The new PSR rules, announced this week, radically change the liability landscape for firms and will fundamentally change the way they need to structure their fraud and AML compliance processes.
With some simplification, let me explain this statement …
There’s always two sides to every transaction – a sender and a receiver.
Fraud prevention
Fraud prevention systems have, in the main, been built to focus on transactions that are sent. They’ve been built to mitigate the liability of potential losses and to protect customer account holders – the people or companies sending the transactions.
Fraud prevention systems are the ‘hares’ of the compliance world. They run in realtime, interdicting payments, to stop losses before the transaction leaves the sending institution.
Fraud prevention systems don’t, as a rule, consider or focus in detail on received payments. This is not because the institutions don’t believe that their own accounts may be risky , but because the liability for any loss on a payment has always historically sat very squarely with the payment sender.
Anti-Money Laundering
So what about received funds? Typically these are monitored by firms from an AML “proceeds of crime” perspective in order to detect suspicious activity as part of the ins and outs of account flows. These systems also look at sent transactions as well.
AML monitoring processes are the “tortoises” of the financial crime compliance world. They are typically slow and batch based. They look at longer term patterns of account and customer activity to identify money laundering risks. They don’t interdict or stop transactions. Their raison d’etre is to report suspicious activity rather than to prevent it from happening.
So what’s changed?
In a bid to tackle the rising rate of Advance Push Payment (APP) fraud, the Payment Systems Regulator (PSR) announced last week new rules for Faster Payments will mean that both sending and receiving firms are incentivised to act to take action on fraud. Both will become liable for the losses and will split the costs of reimbursement 50:50.
Firms will need to adapt their fraud controls to look at both sent and received payments. This change will drive the continued convergence of Fraud and AML (FRAML!), both from technology and operational perspectives. If you are monitoring both inbound and outbound transactions in realtime to prevent fraud, why not do the same for AML? Why have two systems that are looking at the same data if they can be rationalised into one? Why have two teams when one combined approach could offer the best of both worlds?
To finish …
The new PSR rules set a new regulatory direction, firms hold a responsibility to monitor all transactions and customer account activity from both an AML proceeds of crime and a fraud prevention perspective. The 50:50 reimbursement split may be seen by some as controversial but will lead to greater levels of cooperation within and between firms that will help drive new models for fraud and AML.