I read about something designed by Featurespace called an ARIC Risk Hub which can identify transactions in real-time which are deemed suspicious. So it’s quite interesting because it could assist firms in ensuring regulatory compliance, and should also minimise the number of legitimate transactions which are frozen. I think this is quite cool, and you’ll probably see neobanks jumping onboard with lots of new technology like this as they don’t have the hassle of dealing with outdated legacy systems.
In the UK there are provisions regarding fraud which apply to banks generally (ie. universal and neobanks). So we have the Contingent Reimbursement Model for APP Scams which is a voluntary code which essentially sets out that suspicious transactions have to be delayed and investigated by sending firms, whilst receiving firms have to ensure they return any funds discovered to be the proceeds from APP scams. For the most part, the majority of regulatory measures here impose liability on banks and make them reimburse the consumer- even if the money has been moved through the banking system meaning the bank has to pay out and can’t recover their losses.
With regards to general unauthorised fraud the EU is in the process of implementing Secure Customer Authentication which will apply to any online account services. It essentially tightens the requirements for logging in to ensure the person trying to access the account is the legitimate consumer. It was introduced for online banking on the 14th this month. If you want to know more about that it’s in the Payment Services Directive II. The way it actually works is explained in the regulatory technical standards commissioned by the European Banking Authority (if I remember correctly the important part is under Article 4 and is titled ‘authorisation’, but I may be wrong). Essentially it means if you’re logging into an account you have to satisfy a three-factor authentication process; knowledge, possession, inference by providing 2/3 elements. So you may have to reply receive a text with a code then enter it online to login.
But yeah, legally speaking most of the regulation which applies to neobanks is also applied to traditional banks. It’s actually a huge issue because neobanks obviously tend to operate online which brings new issues, and it’s very clear that one-size fits all regulation is relatively ineffective. Neobanks also have smaller compliance departments so the costs are higher proportionately.
If you want an interesting case study regarding money laundering I’d probably have a look at Revolut; I think they actually reported themselves to the Financial Conduct Authority last year because there’s a general requirement to be transparent and open with the regulators here or else they fine you.
Sorry if you’re in the US, I am speaking from an English perspective as that’s where I study. Sorry if this is all quite legal or vague, I just jotted down what I could remember off the top of my head. I hope something useful comes from it.