Managing Money-Laundering Risk for Financial Technology P2P Lending Companies

Ahmad Amiruddin, S.H., LL.M.[1]

Introduction

Indonesian financial-technology companies which focus on peer-to-peer lending (“Fintech P2PL”) have grown rapidly over the past few years. As of April 2019, some 106 Fintech P2PL had registered with the Financial Services Authority (Otoritas Jasa Keuangan – “OJK”)[2] and the total amount of funds disbursed by these companies had reached over IDR 28 trillion as of February 2019.[3] However, this sector of the economy is not without its risks.

One of these risks is undoubtedly the inherent risk of money laundering. Indeed, if a Fintech P2PL is proven guilty of involvement in a money laundering scheme, then not only can it be fined up to IDR 1 billion under Article 5, Law Number 8/2010 on the Prevention and Eradication of Money Laundering, but the company’s reputation is also likely to be damaged and the trust of investors may decline to the point that no one will conduct any business with it anymore. As such, in order to complement this industry’s tremendous growth, risk management which addresses the thorny issue of anti-money laundering (“AML”) is a critical element for Fintech P2PL.

However, although a ground rule has already been established for the implementation of AML risk management, specifically OJK Regulation Number 12/POJK.01/2017 on the Implementation of Anti-Money Laundering and Countering Financing of Terrorism (“AML & CFT”) Program for the Financial Industry, according to the OJK department responsible for the handling of AML & CFT, Fintech P2PL are not currently required to abide by this regulation, at least until 2021, so as to not to hinder their rapid business development.[4]

If this is the case, then how should money-laundering risk be managed if it is not currently mandatory to comply with this ground rule? This article will address this issue and offer an analysis of how Fintech P2PL can deal with money-laundering risk in a manageable way without disturbing their business growth and through the application of best industry practice for the banking sector.

Why Is Money-Laundering Risk a Concern for Financial-Service Providers?

Money laundering can threaten the operations of any financial-service providers (“FSP”) which become involved in this crime due to the associated financial and reputational risk. In essence, a money launderer tries to conceal the proceeds of crime or to obscure sources of illegal funds through, for example, the deposit of money in an FSP, e.g. a bank or a Fintech P2PL.[5] Another example of money laundering involves the borrowing of money from a Fintech P2PL with the intention of repaying the relevant loan through the use of corrupted funds. This article will primarily address this second type of scheme.

If the relevant authority is able to prove that an FSP has been used by a money launderer in order to conceal their illegal funds, then the FSP in question is liable to face both financial and reputational catastrophe. Financially, fines of up to IDR 1 billion at a maximum can be levied according to Article 5, Law Number 8/2010.  Article 5 states that any party who receives or controls the placement, transfer, payment, granting or use of any form of wealth that they know or are supposed to know derives from the proceeds of crime shall be sentenced to a term of imprisonment of up to five years and have a fine of up to IDR 1 billion imposed upon them. The wording, “… are supposed to know,” means that attempts have to be made in order to prevent and close money-laundering loopholes and such attempts should be undertaken through serious efforts at money laundering risk management.

However, reputational risk may ultimately have a worse impact on a company than any financial penalties which are imposed. For example, imagine that the media exposes the fact that a Fintech P2PL is involved in a money laundering scheme. How will the relevant investors react? Will anyone still conduct business with such a company? The obvious answer is that this would be unlikely. And indeed, this point is exemplified by the case of  Deutsche Bank and its involvement in a Russian money-laundering scheme amounting to over $20 billion. As a result of this criminal activity, Deutsche Bank not only faces the prospect of disciplinary action being imposed upon it by US and UK financial regulators, but also the very real prospect that the bank’s global brand may also be at risk as investors and clients lose trust in this time-honored financial-service provider. Indeed, such a loss of trust is eventually likely to lead to a significant fall in the bank’s stock price.[6]

Implementing Anti-Money Laundering Regulations: A Dilemma

For a Fintech P2PL, AML risk management is addressed under Article 42 of OJK Regulation Number 77/POJK.01/2016 on Technology-Based Peer-to-Peer Lending. Article 42 states that Fintech P2PL must implement AML & CFT programs according to relevant regulations, specifically OJK Regulation Number 12/POJK/01/2017 on the Implementation of AML & CFT Programs by the Financial Industry. The scope of risk management set under OJK Regulation Number 12/2017 states that, pursuant to Article 17 juncto Article 44, FSPs are required to (1) Identify; and (2) Verify the identities of prospective customers; and then (3) Monitor transactions in order to ensure that they are in line with the relevant customer profiles.

However, according to a statement issued by the AML & CFT Group at the OJK, it is not mandatory for Fintech P2PL to implement AML & CFT programs under OJK Regulation Number 12/2017 until at least 2021, so that said companies can remain free from excessive burden and can instead focus upon boosting their growth. This is certainly reassuring news for Fintech P2PL, as implementing AML & CFT programs can prove costly, while satisfying the complex requirements involved also presents a significant challenge.

Nonetheless, regardless of this exception, Fintech P2PL already seem to be making a significant effort in terms of identifying and verifying prospective customer profiles (both lenders and borrowers) so as to avoid abuse by criminals. Efforts currently being employed include: (1) Screening of customer profiles against a set of watchlists which address blacklisted persons, e.g. terrorists;[7] (2) Verification of data contained within the national electronic ID cards (e-KTP) of applying customers in relation to data which is stored by the Civil Registry Office (Dukcapil). This measure is essential in order to avoid fake IDs being used in a fraudulent way.[8]

While such actions are appreciated, the monitoring of customer transactions also needs to be addressed and Fintech P2PL are generally not focusing upon implementing such monitoring regimes right now, given that it is not yet mandatory for them to do so. Unfortunately, this means that money laundering still presents a significant risk, as there are no guarantees in place that persons who have been successfully accepted as customers will not exploit Fintech P2PL as a means to launder their ill-gotten gains.

The Case for a Simple Transaction-Monitoring Approach

As P2P businesses place a particular emphasis on facilitating people in need of money, Fintech P2PL should monitor all transactions which are undertaken by their customers, particularly borrowers. This can be achieved by incorporating suspicious transaction parameters into the transaction IT system. The banking industry as a whole encompasses a wide variety of complex suspicious transaction parameters, of which there is one useful parameter which is particularly applicable to Fintech P2PL. This particular parameter is generally known as “early loan termination”.

This type of alert flags a customer if they fully repay their loan not long after they have been lent the relevant funds in the first place. For example, if a customer applies for a loan of IDR 5 million with a 30-day maturity period and fully repays this loan within three days of its disbursement, then this should be viewed as suspicious. Fintech P2PL should become even warier if, just a few weeks later, the relevant party applies for a second loan which they also repay in full within a very short timeframe.

Two critical questions relate to this type of activity: (1) Why would and how could a borrower who is in need of money repay a loan in full within such a short period as if the party in question never actually needed the money at all? (2) Where did the party get the money from in order to repay the loan? Indeed, the purpose of such transactions may be to conceal money which is gained from the proceeds of crime, the illegal drug trade or corruption.

If such cases crop up, then Fintech P2PL should report them via suspicious transaction reports (“STR”), that are supposed to be sent to the Indonesian Financial Reports and Analysis Center (“PPATK”). Even though Fintech P2PL are still not subject to any mandatory regulatory reporting, such companies are still permitted to report STR based on Article 44, paragraph 1 of Law Number 8/2010, which states that the PPATK is allowed to receive reports from the general public which address potential money-laundering cases.

Pragmatically speaking, this type of STR reporting should not merely be seen as a way in which Fintech P2PL can avoid being sued by public prosecutors as regards involvement in financial crime. The reason for this is that by implementing simple but well-organized processes of identification, verification, monitoring (including the reporting of suspicious transactions in a timely manner), Fintech P2PL will have complied with the phrase “…are supposed to know,” as set out under Article 5, Law Number 8/2010 and as addressed above.

Conclusion

Although Fintech P2PL are not yet required to fully implement AML & CFT risk management based on OJK Regulation Number 12/2017, AML risk can be still managed without too much accompanying complexity. Monitoring borrowers’ transactions and reporting any suspicious financial activity to the PPATK is just one of the ways in which such risk can be managed. Ultimately, Indonesian Fintech P2PL should be able to enjoy solid growth, whilst also ensuring that they tackle the risk of money laundering.

[1] The writer is an Anti-Money Laundering Analyst at PT Bank BTPN, Tbk who received his Bachelor’s Degree on Economic Law from Law Faculty of Universitas Indonesia and Master’s Degree on International Banking and Finance from University of Leeds with Distinction (Cum Laude).  

[2] CNN Indonesia, “OJK Rilis Daftar 106 Fintech Berizin,” https://www.cnnindonesia.com/ekonomi/20190410190058-78-385103/ojk-rilis-daftar-106-fintech-berizin, as published on 10 April 2019.

[3] Kontan.co.id, “Pinjaman fintech sudah tembus Rp28,46 trilyun, ini penyebabnya,https://keuangan.kontan.co.id/news/pinjaman-fintech-sudah-menembus-rp-2836-triliun-ini-penyebabnya, as published on 3 April 2019.

[4] See Hukumonline: “Meraba Potensi TPPU di Industri Fintech,” as published on 28 March 2019.

[5] Money-laundering risk should be implemented in terms of investors who are already managed by Fintech P2PL and, among other techniques, involves blacklisting persons such as terrorists, screening and e-KTP verification through the use of data supplied by the Civil Registry Office (Dukcapil). This article is primarily focused upon the ways in which Fintech P2PL can avoid money laundering which arises through borrowers. For further information, see: http://infobanknews.com/ojk-pastikan-dana-p2p-lending-tak-tersangkut-tindak-pidana-terorisme/

[6] The Guardian, “Deutsche Bank faces action over $20 billion Russian money-laundering scheme,” https://www.theguardian.com/business/2019/apr/17/deutsche-bank-faces-action-over-20bn-russian-money-laundering-scheme, as published on 17 April 2019.

[7] Infobanknews.com, “OJK Pastikan Dana P2P Lending Tidak Tersangkut Paut Dana Terorisme,” http://infobanknews.com/ojk-pastikan-dana-p2p-lending-tak-tersangkut-tindak-pidana-terorisme/, as published on 21 March 2019.

[8] Indonesia.go.id, “Jasa Peer to Peer Semakin Seksi,” https://indonesia.go.id/narasi/indonesia-dalam-angka/ekonomi/jasa-peer-to-peer-lending-semakin-seksi, as published on 15 March 2019.

Ahmad Amiruddin, S.H., LL.M.[1]

Introduction

Indonesian financial-technology companies which focus on peer-to-peer lending (“Fintech P2PL”) have grown rapidly over the past few years. As of April 2019, some 106 Fintech P2PL had registered with the Financial Services Authority (Otoritas Jasa Keuangan – “OJK”)[2] and the total amount of funds disbursed by these companies had reached over IDR 28 trillion as of February 2019.[3] However, this sector of the economy is not without its risks.

One of these risks is undoubtedly the inherent risk of money laundering. Indeed, if a Fintech P2PL is proven guilty of involvement in a money laundering scheme, then not only can it be fined up to IDR 1 billion under Article 5, Law Number 8/2010 on the Prevention and Eradication of Money Laundering, but the company’s reputation is also likely to be damaged and the trust of investors may decline to the point that no one will conduct any business with it anymore. As such, in order to complement this industry’s tremendous growth, risk management which addresses the thorny issue of anti-money laundering (“AML”) is a critical element for Fintech P2PL.

However, although a ground rule has already been established for the implementation of AML risk management, specifically OJK Regulation Number 12/POJK.01/2017 on the Implementation of Anti-Money Laundering and Countering Financing of Terrorism (“AML & CFT”) Program for the Financial Industry, according to the OJK department responsible for the handling of AML & CFT, Fintech P2PL are not currently required to abide by this regulation, at least until 2021, so as to not to hinder their rapid business development.[4]

If this is the case, then how should money-laundering risk be managed if it is not currently mandatory to comply with this ground rule? This article will address this issue and offer an analysis of how Fintech P2PL can deal with money-laundering risk in a manageable way without disturbing their business growth and through the application of best industry practice for the banking sector.

Why Is Money-Laundering Risk a Concern for Financial-Service Providers?

Money laundering can threaten the operations of any financial-service providers (“FSP”) which become involved in this crime due to the associated financial and reputational risk. In essence, a money launderer tries to conceal the proceeds of crime or to obscure sources of illegal funds through, for example, the deposit of money in an FSP, e.g. a bank or a Fintech P2PL.[5] Another example of money laundering involves the borrowing of money from a Fintech P2PL with the intention of repaying the relevant loan through the use of corrupted funds. This article will primarily address this second type of scheme.

If the relevant authority is able to prove that an FSP has been used by a money launderer in order to conceal their illegal funds, then the FSP in question is liable to face both financial and reputational catastrophe. Financially, fines of up to IDR 1 billion at a maximum can be levied according to Article 5, Law Number 8/2010.  Article 5 states that any party who receives or controls the placement, transfer, payment, granting or use of any form of wealth that they know or are supposed to know derives from the proceeds of crime shall be sentenced to a term of imprisonment of up to five years and have a fine of up to IDR 1 billion imposed upon them. The wording, “… are supposed to know,” means that attempts have to be made in order to prevent and close money-laundering loopholes and such attempts should be undertaken through serious efforts at money laundering risk management.

However, reputational risk may ultimately have a worse impact on a company than any financial penalties which are imposed. For example, imagine that the media exposes the fact that a Fintech P2PL is involved in a money laundering scheme. How will the relevant investors react? Will anyone still conduct business with such a company? The obvious answer is that this would be unlikely. And indeed, this point is exemplified by the case of  Deutsche Bank and its involvement in a Russian money-laundering scheme amounting to over $20 billion. As a result of this criminal activity, Deutsche Bank not only faces the prospect of disciplinary action being imposed upon it by US and UK financial regulators, but also the very real prospect that the bank’s global brand may also be at risk as investors and clients lose trust in this time-honored financial-service provider. Indeed, such a loss of trust is eventually likely to lead to a significant fall in the bank’s stock price.[6]

Implementing Anti-Money Laundering Regulations: A Dilemma

For a Fintech P2PL, AML risk management is addressed under Article 42 of OJK Regulation Number 77/POJK.01/2016 on Technology-Based Peer-to-Peer Lending. Article 42 states that Fintech P2PL must implement AML & CFT programs according to relevant regulations, specifically OJK Regulation Number 12/POJK/01/2017 on the Implementation of AML & CFT Programs by the Financial Industry. The scope of risk management set under OJK Regulation Number 12/2017 states that, pursuant to Article 17 juncto Article 44, FSPs are required to (1) Identify; and (2) Verify the identities of prospective customers; and then (3) Monitor transactions in order to ensure that they are in line with the relevant customer profiles.

However, according to a statement issued by the AML & CFT Group at the OJK, it is not mandatory for Fintech P2PL to implement AML & CFT programs under OJK Regulation Number 12/2017 until at least 2021, so that said companies can remain free from excessive burden and can instead focus upon boosting their growth. This is certainly reassuring news for Fintech P2PL, as implementing AML & CFT programs can prove costly, while satisfying the complex requirements involved also presents a significant challenge.

Nonetheless, regardless of this exception, Fintech P2PL already seem to be making a significant effort in terms of identifying and verifying prospective customer profiles (both lenders and borrowers) so as to avoid abuse by criminals. Efforts currently being employed include: (1) Screening of customer profiles against a set of watchlists which address blacklisted persons, e.g. terrorists;[7] (2) Verification of data contained within the national electronic ID cards (e-KTP) of applying customers in relation to data which is stored by the Civil Registry Office (Dukcapil). This measure is essential in order to avoid fake IDs being used in a fraudulent way.[8]

While such actions are appreciated, the monitoring of customer transactions also needs to be addressed and Fintech P2PL are generally not focusing upon implementing such monitoring regimes right now, given that it is not yet mandatory for them to do so. Unfortunately, this means that money laundering still presents a significant risk, as there are no guarantees in place that persons who have been successfully accepted as customers will not exploit Fintech P2PL as a means to launder their ill-gotten gains.

The Case for a Simple Transaction-Monitoring Approach

As P2P businesses place a particular emphasis on facilitating people in need of money, Fintech P2PL should monitor all transactions which are undertaken by their customers, particularly borrowers. This can be achieved by incorporating suspicious transaction parameters into the transaction IT system. The banking industry as a whole encompasses a wide variety of complex suspicious transaction parameters, of which there is one useful parameter which is particularly applicable to Fintech P2PL. This particular parameter is generally known as “early loan termination”.

This type of alert flags a customer if they fully repay their loan not long after they have been lent the relevant funds in the first place. For example, if a customer applies for a loan of IDR 5 million with a 30-day maturity period and fully repays this loan within three days of its disbursement, then this should be viewed as suspicious. Fintech P2PL should become even warier if, just a few weeks later, the relevant party applies for a second loan which they also repay in full within a very short timeframe.

Two critical questions relate to this type of activity: (1) Why would and how could a borrower who is in need of money repay a loan in full within such a short period as if the party in question never actually needed the money at all? (2) Where did the party get the money from in order to repay the loan? Indeed, the purpose of such transactions may be to conceal money which is gained from the proceeds of crime, the illegal drug trade or corruption.

If such cases crop up, then Fintech P2PL should report them via suspicious transaction reports (“STR”), that are supposed to be sent to the Indonesian Financial Reports and Analysis Center (“PPATK”). Even though Fintech P2PL are still not subject to any mandatory regulatory reporting, such companies are still permitted to report STR based on Article 44, paragraph 1 of Law Number 8/2010, which states that the PPATK is allowed to receive reports from the general public which address potential money-laundering cases.

Pragmatically speaking, this type of STR reporting should not merely be seen as a way in which Fintech P2PL can avoid being sued by public prosecutors as regards involvement in financial crime. The reason for this is that by implementing simple but well-organized processes of identification, verification, monitoring (including the reporting of suspicious transactions in a timely manner), Fintech P2PL will have complied with the phrase “…are supposed to know,” as set out under Article 5, Law Number 8/2010 and as addressed above.

Conclusion

Although Fintech P2PL are not yet required to fully implement AML & CFT risk management based on OJK Regulation Number 12/2017, AML risk can be still managed without too much accompanying complexity. Monitoring borrowers’ transactions and reporting any suspicious financial activity to the PPATK is just one of the ways in which such risk can be managed. Ultimately, Indonesian Fintech P2PL should be able to enjoy solid growth, whilst also ensuring that they tackle the risk of money laundering.

[1] The writer is an Anti-Money Laundering Analyst at PT Bank BTPN, Tbk who received his Bachelor’s Degree on Economic Law from Law Faculty of Universitas Indonesia and Master’s Degree on International Banking and Finance from University of Leeds with Distinction (Cum Laude).  

[2] CNN Indonesia, “OJK Rilis Daftar 106 Fintech Berizin,” https://www.cnnindonesia.com/ekonomi/20190410190058-78-385103/ojk-rilis-daftar-106-fintech-berizin, as published on 10 April 2019.

[3] Kontan.co.id, “Pinjaman fintech sudah tembus Rp28,46 trilyun, ini penyebabnya,https://keuangan.kontan.co.id/news/pinjaman-fintech-sudah-menembus-rp-2836-triliun-ini-penyebabnya, as published on 3 April 2019.

[4] See Hukumonline: “Meraba Potensi TPPU di Industri Fintech,” as published on 28 March 2019.

[5] Money-laundering risk should be implemented in terms of investors who are already managed by Fintech P2PL and, among other techniques, involves blacklisting persons such as terrorists, screening and e-KTP verification through the use of data supplied by the Civil Registry Office (Dukcapil). This article is primarily focused upon the ways in which Fintech P2PL can avoid money laundering which arises through borrowers. For further information, see: http://infobanknews.com/ojk-pastikan-dana-p2p-lending-tak-tersangkut-tindak-pidana-terorisme/

[6] The Guardian, “Deutsche Bank faces action over $20 billion Russian money-laundering scheme,” https://www.theguardian.com/business/2019/apr/17/deutsche-bank-faces-action-over-20bn-russian-money-laundering-scheme, as published on 17 April 2019.

[7] Infobanknews.com, “OJK Pastikan Dana P2P Lending Tidak Tersangkut Paut Dana Terorisme,” http://infobanknews.com/ojk-pastikan-dana-p2p-lending-tak-tersangkut-tindak-pidana-terorisme/, as published on 21 March 2019.

[8] Indonesia.go.id, “Jasa Peer to Peer Semakin Seksi,” https://indonesia.go.id/narasi/indonesia-dalam-angka/ekonomi/jasa-peer-to-peer-lending-semakin-seksi, as published on 15 March 2019.

AD Premier 9th floor,
Jl. TB Simatupang No.5 Ragunan, Pasar Minggu,
Jakarta Selatan 12550,
DKI Jakarta, Indonesia

Phone: +62 21 - 2270 - 8910
Fax: +62 21 - 2270 - 8909