AML/sanctions compliance: A vital lifeline for Banking-as-a-Service partnerships' survival

Thursday 11 April 2024 08:39 CET | Editor: Oana Ifrim | Interview

Sarah Beth Felix, CEO at Palmera Consulting:  Fintechs must prioritise AML/sanctions compliance, while banks need to assess exploitation risks in their fintech partners' offerings for effective risk management in BaaS partnerships.

Sarah, we would love to learn more about your professional journey and expertise. Could you kindly share insights into your background and what drives your passion in your field?

I have been in anti-financial crime for over 20 years but didn’t start out with that in mind. I didn’t even know it was a ‘thing’. I was stockbroker out of college and 9-11 happened. It changed the trajectory of my career. I found this skill I didn’t know I had – I could think like an illicit financial actor and then could design basic AI models to detect how they would run their money. Working with traditional FIs and fintechs is vital in the fight against dirty money. If we can cut off the financial flows, it has a material impact in the underlying crimes – human trafficking, child exploitation, and drug trafficking. Those crimes are happening right now, in our communities. We have to stop the flow of funds. Finding it and reporting suspicious activity in a highly useful manner to law enforcement partners – that is what drives me.


In 2023, 13.5% of severe enforcement actions in the US targeted banks offering Banking-as-a-Service (BaaS) to fintechs, as reported by S&P. There seems to be an increased focus on ongoing monitoring of third parties and the risks associated with the bank's fintech partners, with a series of regulatory enforcement actions addressing third-party risk management programs and fintech partner issues, including the recent case of Lineage Bank. What factors do you believe have contributed to these issues? What is the cause of these problems?

There are a few issues driving this increase in enforcement actions. If we start at the top of the pile of problems, we will see that legacy or “old school” mindsets at the Board and exec management level are the main reason why we have so many underlying deficiencies. Historically, bank boards have been staffed by friends of bank management and leaders of the community. But we need board members that know the importance of AML/sanctions risk… not just receive a 20-minute training once a year on it. If boards really understood AML/sanctions risks, then it would drive the rest of the program. Which leads us to some other areas of deficiencies – staffing and tech resources. Every one of those actions noted a deficiency in staffing resources. Again, if the board knew what they needed to know, then having enough people and the right technology to monitor for AML/sanctions issues would be a non-issue. 


What do you perceive as the underlying issues and challenges in the relationships between banks, BaaS platforms, and fintechs?

For bank partners and their fintechs, there is a gross misunderstanding of risks and too much assuming occurring on both sides. Fintechs tell their bank partners that they are in compliance “with all applicable laws and regulations”, but the bank doesn’t ask them exactly what is applicable. In addition, bank partners think their MSAs and other T&Cs protect them, when in reality, it does not. It gives them a false sense of protection. Assigning responsibility to an unregulated or quasi-regulated entity (fintechs) does not alleviate the bank partner from their responsibilities. For fintechs, often times, we see them blending together AML and sanctions risks – in most countries those are two different regulatory requirements and two different approaches. Even if there are lighter or lack of regulations re: AML monitoring, that doesn’t have an effect on how sanctions requirements should be applied. They are always applicable, regardless of AML requirements.


Moving forward, what changes should banks, fintechs, and BaaS platforms consider implementing to address these challenges effectively, especially regarding AML/compliance?

First, fintechs must lead with AML/sanctions compliance. They are tech companies turning into payment or bank-like firms. They need to take their tech nimbleness and use it for good – use it to help offset AML/sanctions risks for their bank partners. Not that it alleviates what the bank needs to do, again, BUT if fintechs can approach a bank partner with AML/sanctions ingrained in their product and techstack design from Day 1, it helps to form trust and a longer relationship with their bank partner. Because after all, without their bank partner they would not have a business. They have to clear payments and they can’t do that without a bank. For banks, they must consider their own tech… which we know to be clunky and not friendly to new data sets. In addition, I find that if a bank has shied away from banking foreign financial institutions because they are “too risky” that is a good litmus test to know that they should be rethinking BaaS/fintech banking. After all, banking a regulated foreign FI is much less risk than banking a non-bank acting like a bank, but unregulated.


What are the key best practices that all parties involved in a BaaS relationship should adhere to mitigate regulatory risks and ensure successful collaboration?

There are several, but I think the top 3 best practices are this – 1) fintechs must prioritise AML/sanctions focus, outlining exactly how their rails would be exploited by illicit actors and how they will detect/report it – that is the focus in both the US as well as supranational agencies like the FATF. 2) for banks, they must do their own work – how will their fintech partner’s products/services be exploited (we call it a threat assessment) by illicit actors and how will their existing tech and any new tech detect and deter it. Some leading questions would be: Do they have the right tech? Are they getting enough data to know if something is suspicious? Do they have enough people to manage the alerts/cases/SARs? And 3) Data – is it accessible, accurate, useable, and relevant? Fintechs typically have designed their tech stack without the consultative eyes of AML/sanctions compliance… so sometimes they need a refresh – new fields, new controls, etc. Banks are historically plagued with bad data that they can’t get to. Data landscape management is a must-have for both parties prior to launching a successful BaaS partnership.


Despite recent enforcement actions, BaaS growth in 2024 is expected to remain robust. What factors contribute to this resilience, and how do you envision the future trajectory of BaaS, especially considering regulators` increased focus on BaaS business models?

Regardless of the number of enforcement actions, the entrepreneurial spirit and financial innovation will continue. Tech will never go away and everyone’s desire to be faster and first will never go away. Which is why there will always be a booming fintech market. In a parallel manner, illicit actors will always want their money their faster and cheaper with less questions. That is why it is vital for fintechs not to unwittingly serve as loopholes of faster/cheaper routes for illicit actors. There are professional money launderers for a reason… they know the regulatory loopholes at the country-level and they can identify fintechs that can be exploited to run illicitly gained money. 

From a future trajectory perspective, I don’t see banks becoming extinct. I hear that a lot. With the rise of crypto and fintechs, banks may become old news. With the way regulators are protecting access to the federal-level payment rails, I don’t see that becoming the case. However, I do see a trend in which, for the US, we will impose regulatory change via the pain of consent orders on hyper-regulated entities (banks). Until banks take BaaS program design seriously and are comfortable being in the red before they enjoy the profits, we will continue to see unnecessary black-eyes on financial innovations like the fintech industry. 

About Sarah Beth Felix

Sarah Beth Felix has over 20 years of experience in anti-financial crimes with operational, audit and consulting roles, working with banks, payment firms, and global fintechs. Operationalising AML/sanctions threats is one of her most well-known attributes, providing actionable solutions for clients. Beyond traditional banking, she has specialised years of work in Fintechs, Lendtechs, cannabis banking, crypto, correspondent banking, and trade finance.  Sarah Beth has a master’s in forensic studies and has been CAMS certified for almost 20 years and has served as a Certification Task Force Member for the CAMS-CGSS, CAMS-RM, CAMS-CKYC designations. She has global speaking engagements, focusing on operational takeaways that move the audience to ‘take action’ in improving their AML/sanctions programs. She is also a guest lecturer at the National War College in Washington, D.C. and is frequently asked to train various US federal law enforcement agencies on private sector data availability that impacts subpoenas and unregulated payment ecosystems.

She is Founder & CEO of Palmera Consulting, advising global firms since 2011. She is also co-founder and Chief AML Officer for a new digital correspondent bank – Acceleron Bank, in formation – based in Vermont, US. 

About Palmera Consulting

Palmera Consulting is a high-touch advisory firm focusing on effectiveness and proactively driving AML/sanctions compliance through our operational expertise. We believe penalties and regulatory criticism can be avoided and fintechs and bank partners can become better at detecting and reporting suspicious activity. Regardless of the institution – global payments to a community bank – there are gaps that can be mitigated and efficiencies to be gained. Our team is your partner is creating and sustaining a highly effective AML/sanctions program. 


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: AML, regulation, compliance, fintech, financial institutions, banks, risk management
Categories: Banking & Fintech
Companies: Palmera Consulting
Countries: World
This article is part of category

Banking & Fintech

Palmera Consulting

Discover all the Company news on Palmera Consulting and other articles related to Palmera Consulting in The Paypers News, Reports, and insights on the payments and fintech industry:

Industry Events