Over the past several years, the FinTech industry has grown exponentially, valued at $309 billion with an expected growth rate of 25% by 2022. The industry has introduced new and efficient ways to transfer money beyond national borders, including the international use of credit cards, collectively known as ‘cross border transfers or payments’. The transactions can be between individuals, organisations, or banking institutions looking to transfer funds across national borders. The complexities of these transactions make them highly regulated as they involved multiple parties, including the sender, the receiver, various intermediaries, regulators, currencies, markets, and systems – making the entire system highly risk aversive. Furthermore, cross-border transactions can take several days to complete. They may be passed through intermediary banks and use highly complex systems such as SWIFT (Society for Worldwide Interbank Financial Telecommunication), introducing fees and other costs. The most significant risk for these transactions is money laundering across national borders to overseas destinations. Once the money has crossed a border, it makes it nearly impossible for a single regulator to track. For example, when someone sends money from Australia to another country, the Australian Federal Police can no longer follow the money trail. Although, the police within the recipient country can help track the transaction through regulatory enforcement. Use Case: Standard Chartered Bank The Standard Chartered Bank was involved in one of the most prominent anti-money laundering (AML) non-compliance case involving $250 billion in cross border transfers. The UK-based institution spent over 30 years building up its reputation until 2004, where the Federal Reserve and the New York regulator exposed its lack of AML practices and executed an agreement. Over the next couple of years, the bank breached the contract as they continued to transact with Iranian customers, breaking both US Government and other international sanctions measures. Their transgressions lead to a $670 million fine, which they proceeded to ignore and conduct illegal practices. In 2019 the Federal Reserve issued a cease and desist to the bank for their continual failure to implement compliant AML practices and ignore sanctions against Burma, Zimbabwe, Iran, Cuba, Sudan, and Syria. The Financial Conduct Authority (FCA) (UK) also discovered severe shortcomings in the bank’s customer due diligence (CDD) controls – leading to UK and US authorities issuing fines totalling $1.1 billion. If the Standard Chartered Bank had implemented and monitored a robust CDD program, including periodic remediation, they would have been able to identify high-risk entities and make the correct risk-based decisions. These proactive measures trigger the required enhanced due diligence checks of the customer when they appear on watch lists like the PEPs (Politically Exposed Persons) and Sanctions. Regulatory risks Mandatory reporting across the globe is the basis for regulating cross-border transfers. In Australia, all cross-border transfers are reported to the financial intelligence agency, Australian Transaction Reports and Analysis Centre (AUSTRAC). AUSTRAC has no minimum threshold limit for transactions that move across Australian borders. It requires individuals to report the transfer amount, the details of the sender and receiver, and the method of transfer. If a bank transfer is received, then receiver and intermediary bank details also need to be reported. Any transaction unseen from the AUSTRAC reports is illegal, whether from a commercial bank or a retail remitter. All monetary assets are reportable, but there are complications for digital currency. Digital currency can disappear and become untraceable within the web, making cross-border reporting and monitoring nearly impossible. For digital currencies, AUSTRAC has only mandated reporting the conversion of the Australian dollar into digital currency and vice versa to regulate the digital currency industry through the Australian currency. Know Your Customer (KYC) checks Fraudulent identities must be reported to the various regulatory bodies, making them aware of transfer payments from suspicious people. For example, if a transfer from Donald Duck to Micky Mouse occurs, it should raise suspicion as we all know there are very few actual people with those names. Breach of Sanctions Checks Screening or monitoring the identity and location from where the money is received will reveal whether you are dealing with any prohibited person. If you identify a potential sanction, you must take action immediately to stop and report the transaction. Institutions need to continually monitor to avoid a sanctions breach corresponding to each country’s rules and regulations, depending on the used currency. Breach of PEPs rules Dealing with politically exposed persons or their associates (including close family) requires a more robust approach for KYC due diligence, including identifying all their close family, close associates, entities, or agencies they own or control and their source of income and wealth. Risk mitigation Know your customer (KYC) With digitalisation, we can now verify people’s identities electronically. The first step to mitigating cross-border fraud is verifying the identity of the sender and the receiver involved in any transaction, including the payment reason – if it is beyond reasonable banking thresholds. AML/PEPs and Sanctions check Sanctions do not involve armed forces and are imposed in situations of international concern. They may bring a global problem to an end by influencing those responsible, limiting the adverse impacts, or penalising those responsible. Each country may issue its own sanctions rules while at the same time following the international sanction measures set by bodies such as the United Nations. These measures can target foreign countries and regimes, terrorists, international arms and narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the country’s national security, foreign policy, or economy. Following is the list of sanction across Australia, the United States of America, the United Nations, and the European Union: The DFAT List: https://www.dfat.gov.au/international-relations/security/sanctions/consolidated-list Australia and sanctions: https://www.dfat.gov.au/international-relations/security/sanctions/Pages/sanctions Dealing with terrorist assets: https://www.dfat.gov.au/international-relations/security/sanctions/Pages/sanctions US Treasury – Office of Foreign Assets Control (OFAC): https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-information US Treasury – Terrorism & Illicit Finance: https://home.treasury.gov/policy-issues/terrorism-and-illicit-finance US Treasury – S.311, USA PATRIOT* Act actions: https://home.treasury.gov/policy-issues/terrorism-and-illicit-finance/311-actions HM UK Treasury: https://www.gov.uk/government/collections/financial-sanctions-regime-specific-consolidated-lists-and-releases HM UK Treasury List: https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets/consolidated-list-of-targets EU Restrictive Measures (sanctions): https://ec.europa.eu/info/business-economy-euro/banking-and-finance/international-relations/restrictive-measures-sanctions_en