Skip to main content

2.1.5. Intermediation

Effective from 1/8/2022
The Payment Sector may be complex with a number of participants potentially involved in a single transaction. As a result, many payment transactions will be highly intermediated, with multiple financial institutions involved in a funds transfer. Additional entities (some of which may not be financial institutions) can potentially facilitate the transaction through the exchange of information. Intermediated transactions create risk because no regulated entity participating in the transaction has the visibility necessary to fully understand the transaction and the participants. Illicit transactions may have red flags when viewed as a whole, but may appear legitimate when seen from the perspective of each of the financial institutions involved. This creates a vulnerability that illicit actors can exploit.
 
For example, consider the hypothetical transaction below, a purchase on an online marketplace that allows individual sellers to sell items directly to customers:
 
picture

 

In this transaction, the customer is using a credit card to purchase goods from the merchant, but the merchant is not a participant in the credit card scheme. A number of Payment Sector participants help to bridge this gap and facilitate the transaction:
 
 The marketplace uses a payment gateway that accepts the customer’s credit card credentials, encrypts them, and validates them against data held by the credit card scheme operator. The marketplace may also integrate with providers that provide ‘one-click’ payment information to the payment gateway without requiring the customer to enter his or her credit card details. In the UAE, these providers would be classified as conducting payment account information services, but in many other jurisdictions they are not regulated as financial institutions.
 
 The credit card scheme operator validates the customer information provided by the payment gateway, conducts initial fraud checks, and informs the payment gateway that the credit account is in good standing and the credit limit has not been exceeded.
 
 The payment gateway informs the marketplace’s payment processor that a transaction of an identified value can proceed using the customer’s credit card details.
 
 The marketplace payment processor informs the merchant that the transaction has been confirmed and instructs the credit card scheme operator to debit the customer’s account for the purchase price, in favor of the marketplace.
 
 The credit card scheme operator passes this payment instruction on to the bank that issued the customer’s credit card (the issuing bank). Meanwhile, the merchant ships the customer the merchandise purchased.
 
 The issuing bank transfers funds in the purchase value to the marketplace’s bank (this transfer may in fact go through the marketplace payment processor’s account at the same bank).
 
 The marketplace bank transfers the purchase funds to the merchant’s fintech (likely a provider of SVF), which in turn transfers the funds to the merchant’s account. The marketplace’s payment processor likely facilitates this transaction by instructing the bank where to send the funds.
 
It is unlikely that any of the Payment Sector participants in this transaction have full visibility into the funds transfer chain. The banks are unlikely to have information on anyone other than their immediate customers or correspondents. The payment gateway likely does not identify the merchant. The fintech likely does not identify the customer. The marketplace payment processor is likely aware that the customer and merchant are engaging in a transaction, but may not know where the customer’s funds are coming from or where the merchant’s funds are going. And because the marketplace payment processor does not hold funds at any point in the transaction, it may not be regulated as a financial institution in all jurisdictions. In this instance, a marketplace payment processor may apply certain conditions on what types of customers and merchants it engages. For more information on how LFIs can mitigate and manage ML/FT risks related to this sector, including the risks arising from the use of NPPS, please see section 3 “Mitigating Risks.”