Soon after the UK financial watchdog gave a small payment institution licence to Allied Wallet in August 2010, the US payments processor found itself at the centre of an FBI investigation and agreed to forfeit $13.3m it had laundered for illegal online gambling websites. It took another nine years before Allied Wallet was ordered to stop operating in the UK.
Over those nine years, the Financial Services Authority and its successor, the Financial Conduct Authority (FCA), would upgrade Allied Wallet’s authorisation four more times, despite constant tussles with regulators, receivers, acquiring banks and the media in the United States over its roster of wayward merchants: violent pornographers; illegal gambling outfits; Ponzi schemes; technical support scams; and fake debt collectors.
The 2010 run-in with law enforcement was an early warning sign of the modus operandi of Allied Wallet and its founder, Ahmad “Andy” Khawaja, who fled to Lebanon last year, shortly before being hit with US charges of election campaign finance fraud, which he denies.
Most of its merchants were based in the US, but the payments were routed through UK shell companies set up by Allied Wallet staff to escape regulatory scrutiny in the US and hoodwink card schemes, according to a 2019 complaint against the company by the US Federal Trade Commission (FTC).
Newspaper reports this month that Wirecard’s UK unit may have engaged in similar transaction laundering practices to disguise its high-risk merchants have raised questions over how the FCA has traditionally supervised the flourishing payment services sector and how it monitors high-risk payment services providers (PSPs).
In recent weeks, the FCA has put payment services firms on notice over a litany of failures, including in financial crime controls, but the case of Allied Wallet suggests that the new approach has come only after years in which payments firms, once authorised, were largely left to their own devices.
Industry sources say that payments was a relative backwater in the FCA’s supervision priorities until late 2017, when the first dedicated payments supervision team was established.
“There’s been a step change in the FCA’s supervision of payment services firms” since the adoption of the EU’s revised Payment Services Directive (PSD2) in 2018, said John Burns, a former FCA official. For many years there were no staff dedicated to supervising the sector full time, he said.
“It was very much a reactive situation previously and if something came to their attention then they might do something about it, but other than that if all seemed quiet, then they would leave [firms] well alone apart from the occasional bit of thematic work,” said Burns.
That means for most of the period Allied Wallet was authorised by the FCA, “there wouldn’t have been a single individual dedicated exclusively to a single non-bank PSP or to even a group of non-bank PSPs”, according to Colin Darby, a former FCA official now with BCS Consulting. Some large payment firms might have been supervised by the retail banking team and others supervised “in line with other smaller firms”, he said.
It is not known if the FCA was aware of Allied Wallet’s conduct during the nine years, or that alleged against Wirecard more recently. The bulk of the regulator’s supervisory toolkit is exercised confidentially, and a spokesperson declined to answer questions about the case citing a policy of not commenting on individual firms.
The FCA only moved to suspend the activities of Allied Wallet two weeks after a fine of $110m from the FTC in May 2019 eventually put the company out of business. The FCA later sought a court order to appoint liquidators.
In Wirecard’s case, it briefly suspended its activities in late June due to the downfall of its parent company but only in relation to concerns about the safety of client funds.
When asked whether the FTC tipped off the FCA about the Allied Wallet case, a spokesperson for the FTC first told VIXIO that “staff shared information with the UK regulator” but later said that was incorrect and that the FCA only became aware of the investigation after the FTC published the settlement agreement.
The FCA also did not take any public action in August 2018, when global newswire the Associated Press published a detailed investigation about Allied Wallet’s customer base of illegal or dubious merchants, drawing on what it said were thousands of internal company documents.
The report carried allegations that were later contained in Allied Wallet’s settlement with the FTC: that it set up shell companies and dummy websites that purported to sell innocuous household items when they were, in fact, accepting payments from victims of scams or other illegal activities.
“Remove the video of the woman being tortured in the top left corner of the home page,” an Allied Wallet staffer wrote to a pornography client in one 2012 email quoted by the news agency.
It is possible the FCA was simply not aware of the $13.3m forfeiture in 2010, and may have missed the Associated Press investigation, Burns and Darby said.
“Other than the Gabriel [regulatory] returns, they wouldn’t have had much interaction with Allied Wallet unless there were a lot of complaints or specific things that came to their attention,” said Burns.
“That it happened that way previously, I’m not that surprised, but I think they’d be much more active on it now.”
Wirecard brings scrutiny
The reports this month about the UK merchant base of Wirecard have also placed scrutiny on the FCA’s more recent approach.
The Times newspaper reported on July 1 that Fraser Perring, a short-seller and long-time critic of the collapsed German payments firm, sent information to the FCA on several occasions alleging links between Wirecard and a web of UK shell companies engaged in transaction laundering of gambling and pornography payments.
It is not clear whether the allegations refer to staff at the FCA-regulated Wirecard Solutions Ltd or its German-regulated parent company.
The FCA’s typical approach to high-risk merchants of payment firms has been focused only on whether the company has the right controls in place to handle the client.
“It is for firms to make their own choices about which customer relationships to take on and maintain, provided they can legally do so and can appropriately manage the arising risks,” according to Darby.
Burns said that although in the past the FCA would have paid little attention to PSPs’ customers in the course of normal supervision, the profile of a firm’s merchants and the possibility of transaction laundering has become a major part of the regulator’s questions to firms during the authorisation process.
High-risk merchants include sectors such as gambling and pornography that are not necessarily illicit but can attract a high number of customer disputes, but also sectors rife with scams, such as unregulated financial service providers and nutraceuticals.
Allied Wallet said on its website as late as 2016 that it served market segments notorious for scams, such as binary options, continuity billing and payday loans.
One of the few payment firms to be publicly sanctioned by the FCA over anti-money laundering (AML) lapses also publicised that it catered to high-risk merchants.
ePayments Systems touted itself as a provider for high-risk sectors such as multi-level marketing, according to the LinkedIn profile of its founder, Mike Rymanov. The FCA ordered the company to suspend activities in February due to “weaknesses” in its AML controls.
For at least several months in 2016 — more than three years before the FCA’s intervention against the firm — ePayments provided an internal banking platform for an alleged Ponzi scheme called Kairos Planet, according to information gathered by VIXIO.
Members who paid up to $2,777 to join Kairos were told that high-profile firms would pay them to use free disk space on their home computers, and promised a 250 percent annual return on investment.
The scheme gained a large following in Turkey, where losses to members were estimated by a local newspaper to be around $25m within ten months. It also attracted members in Israel, Belarus and Russia, according to Facebook posts seen by VIXIO earlier this year but which have since been deleted or made private. In September 2016, it was described as a pyramid scheme by Belarus’ economic crime regulator.
Kairos Planet members were instructed to sign up to ePayments to replenish their accounts and receive payouts. Members were also able to order a prepaid Mastercard from ePayments, according to an archived copy of the scheme’s website and instruction videos posted to YouTube and Russian social media network OK.ru.
The company did not respond to a request for comment. The accounts of ePayment users have been frozen since the FCA’s suspension and the company has said it is still trying to satisfy the regulator’s concerns. It is not known if the problems identified by the FCA concern the firm’s merchants.
Regulator unlikely to wield axe on merchants
The Wirecard scandal has thrust the payment services sector into the spotlight, and experts expect it to trigger a regulatory response. In Darby’s view, however, it is unlikely that it will involve pushing payment providers away from high-risk sectors.
“Although regulations set out indicators of higher money laundering risk and the FCA refers to the concept of higher-risk business sectors in its guidance, regulators are unlikely to decree a whole industry sector as high risk,” he said, citing the FCA’s competing objectives of competition and access to financial services.
The approach differs wildly from that in the US, where the FTC routinely pursues payment processors who knowingly provide merchant services to illegal or harmful merchants. The watchdog has even been sued by a payment processor that accused it of seeking “to outlaw entire industries that it deems to be ‘high risk’”.
Unlike the FCA, it also takes aim at senior managers in those payment firms. Two senior Allied Wallet staff were fined $1m and $320,000 respectively for their roles in its conduct.
Ultimately, Allied Wallet only had to pay $5.6m generated from the sale of Khawaja’s luxury homestead in California, an FTC spokesperson confirmed. The remainder of the penalty is suspended.
Despite the FCA’s historically light-touch approach, payment firms that have become accustomed to operating with little scrutiny may find those days drawing to a rapid close.
“If the circumstances around Allied Wallet arose today, I think you could quite rightly expect the FCA to act in short order,” Darby said. “The recent message around taking swift and decisive action is not to be underestimated.”
Allied Wallet timeline
Sources: FTC, court records, FCA register