AML and fraud : What PSP agents should prepare for

By coincidence, I spoke with two PSP agents who were wondering what their obligations were regarding compliance, given that they relied on payment institutions of impeccable reputation.

Some of them were already in a difficult situation due to seriously flawed processes at their Payment service provider (PSP or BaaS), resulting in significant losses.

Here is a short article to help agents better understand their obligations and above all to defend their interests, and ideas for PSPs to improve their efficiency in a positive and constructive management with their agents.

What AML/CFT system for a PSP agent?

It is up to the PSP to set up a complete AML/CFT system, subject to internal control, for all the regulated activities of its agent.

To make it simple :

• You are an agent: your PSP delegates certain tasks to you, such as collecting documents for KYC or authenticating customers before sending funds
• The PSP must then put in place a control system for these operations to ensure that they are carried out in accordance with its directives
• Anything not delegated must be performed by the PSP itself (or one of its subcontractors). In other words, the agent’s obligations are defined in its contract or attached procedures, and it is the PSP’s responsibility to ensure that these obligations, in addition to its own operations, ensure a complete and compliant AML/CFT system.

In theory, an agent has no control obligation unless expressly defined in the contract. Thus, he does not have a transaction or client monitoring system and does not carry out the whole KYC process himself (verification of sanctions, AML/CFT rating, and controls against identity theft…).

But is it a good idea to rely entirely on your PSP, even a reputable one?

As long as he stands by his contract, the agent cannot receive any regulatory sanction, everything is under the responsibility of his PSP.

But many other forms of problems can affect him directly.

Financial risk

Most contracts between PSPs and agents provide that losses related to fraudulent payment transactions are the agent's responsibility. Thus, chargebacks, checks credited and then rejected, disputed direct debits, or unauthorized card transactions may be charged to the agent if insufficient funds are in the accounts concerned. This is a major risk for agents. A few transactions can quickly generate a loss of tens of thousands of euros at their expense.

If the losses are to be supported by the agent, there is at least a very strong incentive to set up his own anti-fraud system in addition to that of his PSP. Not only does this allow the agent to protect himself, but if properly calibrated, it can reduce friction between the agent and the PSP by anticipating certain alerts, thus improving the end customer experience while reducing costs.

Image risk

As an agent, if your solution is used to carry out fraud or unregulated transactions, your PSP will be implicated… but your name will be strongly associated. Most agents are “blind” to their PSP’s controls and procedures, so there is a significant advantage to performing certain key controls internally if only to secure yourself: identity theft, quality of payments made, abnormal movements…

Sharing, the best way?

The solution should come from risk sharing and increased transparency between agents and PSPs. At this stage, the market does not seem to be moving in this direction, if only because agents are unaware of these risks… until they are realized. It is often too late to avoid the first wave of financial and other consequences.

At Marble, however, we believe this is possible from the moment the agent contract is signed:

• nBy establishing risk maps shared with each agent so that everyone is fully aware of the risks and takes the appropriate measures
• By setting up more transparent procedures, which allow each actor to understand what the other is doing and its main control points without falling into naivety and sharing all the details.
• By deploying a Decision Engine solution at PSPs that can be co-prepared with agents to take into account their specificities or by equipping agents with such solutions upstream of the PSP.

The fight against money laundering, terrorist financing and fraud is never the business of a single player. It is the entire chain that must participate and use the information at its disposal to detect suspicions as effectively as possible. The BaaS or PSP needs the agent’s help to do this. The agent must know his risks and mitigate them as early as possible.

Agents: If you want to understand how Marble can help you better prevent your risks and identify fraud that could cause you financial losses by limiting your customer friction, contact us!

PPS and BaaS: Your agents now have a wide range of activities. If you want to learn how to benefit from their proximity to customers to improve your LCB-FT system while guaranteeing a transparent and sustainable business relationship, we are here for you.

Reach us at https://9fawd5qa107.typeform.com/to/QLipOARZ

Useful resources :

Detailed information in the ACPR FAQ “becoming an agent”: https://acpr.banque-france.fr/sites/default/files/20220106_faq_devenir_un_agent_de_psp.pdf