Money transfer company Wise was fined $360K by Abu Dhabi regulators for violating the country’s AML laws. The country’s financial governing agency, Financial Services Regulatory Authority (FSRA), found that the company “did not establish nor maintain adequate AML systems and controls to ensure full compliance with its AML obligations.” Yet, the FSRA had not discovered actual instances of money laundering stemming from Wise’s lack of AML controls. According to the FSRA, the violations centered around KYC checks. Wise failed to determine the source of funds held by some customers it had identified as high-risk before handling transactions on their behalf.
Per FSRA, the company also failed to adhere to its own ‘chain of command’ protocols and found Wise employees had failed to get approval from senior management “to establish business relationships with a category of customers that it had identified as high risk.” Wise and its senior management cooperated fully with FSRA.
Why this is important. Money transmitters – especially those operating in the US – have not historically risk-ranked their customers, and many vendor products do not offer this functionality. By implication, this finding requires companies conducting business in certain jurisdictions to (A) implement a risk model to determine their “high risk” customers, and then (B) implement enhanced due diligence (e.g., identifying source of funds) and other controls for high-risk customers. It’s only a matter of time before this common global standard (which already exists for more highly regulated institutions in the US) also becomes required for US money transmitters. It is imperative for financial institutions and FinTechs alike to make sure their AML systems are the right fit for both current and anticipated organizational needs, and in alignment with regulatory requirements.