Opposing forces: how banks are aligning compliance needs with real-time payments
The demand for faster, even instant, payments is already a fact of everyday life. What will come next?
Thanks to the advances made, possibly by the emergence of SWIFT gpi and instant payment systems, this is not a phenomenon restricted to high value corporate payments, but also includes lower value retail payments. The next logical step - connecting payments systems operating 24/7 in different currencies – is already on the industry’s radar.
Success can bring its own problems
But success can bring its own problems. Front-line experience and independent statistics demonstrate that instant payments suffer much higher rejection rates compared with their “standard” equivalent. Anecdotal evidence suggests rejection rates can be 10 times higher, even more, when considering cross-border transactions even if they are in the same currency.
This is mostly because, if a filtering or anti-fraud tool identifies an atypical payment that requires investigation, it is rejected due to impossible to impossible payment processing within the maximum time expected by the client (usually a few seconds).
As a consequence, banks face the challenge of achieving the right balance between the instant “new normal” expected by the customers and the authorities, and the need to abide by compliance regulations.
What do we need to do, and how?
There are short-term, medium-term and long-term answers to these questions. In the short term, new technologies can help solve the problems created by other new technologies. These include intelligent scoring and improved detection tools based on artificial intelligence and machine learning to help make the right checks and the right choices as to what to do next.
Despite our conviction of the value of combining the best of human intelligence with the best of machine intelligence, human beings are not able to identify “false alerts” within seconds. By learning “a posteriori”, after the event, machines can interpret data instantaneously and help focus analysis on the core elements of payment messages.
For example, we can help machines learn not to generate an alarm about a transaction message that includes the phrase “scuba diving” because it contains the letters that spell “Cuba”.
Scoring1 before payment execution can be developed further by existing market infrastructures. This can be matched with each single bank’s own scoring system, letting the latter taking the decision on whether a payment should be processed, declined or receive further attention.
Other potential short-term measures include the development of new payment formats allowing for fuller and richer data exchanges: the global move towards the ISO20022 standard will clearly help financial institutions to guarantee secure payments processing while abiding by compliance regulations.
Switching our attention to medium- to long-term potential developments, we all need the help of the authorities and regulators.
A huge advance would be the creation of a single, unique, harmonised sanctions list to replace the current mélange of national and regional lists. Differences would of course remain at each individual bank level, but the risk of cross-border misunderstandings and the consequent raising of false alarms would be greatly reduced. This pre-supposes, however, a strong and concerted harmonisation effort amongst regulators in different countries.
Other possible medium-term developments could include the concurrent adoption of detailed common norms and guidelines on the application of sanction screening application by regulators in different jurisdictions. One aspect of this could be a requirement for the remitting bank to take full responsibility for the identity and actions of the remitting client, while the beneficiary bank does likewise for the beneficiary client. This could enhance efficiency without incurring additional undue cost.
Towards better information sharing
As all experienced bankers and regulators know, rules themselves can be a part of the problem. This is especially so in areas where they are clearly contradictory, as in the case of mandating the sharing of data between banks and with regulators while demanding the upholding of data protection.
We must find a way to balance the demands of observing data privacy rules and fighting fraud, perhaps by allowing a greater degree of information sharing. If payment service providers could exchange information between themselves about the attempted fraudulent use of an IBAN, this would help in preventing someone identified as a would-be fraudster from trying to deceive other payment service providers. The more the speed of payments accelerates, the greater the necessity to exchange key information and act swiftly.
Leveling the playing field
One final warning centres on the granting of access to payment markets and payment systems to new players, that category often referred to as disruptors by the global media industry. We believe that such access in a hyper connected world should be contemplated only after a thorough analysis of the disruptors’ activities based on established facts and demonstrable results.
As these new players are regulated, we should expect the same quality of know your customer (KYC) diligence and fraud detection at every stage in the chain. New players in the payment chain should ensure they enhance their compliance, resilience, data privacy and fraud management processes to meet the very highest standards demanded by the market.
Levelling the playing field means new players will not only have the same rights but will also have the same obligations as incumbent stakeholders. This should be particularly true in times of financial stress, when uncontrolled failure of even relatively small institutions could trigger a much wider loss of confidence in the market.
Trust is at the heart of our markets, and remains of the utmost importance for financial users. It must not be sacrificed upon the altar of technical innovation.
1. A score is a statistical number that evaluates a counterpart’s trustworthiness based on its payment history.