Islamic FinTech and Financial Crime: A different risk profile?

With particular thanks to insha, Kestrl, MyAhmed and Niyah.

Just like every other sector of the global financial industry, Islamic finance is increasingly going digital.  There is a growing number of start-ups positioning themselves to benefit from the rapid global development of the FinTech market, coupled with the booming growth of Islamic finance.  Islamic finance is sometimes considered a niche area, but this ignores the actual size of the sector, with a consumer base of 1.8 billion Muslims globally and an estimated market value of $2.5 trillion in 2018, forecast to grow 40% by 2024.  These start-ups sit at the convergence of these two growth areas, and believe that young Muslims in particular will be drawn to products designed to facilitate integrating their faith and ethics with all aspects of their daily life, plus the ease and superior design features of a digital product.  

Most growth in Islamic finance in recent years has been rooted in traditional banking services, but change and dynamism in the sector is translating more and more into digital offerings and FinTech startups.  In 2019 there were an estimated 93 Islamic FinTech startups globally, including challenger banks for retail and SMEs (e.g. Kestrl, MyAhmed and Niyah in the UK and insha in Germany) as well as wealth management (e.g. US-based Wahed Invest), crowdfunding (e.g. Ethis Ventures in Malaysia and Indonesia) and crypto (e.g. Dubai-based trading platform Huulk).  P2P finance and InsureTech are cited as top sectors for growth in 2020.  Existing Islamic banks have also jumped on the digital bandwagon, especially in the Gulf, such as Bahrain Islamic Bank which launched the first fully-fledged Islamic digital bank in 2019.  The largest market for Islamic FinTech startups is Indonesia, followed by the US, the UAE and the UK. 

It’s interesting to note that many shariah-compliant FinTechs are keen to reach out to potential customers beyond the Muslim population in recognition of many people’s dislike and distrust of conventional financial services and desire for a more ethical, partnership-based approach.  To this end, many Europe-based FinTechs in particular notably focus on the ethical dimensions of their product rather than just guaranteeing shariah-compliance, and market themselves as ‘ethical’ or ‘values driven’ rather than explicitly as Islamic, halal or sharia-compliant.  This is also reportedly popular with Muslim customers, especially the young, who are more interested in services that focus on ethical considerations rather than “tick-box” shariah compliance.

Islamic Finance and FinCrime 

Islamic and conventional finance most obviously differ in terms of the products offered and the target client base.  But what of the risks they face, specifically financial crime?  Are there certain financial crime risks which Islamic finance institutions are more exposed to, or conversely where the specificities of Islamic finance help protect them?  And are there particular things Islamic FinTechs should be thinking about as they design and build their financial crime programmes?

This piece isn’t going to get into the complexities of Islamic finance and how transactions are structured.  However, there are a couple of key concepts that are useful to set out here.  Firstly, Islamic finance prohibits earning or paying interest, with a focus instead of profit (and risk) sharing.  This results in a model where banks and their customers act as ‘partners’, which differs from the usual client relationship.  Islamic finance also prohibits business in sectors considered forbidden or haram, such as alcohol, gambling, pork or adult entertainment.  And finally, Islamic finance does not condone excessive uncertainty or speculation.

On an academic level, relatively little attention has been paid to financial crime risks in relation to Islamic finance and there have been few, if any, studies on relevant money laundering/terrorist financing methods and trends.  International standards for AML/CTF regimes (such as those issued by FATF) make no provisions for Islamic finance, and are adopted wholesale even by countries with sizeable Islamic finance sectors without any adjustments.  The papers which have been published (e.g. by ACAMS) tend to conclude there’s no evidence the ML/TF risks in Islamic finance are different from those in conventional finance, or that it faces unique typologies or methods.  If anything, they conclude certain features of Islamic finance are likely to lower the ML/TF risks, such as the ‘partnership’ relationship between the financial institution and the borrower/lender, and the fact transactions are structured around the purchase/sale of underlying assets, which ties them to real-world valuations and makes it harder to disguise illicit flows.  

FinCrime for Islamic Fintechs

So what does this mean for Islamic FinTechs in particular?  Given the relatively scant attention paid to the topic by regulators and external bodies, and the prevailing tendency of conventional Islamic banks to treat financial crime the same way as everyone else, it is hardly surprising we’ve yet to see Islamic FinTechs formulate a specific approach to financial crime.  And nor is it clear that they need one, given the current state of the market and the product types that most existing Islamic FinTechs offer.  Where the academic studies do identify differences between conventional and Islamic finance, it is generally in relation to complex products such as trade finance and investment banking.  These are areas which have yet to be targeted by Islamic FinTechs, which so far are mostly focused on P2P lending / crowdfunding and retail banking.  In these areas, it is hard to see many ways in which the shariah-compliant aspects of the products could affect the AML/CTF risks.  The one concrete example is almost a coincidental positive for Islamic finance - several of the sectors considered prohibited are also ones recognised as high risk for financial crime, such as gambling, adult entertainment and arms/defence.  However the lack of any other discernible differences is borne out by a number of Islamic FinTech start-ups consulted by FINTRAIL, who confirmed that they don’t approach financial crime risk differently to their conventional counterparts and aren’t aware of any nuances or differences in the risks they face.  For instance, one European challenger bank confirmed it uses a banking-as-a-platform provider to manage compliance, meaning it is comfortable using an off-the-shelf solution designed initially for non-Islamic institutions.  

So, looking at the products and business models of Islamic FinTechs on paper indicates no real distinction.  However there is one real-world factor which does make a difference - customer base.  One standout issue is the provision of services to mosques and religious charities, which collect huge amounts of zakat donations, and can find conventional financial institutions reluctant to deal with them (and often Islamic institutions too).  Charities, especially religious charities, are recognised as a high risk sector for AML/CTF risks, and coupled with payment corridors to high-risk countries where Islamic charities are likely to operate, places them outside of risk appetite for many conventional banks.  Specialist Islamic FinTechs may be more prepared to find ways to mitigate the risks and serve these clients, as part of their ethical mission.  

In Europe, concentration risk and the makeup of the target client base may also pose particular challenges (but also opportunities) for Islamic FinTechs.  Their customers will be particularly homogenous, which may make them more vulnerable if a fraudster can work out a successful way to target this group.  This would involve knowing how to mimic real customers’ identities and activities, as well as frauds designed to exploit religious sentiment, e.g. by using fake charity appeals during Ramadan.  Beyond fraud, while many customers will be UK/EEA nationals, those who are foreign nationals are more likely to come from countries deemed high risk for ML/TF, and popular payment corridors for cross-border payments are also likely to involve such countries.  This will all result in a high level of declined applications, high-risk clients, and transaction monitoring alerts, especially if companies use generic risk appetites and customer risk assessments or off-the-shelf monitoring solutions, or outsource their compliance programmes to banking-as-a-platform companies.  

Conventional indicators and methodologies may thus not enable Islamic FinTechs to assess their client bases intelligently, and to work out if there are ways to mitigate any inherent  risks in line with their own risk appetites.  If they choose to accept these risks, they’ll need to ensure they can identify the most high-risk activity on their books, and dedicate their attention and resources appropriately.  And if done right, they are uniquely well-placed to do so - they can use their greater familiarity with these client groups and any existing data to benchmark usual, unconcerning behaviour vs. activity they deem suspicious.  For instance, huge cash deposits from a mosque during the last ten days of Ramadan would be immediately understood and contextualised.  And while a conventional retail bank may see all payments marked as ‘zakat’ as high risk, an Islamic FinTech can use their richer datasets and contextual understanding to refine their monitoring systems and investigate hits to identify the most high-risk of these payments, to make sure they are allocating their time and resources effectively. In doing so, they have the potential to play a positive social role by ensuring inclusion - enabling fair and affordable access to financial services to those frequently excluded or disadvantaged by conventional financial institutions.

So to summarise, the distinctive financial crime concerns of Islamic FinTechs lie not in the theoretical nature of how they operate or the mechanics of their product offering, but in the real-life nature of their client bases.  This idea is not unique to Islamic entities; in the increasingly crowded FinTech sphere, more and more firms are seeking a niche and are catering to specific client groups that pose a heightened financial crime risk on paper, such as expatriates sending remittances to specific high-risk countries, or sectors such as gambling or crypto that struggle to open accounts with conventional banks.  The lesson for all these companies is that, while they must recognise the inherent risks posed by their client bases, they can and should tailor their financial crime programmes to adopt a risk-based approach, identify their own top risks, and allocate their resources appropriately.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic, or any other elements of building or refining a customised financial crime programme, please get in touch with contact@fintrail.co.uk or maya.braine@fintrail.co.uk

There is also further guidance available on the FINTRAIL website, including on defining a risk appetite, using data to drive a financial crime programme, and promoting financial inclusion.