feedback

With Simplified Due Diligence set to change, innovation-driven companies like Paybase may offer the best solution

GDPR, Compliance, FinTech
  • Due Diligence
  • Compliance
  • Payments
  • Paybase
  • Due Diligence
  • + 3 more
1st May 2019
By Anna Tsyupko, Danielle Herndon

At present, EU firms are able to use SDD on customers that are deemed to have a low enough level of risk associated to them. This allows firms to postpone verifying a customer’s identity until their level of risk changes (as they make updates to their customer information or use of product). Critically, SDD is currently not limited by a threshold of any kind for many EEA countries. There are no thresholds on transactions, topping-up eWallets, withdrawals or any other financial operations. As stated in the Fourth Money Laundering Directive (4MLD) guidelines: “Where a Member State or an obliged entity identifies areas of lower risk, that Member State may allow obliged entities to apply simplified customer due diligence measures.”

However, the European Banking Authority (EBA) are planning to change this. The EBA have stated that in terms of SDD, European firms may only postpone “the verification of the customer’s or beneficial owner’s identity to a certain later date after the establishment of the relationship or until a certain (low) monetary threshold is exceeded (whichever occurs first).” It goes on to say that the monetary threshold should not exceed €250 if the product can be used in other jurisdictions or for cross-border transactions, or €500 if it can be used only domestically.

Put simply, even for customers that are considered to carry the lowest risk, further Due Diligence would have to be applied once these thresholds had been hit. Countries are able to interpret directives in different ways, meaning firms may choose to stick with their own nationally implemented legislation of 4MLD. However, they will not be able to operate within countries that have adopted the EBA guidelines, causing significant challenges for cross-border businesses.

The Electronic Money Association (EMA) has raised concerns over this decision, as it fears the change in regulation will be detrimental to the success of eMoney businesses. A summary of the key arguments made by the EMA is found below:

  • The Guidelines derive their authority from, and are therefore subordinate to, the 4MLD. By changing a core aspect of the Directive, such as proposing to remove a risk-based approach in reference to customer due diligence requirements, the EBA is overstepping its remit.

  • The new thresholds go against the central concept of the 4MLD’s risk-based approach - that risk management should be a holistic process, including analysis of the product, jurisdictions and nature of the business. This approach goes far further than just limits.

  • There is no evidence that SDD has actually led to failures in risk management.

However, whilst there are definitely grounds for thinking that the proposed thresholds are incompatible with the directive, fighting to continue with the status quo may not be the most progressive solution.

Along with the request to remove the new thresholds, the EMA is currently in discussions with the EBA as to how firms can verify customers using innovation, as opposed to the traditional identity and address verification documents. Paybase has always maintained a tech-first, innovation-driven approach and is currently using, or is exploring to use, the following methods:

  • IP address mapping: Identifying customers by their unique IP address and gaining insight into their location. This makes it simpler for suspicious activity to be identified, as the location of customers during transactions is known, as opposed to simply knowing the address their card is linked to.

  • Device check: Raising an alert if the device being used has suddenly changed, indicating that the account may have been compromised.

  • Address Verification System (AVS) check: A more established form of identity check, AVS checks that the address provided matches with the address associated with the debit/credit card in question.

  • Bank Account Verification: Uniquing bank account information within the system and/or verifying the information provided by the customer with the issuer via a third party.

  • Dynamic customer risk scoring: Automatically calculating and adjusting a customer’s risk based on their activity.

  • Sophisticated transaction rules: Implementing rules to block, pause or create alerts on transactions based on risk. Using state-of-the-art AI technology, these rules can be trained to detect unusual activity more accurately than ever before.

  • System-wide risk categorisation: Identifying risky entities such as addresses, cards and bank accounts, and preventing customers that own them them from abusing systems.

These are just a selection of innovation-driven methods sent to the EBA as potential alternatives to using thresholds in SDD. Whilst discussions between the organisations are still ongoing, the EBA have stated that using methods such as these may actually amount to full Customer Due Diligence.

If the EBA upholds its high valuation of these methods, the matter of the thresholds being removed or not becomes somewhat irrelevant for innovation-driven businesses such as Paybase. Our customers won’t have to worry about expanding into Europe and can benefit from an increased level of Due Diligence on their customers and merchants. This is at no extra cost, with nothing additional required from them.

Due Diligence, however, is only one area of compliance in which we are using innovative technology. Our custom-built Logic Engine allows us to create risk-management rules for our customers that are appropriate for their business. If they are a marketplace, they may wish to block transactions over £200 for users that have joined within the past 24 hours, but permit transactions over £500 for more established users, for example.

Similarly, they may decide to block card details that are linked to another user or prevent the same address being added more than twice. Whatever the rules, we work with our customers to create a risk management framework that is akin to their business model. Through this, we are maintaining the original holistic approach to risk that was encouraged in 4MLD.

Paybase supports the EMA in its approach towards the potential new thresholds and hopes that they are removed from the EBA’s guidance. That being said, we also note that an innovation-driven approach to compliance allows you to not only ensure that your customers are covered when regulations are inevitably updated, but offer them so much more.

Originally posted at Verdict Payments.

Twitter  LinkedIn

  • Due Diligence
  • Compliance
  • Payments
  • Paybase

Related Posts

Financial crime + 4 more
The potential for financial crime within marketplaces and how to avoid it

Preventing financial crime is something all e-commerce firms need to be mindful of in today’s world. However, due to the way marketplaces operate, certain financial crime is particularly applicable to them. In this article, we discuss what can happen...

Read More
Paybase workshop + 3 more
Paybase Collaborative Workshop 3: In Photos

Earlier this month saw Paybase host its third collaborative workshop - a big thank you to all our attendees who made it the biggest one to date! This workshop had an entirely new format. Alexander Ross of Illuminate Financial kicked us off with the ...

Read More
Online marketplace + 6 more
How do payments work for online marketplaces / gig / sharing economy platforms?

Choosing the right payments option can be the best early decision your business makes If you are currently setting up your platform and are starting to think about payments, bear in mind, platform payments work differently than payments for more tra...

Read More
Read All

Get our newsletter

Join our mailing list for product launches, industry hosted events and company updates.

Top 50 most disruptive uk companies in 2017: the future 50