• As a global financial services provider, PayPal is committed to compliance with all applicable laws and regulations regarding Anti- Money Laundering ("AML"). PayPal's policy and practice is to try to prevent people engaged in money laundering, fraud, and other financial crimes, including terrorist financing, from using PayPal's services. [link]
    • PayPal files Suspicious Activity Reports (SARs) with the relevant Financial Intelligence Unit (FIU) in the jurisdictions where PayPal is licensed to do business.
    • To comply with the U.S. Treasury Department Office of Foreign Assets Control (OFAC) requirements, we screen our customer accounts against government watch lists and request documentation that proves identity for consumers and businesses.
  • The ever present threat of criminal activity has forced governments and regulators to increase their focus on AML/Counter-Terrorist Financing (CTF) issues. PayPal's philosophy is to develop and utilize new methods of identification and authentication that go beyond the traditional KYC collection of static data elements. Industry should leverage existing static typologies [ie. birth date] and red flags [ie. spending amounts] and combine with more dynamic events and practices using new forms of data to increase transaction monitoring.
  • Policymakers should recognize the changing landscape of technology-enabled criminal behavior. We encourage policymakers to enable the use of real-time data and account monitoring rather than a heavy reliance on static data point collection for traditional KYC procedures as well as encouraging risk-based approach.
  • PayPal is a closed-loop system (having a relationship with both the sender and receiver) that allows us to identify suspicious activity more easily than competing systems.
  • PayPal's Customer Due Diligence program collects certain identity details at sign-up while remaining relatively frictionless.  Once certain thresholds are met, in compliance with relevant market regulation, PayPal will subject users to additional KYC requirements for identity verification.
  • PayPal conducts a global AML/CTF and Sanctions risk assessment consistent with Financial Action Task Force (FATF) guidance to identify, assess and understand the ML/TF risks PayPal faces.  This is consistent with a risk-based approach (RBA) which impacts global policy decision-making and implementation of program elements.
  • PayPal screens accounts & transaction history on a nightly basis, covering the entire customer base.  We cross-reference our information against a variety of lists from regulators, governments, etc. (OFAC's Specially Designated Nationals list, UN Security Council sanctions list, Commission de Surveillance du Secteur Financier in the EU, etc.).
  • PayPal has over 1,000 employees dedicated to the Global Compliance & Ethics function, monitoring transactions and evaluated risks associated with ML/CT.
  • PayPal engages/partners with law enforcement proactively and reactively to both help stop cybercrime while also catching the bad actors that have committed crimes and are under investigation.
    • PayPal created a Law Enforcement portal that allows members of organizations around the world to submit case requests, subject to the legal process.
      • We have proactively reached out to law enforcement to make them aware of this system and encourage them to reach out to us with any questions or concerns.
    • On the proactive side, PayPal establishes regular training with law enforcement organizations and educate agents on PayPal's systems and the types of crimes that we encounter while also learning from them about the broader ecosystem and the latest trends and movements in global cybercrime.
  • From an internal standpoint, we collaborate with various teams across the company (compliance, legal, risk, infosec, etc.) to better identify potential bad actors and make recommendations to agencies.
  • United Nations Office on Drugs and Crimes estimates that global money laundering transactions are estimated at 2-5% of the global GDP ($1-2 trillion annually) and that less than 1% of these illicit transactions are seized by authorities [link].
  • In 2007, the Financial Action Task Force (FATF) published guidelines for the risk-based approach, with the intention to create a more pragmatic process that is, "workable…[ for] financial institutions grappling with a constantly increasing regulatory burden." [link]
    • FATF recommendations updated in 2016 state, "the risk-based approach allows countries…to adopt a more flexible set of measures, in order to target their resources more effectively and apply preventative measures that are commensurate to the nature of risks." [link]
  • Veridu (identity verification company) and Ramparts (European law firm) published a white paper in 2016 detailing how KYC practices need to move away from static data collection. "Identity verification (IDV) is a particularly challenging aspect of the KYC process and the traditional way of verifying identities using passports, driving licenses and other documentary forms of identification is becoming a barrier. IDV mechanisms also have an unintended negative impact on financial inclusion. [link]
  • A paper by Juan Zarate and Chip Poncy (Financial Integrity Network and Center on Sanctions and Illicit Finance) identifies a need to move away from reactive model of AML/CFT to a preventative risk-based approach. The paper also reaffirms the need for more information sharing using big data capabilities, biometrics and identity verification, and network and behavioral analysis. [link]
    • Customer identification (KYC) is rapidly evolving with a biometrics market in India predicted to reach $3 billion by 2021.  Banks are beginning to introduce "touch ID" log-in capabilities for customer accounts as well as other biometric fusion such as iris scans and voice recognition.