I’m sure you’re thinking, “That’s a mouthful of a title, Ali!”
You’re definitely not wrong, my dear reader, but this is a topic sometimes overlooked by people and companies alike. Financial fraud is an unforgiving monster that has uprooted the lives of people who didn’t do what they needed to do to stay protected or knew what needs to be done to stay protected: either way, a doomsday call.
According to the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCen), money laundering is defined as:
“Money laundering involves disguising financial assets so they can be used without detection of the illegal activity that produced them. Through money laundering, the criminal transforms the monetary proceeds derived from criminal activity into funds with an apparently legal source.
This process has devastating social consequences. For one thing, money laundering provides the fuel for drug dealers, terrorists, arms dealers, and other criminals to operate and expand their criminal enterprises.”
While banking institutions have fought fraud for decades, more and more online products and services have created an environment where KYC is more complex than in years past. There are increasing and inventive ways for criminals to hide the true origins of money being injected into the system.
The questions I have: How important is it for utility companies to be aware of their payment processing systems’ AML policies? And what responsibility do the utility companies bear?
Responsibility and Policy
My company, Tilli, has an extensive AML policy as most SaaS companies do (or should). One scenario explicit in our AML program deals with the responsibility of Utilli’s customers — utility companies who use our services.
Tilli provides an online SaaS platform for organizations such as utilities for communicating and engaging with their customers. The communication and engagement processes supported are focused on customer self-service and online processes, including bill payment. The payments are processed on behalf of Utilli’s customers: the utility companies who subscribe to our services.
In other words, generally, the consumers or the user of Tilli’s online systems is not Tilli’s direct customer. They use our system to pay their bills for services rendered by Utilli’s end-customers, who are the primary service providers themselves. Therefore, Tilli’s direct customers are not these consumers but their service providers.
It’s essential to run reports in the system that identify suspicious transactions where utilities and other organizations could fall victim to money laundering activities. These include parking a large sum of money within their utility accounts as overpayments and applying for refunds over time across to different recipients; paying down large bills by 3rd parties over time which hides the true identity of the consumer several other scenarios that could exist. That means we need robust reporting and analytics to unearth AML specific wrongdoing. Processes need to be in place to prevent such transactions from happening in the future.
Utilli believes that AML, Office of Foreign Assets Control (OFAC), and Know Your Customer (KYC) responsibilities for those consumers remain predominantly with the sub-merchant service providers and banks or card issuing companies that provide banking, debit, or credit card services.
Our policy is not unique. That’s why utility companies must be systematic in understanding their role in AML rules and regulations so they’re protected in the event of fraud or criminal activity.
Red Flags: Too Big Brother?
I find myself pondering solutions to this complex and wide-reaching issue.
Privacy and safety in this context sometimes are at odds with one another. While access to a comprehensive database that shares information with data processing and SaaS companies could be beneficial in this regard (i.e., flagging accounts that have suspicious activity), we have to be aware of the privacy implications. Is it too Big Brother to want access to this information? Is access to troves of data too high a price for safety?
This isn’t a political debate but rather a practical one. As I’ve discussed, our AML policy is comprehensive in its responsibility structure. Who is on the hook for the disasters that lurk around the corner, and what is the cost of not preparing companies for such a disaster?