The uncovering of an alleged $200 million credit card fraud scheme has triggered calls to expand know-your-customer rules. Those who prescribe ever-greater surveillance should be careful what they wish for.
In what was described as a sprawling criminal enterprise stretching across dozens of states and numerous countries, fabricated identities were used to obtain credit cards and doctor credit reports to borrow large amounts of money. At the heart of the alleged scheme were the merchant processor accounts used to accept and process the cards with stolen identities, authorities announced on Feb. 5. ATM withdrawals involve video surveillance and direct purchasing of merchandise doesn't yield cash. So the fraud ring allegedly used merchant accounts, mostly those of jewelry stores, since it is easier to obtain cash in a bank account using a fictitious sales transaction.
In some instances, sham companies were created and then those businesses established the direct relationship with the merchant processor and purchased the credit card terminals, the FBI said. Involving 25,000 fraudulent credit cards, 7,000 fake identities, and 1,800 "drop addresses," the conspirators allegedly wired millions overseas to Pakistan, India, the United Arab Emirates, Canada, Romania, China, and Japan.
For the duration of the probe, account information was known about the senders of international wire transfers, but not much was known about the recipients.
That is why experts are now pointing to this alleged scheme as justification for the expansion of Bank Secrecy Act and anti-money laundering regulations to include the identification and scrutiny of the recipients of funds associated with high-risk transactions.
Micah Willbrand, director of AML and compliance for LexisNexis' North American Financial Services Markets, told a trade publication, "Laws and regulations today only require that the bank have KYC [know your customer] in place for the sender, not the receiver of money."
"But card fraud schemes demonstrate why it's imperative to have KYC controls in place for both senders and recipients," he adds. As a result of the Foreign Account Tax Compliance Act, "all countries are realizing we need to know more about who's receiving the money. We need to be more transparent about how money is moving around the world, and that is something everyone is coming around to."
That is a very optimistic assumption, especially since considerable resistance already exists regarding global standardization of information-sharing. Ultimately, compliance would require a lot more legwork and due diligence on the part of banks, and financial institutions have been reluctant to move in this direction. If banks were required to replicate the current KYC controls for recipients as well as senders, the jurisdictional challenges would be complicated and expensive.
Willbrand justifies the investment cost in a subtle Risk.net advertorial “article”: "The implementation of FATCA will guide financial institutions … globally by providing them with a reference on what verification is required of their customers and the level of due diligence required from them based on their asset transfers. FATCA will, therefore, enable FIs everywhere to create a standardised customer onboarding process that will clearly define risk tolerances and accepted practices for engaging with customers."
Expanding KYC guidelines to include the recipient of funds would require a massive uniform international process that is continually monitored and updated. Additionally, the cross-border sharing of customer information could realistically lead to equally determined calls for reciprocity on the part of U.S. financial institutions. U.S. banks that act on behalf of the recipients of international funds could find themselves swarmed with overseas requests for KYC information prior to any funds transfer.