Transparency in payments is essential for financial institutions to meet their sanctions, money laundering and terrorist financing obligations, as well as to prevent criminals from using payment systems for transferring illegal funds. As both the Wolfsberg Group and the Bank for International Settlements’ Committee on Payments and Market Infrastructures (CPMI) point out, enhanced payment transparency also has a role to play in addressing the risk associated with correspondent banking. Knowing who is ultimately receiving and sending funds forms an essential part of dealing with money laundering and terrorist financing – the more complex or lengthy the payment chain, the easier it is for this data to get ‘lost’.
These requirements for transparency underpinned the EU Funds Transfer Regulation 2015, enacted in June 2017, which details the information around payers and payees which must accompany all transfers of funds.
As we approach the second anniversary of this regulation coming into force, we reflect on how payment transparency standards have evolved over the past two years, and where firms still face difficulty in complying. We have identified three common problems experienced across the banking industry, and propose three no-regret moves to enable financial institutions (FIs) on the journey towards payments transparency.
Three Common Problems:
- Poor understanding of payments business – As with all types of risk, the ability to implement effective controls ultimately starts with understanding the business and the risk to which it is exposed. The lack of a clear understanding of the payments infrastructure across financial institutions is often the chief culprit – particularly given the complex and extensive systems and gateways at such organisations. Whilst this can be a challenge, a clear understanding of the nature, size and complexity of the payments business is the first building block towards implementing an effective controls framework for all movements of funds.
- Definition of a risk-based approach – The EU Funds Transfer Regulation states that payment service providers (PSPs) are required to implement effective procedures to detect missing, or admissible, information on payments. PSPs are, in a sense, given carte blanche to decide the types of check over the payment population that should be applied real-time, with the guidance that this decision should be risk-based. As a result, banks are facing a balancing act between user experience and regulatory prudence: that is, providing a quick, seamless, straight-through-processing journey to their customers, while also ensuring that their payment system is not being used to route illegal funds. There is significant market variation in approaches, and whilst some of these are expected due to differences in risk appetite between individual firms, our takeaway is that many in the industry remain unsure on regulatory expectation.
- Unclear design of controls – Banks can often bemoan the lack of clarity surrounding controls required to ensure payment transparency or the difficulty to implement them. This is particularly pertinent in the case of ‘meaningless information’ as defined in the regulation – that is, strings of random characters or unclear designations that make no sense, which should be treated as though it was missing information. Screening for this type of information in payments is no mean feat. Common practice tends to fall into two methods: scanning payments with a set of rules looking for admissible strings of characters such as ‘ABCDE’, and to supplement this with screening against a list of common terms (such as ‘Confidential’). However, these common practices usually fall short of providing a thorough coverage of meaningless terms, and the industry remains unsure about what best practice may look like going forwards.
Furthermore, another widely recognised issue is that legacy payments infrastructures may limit the amount of information that can be included in a payment, as these lack the sufficient field space. Although adoption of ISO 20022 standards would support addressing these limitations, FIs still need to take steps to address current limitations. As outlined by both Wolfsberg and UK Finance, as a tactical measure, PSPs should ensure that their policies are clear on what the prioritisation is for providing information and make sure that additional information is retained and made available upon request.
These challenges are far-reaching, but there are some no-regret moves that all financial institutions can take in their journey towards payment transparency.
- Re-education – Ensure there is clarity within the first and second lines of defence, with regards to what information is required for transparency and what individual responsibilities may be for implementing controls. Financial institutions need to refocus employees from all lines of business, across operations and compliance, on the purpose of payment transparency and their roles in achieving this.
- Designated ownership – Clear ownership of payment transparency should be established to ensure the implementation of controls to meet the EU Funds Transfer Regulation does not fall between the cracks of the sanctions and payments worlds. A major hurdle here relates to the lack of clarity on the full payment infrastructure which exists across the institution. Firms should consider whether they would benefit from assigning a role with specific responsibility for documentation and oversight of all inbound and outbound payment information flows and assessing transparency control effectiveness.
- Gap analysis and strategic planning – Full compliance may not yet be a reality for all firms. However, what they should be able to demonstrate is an understanding of current gaps, acknowledgement of any tactical measures which have been implemented, and a strategic vision and plan for continued enhancement of controls.
Across Europe, financial institutions are still facing record fines for sanctions-related breaches. It is critical for them to get back to basics and refocus on the fundamental link between payment transparency and financial crime, so that they can ensure that effective governance and controls are in place.
For more information contact:
Phone: +44 (0) 207 100 7575