Russian anti-money laundering legislation in electronic payments: A case of regulation catching up with business practices
Jul 19 2013
During its plenary session in June 2013 in Oslo, the Financial Action Task Force (FATF) approved the Guidance on Risk-Based Approach to Prepaid Cards, Mobile Payments and Internet-based Internet Payment Systems which is aimed at assisting jurisdictions in devising necessary risk-based measures towards New Payment Methods (NPMs). FATF once again demonstrated consistency in calling countries for moving away from ‘one-size-fits-all’ approach (para 90). However, the jury is still out on what size exactly fits whom. Therefore, this article is aimed at filling the knowledge gap on national risk-based Anti-Money Laundering/Combating Terrorist Financing (AML/CFT) approaches towards NPMs. Such an exercise can be useful not only as a part of exchanging similar experiences among jurisdictions but also to find risk-mitigating approaches which are still disregarded by the national authorities but can be of great importance for achieving AML/CFT goals. In this article, we present the case of Russia, which is one of the most developed markets for new payment technologies with a very specific and elaborated legal framework for this sector. In the first part, we give a short overview of the Russian electronic payment market describing major products that are widely used in the country. Secondly, we discuss the specifics of the Russian regulation towards NPMs and the AML/CFT legal framework that has been developed for the financial sector. The next part is dedicated to the identification approaches and risk-mitigating measures that are now employed by the payment operators. We believe that with rather conservative legislation in place, companies employ effective risk-mitigating measures for their own business purposes (eg combating fraud) even though they are not considered a part of compliance policy by the authorities. Therefore, when devising new risk-based effective AML/CFT tools, legislators should be encouraged to look at existing business practices instead of following the less effective path of designing new requirements or carrying them over from other sectors or financial products.
Russian e-payments landscape
At the outset, the development of electronic payments in Russia was heavily influenced by the growing penetration of mobile communications. Due to high competition in the beginning of the 2000s, mobile operators began to offer relatively cheap mass-market pre-paid subscriptions. That not only made Russia the country with one of the sixth highest numbers of mobile subscriptions per capita (for comparison with featured jurisdiction see Figure 1) but also contributed to the rapid development of the other sectors. Customers needed somewhere to sign contracts with operators and buy phones or accessories – and also to pay for their airtime, as the majority of subscriptions were pre-paid. Up to the beginning of the 2000s, there were virtually no means of making instant payments in Russia. The debit and credit card market was virtually non-existent (according to the Central Bank of Russia, even in 2008 there were only 4.2 transactions per card annually), bank transfers were inconvenient and not easily accessible (according to the Russian Microfinance Center around 50% of the adult population did not have access to bank services). The first NPM that was devised to satisfy the demand for instant payments was stored-value scratch cards that could be used to top-up the mobile accounts of three major mobile operators. Scratch cards were sold in virtually every shop all over the country: customers bought them from retailers, punched the code into the phone and immediately got the confirmation that their mobile account was successfully topped up. However, scratch cards were too burdensome for the distributors and shops – their transportation and inventory were logistically challenging, especially outside large cities. Hence, they were soon followed by other payment methods. Some stores began employing agents for the purposes of receiving payments. On receiving money, the agent sent information to the service provider via the internet. Nominally, such payments could be described as man-operated payment terminals. Soon after, payment kiosks (ie unmanned payment terminals) started to emerge around the country.
Figure 1: Mobile cellular subscriptions (per 100 people), 2011
Payment kiosks, which are still very popular in Russia, are basically cash-in machines that work only with cash and are not equipped with bank card readers. Customers only have to select the payment type using the touch screen, deposit cash and get the receipt: payment in most cases is instant. The success of payment kiosks was greatly influenced by the fact that Russia is a predominantly cash economy – especially in rural areas where it is still the only means of payment. Over the years, payment kiosks have became omnipresent: they started appearing not only in retail shops but also in business centres, administrative buildings and even on the streets. They also now enable payments for a multitude of services, including the internet, online games, topping up electronic wallets, and later expanding their reach to money transfers, e-commerce and even repaying bank loans. J’son & Partners estimated the number of payment kiosks in Russia at around 283,000 in 2012.
Figure 2: Number of active e-wallets (millions) 
Aside from payment kiosks, electronic money systems have started to emerge as well. In 1999, Russian PayCash launched a commercial version of its payment system that allowed customers to open ‘virtual wallets’, top them up using scratch cards or by bank transfer and then make payments online. While PayCash was initially a token-based system that inherited some features of the first e-cash projects created by David Chaum (DigiCash), for economic reasons that model was then substituted by the more market and customer friendly server-based scheme. Later on, PayCash technology was implemented in Yandex.Dengi, iDealer and a number of other Russian payment systems.
Other branches of Russian electronic payment services were also developing throughout the first decade of the 21st century and finally four distinct sub-sectors secured their footing on the national market.
1. Internet payment systems (IPS). Currently 80% of the Russian electronic money market is controlled by the three largest IPSs, Yandex.Dengi, WebMoney and Qiwi. The remaining 20% of the market is represented by the numerous smaller players that are focused on specific e-money niches (eg, paying for online games). These include Money@Mail.ru, RBK Money, Wallet One and many others. In May 2013 PayPal was incorporated in Russia as a financial institution but has not yet achieved any significant presence apart from eBay auctions that were used by the Russian customers long before. According to the statistics, the number of actively used e-wallets is nearing the 40 million threshold (see Figure 2)
After the legislative breakthrough of 2011 which will be discussed below and which brought clear legal framework for electronic payments including electronic money, many banks are now considering the option of providing e-wallets services for their clients. Some have already done so, but their influence on the market is still very limited.
2. Payment kiosks. During the last two years there have been discussions on whether payment kiosks will retain their omnipresent business in Russia or will leave the market during the next decade. Despite some pessimistic forecasts, this payment method is still very strong in Russia. Payment kiosks have been successfully syphoning cash from the economy for many years now and the persisting presence of cash in retail payments seems to uphold this trend further (turnover of the sector in 2011 was estimated at 892bn roubles (27bn USD), 15% more than in 2010).
In the last decade payment kiosks have managed to grow beyond topping-up mobile pre-paid accounts. They are now used to receive virtually any distant retail payments: customers can instantly buy virtual prepaid Visa or MasterCard, or even transfer money to any Visa card issued in Russia and some other CIS countries. Such an extension of functionality coupled with the customer-friendly interfaces secured the popularity of the payment kiosks.
3. Mobile commerce. The dominance of pre-paid mobile accounts created a situation where millions of subscribers had a positive balance on their accounts. This allowed mobile operators to gradually implement some payment services as well. Most basic payments were provided in the form of the so-called Premium SMS: the client sends the SMS to a specified number that is charged differently from the ordinary short message. On receiving payment, the mobile operator transfers a predefined share to the service provider thus effecting the transfer of funds. After the adoption of the Federal Law ‘On National Payment System’, the legality of the Premium SMS was put into doubt, as mobile payments were now made by converting funds on mobile account into electronic money through financial institution.
Figure 3: Different payment options currently available
4. Stored value cards. The beginning of 2010 saw the sudden reappearance of the stored value cards, which are now used in public transportation. Since 2011, a stored-value contactless card with functionality resembling London’s Oyster cards can be used on all types of public transport in Saint Petersburg. In 2013, a similar project was launched in Moscow. These are practically the only stored-value cards that are currently used in Russia. This situation is largely similar to that of the European Union, where French Moneo, German Geldkarte or Austrian Quick has only limited usage, while stored cards in Asia contribute greatly to the cashless micropayments. Stored-value scratch cards that can be used for topping up e-money accounts are something of a rarity today. The largest electronic money providers either reduced their distribution significantly or abandoned them altogether. Therefore, while stored-value scratch cards are now virtually obsolete, stored value chip-based cards are very slowly getting on their feet. This does not apply to the various gift certificates that could be used only in the issuing store and are quite popular in Russia, however. As they are not issued by the bank and used exclusively within closed-loop systems these payment instruments are not discussed in this article.
However, the most recent market trends make the division of Russian electronic payments into the abovementioned sub-sectors mostly an academic or methodological exercise, rather than a matter of practicality. The hybridisation of payment instruments is gradually making separation of different instruments irrelevant to the customers. From the practical point of view, all these technologies support each other, instead of engaging in harsh competition. For example, standard bank cards could be used to top up an e-wallet or withdraw funds from it, e-money operators can also issue prepaid cards to pay from e-wallets in brick-and-mortar stores. Other funding, withdrawal and payment options are available as well – see Figure 3.
Blurring lines between separate payment products are a challenging reality for the payment operators, who are struggling to develop new services and are simultaneously having to cooperate with their otherwise harsh competitors. This is also an unconventional call for the regulators who are trying to mitigate risks that may arise from such new developments. Coupled with the hybridisation of payment instruments, growing social importance and popularity of electronic payments triggered the process of devising specific e-payment legislation.
Russian electronic payments legislation
Despite the fact that electronic payments largely emerged back in the late 1990s, there was no specific regulation up until 2010 and innovative payment methods had to rely on the provisions of the general civil legislation. Most astonishingly, Russian legislation did not recognise even the basic concepts of ‘payment’ (whether electronic or not) before that. However, with the growing payment sector, certain legal uncertainties that characterised the first stages of e-payment development have gradually evolved from deregulation that gave the freedom of manoeuvre into lacunas that only hindered further development.
In June 2009 The Federal Law ‘On receiving payments of the natural persons by the payment agents’ (Federal Law No. 103-FZ) was adopted and a long journey towards the legislation that would regulate electronic money began. Federal Law No. 103-FZ was primarily aimed at payment kiosks because that market had become too large to ignore. Regulation of electronic payments turned out to be a more arduous task: Federal Law ‘On National Payment System’ (Federal Law No. 161-FZ) was adopted only in 2011. It became a real breakthrough as it not only brought legal clarity to the sector but also introduced a complex conceptual system innovative for Russia, yet, quite conservative in principle. In this part of the article, we give a short overview of this conceptual framework and show how it is entrenched in the existing financial services regulation.
In order to understand how Russian law on electronic payments works, one needs an understanding of three basic concepts that was introduced by the Federal Law ‘On National Payment System’.
1. Electronic money. Strictly speaking, Russian law includes the term ‘electronic funds’ which is a concept slightly different from ‘electronic money’ because it implies its secondary nature. That is further proved by its legal definition.
Federal Law No. 161-FZ defines ‘electronic money’ as “monetary funds provided in advance by one party (funds provider) to another party, which records information on the amount of funds provided without opening a bank account (obligor) for the performance of monetary obligations of the funds provider to third parties, the funds provider is entitled to send instructions exclusively using electronic means of payment. That being said, certain monetary funds do not constitute electronic money. These include monetary funds received by organizations conducting professional activities on the securities market, clearing activities, and/or activities for the management of investment funds, mutual investment funds, and nongovernmental pension funds which record information on the amount of funds provided without opening a bank account, in accordance with the laws governing the activities of such organizations;”. Such a lengthy definition can be divided into two distinct parts.
Electronic money transfers are basically fund transfers without opening bank accounts. It is worth noting that fund transfers without opening bank accounts were allowed in Russia long before the adoption of the Federal Law No. 161-FZ. They were also not exclusively used by the electronic payments operators. On the contrary, transfers without opening bank accounts were (and still are) used, perhaps, for the least innovative bank payments possible: paying for the utilities, home phone and electricity at the bank office. According to the Russian polls, 55% of respondents visited bank offices for regular payments, 34% visited offices of the Russian Post. However, the main difference between transfers without opening a bank account and transfer of electronic money is that in the first case funds are not typically stored by the credit institutions, while e-money operators can keep them indefinitely, until a customer gives directions on their transfer.
It is not only electronic money transfers that do not require the opening of a bank account, but also legislation that does not stipulate opening account of any sorts. That severely complicates the understanding of how e-money systems and especially the concept of e-wallet works, because in practice customers are provided with very functionally limited quasi-accounts. In order to fill the gap left by the absence of an e-money account, legislators obliged customers to send instructions for the fund transfers using exclusively EMPs.
The concept of fund transfers without opening a bank account is set in the Central Bank’s statute No. 383-P ‘On the rules of fund transfers’. There is no direct definition of this type of fund transfer but rather a list of concrete situations that should be qualified as such (cl 1.4. of the Statute):
Receiving cash and instructions from the natural person and transfer of funds to the recipient’s account;
Receiving cash and instructions from the natural person and giving cash to the natural person who is a recipient of funds;
Receiving cash and instructions from the natural person and increasing the electronic money balance of the recipient;
Decreasing the electronic money balance of the payer and transferring funds to the recipient’s account;
Decreasing the electronic money balance of the payer and giving cash to the natural person who is a recipient of funds; and
Decreasing electronic money balance of the payer and increasing electronic money balance of the payee.
So as not to create a concept that would be completely new and different from the existing legal framework for the financial services, the legislator decided to define electronic money as an institution derived from the long-known transfers without opening a bank account. This also led to the shift of focus towards EMP (as there is literally no account that could be regulated).
2. Electronic means of payment. Federal Law No. 161-FZ defines EMP as “a means and/or method which enables a client of a money transfer operator to prepare, confirm, and send instructions to transfer funds (in the context of the types of cashless settlements being used) via information and communication technologies, electronic data carriers (including payment cards), and other technical devices;”. As seen from this definition, EMPs can be used not exclusively for electronic money transfers, but for all types of bank cards, internet banking and other ways of sending instructions to transfer funds. However, for the electronic money systems, EMPs are of utmost importance as they both define the level of risk and become a cornerstone of any electronic payment system.
The introduction of the EMP concept has already affected some instruments that existed earlier – namely, prepaid payment cards. Just as in other parts of the world, prepaid payment cards were steadily growing in popularity in Russia, especially since 2011 (see Figure 4). Since their usage does not require the opening of a bank account, and they can be issued in virtual form, financial institutions provided them to the customers for the purposes of electronic payments. However, their legal regime was based only on a number of stipulations in a Russian Central Bank’s bylaw. After the adoption of the Federal Law ‘On National Payment System’, it became obvious that the nature of prepaid cards intersected with the newly established concept of e-money. Since electronic money was anchored in the Federal Law, the authorities decided that it should keep superiority in this conflict. As a result, prepaid cards were legally rendered EMP that can be used exclusively for the transfer of electronic money. Interestingly, the e-money regime that was developed in the Federal Law No. 161-FZ differed from that of the prepaid card. After the adjustment of the bylaws, prepaid cards had no other choice than to inherit all characteristics and specifics of electronic money. With the benefit of hindsight, we can now say that the decision to dispose of the prepaid cards regime, despite being logical, was rather controversial. By that time the financial institutions had familiarised themselves with prepaid cards; Central Bank of Russia put tremendous efforts in making the concept of prepaid cards as practically functional as possible. On the other hand, the legal institution of electronic money, though very innovative and long-awaited, was raw and financial institutions were only starting to test-drive it.
As a result of elaborating new legislation, Russian e-payments sector saw rapid changes in the legal definition and essence of some of the previously well-established financial services and products. That made banks and other financial institutions seek new ways of managing their risks associated with retail payment products. Most importantly, the existing AML regime had to be applied to the newly established concepts.
Russian Anti-Money Laundering/Combating Terrorist Financing regime in retail payments
At the outset of the 2000s, Russia had the unfortunate experience of being included in the FATF ‘black list’. In less than 15 years, the authorities demonstrated tremendous dedication to the improvement of the national AML/CFT regime. The ardency of the government and legislators allowed Russia not only to become a fully-fledged FATF member, but, as of 1 July 2013, it is the home country of the FATF President and will be so for the next 12 months.
Despite being comparable to international best practices, Russian legislation is very region specific and best detailed for the ‘classic’ financial services. Retail payments are considered of secondary nature and legal acts are less clear and specified in defining exact measures to be undertaken by the financial institutions. That sometimes leads to rather rigid responsibilities of payment operators that arise from the heightened perception of risks rather than case-by-case analysis of the risk factors.
The specifics of the Russian AML/CFT legislation start with terminology that is somewhat different from that employed elsewhere. Instead of ‘know your customer’ or ‘customer due diligence’, Russian regulations are centred around the concept of ‘identification’. The essence of identification is the collection of information and documents. Apart from the information and documents that are collected in the course of business relations (eg, when a bank prefers to know more about why certain transactions are executed by the client), financial institutions need to obtain very detailed data from their customers. For natural persons this information includes (as per art 7, para 1, cl 1 of the Federal Law No. 115-FZ” On combating Money Laundering and Financing of Terrorism’):
full name of the person;
information on the document of identification (number, when and by whom it was issued);
address of residence;
for foreign citizens – migration card details as well; and
personal tax reference number (if the customer has one).
According to the Statute of the Central Bank of Russia of 19 August 2004 No. 262-P ‘On identification of the customers and beneficiaries for the purposes of combating money laundering and financing of terrorism by the credit institutions’ (cl 2.1), for the purposes of identification credit institutions are allowed to use any additional legal sources as well. However, at the same time Russian legislation does not imply that credit institutions are free to satisfy themselves with the quality of identification they performed. Unlike the USA, Russian authorities require banks to present them with exact proof that they have performed the identification as prescribed by the law.
That does not mean that identification is a one-dimensional process, however. The differing terminology of the Russian law overburdens the ‘identification’ concept, by packing it with the multitude of activities: checking the person’s data against the list of known terrorists, verifying the identity by looking at (most usually) the ID, etc. The authors of this article took part in the workings of the inter-agency group aimed at making proposals on the modernisation of the Russian AML/CFT regime in view of the adoption of new FATF recommendations and the rapid development of the electronic payments sector. After a thorough analysis, it turned out that the congestion of the ‘identification’ concept is one of the main obstacles for any changes in the system. We believe that the main potential for change in Russian AML/CFT still lies predominantly in the area of modernisation of terminology and differentiation of prescribed procedures.
Russian legislation also has very marginal risk-oriented differentiation. Federal Law No. 115-FZ first and foremost defines the high-risk transactions that are to be reported to the financial intelligence unit (Rosfinmonitoring), mostly neglecting differentiation of the low-risk scenarios. However, there are some clauses that allow for somewhat more simplified approaches to the certain types of transactions that are associated with lower risks.
Figure 4: Number of pre-paid cards in circulation in Russia 2007–2012 (thousands)
The differentiated approach towards electronic payments is largely based on two types of clauses: firstly, regulation of fund transfer without opening bank accounts, and secondly, provisions regarding the usage of the EMP.
Federal Law ‘On combating Money Laundering and Financing of Terrorism’ exempts financial institutions from the obligation to perform identification (cll 1.1., 1.2., and 1.4. of art 7) when natural persons make payments, transfer funds without opening bank accounts, transfer electronic money or exchange currency for the amounts under 15 000 roubles ($450) threshold. The identification is still obligatory if the financial institution is suspecting money laundering or an attempt to finance terrorist activities.
Russian regulation also allows a very limited engagement from agents. According to the legislation, agents can be engaged only in cases of transfer without opening bank accounts and transfers of electronic money performed by the natural persons (cl 1.5). Naturally, this principal is still fully accountable for the quality of identification procedures employed by the agent (cl 1.6). Apart from identification for the purposes of fund transfer, agents are also allowed to (art 14, cl 1 of the Federal Law ‘On National Payment System’):
1. accept cash from an individual and/or to issue cash to an individual, including via payment terminals and ATMs;
2. provide clients with EMP and to ensure the possibility of using such EMP, in accordance with the terms and conditions stipulated by the money transfer operator;
3. identify an individual client, its representative, and/or beneficiary for the purpose of transferring funds without opening a bank account, in accordance with the requirements of federal laws on countering money laundering and terrorist financing.
For the purposes of effecting fund transfers, EMPs are also differentiated based on whether the identification procedure was performed. Law ‘On National Payment System’ prescribes that if the identification was performed then the EMP that is used by the client in question should be labelled as ‘personified’ (if the client is an individual) or ‘corporate’ (if the client is a company). If under legal waivers, identification was not performed, then the individual can use only non-personified EMP. Since identification of legal persons is always obligatory, by default they can use only one type of EMP.
If the EMP is used to transfer electronic money, then certain thresholds and special conditions apply (see Table 1).
|Type of EPM/ Feature||‘Personified’||‘Non-personified’||‘Corporate’|
|Type of client||Natural persons only||Natural persons only||Legal entities only|
|CDD requirements||Full CDD requirements||CDD requirements are waived||Full CDD requirements|
|Designated thresholds||Amount stored must not exceed 100 000 RUR (2 500 EUR) at any time||Amount stored and one-time transaction must not exceed 15 000 RUR (385 EUR), total value of payments/outbound transfers must not exceed 40 000 RUR (1 000 EUR)||Amount stored at the end of the E-Money Operator’s operational day must not exceed 100 000 RUR (2 500 EUR)|
|Types of transfers allowed||Customers can send and receive transfers from ‘Personified’, ‘Non-personified’ and ‘Corporate’ EPMs||Customers can send e-money to any other EPMs but receive money from any other EPM except ‘Corporate’||Customers can receive transfers from natural persons and send e-money only to the owners of ‘Personified’ EPMs|
Russian AML/CFT regulation also provides another indirect relaxation for money transfers without opening a bank account. Since Federal Law ‘On combating Money Laundering and Financing of Terrorism’ explicitly prohibits banks only to open bank accounts without physical presence of the customer (art 7, cl 5), it is perceived that for the provision of the financial services that do not require opening of the bank account identification can be performed remotely. However, this opportunity is rarely used by the credit institutions. The same goes for the simplified identification that is allowed for certain types of transactions (eg fund transfers without opening a bank account). It assumes only the obtainment of the name of the customer and his/her passport details. This approach can only relatively be called ‘simplified’, however, as it usually requires presentation of the same documents as for the ‘full’ identification.
Non-anonymous anonymity and ‘new identification’
Due to legal uncertainties and caution of the supervising bodies, financial institutions in Russia are very wary of implementing new means of identification. This is especially true for large banks that prefer not to risk with their license or good standing with the regulators for the e-payments services that create comparably small share of their revenue, thus demonstrating that not only legislation can be undifferential but corporate AML/CFT programmes as well. Both are detrimental to the users’ experience of the retail payment instruments.
There are a number of ‘unconventional’ approaches to the identification, however, that are now employed by the electronic payments operators. Their decision to explore alternatives to the face-to-face identification was primarily defined by the fact that they provide their services to the customers all over Russia and do not have any offices. Since one of their competitive advantages is a completely distant service, they had to explore other opportunities to identify their clients when the need be.
1. Identification of the customers using credit reference agencies. In the past years, the number of loans provided to individuals has grown steadily in Russia. In 2012, banks credited their natural persons for 7,74trn roubles. Consequently, credit histories started piling up: in January of 2012 the national credit reference agency stored details of 47 million people (which is 63% of economically active population). However, Russian legislation on the protection of personal data makes it very difficult to exchange any information on the customers (including the exchange for the purpose of identification). That hinders the development of the sector because most of the restrictions are only a formality: a bank will get the client’s data anyway, but that would require sometimes costly and burdensome visits to their office.
Therefore, there are two obstacles in using credit reference agency services for the purposes of client’ identification. Firstly, the agency should remotely satisfy itself that the person it deals with online is who he says he is. In order to do that, the company should ask questions that only the specific person would know. Usually, the completeness of the credit file will allow for a reliable confirmation of one’s identity, comparable to the verification of the photo in the passport.
Secondly, the financial institution should make sure that it has accurate information about the customer. The legal ban on receiving information directly from the credit reference agency severely complicates the procedure. Instead, the electronic payments operator gets the information from the customer’s statement and sends it to the credit reference agency, which confirms if the information matches its records. Since the request for identification implies the customer’s consent for the transfer of his personal data, it generally complies with data protection legislation.
2. Identification using public notaries. Public notaries in Russia are not entitled to certify the accuracy of information that is contained in the document. Therefore, simple certification of application for identification itself is not enough. However, Russian regulation of notary services requires the notary to make a special inscription on the certified document: such an inscription includes the verified name of the client. If the financial institution is able to additionally verify this data, the identification can be regarded as satisfactory. Unfortunately, identification using a public notary is rather burdensome because the certified application has to be mailed to the financial institutions and that can take up to several weeks.
3. Identification through agents. As stated above, massive adoption of mobile communications predefined the popularity of electronic payments. Another consequence was the emergence of mobile phone outlets that initially distributed phones and sim cards. With the growing network of outlets, they started to provide additional services: selling insurance policies, gadgets, air tickets, etc. Now some of them are obtaining agent status that allows them to perform customer identification for payment operators. Their wide presence in Russia allows them to serve people in relatively remote areas as well.
Russian legislation regulating civil matters relies heavily on passports as the main instrument of identification. Even in the absence of such obligation, Russian citizens are encouraged to keep passports with them at all times. That affected the AML/CFT regulation, which requires obtaining passport details by default (except for very limited cases of simplified identification). However, Russian passports are very inconvenient for these purposes. Interestingly, a passport number in Russia is not tied to the exact person, it is merely the number of the blank template that the passport is printed on. Hence, after the passport is reissued, its number changes. The Russian passport in its current form can also be used only in face-to-face contact. Its usage online or the presentation of its uncertified copy is either impossible or legally void.
So as to mitigate their risks, financial institutions are employing other procedures that allow them to know the client. These are not recognised as official identification procedure, therefore, the clients are not legally considered ‘identified’ and cannot use ‘personified’ EMPs. Such ‘in-house’ procedures include:
Obtaining mobile phone number. Russian regulations require mobile subscription contracts to include full passport details of the user. Hence, in practice all subscribers are identified. Verifying the mobile phone number not only allows payment operators to keep multiple e-wallets ownership under control (complexity of buying multiple sim cards is a restraining factor for those who want to open many e-wallets at once) but also provides law enforcement agencies with useful information that could be used to find the ‘unpersonified’ user. Verification of mobile phone numbers is still disregarded by the AML/CFT authorities, however. FIU was long concerned by the practice of selling mobile contracts in the streets which was popular in the beginning of the 2000s but has been declining since then. Therefore, verification of mobile phones is not considered even as a risk mitigation factor, let alone simplified identification. Nowadays buying anonymous sim cards is getting harder in Russia – not only are the mobile operators trying to make selling contracts more organised, but also the legislators are toughening the requirements for this type of activity. The most prominent of the latter is the inclusion of mobile operators in the scope of the AML legislation and the debated ban on selling contracts outside retail offices. This regulation gives hope for the acknowledgment of mobile phones verification as a risk-mitigating factor.
Obtaining digital footprint of the customer. Since electronic payment systems by definition rely heavily on the internet, they have access to a massive amount of data about the customer, his devices or, more generally, his digital footprint. Payment operators keep logs of IPs, sometimes MAC addresses and other information that could be useful for determining the identity of the customer. Of course, finding a person using this information cannot be instant. But neither is locating the customer by looking at his passport details. Yet, the digital footprint is not considered even as a part of the simplified identification procedure: even though its value is recognised in FATF Guidance for a Risk-based Approach on Prepaid Cards, Mobile Payments and Internet-based Payment Services.
Tying identified instruments to the ‘non-personified’ payment products. Recent years have showed a growing trend towards the so-called ‘hybridisation’ of payment instruments. Most prominently, bank cards can now be tied to e-wallets, thus creating a link between two types of instruments. In our opinion, that qualifies as a full equivalent of first payment being carried out through an account in the customer’s name – recognised by the FATF Recommendations as a part of enhanced customer due diligence (Rec. 20). However, Russian regulation has not yet recognised any risk-mitigating advantages of such hybridisation, even though payment operators are already encouraging their customers to tie bank cards to e-wallets (of course, the main rationale for the customer is convenience, price and functionality).
Usage of unconventional information shows how non-anonymous non-personified payment instruments really are. This is reinforced by the linkability on most payments: customers are paying for air tickets, hotels, car rentals, utilities and delivery of physical goods – all of these require disclosure of information that is easily verifiable.
Russian Anti-Money Laundering/Combating Financing Terrorist in electronic payments: flexible but not quite
In order to summarise our overview of the Russian e-payment and AML/CFT regimes, three points need to be made.
Firstly, the quite prominent development of electronic payment systems in Russia was predefined by a number of external (expansion of mobile communication and electronic commerce) and internal (lack of access to traditional banking services and certain distrust towards banks) factors. Such a development, in its turn, contributed to the development of products that became a backbone of financial innovations in the country. After a period of deregulation, legislators faced a tremendous challenge in adapting the existing legal regimes to technologies that were not anticipated decades before.
Secondly, the challenge of regulating a previously unregulated market was addressed with very cautious steps. Instead of devising a brand new legal framework that would accommodate the full spectrum of electronic money products, regulators decided to adjust existing laws. This resulted in regulation that was derived from the banking laws and relies heavily on the concept of money transfers without opening a bank account. So as to enhance that reliance, regulators abandoned the idea of establishing functionally limited e-money accounts or e-wallets. Instead, EMP became the main concept of the e-payments regulation.
Thirdly, new electronic payments regulations had only limited influence on the AML/CFT regime and were left virtually unchanged. However, since their inception, most electronic payment systems faced the challenges well known to any modern financial institutions. Fraud and attempts to abuse the functionality of the payment systems are objective facts independent of whether there is AML/CFT regulation or not. First of all, the proactive stance of e-payment operators allowed them to cooperate with the Central Bank and Federal Financial Monitoring Service on ad hoc basis, even without any legal obligation to do so. Secondly, companies found themselves in a position where they wanted to know more about their clients: not for the purposes of compliance but for the sake of their own business. This allowed a move away from solutions that were rigid, inflexible and inconvenient both for the customer and for the financial institutions. Self-sustained searches for a solution resulted in the development of procedures for partial or interim identification long before they were mentioned in FATF documents.
Meanwhile, regulators are holding off on using these best practices, preferring to create add-ons for the already inflexible regime. The new FATF on a risk-based approach towards NPMs gives us hope that this will change and the existing ‘in-house’ solutions already employed by companies will be recognised as effective risk-mitigating factors as well.
In this article we have presented a short overview of what the Russian e-payment market looks like and what regulations are currently governing it. This case study will be interesting both for those who want to learn about regional specifics and for those who are looking into the evolution of AML/CFT in electronic payments. In our opinion, Russia presents a curious instance of how an unregulated market can spontaneously develop its own AML/CFT and anti-fraud procedures and adapt itself to the existing legal framework. Russian regulation is undoubtedly not a flawless one: there are a lot of subtle inaccuracies, lacunas and irregularities in the federal legislation and bylaws. However, these can be worked out, while the inherent logic of regulation will stay and continue to define its further evolution.
We believe that the recent FATF moves to address the issue of NPMs will create a necessary impetus to make national AML/CFT more flexible and perceptible to the technologies that are already used by the institutions for their own business purposes. As the saying goes, there is nothing new under the sun, after all.
Dr Viktor Dostovis President of the Russian Electronic Money Association. He has advised public bodies on drafting regulations for electronic money in Russia and continues to provide his expertise on further evolution of the legal framework – especially prudential supervision and AML/CFT issues. Dr Dostov was a member of the working group of the State Duma Committee on financial markets, and currently takes part in the Working Group on Banking Agents in the Ministry of Finance, the Council on optimisation of payments and the Consultative Council on AML/CFT. He is also the author of numerous books and articles on the regulation of electronic payments. Since 2013 he is also a Head of Financial Innovations Division of the Russian Presidential Academy of National Economy and Public Administration (RANEPA).
Pavel Shoust is an analyst with the Electronic Money Association. He coordinates research projects at the Association and provides support for Russian EMA participation in various consultative bodies, including the Federal Financial Monitoring Service. Pavel is also a PhD student at Saint Petersburg State University and takes part in research of financial innovations in the Russian Presidential Academy of National Economy and Public Administration (RANEPA).
The Russian Electronic Money Association represents the largest electronic money companies in Russia. Its main aims include the provision of expert assistance with the elaboration of legislative regulation and increasing public awareness of electronic money. The Association monitors financial and legal issues facing the payment industry and provides research data to the regulators and market players.
Viktor Dostov, President of the Russian Electronic Money Association
Pavel Shoust, Analyst of the Russian Electronic Money Association
1. Guidance on Risk-Based Approach to Prepaid Cards, Mobile Payments and Internet-based Internet Payment Systems//FATF/OECD. June 2013.
2. Quantity and Value of Transactions Performed in Russia and Abroad using Bank Cards Issued by Russian Banks, by the type of the client//Central Bank of Russia. URL: http://cbr.ru/statistics/p_sys/print.aspx?file=sheet009.htm&pid=psRF&sid=ITM_39338.
3. Mobile cellular subscriptions (per 100 people) | Data | Table//The World Bank. URL: http://data.worldbank.org/indicator/IT.CEL.SETS.P2?order=wbapi_data_value_2011+wbapi_data_value+wbapi_data_value-last&sort=desc.
4. Russian Payment Kiosks Market. February 2013//J’son & Partners. 2013. URL: http://www.json.ru/poleznye_materialy/free_market_watches/analytics/rossijskij_rynok_platezhnyh_terminalov/.
5. According to the Russian Electronic Money Association data.
6. NAUET: The turnover of the instant payments sector rose by more than 15%//Tass-Telecom. 6 April 2012.
7. Federal Law of 27 June 2011 No. 161-FZ ‘On National Payment System’//Russian Gazette. 30 June 2011. No. 5515. Hereinafter we cite unofficial translation prepared by the Central Bank of Russia and available at: http://www.cbr.ru/eng/analytics/.
8. More Payments, Same Instruments//National Agency for Financial Research. 14 September 2012//URL: http://nacfin.ru/novosti-i-analitika/press/press/single/10597.html.
9. Number of Cards Issued by the Credit Institutions (by the type of the card)//Central Bank of Russia. URL: http://cbr.ru/statistics/p_sys/print.aspx?file=sheet007.htm&pid=psRF&sid=ITM_12859.
10. Namely, Statute of the Central Bank of Russia of 24 December 2004 No. 266-P ‘On Issuing Payment Cards and Transactions Performed Using Payment Cards’.
11. Federal Law as of 7 August 2001 No. 115-FZ ‘On combating Money Laundering and Financing of Terrorism’//Russian Gazette. 9 August 2001. No. 151–152.
12. Retail Loans are Prone to ‘Bubbles’//Gazeta.Ru. 21 May 2013. URL: http://www.gazeta.ru/business/2013/05/21/5331721.shtml.
13. Number of credit histories rose by the quarter//Vedomosti. 8 February 2013. http://www.vedomosti.ru/finance/news/8875001/kreditnaya_epidemiya?full#cut.
14. Hereinafter we refer to ‘passport’ as an equivalent of the ID card used in Europe. For verification of identity within the country, Russians use ‘passport of the citizen’; when going abroad, ‘passport for certification of identity abroad’ is used.