This document discusses various FinTech trends and their associated anti-money laundering and counter-terrorism financing (AML/CFT) risks and challenges. It outlines the development of the FinTech ecosystem including areas like digital banking, peer-to-peer lending, cryptocurrencies, and alternative fundraising methods. It then analyzes the overall ML/FT risks of FinTech relating to issues like fraud, challenges with digital identity verification, new entrants to the industry, cross-border operations, and collaboration projects. Specific risks involving virtual assets, financial inclusion through FinTech, and digital identity/know-your-customer trends are also examined. Finally, the document discusses ways that technology can enhance AML/CFT compliance and
2. The FinTech Ecosystem: Development and Trends,
2
Open Banking
&
Collaboration
Blockchain Initiative
Digital
Assets
Regulatory
Sandbox
Deposit & Financing
Digital bank & virtual bank
Online financing
Information-based lending
+ credit data analytics
P2P Lending
Alternative Fundraising
Digital token offering – ICO,
STO, IEO
Equity Crowdfunding
Debt Crowdfunding
VC Investments
Alternative Investments
Digital asset investments
Equity & Debt Crowdfunding
P2P lending
Robo advisor
Capital Markets
Digitalization of capital markets
STO / Asset Tokenization
Scripless securities
Electronic trading platform
Payments & Remittance
E-Payment
Online money remittance
Blockchain
Cross-border initiatives
Collaboration
Digital asset –
cryptocurrencies, stable coin
Digital ID
& e-KYC
The
FinTech
Ecosystem
3. Overall ML/FT risks regarding FinTech
A. Fraud and Ponzi scheme (ICO, P2P lending, cryptocurrency, social network
fund raising, etc.)
B. Challenges in doing e-KYC and e-authentication:
i. Virtual banking
- risk profile of digital customer
- geographical location (check IP address + GPS location)
- limit products / services or impose threshold
a) HK – same as banks, non face-to-face, technology neutral
- VDO con, biometrics, centralized database, unique QR codes
a) SG – VDO con, biometrics, doc with secure digital signature
ii. Digital banking in Thailand – e-KYC, biometrics, sandbox
3
4. Overall ML/FT risks regarding FinTech (cont.)
C. New players
• Digital asset biz, P2P lending, crowdfunding
• Challenges – lack of familiarity and resources + compliance cost
• Examples:
• new payment platforms used for buying illegal products
• P2P lending used for terrorism financing
• Barrier to entry?
• regulators give guidance and info
• tech solutions
D. Collaboration projects
• Examples: FI + ride-hailing / FI + e-marketplace / FI + chat app / PSP +
insurance inconsistency level playing field
• Reliance on third parties or outsourcing?
• liability
• confidentiality & data privacy
• provide guideline to biz partner
4
5. Overall ML/FT risks regarding FinTech (cont.)
E. Cross-border elements
• variation in regulation
• cross-border nature
• global / regional policies localize
• less and less gap
• new development e.g. digital asset, cryptocurrencies
• International cooperation e-KYC, e-authentication, sanction
screening, mutually accepted digital ID
5
6. Virtual assets
Examples: cryptocurrencies, digital tokens, stable coin (Libra case study –
what is it? payment/remittance purpose? some fluctuation?, calibra as MSB)
Impact: economic sociological, sovereignty, cybersecurity
6
ML/FT risks and challenges
anonymity, non face-to-face
speed and global reach
regulatory variation
examples: Silk Road, ponzi scheme
Supervision
FATF Guidance for a Risk-Based approach to Virtual Currencies (2015)
FATF Guidance for a risk-based approach: Virtual Assets and Virtual Asset
Service Providers (June 2019)
Recommendation 15:
Risk assessment for new products/businesses, new technology for
existing products/businesses
VASPs should be regulated and subject to supervision
Recommendation 10: occasional VA transactions over USD/EUR 1000
require CDD, etc.
Recommendation 16: VA transfer - obligation to obtain, hold and transmit
info of originator and beneficiary
Basel statement on crypto-assets
FCA - Specified Investment (security tokens)
USA – issuance, sale, exchange of crypto assets – SEC, CFTC, IRS, FinCEN
Thailand:- digital asset biz, ICO portal
VA = digital
representation of value
that can be digitally
traded/transferred and
can be used for
payment/investment
purposes
7. Financial Inclusion
Impact: economic sociological, household debt, financial market stability,
data privacy
7
Supervision
Regulatory regimes regarding P2P lending may
vary
Thailand: Need license/approval + will be
considered FI
P2P lending
ECF / DCF
Digital token offering
ICO portal
digital asset business
Technology
- reduced cost
- more channels to customers
- know customers better e.g. info-
based lending
- new biz model e.g. P2P lending,
ECF/DCF
- new fundraising e.g. ICO, STO
Fraud, Ponzi Schemes
Case Study: Ezu Bao, San Bernandino attack
8. AML trend: Digital ID, e-KYC, Collaboration
A. Digital ID
support digital economy inc FinTech
Aadhaar, MyInfo, Gov.UK, e-ID
FATF: drafting guidance for use of digital identity
for the purposes of conducting CDD
EU’s eIDAS (electronic Identification,
Authentication and trust Services) - trust
framework for mutual recognition of digital IDs in
EU
Thailand:
ETA amendment (license, standards,
voluntary)
ETDA standards
AEC digital single market
8
Risks:
cyber threats, data privacy
9. AML trend: Digital ID, e-KYC, Collaboration
9
Risks:
cyber threats, data privacy
B. e-KYC
SEC แนวปฏิบัติสนง.กลต. ที่ นป. 5/2562 เรื่อง แนวทางปฏิบัติในการนาเทคโนโลยี
มาใช้ในการทาความรู้จักลูกค้า
identity proofing
authentication
client DD
ongoing / enhanced KYC
BOT
sandboxes e.g. biometrics
กาหนดมาตรฐาน KYC, e-KYC
ขึ้นกับความเสี่ยงของผลิตภัณฑ์ทางการเงินและช่องทางที่ลูกค้าเลือกใช้บริการ
Level playing field ในผลิตภัณฑ์และช่องทางเดียวกัน
มีทางเลือกและแนวทางดูแลลูกค้าและผู้ให้บริการบางกลุ่มที่ไม่พรอ้ม
C. Collaboration
public-private sector partnership – FinCEN exchange, Joint
Money Laundering Intelligence Taskforce (UK)
international cooperation (mutual legal assistance, help
identify, freeze, seize proceeds/instruments of a crime and
effective extradition assistance)
10. Using technology to enhance AML/CFT
compliance
10
Blockchain - Digital ID, ID management
AI
RegTech
o
What RegTech can do
• automation of risk management
• facilitate regulatory reporting (automatic reporting)
• prevent fraud
• enable companies to stay on top of regulatory changes
Most common regtech is
• ID/document verification
• digitized due diligence and onboarding
• transaction monitoring and authentication-based AML checks
11. Using technology to enhance AML/CFT
compliance (cont.)
11
Elliptic- identify illicit activity on Bitcoin
blockchain
• uses blockchain to make crypto transactions
more transparent and ledger tech to keep
crypto trading companies up-to-date on AML
reg.
• Recently exposed "fraudulent Bitcoin trading
operation" run by a group Russian hackers.
13. Supervision
13
dynamic market dynamic regulation
non-compliance is not an option
efficiently manage ML/FT risks but not
barrier to entry
public-private collaboration
international collaboration