108
Protecting Mobile Money against Financial Crimes
other elements of effective AML/CFT regulation. AML/CFT obligations cover a wide spectrum of issues, ranging from CDD to reporting obligations, internal controls and mechanisms, training, dissemination, national and international cooperation, and outreach, among others.1 Compliance with these other facets of AML/CFT standards2 is as important as compliance with CDD requirements when a country strives to comply fully with the international standards. Conduct an assessment of the m-money ecosystem. In an ideal situation, countries should survey the m-money ecosystem and its overall level of integrity risks prior to drafting AML/CFT regulation for m-money activities. The survey should aim to identify all role players in the jurisdiction, understand the products that are offered and are likely to be offered, and potential future patterns and trends. A risk assessment should also be performed to determine the nature, types, and levels of ML/TF risk. Countries will need to identify the main vulnerabilities that are specific to m-money and address them accordingly. Mobile network operators (MNOs) will need to contribute to this process by sharing information about their systems and by identifying higher- and lower-risk customers, products, and services. These assessments are not static; they have to be repeated to identify changes that occur over time, as circumstances develop and threats evolve. Under ideal conditions, the appropriate regulatory and supervisory approach for m-money should also support the financial system’s longerterm systemic stability, rather than merely its current flows. This will be of increasing importance when m-money begins to substitute more fully for the other financial channels and services. In this regard, any reluctance by policy makers to contemplate preventive measures because of their potential costs should be balanced by a consideration of the cost of restoring public confidence if there were any wide-scale incidents involving the m-money channel. Apply AML/CFT obligations to nonbanks offering m-money. As a general principle, all financial institutions should be subject to AML/CFT obligations.3 National laws generally require that banks, microfinance institutions, postal services, exchange bureaus, money transfer service providers, and all other types of financial institutions have in place an AML/CFT policy, specialized and trained personnel, reporting systems, and internal controls. Countries should also ensure, however, that nonbanks that offer m-money (for example, MNOs) are explicitly subject to