Open banking provides opportunities such as upgraded customer convenience and customized financial solutions that can help consumers access bank account details, send payments, manage their budgets and more. Providing robust services via mobile channels is especially important now, as the COVID-19 pandemic has caused businesses to operate remotely and consumers to stay at home as much as possible. Open banking-facilitated apps can offer tailored support, reducing the need for in-person services.
Financial Institutions (FIs) that adopt open banking allow third parties like FinTechs to integrate with their application programming interfaces (APIs) to provide personalized financial management and payment apps that draw on bank customers’ data. Such solutions can “empower people to control their financial well-being,” Andrew Davies, vice president of global market strategy and financial crime risk management at financial services technology company Fiserv, told PYMNTS in a recent interview. The benefits are compelling but banks need to understand which entities are using the APIs they provide.
FIs must be careful not to lower their fraud-fighting standards in their pursuit of open banking and be selective about the entities they allow in. Partnering with FinTechs that have lax security creates very real issues: Criminals could abuse open banking-powered payment apps to launder money, for example, or take over accounts and steal victims’ funds. Banks that fail to protect against such possibilities could incur fines for regulatory noncompliance while permitting harmful crime to flourish. Strong anti-money laundering (AML) processes make it harder for bad actors to hide or use ill-gotten gains, which, in turn, makes human trafficking, arms smuggling and other violent crimes that are often the sources of illicit funds less profitable, Davies explained — and thus less tempting.
The need to secure open banking has only grown as financial criminals have stepped up to exploit disruptions caused by the COVID-19 pandemic, he added. FIs therefore must assess each FinTech’s associated risks before enabling integration, and FinTechs need to be able to demonstrate security chops to help open banking thrive in this landscape.
“We need to manage risk appropriately, but open banking is a good thing,” Davies said.
Many FinTechs offering financial services are legally required to implement AML measures and perform know your customer (KYC) checks, according to Financial Crimes Enforcement Network (FinCEN) regulations. The federal entity is charged with monitoring the U.S. financial system to detect and thwart crimes like money laundering, and FinTechs that do not currently fall under its scope may still wish to voluntarily follow its security procedures, Davies explained.
“Even if your products are not covered per FinCEN in the U.S., you can reassure the FI you’re working with that you are a credible partner and that there are no potential impacts on the FIs’ compliance because of a weakness,” he added.
Such vigilant security means FinTechs must vet new customers and continually review existing ones for changes in their money laundering risk, he said. Doing so may require tapping into various data sources and integrating with data repositories to gain customer insights.
Why AML Checks Are Never Over
FIs monitor customers’ accounts for signs of money laundering, and FinTech partners that do the same will have an advantage in winning banks’ trust. Best practices involve observing customers’ activities to compare them against their own behavioral histories and the patterns of those with similar profiles, which, in turn, helps FIs identify deviations from the norm that could indicate customers’ accounts are being used for illicit purposes. Repeated checking is important because a mom-and-pop retailer may clear all risk checks at its time of onboarding, for example, but could still have a criminal take over the store or its accounts down the line.
Open banking leverages API integrations for rapid services, but the very speed that makes it convenient can also intensify money laundering risks. Open APIs enable information to swiftly travel between third-party FinTechs and FIs, which allows customers to use FinTechs’ payment apps to quickly issue requests instructing their banks to send funds. This speed can be a problem if fraudsters posing as legitimate customers are using the services to launder money, however, because there will be less time to stop them from sending those funds whenever they like.
FinTechs, therefore, need to catch criminals before they transfer funds and stop payments from being directed to or from fraudsters, which requires robust knowledge about their customers and those customers’ common recipients. App providers often have to dig deep to get enough knowledge because bad actors are adept at hiding their involvements.
“The transformation of payments we’re going through with open APIs means everything is happening more quickly,” Davies said. “If you’re working with a corporation, [you must] make sure the information that you have about that corporation is up to date — that it hasn’t been subject to takeover by someone who is linked to fraud, organized crime, money laundering or terrorist financing. As a FinTech, having all of that documented and providing transparency by and being able to present that program level of security and AML to the FI … can help you build trust with the institution that you work with.”
Customer behaviors must be analyzed to detect such problems, which often involves applying machine learning-enhanced tools to evaluate collected customer data for signs that might indicate account takeovers or shifts into illicit activity, Davies said. FinTechs can supplement their customer data by tapping third-party repositories as well.
How To Quickly Fight KYC Fraud
FinTechs seeking to showcase their security measures and win banks over must also demonstrate strong onboarding procedures — including KYC processes that can prevent criminals from enrolling. Fraudsters often try to create accounts using counterfeit credentials or synthetic IDs that combine bits of information stolen from different individuals.
Robust strategies can help FinTechs identify these schemes without sacrificing the seamless experiences that often draw customers to financial apps, Davies said. Catching falsified or synthetic IDs requires being able to quickly check government sources to confirm the legitimacy of provided information like Social Security and passport card numbers. FinTechs must then tap third-party data sources to assess whether valid ID credentials all match one individual and identify those that include details associated with several individuals as synthetic.
“FinTech companies are technology companies, so can very effectively leverage the different data sources via integrations with them,” Davies explained. “That can lead to seamless customer experiences, which will lead to more adoption of open banking.”
Such integrations mean FinTechs can quickly pull up the information needed to perform KYC checks without causing delays for customers. This enables them to continue offering the convenience that drives demand for open banking while still fending off security risks.
Financial services firms’ work to stay ahead of criminals is never over, but several strategies can help them safeguard customers. Security-savvy FinTechs can facilitate partnerships with FIs that are wary about offering open APIs, providing assurance that their new financial apps will not worsen crime. Those that can enact insightful, data-powered AML and KYC strategies will likely increase open banking’s proliferation.