Recent financial scams as reported in national dailies bear a vivid testimony of the failure of regulatory compliance and risk management
As the world moves towards a cashless society, Bangladesh too is experiencing a fast growth in this sector.
As the digital transactions are rapidly growing and showing a potential to penetrate the lives of even more people, it is imperative for any digital services provider to adhere to standard compliance.
Otherwise, risks of unwarranted occurrences not only would tarnish the image of the financial sector; the trust in digital services itself would be seriously jeopardized.
Recent financial scams as reported in national dailies bear a vivid testimony of the failure of regulatory compliance and risk management.
Under the existing regulations, besides scheduled banks, financial service providers (MFSP, PSP, PSO) need to obtain a licence from Bangladesh Bank, the central bank of the country.
The licenced entities operate under the defined regulations and guidelines of the central bank related to each of the services.
Additionally, all such financial services providers remain under the oversight of Bangladesh Financial Intelligence Unit (BFIU), the national watchdog for the Anti Money Laundering and Combatting the Financing of Terrorism (AML/CFT.)
The central bank as well as the BFIU, through this arrangement ensures identical regulatory compliance by all dealing with customers within the ambit of financial services.
The subsequent deliberation has been done within the scope of mobile financial services only.
Structure and governance
The most important factors for qualifying for the licence of anMFS provider are structure and governance.
This is fundamental to ensure secured services and protection of the customer's fund.
For the case of MFS, the model is clearly defined in Bangladesh Mobile Financial Regulations -2018 at Clause 3.0.
It says: “Bank-led MFs is a model where a bank may run the MFS as a product of the bank or may form an MFS providing subsidiary with at least 51% of the share held by the bank with control of the board.
Clause 6.0 (iii) indicates the essence of governance – “Subsidiary (MFS provider) will act as the primary driver of the products and services, manage customer relationships and distribution channels and mitigate associated risks.
The parent bank will be responsible for the overall governance of the subsidiary.
Customer fund management and protection
The fundamental essence of e-money creation is hinged upon the deposit of an equal amount of cash in commercial bank(s) at any given point in time.
This aspect of fund management for the MFs provider is clearly articulated at Clause 3.0 under the heading Trust cum settlement account/Custodian account, “Trust cum settlement account/custodian account is the accounts(s) held with the bank(s) where real money against issued e-money is deposited. Balances and transactions at the custodian end must at all times remain separate from and never be co-mingled with other operational accounts of the MFS providers.”
What we all need to be mindful of is that the central bank has unequivocally forbidden the use of ‘trust cum settlement account’ (customers money) for any operational purpose of the MFS provider.
Furthermore, to ensure customer fund protection, the MFS providers need to invest not less than 25% of their physical cash balance in Government Securities (Clause 7.5(iii), Bangladesh MFS Regulations – 2018.)
The foregoing directives are considered as inviolable conditions for the MFS providers.
Customer on-boarding procedure
MFS providers need to onboard customers and agents to offer the services through the respective platform.
According to the regulatory provision, the fundamental requirement of Customer Due Diligence (CDD) in MFS is to collect “correct” and “complete” information of the customer for adhering to the Know-Your-Customer (KYC) procedure as defined in BFIU guidelines (Clause 3.1, BFIU Circular- 20).
Currently, in Bangladesh, MFS accounts are also opened with e-KYC (Clause 1.1, BFIU Circular- 25).
The most important compliance issue relating to KYC is ‘face-to-face interaction’ in case of both paper and e-KYC (Clause 1.5.4, Study Paper on AML/CFT published by BFIU).
Any lapse in ensuring ‘face to face interaction’ would allow an opportunity to open a false MFS account.
The regulatory directives say that a citizen should maintain only one MFS account against one NID.
Lack of proper KYC procedure and business logic built in the technology may allow opening of countless MFS accounts within a single MFS platform for a single customer.
All customers must be validated independently by the MFS providers with the support of a national database and their respective KYC form with required details be kept as record as per the BFIU guidelines.
It amplifies that KYC/e-KYC requirement for opening an MFS account in no case be compensated with any other registration document other than paper/e-KYC of the MFS provider itself.
Regulatory oversight and inspection
Internal audit and self-assessment of compliance practice is the responsibility of the MFS providers to protect and maintain the security and safety of their own platform.
While system-level monitoring and self-investigation of the MFS providers remain essential; regulatory oversight, periodical inspection, and audit are needed to assess and examine the outcome of these internal audits/self-assessments.
External audit and inspection, as such, help to determine the lacking(s), if any, of the compliance practices of the MFS providers, thus helping the entity to take appropriate and corrective measures.
This layered and structured approach ensures required risk-reduction in accordance with the national and global best practices.
In conclusion, it may be mentioned that different aspects of compliance related to AML/CFT mentioned above illustrate how complex the operation of MFS really is.
As MFS providers are dealing with a huge number of customers, it becomes imperative for them to always stay vigilant regarding issues like ML/TF risks, cybersecurity, and most importantly customer fund protection. Every MFS provider must always remain committed to keep their platforms risk-free.
To achieve this, MFS providers need to focus on compliance infrastructure, capacity-building and strict adherence to the regulatory directives and guidelines.
There is no denying that any harm to the MFS ecosystem will be socio-economically catastrophic for the most vulnerable segment of our population.
The author is chief external and corporate affairs officer at bKash