With federal regulators levying $400 million in penalties for anti-money laundering (AML) compliance violations in 2015 alone, detecting and preventing transaction laundering has become a pressing concern for the payments industry.1
Spurred by the growth of online commerce and the anonymity of the Web, transaction laundering is surging worldwide. Regulators and credit card networks have launched a campaign to derail these efforts by holding acquirers and payment processors accountable for the actions of their merchants.
Forms of transaction laundering
The biggest transaction launderers are the purveyors of counterfeit merchandise, illegal drugs, sex services, and Internet casinos operating without a license. Even when the goods or services are sold legally, falsely representing the nature of a credit card payment violates the processing merchant’s agreement with its acquiring bank.
There are three principal forms of transaction laundering:
- Front companies use legitimate businesses as a cover for criminal activities. An example would be a nutritional supplements seller that launders drug money by inflating its receipts or that sells counterfeit pharmaceuticals under the vitamin and supplement Merchant Category Code.
- Pass-through companies allow illegal businesses to process their credit card receipts by giving them access to the legitimate company’s payments processing account. Often this is done by embedding a payment link on the illegitimate company’s website and then manually entering the illicit sales into the payment system to make them harder to detect.
- Funnel accounts are legal businesses that accept credit card charges from multiple companies that do not have their own merchant payment account because they are either too small or they engage in illicit transactions. The funnel company then enters these payments as legitimate transactions into the card payment processing system.
A growing problem
While the scale of the problem is difficult to quantify, it is both extensive and growing. About 50%-70% of online sales for illicit drugs, counterfeit goods, and unlawful adult content involve some form of transaction laundering, according to the Electronic Transactions Association (ETA), and more than 90% of illegal gambling sites use transaction laundering to move their credit card receipts into the payment system. These are enormous markets that account for hundreds of billions of dollars in annual sales.
With the volume of laundered payments rapidly escalating, regulators and the payments industry are becoming more diligent. Sellers of contraband have been forced to become more sophisticated and are learning how to use a legitimate merchant account to pass through sales from a Web front or pass-through site.
A new focus for regulators
These developments have led the Financial Crimes Enforcement Network (FinCEN) and other regulators to come down harder on banks using third-party payment processors. To help establish beneficial ownership, FinCEN requires financial institutions (FIs) to verify the identities of all nominees with a 25% or greater ownership stake in any company for which they open an account. They are also required to identify the principal decision maker for the site. FinCEN’s rule is only one of several legal requirements for banks to know their customers.
Regulatory bodies are also focusing on the new forms of transaction laundering – such as funnels and pass-through accounts – as a way to fight fraud.
The Department of Justice’s Operation Choke Point investigated U.S. banks and third-party processors associated with commercial activities at high risk of money laundering, such as dating and escort services, Web-based sellers of ammunition and pharmaceuticals, and home-based charities. As a result of the initiative, substantial fines in excess of $1 million were levied against at least two U.S. banks.3, 4
Payments industry should expect little tolerance from FinCEN and should quickly adhere to these electronic payments guidelines. Failure to do so will subject participants to substantial fines, including restrictions on participating in the industry and bans from the business.
Big fines for a midsize bank
On Feb. 27, 2017, the U.S. Treasury’s (FinCEN) slapped a $7 million fine on a midsize California bank for violations of the Bank Secrecy Act related to transaction laundering, and another $1 million was tacked on by the OCC for the same infractions.2
The penalties were levied for failing “to establish and implement an adequate anti-money laundering program” and for allowing “billions of dollars to flow through the U.S. financial system without effective monitoring.”
FinCEN said that in one instance the bank processed $192 million from high-risk foreign customers during a three-month period.
While many of the particulars were unique to the bank and its customer base, the incident is indicative of the threat posed by transaction processing to FIs that don’t recognize the risk and take steps to mitigate it.
The challenge for payment processors
The payments industry is constantly deploying new fraud detection techniques, such as chip cards and tokenization. Despite the stepped-up enforcement by regulators and the increased due diligence of banks and ISOs, the use of transaction laundering continues to spread—this is due, in part, to criminal’s growing sophistication with the payment system.
The Web’s inherent anonymity complicates the problem. True identities of as many as 6-10% of online merchants remain hidden from their payment processor. Corrupt sites fail to draw the attention of their ISO because most laundered transactions are relatively small.
Complying with FinCEN’s requirements and preventing laundered transactions
To detect transaction laundering, good underwriting is the key. That starts with relatively simple, manual steps:
- Examine the merchant’s website. Does it add up? Would a consumer be inclined to purchase its products? Many fraudulent websites don’t meet this simple standard and can be ferreted out by taking a close look at the site’s offerings.
- Compare the site’s content with its volume of business. Often, when something is amiss, these do not align. A merchant might tell its ISO that it anticipates bringing in $175,000 a month in sales, but their site offers only two products. Either the sales projection is way off, or the revenue will be coming from someplace else.
- Consider the age of the website. Sites typically don’t sell a large quantity of merchandise when they first launch. Flags should be thrown for any site that claims robust sales out of the gate.
- Compare the site’s products with its average sale price and the merchant codes it uses. Other telltale signs that a site may be laundering transactions include sudden and unexplained spikes in sales transactions or a jump in the size of each sale. Why would an apparel site with average sales of $175 suddenly start posting routine sales of $450?
Another giveaway is the type of merchant codes the site uses to enter sales slips. If these don’t conform to the types of goods that the site is supposedly selling, then it’s a good bet that something is wrong.
Merchant Monitoring Service Providers
Not every bank and ISO has the wherewithal or technology to conduct its own due diligence. These capabilities are available through third parties known as Merchant Monitoring Service Providers (MMSPs), which use computer algorithms and other techniques to examine merchant sites electronically.
MMSPs have an extensive database of merchants with a history of fraud and other questionable behaviors in which they can examine the information provided by a merchant’s site and compare it with their database to identify launderers.
MMSPs also look for suspicious site elements that the human eye might not detect. Based on what they find, they score the site and inform the ISO of the probability that the site is engaged in money laundering activity, keeping tabs on an ongoing basis.
Transaction laundering violates the merchant’s agreement with its acquirer, flouts AML laws, and attracts unwanted attention from regulators. To protect themselves, acquirers should address the problem through diligent underwriting, sophisticated technology, and partnerships with these service providers.
How Thomson Reuters Can Help
CLEAR online investigations software provides a solution to your compliance and investigative needs. By providing consistent, comprehensive, and defensible results, CLEAR can uncover weak links in a customer or vendor’s history in the form of politically exposed persons, criminals, bankruptcy, high-risk business officials, and other dubious entities. With CLEAR you can access key proprietary and public records; receive real-time records such as arrests, watch lists, and social media; and instantaneously analyze search results to shorten investigation time.