpoint

As previously mentioned, the typical use of fintech accounts is as a complementary account rather than as a main account. Therefore, monitoring patterns and alerts can be subsequently designed.

As an example, if it is known that most customers fund their fintech accounts with their regular bank account and then use the balance to initiate direct in-app transfers to their friends and family, then questioning those who only receive funds from accounts they do not own (which they directly transfer to other accounts) without making any other use of fintech products makes sense.

Conclusion

Fintech account providers (fintechs) and emerging payment systems are fascinating in that they are demystifying financial products, opening the competition in the financial services’ ecosystem (which was closed for a long time) and are ultimately putting customers back at the heart of the service provision.

Nevertheless, technology, innovation and disruption must not make one forget that these rising players are still fairly new when it comes to having a “culture of compliance” or operating within ever-evolving regulatory environments.

The typical use of fintech accounts is as a complementary account rather than as a main account

Thus, while regularly discovering new weaknesses and failures of wellestablished EU banking institutions, do not forget that these new entrants, as positive and well-intentioned as they might be, should also be closely monitored.

Alexandre Pinot, CAMS, head of Vilnius office and MLRO, SONECT Europe, Vilnius, Lithuania, alexandre@sonect.ch

1. “EY Fintech Adoption Index 2017: The rapid emergence of Fintech,” EY, 2017, https://www.ey.com/Publication/vwLUAssets/ey-fintech-adoption-index-2017/$FILE/ey-fintech-adoption-index-2017.pdf
2. “Neo and Challenger Bank Customer Base to Grow by 50.6%, Globally, by 2020,” Allied Market Research, https://www.alliedmarketresearch.com/press-release/neo-and-challenger-bank-market.html
3. Oliver Smith, “A Million U.K. Consumers Just Switched Their Bank Accounts—But Not To Fintech Challengers” Forbes, 26 July 2018, https://www.forbes.com/sites/oliversmith/2018/07/26/a-million-u-k-consumers-switched-their-bank-accounts-but-not-to-fintech-challengers/#555dd6071205
4. “Deposit guarantee schemes,” European Commission, https://ec.europa.eu/info/business-economy-euro/banking-and-finance/financial-supervision-and-risk-management/managing-risks-banks-and-financial-institutions/deposit-guarantee-schemes_en
5. Jeff Desjardins, “How Fintech is Digitally
   Disrupting the Financial World,” Visual Capitalist, 3 August 2016, https://www.visualcapitalist.com/how-fintech-digitally-disrupting-financial-world/