Anti-Money Laundering and Combating the Financing of Terrorism Policy Guidance
131
when an applicant whose name matches the list is encountered. In this way, immediate action can be taken. A second type of watch list is an internal database that m-money providers (especially telecoms) can design specifically to alert the staff to certain customers who deserve enhanced scrutiny or should be prohibited from accessing services. Although the establishment of such lists is consistent with internal monitoring requirements, using them externally may raise legitimate concerns. Some designers of m-money models have explored the possibility of sharing data between providers to enhance the integrity of the system. In most jurisdictions, sharing the name, account number, and mobile number (the PII) is strictly prohibited by privacy laws, even between similar entities (bank to bank and telecom to telecom). Therefore, if telecom A notices something suspicious about mobile number 123 on its network, it should be able to send out an alert to telecoms B and C without revealing the PII of the account holder. Mobile number 123 could then be put on a shared watch list and assigned risk level 1. If mobile number 123 shows up again as a suspicious transaction origin (on telecom A) or destination (on telecoms A, B, or C), its risk level rises to 2. The higher the risk level, the more scrutiny is applied to any transaction involving that number. Some AML/CFT experts have advocated creating a single database to be shared between telecoms and banks. Others have envisioned the possibility of creating a centralized system where all m-money users’ information would be regulated by a neutral third party or a government regulatory body who would provide access to various entities, according to business needs and specific credentials. These solutions may be additional tools for combating ML/TF, but their implementation may trigger a contentious debate about consumer protection and privacy rights. Countries wishing to follow these routes should ensure the routes are compatible with their privacy laws.
Reporting Obligations Because STRs play a key role in the AML/CFT system, it is important to ensure that all parties involved in the provision of m-money services cooperate to share information appropriately, that reporting lines and responsibilities are clear, and that the parties have sufficient capacity to monitor transactions and customers to ensure that suspicious behavior is reported as required. Regulated institutions are required to report suspicious transactions to the government, generally by filing STRs with the national FIU.