Anti-money laundering (AML) and know your customer (KYC) regulations are often front and center in mobile money conferences and publications.  But what do they amount to in practice?  How difficult is it for customers, and therefore electronic transactions, to slip through the cracks?  No one answer addresses the various reasons for non-compliance, but failure is usually due to breakdown in or between the SIM registration, agent registration, regulatory oversight, and / or transaction monitoring processes.   

SIM Registration:  Most countries with mobile money systems now require SIM cards to be registered.  To name a few, Kenya, Nigeria, Sierra Leone, and Tanzania all implemented registration laws in the last two years.  SIM registration ensures that mobile network operators know their customers by requiring customers to supply a form of identification (passport, national ID, etc.) and an address in order to activate their SIM card.  

Agent Practices:  Agents are the frontline of a mobile money system.  In addition to honoring cash-in / cash-out requests, agents are responsible for registering new customers.  Registration entails filling out a customer registration form, which usually has fields for capturing name, identification type / number, address, and phone number.  Some agents are even required to make a photocopy of the customer ID.  

Regulatory Oversight:  Mobile money providers are largely regulated by central banks and national communications commissions.  These institutions are responsible for ensuring that mobile money providers comply with all pertinent law, especially AML / KYC regulations.  In order to determine if a mobile money provider is compliant, regulatory bodies need full and frequent access to registration documents.  They also champion adherence to international standards (e.g. The 40 Recommendations).  

Transaction Monitoring:  Like financial institutions, mobile money providers use a range of algorithms to detect fraudulent or malicious activity.  For instance, a customer wishing to bypass daily or per-transaction thresholds might use multiple mobile money accounts or break transactions apart (see this article on structuring and smurfing).  These transactions are supposed to be flagged as ‘suspicious activity’ and investigated.    

When any of the above processes fail, the remaining processes are designed to identify and mitigate the failure.  When failure is systemic, though, non-compliance becomes a serious problem.  

Here are three real examples that point to systemic failure (George is a pseudonym):

1. George purchased a SIM card on the street in January 2011 and had several weeks to register it before it would be deactivated.  He went to a mobile money agent to register for a mobile wallet and was not asked to fill out any forms or produce an ID.  George proceeded to send money to eight individuals and one enterprise within a ten minute period on the same day his mobile wallet was activated.
2. In February 2010 George used an unregistered SIM card and a friend’s passport to register for a mobile wallet and transacted several hundred dollars over the course of two months.
3.  In May 2010 George used an unregistered SIM and told the agent his ID number without physically producing the ID in order to activate his mobile wallet.  He transacted several hundred dollars over the course of two weeks. 

In the first example, all four processes listed above failed.  George exploited a loophole in the SIM registration law that allowed him a grace period of several weeks.  The mobile money agent George registered with either did not understand or did not take seriously the registration requirements.  The regulatory bodies did not scrutinize the mobile money provider enough to ensure that it adequately train its agents.  And the mobile money provider failed to flag the high number of transactions in a short period as ‘suspicious activity’. 

Many of the same failures occurred in examples two and three as well. 

Altogether, the examples above reveal a divide between AML / KYC regulations in theory and practice and highlight the inter-dependent nature of a mobile money ecosystem.  It would be unfair and, frankly, incorrect to paint this divide as equally wide across the 150+ mobile money deployments globally.  But every stakeholder in the ecosystem should be aware of where the processes are most vulnerable. 

The next logical step in mobile money – that is, the coalescing of a fully integrated mobile financial ecosystem – is dependent on the increased rigor and scrutiny of everyone involved.