12 compliance questions to ask your payout provider
Your straightforward guide to understandingthe laws and regulations for payouts and how to achieve complete peace of mind.
Introduction
The challenges facing cross-border payouts are extensive. With multiple regulations
put in place to protect against sanctioned parties, money laundering and terrorist
financing, the punishment for non-compliance can be severe, including fines,
reputational damage and imprisonment.
Many organizations turn to payout providers to assist them in this challenging
operation, trusting their provider’s knowledge and experience to comply fully with
all legal requirements on their behalf. Yet not all payout providers are equal, and
choosing the right one for your individual needs can be a challenge in itself. Select
the wrong one, and you could be facing fines or worse.
The key to a risk-based approach is to ensure the payout provider has a
comprehensive compliance program in place that includes all relevant policies and
procedures, as well as know your customer (KYC), transaction monitoring, sanctions
screening, reporting and recordkeeping processes. Automated screening of financial
accounts against set risk-based criteria needs to be in place, alongside reviews of any
red flags that are raised during the process.
By understanding the regulations and legislations surrounding payouts and payout
providers, not only will you better appreciate the important role they play in cross-
border transactions, but it will help you clarify that your chosen provider fully
addresses global regulatory compliance challenges โ giving you peace of mind that
you wonโt face any issues or surprises.
To ensure you are protected, there are crucial questions to ask a prospective
provider. Here, we outlines 12 questions, including the reasons why each is
a critical issue to consider to ensure your payout provider will keep you compliant in
todayโs growing global economy.
Licences
Licensing of payout providers is required by governments to protect the consumer and to potentially prevent fraud and other financial crimes such as money laundering and terrorist financing.
In the United States, payout providers typically need to be licensed as money transmitters by most states where their clients operate, as well as where they operate or offer services.
Money transmitters form a part of a larger group called Money Services Businesses (MSBs) which also includes currency exchange firms, prepaid access providers, monetary instrument sellers, and check cashers. All these organizations need to be registered as MSBs with the federal government, specifically with the Financial Crimes Enforcement Network (FinCEN).
Money transmitters are regulated across most states within the US. It is worth checking the individual laws in each state, as they may vary. In most states, money transmitters have to maintain surety bonds in amounts between $25,000 and several million dollars and are subject to minimum capital requirements. Some states also require internet and mobile-based payout providers to have a state license if they have customers within that state. There is also additional protection for US consumers sending money electronically to foreign countries via the Dodd-Frank Act (2012).
Licences: Questions to ask
Is the payout provider registered in the US as a Money Service Business, and licensed as a Money Transmitter in the state you are operating in?
Does the payout provider hold a payment institution or e-money license in Europe?
Is the payout provider regulated and licensed? If the payout provider works with other payment partners, how do they ensure their partners are appropriately regulated and licensed?
“Money transmitters are regulated across most states within the US. It is worth checking the individual laws in each state, as they may vary.”
The Financial Action Task Force (FATF) is an inter-governmental body established in 1989 by the Ministers of its Members jurisdictions. The aim is to set standards and promote implementation of legal, regulatory, and operational measures to combat money laundering, terrorist funding, and other threats to international finance. As an international task force, its recommendations are applicable in the US. These form the basis for a global coordinated response to threats to the integrity of the financial system.
In Europe, payment regulations are in alignment with European Union (EU) law which consists of a body of treaties and legislation in the form of Regulations and Directives that impact the laws of each EU member state. These laws also incorporate the recommendations of the FATF.
Directives issued by the European parliament include the second E-Money Directive (2EMD), and the revised Payment Services Directive (PSD2). These define rules for conducting business and supervising electronic money and payment institutions, while establishing a comprehensive set of rules applicable to all payment services in the European Union.
“The FATF develops policies to combat money laundering and terrorism financing, and monitors countriesโ implementation progress.”
Organizations can apply for authorization as a payment institution if they meet certain capital and risk management requirements in any EU country where they choose to become established. They then โpassportโ payment services into other EU member states without additional licensing requirements. As the amount of businesses offering electronic commerce and payment services increases, the focus of regulatory regimes is no longer just on banks and government bodies, but also encompasses the licensing and regulation of smaller payout providers offering online payments.
AML/CTF
Money laundering and terrorist financing are some of the biggest threats facing cross-border payments, and every payout provider needs to be working continually to avoid and prevent their platform being abused for these purposes.
Money laundering involves hiding or disguising illegal money by converting it to funds that seem legitimate. The less of a paper trail there is, the more successful this process is likely to be, as it becomes increasingly difficult for law enforcement to follow the trail of the money.
Therefore, to prevent money laundering, strict rules for record keeping and reporting of financial transactions by financial institutions (FIs) and payout providers have been set up by regulatory authorities.
Terrorist financing, on the other hand, is less concerned with where the money has come from, and more interested in what the money will be used for. After the attacks on September 11, 2001, the US government passed the USA PATRIOT ACT to try and stop the financing of terrorism, among other things. It forces financial institutions (FIs) to focus more on monitoring for terrorist financing, while ensuring that non-US banks doing business with US banks have adequate AML/CTF processes in place.
AML/CTF: Questions to ask
Does the payout provider have a strong Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) program that is regularly tested, audited and reviewed?
The European Union fifth Money Laundering Directive (AML5) was entered into force in July 2018, and EU member states were required to transpose it into national law by January 2020.
Sanctions and embargoes are applied by governments to target perpetrators who engage in criminal activity, including money laundering and terrorist financing. Watch lists have been compiled by regulators which publicly identify sanctions targets.
“Financial institutions and payout providers have a legal obligation to screen customers and transactions against these lists, which are used to block or reject payments, report attempted infringement to regulators and comply with all sanction rules and regulations.”
Not only do the lists need to be kept up-to-date, but to ensure the process is effective the FIs and payout providers need a strong sanctions compliance program, as well as an Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) program that are regularly tested, audited and reviewed.
Sanctions screening
As previously discussed, watch lists compiled by regulators are essential for financial sanctions. A commonly applied sanctions list is published by the Office of Foreign Assets Control (OFAC). As part of the US Department of the Treasury, OFAC administers and enforces economic and trade sanctions based on US foreign policy and national security goals. In Europe, both the EU Commission and the UK Government HM Treasury issue a consolidated list of targets subject to UK and EU sanctions.
These sanctions are then used against targeted foreign countries, terrorists, international narcotic traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction or against any other threats to the US, EU and UK and their national security and economic interests.
OFAC publishes the Specially Designated Nationals List (SDN), which identifies individuals, groups and entities designated under a Sanctions Program as terrorists, narcotic traffickers, proliferators of weapons of mass destruction, and transnational criminal organizations, among other bad actors.
If a payout provider initiates payments to US companies, or to companies with a US connection, all beneficiaries have to be screened against the SDN list. If a name is flagged, payments to the entity are then blocked.
Sanctions screening: Questions to ask
Does the payout provider screen all transactions against OFAC and other country relevant lists to prevent payments to sanctioned entities?
Does the payout provider regularly retrieve updated sanction lists and re-screen parties in cases of updates to the lists?
Does the payout provider block or restrict sanctioned countries and territories to prevent prohibited payments involving sanctioned countries or territories?
“Sanctions are used against targeted foreign countries, terrorists, international narcotic traffickers, and other bad actors.
Another list published by OFAC is the Sectoral Sanctions Identifications (SSI) List. This list contains persons operating in certain sectors of the Russian economy identified by the Secretary of the Treasury and sanctioned pursuant to Executive Order 13662. The prohibited financial and commercial activity with sanctioned persons on the SSI List is described in Directives issued by OFAC under the Sectoral Sanctions Program.
Further sanctions programs currently administered by OFAC include, but are not limited to: Cuba Sanctions; Ukraine-/Russia-related Sanctions; Iran Sanctions; Syria Sanctions; Counter-Terrorism Sanctions; and Counter-Narcotics Sanctions.
Another commonly applied sanctions lists is the United Nations Security Council Sanctions List (including all individuals and entities subject to sanctions measures imposed by UN Security Council).
Payout providers need to screen all transactions against OFAC and other country relevant lists to prevent payments to sanctioned entities, while regularly retrieving updated sanction lists and re-screening parties in cases of updates to the lists. By doing so, risks of payments to sanctioned entities are minimized, thus protecting the money that moves across borders.
Know your customer (KYC)
Developed to help prevent identity theft, financial fraud, money laundering and terrorist financing, a Know Your Customer policy is aimed at enabling banks and financial institutions to know and understand their customers better. With this knowledge, risks can be managed more prudently.
The process of KYC includes identifying the customer and verifying the identity using reliable information. When accounts are initially opened, data and documents may be collected for identification purposes. This is a legal requirement by banks and financial institutions to show that KYC procedures have been performed.
KYC also includes screening names against lists of known sanctioned parties, and determines the risk of the customer in relation to the probability of committing money laundering, identity theft or terrorist financing. KYC formats an anticipation of the transactional behaviour of customers, and then monitors their real life transactions against the expected behaviour, as well as that of their peers.
Although KYC requirements have been in place for decades, the guidelines were recently revisited in accordance with recommendations made by FAFT regarding Anti-Money Laundering standards and Combating Financing of Terrorism. KYC standards have been enhanced in line with international benchmarks, and as such are regulatory requirements. Every payout provider needs to continuously administer a strong KYC program to prevent the risk involved with financial transactions.
Know your customer (KYC): Questions to ask:
Does the payout provider administer a robust KYC program that is tested and audited regularly by independent third parties?
Transaction monitoring and reporting
It is necessary for payout providers to be very observant and monitor the transaction activity of customers closely. In this way, suspicious or unusual activity can be flagged and addressed.
Suspicious activity that must be reported includes any transactions that: are suspected or known to involve money from criminal activity; elude Bank Secrecy Act (BSA) requirements in the US or the fifth Money Laundering Directive (5MLD) in the EU; seem to serve no business or legal purpose and cannot be explained; or involve the use of Money Service Businesses (MSB) for criminal activity.
Spotting the red flags quickly is crucial, and employees need to undergo regular training to be able to identify possible indicators of money laundering, terrorist financing, or other criminal activity.
Examples of red flags pointing towards suspicious transactions that employees need to be aware of include: customer using fake ID; two or more customers using similar ID; a customer changing a transaction after learning that he or she must show ID; a customer conducting transactions just below amounts that require reporting or recordkeeping; or two or more customers trying to evade BSA or 5MLD requirements by working together to break one transaction into multiple transactions. This is just a small sample of red flags.
Transaction monitoring: Questions to ask
Does the payout provider actively monitor transaction activity of customers for unusual or suspicious activity and report on red flags that are uncovered?
Have payout provider employees been trained to recognize activity indicative of money laundering, terrorist financing or other criminal activity?
When a red flag is triggered, manual investigations that should follow include link analysis, review of transaction activity, web activity and information about activities from parties identified as being related to the incident. Suspicious activity reports (SARs) may need to be filed if the payout providerโs compliance officer believes the activity is suspicious and meets regulatory reporting requirements.
The better trained personnel are, the quicker issues are flagged and dealt with. Working with a payout provider that invests in extensive monitoring and has detailed employee training programs in place ensures risks are kept to a minimum.
Audit
Auditing is the process by which the effectiveness of a compliance program is verified, via inspections and examinations, to ensure compliance of all necessary requirements. Regular auditing reassures organizations and customers using the service, that the payout provider
is operating legally and in compliance with all regulations and laws. Set criteria are put in place, which are used as a benchmark for the audit.
An audit is a systematic and independent procedure that is fully documented through records, statements of facts and other pertinent information โ all of which should be relevant and verifiable. Any procedures or systems that undergo auditing are evaluated fairly and objectively to decide whether the audit criteria is fully met.
Payout providers that are regularly audited and make these reports available are fully open to scrutiny and therefore have nothing to hide.
Audit: Questions to ask
Is the payout provider’s compliance program audited regularly?
Are audit reports available for inspection?
When a red flag is triggered, manual investigations that should follow include link analysis, review of transaction activity, web activity and information about activities from parties identified as being related to the incident. Suspicious activity reports (SARs) may need to be filed if the payout providerโs compliance officer believes the activity is suspicious and meets regulatory reporting requirements.
The better trained personnel are, the quicker issues are flagged and dealt with. Working with a payout provider that invests in extensive monitoring and has detailed employee training programs in place ensures risks are kept to a minimum.
Geographic Risk
Not all countries are equal in their regulations and legislations. Transactions occurring in certain countries can pose higher AML/CTF risk due to less stringent AML/CTF regulations, lax privacy laws or prevalence of drug trafficking, corruption, or financial crime in these countries.
In addition, countries with weaker economies are more likely to put currency controls in place, such as limiting or banning the buying and selling of foreign currency, or banning or restricting non-residents to buy or sell local currency. Governments may also put fixed exchange rates in place or restrict currency exchange to government-approved exchangers.
The aim of these controls is to provide stronger stability to the economy by limiting exchange rate volatility. However, black markets tend to spring up under such scenarios, where the controlled currency is exchanged for stronger currencies. These black markets can be a threat to legal and regulated cross-border finance exchange, so to minimize the risk to their cross-border finance, payout providers need to put processes in place to track and monitor geographical risk. This is known as a country risk evaluator.
Geographic risk: Questions to ask
Does the payout provider apply a country risk evaluator to assess geographic risk?
Work with Payoneer to ensure payments compliance
Payoneer uses a robust risk-based compliance program that meets the regulatory requirements of 200 countries and territories. Our KYC processes are regularly audited, and our anti-money laundering policies meet FATF-GAFI, EU, and US regulations.
- Remain compliant โ Feel secure with a company meeting the highest multi-jurisdictional regulatory requirements.
- Reduce costs โ Use Payoneerโs large banking network to save money on traditional payment methods.
- Grow globally โ Tap into Payoneerโs network of millions of businesses and professionals worldwide.
- Simplify your payments โ Send seamless mass payouts to payees all around the world, using our rich set of APIs.
- Save time โ Focus on the core of your business, letting us take care of all of your failed payments while our customer care team handles your payee’s payment questions.
Related resources
Latest articles
-
A guide to starting a business in Estonia as a non-citizen
If youโve thought about opening a new business somewhere with plenty of government support, expanding your business into the EU, or making it easier to work as a contractor or digital nomad anywhere in the European Economic Area (EEA), you should think about starting a business in Estonia…
-
Amazon Fees & Policy Updates 2024
Amazon regularly makes planned updates to fees and policies that may impact Payoneer customers that sell on Amazon. To keep Payoneer customers informed regarding upcoming and past updates, weโre providing a list of known changes to Amazon fees and Policy updates.
-
How Payoneerโs target exchange rate feature will help you save more on bank withdrawals
Boost savings with Payoneerโs target exchange rate feature.
-
Navigating phishing attacks: A guide to keeping your Payoneer account secure
Keeping your funds safe is our number one priority at Payoneer. While phishing attempts can happen, arming yourself with knowledge is key to keeping your data and money safe
-
Zoho Books and Payoneer integration guide
Learn how to seamlessly integrate Payoneer with Zoho Books. Follow our step-by-step guide to connect your accounts, create invoices, and manage payments efficiently. Optimize your financial operations today!
-
SMB Barometer 2024
Online report SMB Ambitions barometer 2024 Payoneer surveyed 3,779 SMBs across 15 countries to better understand their ambitions as well as their challenges. Dive into our second annual SMB Ambitions Barometer to learn how SMBs are navigating markets, securing capital, and overcoming challenges while pursuing global growth opportunities in 2024. A NOTE FROM OUR CEOWelcome…