As U.S. banks struggle to cope with traditional money laundering, criminals are gravitating toward a cheaper, easier way of money laundering — through e-commerce.
While banks won't knowingly accept known drug cartels or terrorist organizations as merchants, criminals have three ways around this.
One is to create innocent-looking websites that sell flowers or furniture or something innocuous and funnel the illegal transactions through the acceptable site. Another is to take advantage of well-established e-commerce sites, and a third is to funnel money through merchant affiliate networks.
The problem is growing as the use of e-commerce itself evolves, according to Harshul Sanghi, managing partner of American Express Ventures, the strategic investment group of American Express, which announced Tuesday that it is investing in EverCompliant, a startup intent on stamping out e-commerce-related money laundering.
It joins existing EverCompliant investors Arbor Ventures, Carmel Ventures, StarFarm Ventures and Nyca Partners.
American Express Ventures would not disclose the size of the investment. The unit tends to invest in fraud prevention, security and regtech startups; other funding recipients have included Menlo Security, Signifyd, Trulioo, Enigma and InAuth, a company that American Express acquired in December 2016.
“Payments are becoming more digital and commerce is becoming more digital, on mobile and online,” Sanghi said. “It becomes a lot easier to accept payments cards online, which is good, but it also creates an unwanted effect of illicit players participating in that ecosystem. That is the challenge. We have to stay one step ahead of that.”
Money laundering rules have not caught up with this form of criminal activity, according to Ron Teicher, founder and CEO of EverCompliant.
“While the regulators grasp the notion of old-school money laundering, not everyone has fully realized the impact, and the reality, of money laundering over e-commerce,” he said. “Instead of buying a costly business and hiring people to run and manage it and have all the overhead, you could set up 1,000 businesses overnight by opening e-commerce websites, and it’s not going to cost you anything. And the risk of getting caught drops dramatically.”
Andy Schmidt, managing director at consulting firm ACS Insights, agreed that the current e-commerce environment is a breeding ground for money laundering.
“Part of it is you’re not always sure where the funds are coming from or going to,” said Schmidt, who until recently was with the technology research firm Gartner. “If it’s a pass-through from a merchant affiliate, they’re not going to check to make sure that their affiliate actually shipped what they were supposed to ship or did what they were supposed to do. They’re assuming everyone’s aboveboard until they’re told otherwise.”
EverCompliant, according to Teicher, conducts surveillance on all e-commerce activity on the web and can root out the connections between legitimate and illegitimate websites.
“If you’re able to expose that, you’re able to break the money chain and prevent the criminal money from entering the system,” he said.
This type of behavioral analysis makes sense, Schmidt said. Such analyses could leverage the Office of Foreign Assets Control and other sanctions lists as well as a bank’s own lists. It would be most powerful at the network level, he suggested — watching everything over the automated clearing house network or credit card networks, for instance.
The technology passed all of American Express Venture’s due diligence filters, Sanghi said. “Having said that, it’s a startup, let’s be clear. It’s not a billion-dollar company. We definitely think it has use cases and it’s very promising. We wouldn’t be investing in it if we didn’t think that’s true.”
For every 100 merchants or submerchants legitimately using banks' processing networks, there are another 6 to 10 doing so without the banks' knowledge or consent. This comes to $500 billion a year in transaction laundering worldwide, according to the company.
Will banks use this?
Assuming EverCompliant’s technology works as promised, will card issuers and banks want to use it?
Financial institutions don’t suffer from this type of money laundering today and, in fact, it may boost their business. And regulators are not cracking down on it.
“The question in terms of adoption is, what’s the penalty they would avoid?” Schmidt said. “Do the banks get penalized for not knowing or well-earned ignorance?”
EverCompliant is counting on banks not wanting to be associated with criminal groups.
“There’s certainly a stigma that comes with that,” Schmidt said. “The question is, how strong or deep is that stigma and how long does it last? In today’s news cycle, someone being compromised by a terrorist network is unfortunate but not necessarily the bank’s fault, depending on the scenario. If they should have known better, if it was someone inside, that’s one thing. If it’s something where someone was gaming the system and they’re one step ahead, now they’ve learned and now they can adapt, then not so much.”
It will become a trade-off, he said: Will it cost more to find these guys than it would be to pay a fine for not finding them?
Sanghi suggested that card issuers and financial institutions have a regulatory obligation to catch bad guys.
“Acquirers have guidelines, there are rules around all those areas,” he said. “You have to do what you can to protect innocent players and from a regulatory standpoint you have to stay within the bounds. That’s something all of us are trying our best to do.”