The Regulatory Framework for Electronic Means of Payment (Law No. 12.865/13) was a watershed in the Brazilian payments market. Through its guidelines and with the regulation of the Central Bank of Brazil (Bacen), one of the biggest recent innovations in the financial sector was created: the Payment Institution Issuing Electronic Currency (IP EME), popularly known as "Digital Banks" or "Digital Wallets".
The technological transformations brought about by IP EMEs have changed the way companies and people do business. Everyone, old and new, has had to adapt to the new rules and operating models, especially after the pandemic, when digitalization in consumer habits accelerated even more.
In this new dynamic of opportunities, what we saw was a significant increase in players such as big techs, large retailers, fintechs, non-financial companies and foreign investors starting their operations as IP EMEs. There has been growing loyalty, increased sales and revenues for these companies, by offering digital accounts, prepaid cards, bill payments, PIX and, in some cases, even loans (according to their partnerships).
However, there is always another point to note. While innovation has brought inclusion and competitiveness, it has also increased the challenge of risk management, internal controls, cyber security and the prevention of money laundering and terrorist financing (PLDFT).
It's no surprise. Every financial system in the world, yesterday and today, is a target for illegal practices, fraud and money laundering. Since the emergence of currency, man has used loopholes or schemes to commit these crimes.
It turns out that the opportunities for "quick and easy" access to banking and the digital world for the population have also become options for "quick and easy" access for criminals, increasing the risk of money laundering, defaults, financial fraud, etc.
A study carried out in 2021 by the Council for the Control of Financial Activities (Coaf), Bacen and the Ministry of Justice and Public Security (MJSP) produced the National Risk Assessment, a systematic survey of threats, vulnerabilities and capacity to prevent and combat AML in Brazil. This assessment concluded that the non-financial institutions sector (which includes IP EMEs) is the most vulnerable compared to other sectors, especially in relation to money laundering and terrorist financing.
Even with several exceptions in the market, most IP EMEs need to increase controls over their operations to mitigate and curb crime and fraud in their payment systems.
Crime is increasing sharply as business models multiply and the structures of these IP EMEs are not always perfected at the same speed to maintain the necessary security and prevention.
A practical example: the ease of prepaid payment accounts. If we consider the risks of money laundering in this type of account, we will see that there are many: handling funds of illicit origin; splitting amounts in credit transactions in the prepaid account; depositing funds of illicit origin in cash in the prepaid account; splitting debit transactions in the prepaid account of different institutions to conceal the total amount of the transaction; among others.
To deal with such risks, the first solution lies in compliance practices and improved PLDFT systems, internal controls, risk-based assessments of operations, efficient onboarding and Know Your Client (KYC) processes.
When comparing fraud rates, it is clear that the KYC and Onboarding processes for customers of financial institutions such as banks perform better than the payment accounts offered by IP EMEs, even if there are some exceptions.
Another important point is the Central Bank. IP EMEs authorized by the Central Bank and IP EMEs that, due to current regulations, have not yet been authorized to operate, even though they operate regularly (commonly referred to as unauthorized IP), operate in the market today. And the authorized ones - perhaps because they have been scrutinized by Bacen and are regularly supervised - have better governance, compliance and PLDFT than the unauthorized ones.
However, even though the Central Bank has discretionary power to regulate and monitor this market, we know that control mechanisms sometimes don't reach all competitors at the same speed and time.
The question is how Bacen can curb the money laundering practices that are increasingly taking place and ensure that IP EMEs implement effective and efficient PLDFT and compliance procedures.
Finally, we need to think about alternatives to mitigate and curb LDFT crimes without excessive regulatory or financial costs: a regulatory sandbox for unauthorized IP EME; tools with minimum PLDFT requirements; working groups and training. Wouldn't these alternatives put these institutions on a different footing? What would the costs be for the Central Bank and the market if these measures were implemented? These are some important points for analysis and reflection.