White label banking AML compliance programme: 4 key aspects of how to prevent money laundering in the BaaS era
BaaS there, BaaS here- it seems that everyone today is pushing for banking-as-a-service either through embedment of financial services or fast-tracking alternatives for authorisations. So much so that I start to wonder whether the providers have adequate margins to cover their expenses in the ever-burning machine of VC funding competition…
Another elephant that is quite often left out of the conversation is the AML compliance programme for white label banking. This topic is of paramount importance since such an arrangement creates many layers for the providers where each, most often, will have a part of the responsibility for monitoring whatnot whilst legally the institution sitting on top will be the ultimate provider of services who is the one de jure bearing all of the AML/CTF risks.
In practice, it means that the principal offering a white label digital banking solution (a.k.a. EMD agency relationship) must have robust AML compliance systems and controls in place. BUT how do you establish it where your relationship with the end-users is akin to matryoshka and you have to pass through a couple of layers in order to have access and a concise understanding of the risks down the line?
Back to basics- identify the clientele and establish corresponding risks in the white label banking relationship
For starters, an appropriate AML compliance programme begins with the exercise where risks are identified and assigned their impact and probability while at the same time establishing the tolerance levels and mitigation measures.
Since this part is strongly case-specific due to service offering, locality and other key metrics- I’ll leave it at this point as food for thought. Just have in mind that the best would be to outline it on a paper in a table and afterwards place it straight above your bed… or even paint a ceiling with a replica, and don’t forget appropriate lightning so key aspects would be always illuminated.
Nevertheless, when speaking about risk weighting related to white label banking AML compliance programme for principal EMI, apart from identifying the risks directly related to the agent it is also important to consider the clients of their white label banking agents. Therefore, this will be a two-tiered exercise where firstly the white label banking agent will be assessed for their risks and later the target clientele or already existing client base will need to be evaluated.
Double job for a single return you’ll ask? Not really as agents are supposed to act as resellers and attract more clientele for white label providers. Just think about mid-20th century vacuum cleaner sales. In a similar manner as elegantly dressed gentlemen were going door-to-door back then the agents of different EMIs are knocking on your browser’s window right now.
You can check what they truly are and how they compare vis-á-vis distributors here.
Carrying out checks on the white label banking agent’s moral and professional suitability
In terms of the establishment of the risk profile for the white label banking agent itself, it is paramount to perform a concise assessment of the background and other relevant factors that could be elevating the risks.
Notably, due to the nature of the relationship in any case it will be classified as high risk and will be subject to enhanced due diligence. In this regard, information on the owners, directors and their fitness and propriety would need to be collected together with the information on the business itself. As a starting point it is worth obtaining and considering:
- Negative information obtained from credit bureaux or other credible sources;
- Any criminal record in matters relating to finance, fraud, honesty or integrity;
- Reputation (based on references from at least two people of good social standing living in the same locality as the person and who have known the person for at least three years);
- Business or work experience;
- Establishing that there are no relationships with financial institutions that may be detrimental to the white label banking agent relationship;
- The business track record of the entity in the last three years (where applicable);
- Any other information that may negatively or positively impact the prospective white label banking agent.
Collection of information on the legal entity utilising white label banking
Most likely the white label banking agent will be a legal entity and as such, in addition to the usual CDD procedures, you would need to obtain extra documentation and information. This would include, among other things:
- Certificate of goods standing;
- Physical location, postal address and telephone numbers of the entity and its working hours;
- Verification of the adequacy of the prospective white label banking agent’s resources for the relationship;
- Audited financial statements (if not available – the business plan and/or financial model);
- Tax returns for the past 2 years;
- Copies of regulatory inspection reports (if applicable, and if the regulator consents);
- Corporate ownership and management structure;
- Documents outlining the number of business units/premises, number of employees, and an organisational chart outlining functional and reporting lines;
- Copies of internal policies and procedures covering key risk areas, such as AML/CTF, Financial Crime, IT Risks, etc.
The key points regarding the initial screening of the white label banking agent can be summarised as follows:
Information on the clientele and business line of the white label banking agent
The AML compliance programme will be only as good as the understanding of the clientele of the entity utilising the white label banking solution.
Most likely it will be a representation of a future client base that will be growing with the time (migration is also possible so bear with me for a bit). Therefore, it is important to establish whether there is a concise understanding of the target clients, evaluate the client attraction channels, and ascertain what onboarding/monitoring tools will be utilised. These three steps are the key since only by answering all of these questions you will have a possibility of ensuring that there are no risks above your tolerance and that the white label banking agent knows what it does.
To evaluate whether target clients are clearly understood you should place your focus on the sources that are used in the business plans and financial projections while preparing the assumptions. Unfortunately, there are many cases which are not underlined by anything apart from “I know this stuff” or “my good friend told me that it is so”. You should avoid this approach at all costs as this shows a lack of preparedness and can put into jeopardy the whole arrangement with the prospective white label banking agent.
For the white label banking AML compliance programme to appropriately mitigate the risks you should see a concise outline of the client base with the manner of attraction. As well, the market must have this fit and not be saturated. Otherwise, the solution and business idea would be pointless from the onset and many clients would be coming trying to onboard because of the wrong reasons.
Migration of an existing client base in a white label banking relationship
If we would be speaking about an already existing client base that would be migrating from another provider, a good starting point would be understanding why migration is happening in the first place. This means analysing the standing of the principal EMI who was offering a white label banking solution and whether such migration could be emanating from the compliance failings of a switching white label banking agent.
This will help to drive the assessment in the right direction but it is not a panacea. You will also need to collect sufficient information on the underlying portfolio via the breakdown of the clientele by geographical location, type of clients, business, turnover and status. This information should be further analysed with the request for sample files of randomly identified clients and a comparison of it against minimum underwriting standards and internal policies of the white label banking agent itself. Last but not least, the standards of the wannabe agent must satisfy your own internal white label banking AML compliance programme.
Monitoring of the white label banking AML compliance programme
Since there is a couple of layers for the interaction of the end-users with the principal EMI there must be also a couple of layers of monitoring for the end-users of EMI. Needless to say, the level of monitoring will depend on the level of autonomy that is granted to the white label banking agent. This means that there will be a prerequisite for a higher level of monitoring from the side of the principal for those instances where white label banking agents will have autonomy in decision-making for the onboarding and primary responsibility for oversight.
It may sound counterintuitive at the first sight, but it is the case because the AML/CTF function can be considered to be outsourced and hence specific measures following the guidance produced by EBA will need to be implemented. In case the monitoring will be undertaken by the white label banking solution provider itself, the usual practices that are followed internally will need to be adhered to.
Regardless of the manner in which the monitoring will be carried out, there is a prerequisite of having robust systems that would be carrying out the CDD and ongoing monitoring. In this case, we’re speaking about such providers as SumSub or Ondato for initial KYC and Unit21 or ComplyAdvantage for ongoing monitoring.
I won’t go into depth of explaining what one or the other does- but in practice, either the principal EMI or white label banking agent would need to have CDD providers who would be engaged at onboarding. In the latter case, the firm offering a white label banking solution would need to assess the adequacy of the systems and monitor them on an ongoing basis against performance metrics in the same manner as they do when it is carried out by itself. To do so, it would be advisable to assess the onboarding process against EBA’s guidelines for remote identification together with any other requirements that can be found in some countries on a national level.
When turning to the ongoing monitoring, the key would be to not only choose the software with the functionality helping to identify the risks but also to decide whether the agent utilising white label banking solution would need to have its own internal monitoring. This is directly linked to the point raised above- depending on the level of autonomy, the white label banking agent may need to have its own monitoring solution that would need to be assessed by the principal white label banking solution provider.
In any case, the principal will have its own monitoring solution and rules in order to both monitor the end-users and assess how the white label banking agent is performing its obligations. It is worth noting that the systems of the principal would be programmed in a different manner and consistent with the internal risk monitoring framework that would diverge from those employed by the agent.
Ongoing review of the relationship with the white label banking agent
Apart from the initial due diligence on the white label banking agent and establishment of its fitness and propriety to conduct the business under the white label banking arrangement- the principal must have robust ongoing monitoring controls.
It doesn’t matter how closely you will be looking at vivid imagery presented by the agent during the onboarding the reality can reveal to be quite bleak after the start of the operations. To avoid this happening in practice you should implement robust monitoring measures ensuring that the image remains somewhat akin to the one presented to you in the beginning. Notably, here we are speaking in addition to the measures aimed at overseeing the transactions and referring to the assessment of moral and professional suitability + information on the legal entity utilising the white label banking solution.
As well, there would be a prerequisite to monitor the levels of adherence to the performance of the responsibilities. It is important to have in mind clear metrics to which the white label banking agent must adhere– the best is for them to be referenced within the agreement itself which oversees the relationship. The metrics would be based on the information which is reported back to the white label banking principal and concern the data that can be both verified independently and that is not. Among other things, the information can concern the number of clients onboarded, number of transactions carried out, number of accounts closed, number of complaints received, etc. basically collation of the key metrics stemming from the relationship.
In addition to the above, the white label banking principal would need to perform regular onsite audits. The audits should be aimed at establishing whether the systems and controls of the agent adhere to the policies and procedures of the principal and are overall satisfactory.
4 key aspects of the white label banking AML compliance programme
I’ve tried to be as concise as possible whilst speaking about the white label banking agent AML compliance programme but I know that repetition is essential in order to learn. Hence, for the sake of clarity, the key aspects whilst implementing such a programme may be summarised and illustrated as follows:
How can PSP Lab help with the white label banking AML compliance programme?
If you’re looking to establish your own white label banking AML compliance programme we can help you to design it from A to Z. We have required expertise in one place to perfect it from both practical and technical perspectives. On another note, if you’re looking for a lower pitch and would like to understand your responsibilities as a white label banking agent, we can help you with that as well.