Recent terror attacks in Paris and San Bernardino have renewed calls for governments to staunch the flow of financing to terrorists and their sympathizers.
The private sector, especially the financial industry, has an important role to play in this effort. In particular, the revelation that a terrorist involved in the San Bernardino attack obtained a $28,500 loan from the San Francisco-based online loan company, Prosper, has highlighted the vulnerabilities of emerging financial technology, or FinTech, companies. Fourteen years after the USA PATRIOT Act ushered in heightened standards for anti-money laundering (AML) and counter-terrorism financing (CFT) rules, more critical evaluation of this architecture is needed to adapt to evolving threats and assist industries impacted by AML and CFT rules.
The revelation about Prosper should serve as a wake-up call to the FinTech community about the real risks posed by the abuse of the financial system and the need for wider acknowledgment of these risks across the FinTech space from developers to founders and investors.
Most immediately, greater regulatory scrutiny is imminent. Already, the U.S. House Financial Service Committee has initiated an inquiry and its Task Force to Investigate Terrorism Financing also made an informal request for information from the Treasury Department about the issue. The Treasury Department conducted a review of the online lending industry over the summer. However, more widespread and intrusive regulatory engagement from state and federal authorities is highly likely. In a statement, Prosper reportedly said that it had abided by all applicable AML and CFT laws and regulations. While preliminary, outside analysis appears to corroborate those findings, this dynamic highlights the damage caused by reputational risks even when there may not be legal or regulatory lapses. The June 2015 Treasury Department Terrorism Financing Risk Assessment listed emerging payment systems as a rising area of concern for the U.S. government to address, but the online loan industry was not mentioned.
Second, more generally, the FinTech has reached a new stage of maturity. It cannot afford to merely check the box on the bare minimum of regulatory and legal requirements. FinTech companies are now on notice about the risks caused by people who use (and abuse) their products. The overwhelming majority of customers use these products and services for legal purposes. However, companies cannot ignore the vulnerabilities that their products may create. The wider banking and financial industry has been grappling with expanding regulatory and compliance challenges since 9/11 and the financial crisis. FinTechs will be expected to play by these same rules of the road if they are to become significant industry participants.
No company or individual wants to be in the place of Prosper. Hopefully, this tragedy can serve as a wake-up call to the wider industry to address outstanding vulnerabilities to make the financial system less susceptible to abuse. Greater industry engagement will go a long way to reduce vulnerabilities to the financial system from illicit financial activities.
Alex Zerden is an attorney who has worked on counter-terrorism financing and congressional oversight matters.
Project for Study of the 21st Century is a non-national, non-ideological, non-partisan organization. All views expressed are the author’s own.