Nigerian tech companies are grappling with the aftermath of a Kenyan court account freeze order and a decision by a Texas court to jail the founders of Ping Express over money laundering.
The charges on the four tech companies are the most money laundering allegations the tech ecosystem in Nigeria has seen in a month and could have ramifications for the image of startups in the country looking for investors abroad.
Experts say that henceforth many startups will be compelled to focus on strengthening lax Know-Your-Customer (KYC) and anti-money laundering (AML) practices.
KYC refers to due diligence that banks and other financial institutions must perform on their customers before doing business with them to prevent corruption, identity theft, financial fraud, money laundering and terrorism financing, according to Fraud.net.
“AML and KYC requirements are more or less the same globally. I however opine that with the many finance and technology innovations, they should be reviewed and scope broadened to include all emerging, and continuously emerging innovations,” said Evalyn Gachoki, a fintech law practitioner.
While Anslem Oshionebo and Opeyemi Odeyale, Nigerian founders of Ping Express, a Texas-based fintech company, pleaded guilty on Saturday to failing to adequately guard against money laundering in a court in the Northern District of Texas, Flutterwave, Korapay, and Kandor are battling for access to their accounts frozen by the Asset Recovery Agency (ARA) of Kenya.
Flutterwave is the most affected, with 56 accounts it has with Guaranty Trust Bank (29 accounts), Equity Bank (17), and Ecobank (six) all frozen. The 56 accounts held about $56 million.
Korapay Technologies had one of its accounts with $249,565 frozen, while two accounts worth a combined $126,841 belonging to Kandor Technologies also suffered the same fate.
Although the tech companies insist that they followed due process and every KYC practice, experts say cases of money laundering usually happen because someone may have ignored KYC.
“I’d argue poor KYC exposes them to fraud and non-compliance on AML,” said Victoria Crandal, a tech PR expert and founder of No Filter PR. “Fintechs prioritise growth and user experience and KYC becomes an after-thought. This partly explains the fraud within MTN’s PSB and possibly FW (Flutterwave) alleged AML problems in Kenya.”
Victor Asemota, chairman of Edo Innovates, has a slightly different opinion. According to him, KYC is not a fintech problem because the government owns identification. Since fintechs do not control identification, they have to prioritise KYC.
“We have helped MTN do AML on their mobile payments platforms for a decade. They take it extremely seriously; same with Flutterwave. Misunderstanding by regulators of settlement occurs. Tech glitches are a reality,” Asemota said.
Other experts say anti-money laundering issues arise when tech startups try to outsmart the regulator. For example, merchant transactions are facilitated through merchant category codes (MCC).
An MCC is a four-digit number used by credit card companies to classify businesses. A business that sells both services and products will typically reflect the business type that makes up the dominant amount of sales. Businesses can request additional MCC for a different part of a business. For example, a pharmaceutical store that has a grocery store in one location would likely have different MCCs within the same building.
Every merchant has a unique ID and every transaction has a code. There are codes that when merchants are initiating transactions, they raise a red flag, like gambling, and pornography. Usually, the Nigerian Interbank Settlement System (NIBSS) is supposed to know when a merchant is making a particular transaction.
However, there are cases of abuse. Merchants that want to help people move funds would simply change the code from which the transaction is originating and use another code that diverts attention. While some companies often get away with it, others do not.
The anti-money laundering policy is usually strong in many countries including Nigeria where the Nigerian Financial Intelligence Unit is in charge of Anti-Money Laundering/Combating the Financing of Terrorism; however, there are jurisdictions where the enforcement is stricter.
Kenya happens to be one of them, according to several people knowledgeable about the issue. Patrick Ngugi Njoroge, governor of the Central Bank of Kenya, said at a conference organised by Visa in April that the country was intensifying compliance as part of measures to strengthen the financial system of the country.
The country, in September 2021, gazetted the Proceeds of Crime and Anti-money Laundering Bill, which seeks to amend the current Proceeds of Crime and Anti-money Laundering Act, 2009.
The bill expands the definition of “reporting persons” under the Act. This will now include advocates, notaries, and other independent legal professionals who are sole practitioners, partners, or employees within professional firms so that the obligations to monitor complex unusual, suspicious, large, or other transactions and to report any transactions that constitute or may be related to money laundering as provided under Part IV of the Act apply to them.
The bill also seeks to give the centre the authority to interrupt a transaction for not more than five working days where there is evidence of suspicious activity taking place. This will allow the centre adequate time to investigate the transaction.
The bill also seeks to introduce provisions that will limit the right to privacy enshrined in the Constitution of Kenya, 2010 in relation to the prevention, detection, and investigation of money laundering and financing of terrorism.
According to a legal compliance professional who spoke to BusinessDay on condition of anonymity, the existing Kenyan anti-money laundering law allows ARA to hold on to the funds in the frozen accounts pending when it has concluded investigations. This could mean 45 days at the lower court and 90 days at the higher court.
“This whole area is confusing, to be honest. The startups are not entirely guilt-free. But it’s not as simple as Nigerian founders doing fraud. They are not that stupid. The reality is there are a lot of loopholes in corridors outside of their control. KYC is set by the government mostly.
BVN, NIN, and ID cards all come from the government. If the government doesn’t tighten up its process, people will take advantage and the result will reflect on the fintechs processing value,” said Henry Ojuor, founder in residence with Startupbootcamp, a global startup and innovation accelerator for startups, corporates, and governments.
Read also: How to Leverage Happy Customers to Promote Your Brand
Kaliba Bilala, a tech expert, told BusinessDay that enforcement often depends on the regulatory focus of the jurisdiction in cross-border payments.
“Despite the strides achieved by Nigerian fintech firms, you can hardly get public data on their activities from the CBN or NIBSS.
The incentives driving Nigerian fintechs, and possible lax domestic regulations, may not be tolerated in jurisdictions that are strict. The allegation against the affected firms is not unique to Nigerian fintech, and dare I say, not borne out of envy,” said Bilala.
While the companies continue to proclaim their innocence, a bigger challenge they face is how to access the funds in those accounts.
For companies like Flutterwave, the more days the funds spend in ARA’s custody, the worse the anger of merchants they have to deal with.
“These funds do not belong to these companies. They are given to them by merchants, and there is a limit to how long a patient can be patient with you,” the compliance officer said.
Kandon Technologies, in its statement, described itself as a liquidity management startup offering treasury solutions, alternative trading, and related financial services. The company said it has facilitated transactions for a host of its partners doing legitimate businesses and it has records of these transactions, which are available and can be verified.
“As a company, we have always adhered to applicable regulatory requirements in our transactions and engaged with regulatory bodies to stay compliant,” the company said. “We pledge to continue working with regulatory bodies and all relevant stakeholders to prove our innocence and straighten the records.”
Korapay, on its part, said it deposited the funds in its freshly opened bank account as a capital requirement from the Central Bank of Kenya (CBK) for obtaining a payment service provider and remittance operator licence. In line with the CBK requirements, this amount was left untouched pending the granting of the licence. The company claimed that the $250,000 deposit is the only transaction carried out on that account to date.
One of the options being explored by the companies includes filing a legal action asking the court to compel ARA to put the funds in accounts or assets that yield interest and allow them access to the interest to enable them to fulfill their obligations to their merchants.
Evalyn Gachoki said government agencies like ARA need to engage fintech experts, regulators, and stakeholders towards identifying gaps, if any.
“Anti-money laundering laws were created way before fintech was birthed. The laws should be reviewed to incorporate the many solutions technology has introduced into finance,” Gachoki said.