UNIT.City — місце, де люди працюють... КРАЩЕ! Обирай свій простір просто зараз 👉
Ігор Вишневський Money
27 May 2025, 14:17
2025-05-27
“The bank itself must see the suspicious activity of the client, determine whether it can attribute it to drops, and enter the data into the register.” The NBU told how they see the functioning of the drop register
Back in early April, the National Bank announced that it would not extend the limit of UAH 150,000 per month for card-to-card transfers by individuals. But instead, it announced that it had developed a concept for a register of persons who require enhanced control of payment transactions. This is the so-called «drop register,» which the regulator’s leadership has been talking about since last year. Its implementation requires the Verkhovna Rada to adopt a corresponding bill.
Back in early April, the National Bank announced that it would not extend the limit of UAH 150,000 per month for card-to-card transfers by individuals. But instead, it announced that it had developed a concept for a register of persons who require enhanced control of payment transactions. This is the so-called «drop register,» which the regulator’s leadership has been talking about since last year. Its implementation requires the Verkhovna Rada to adopt a corresponding bill.
«The drop register is a tool that will help payment service providers exchange information about droppers with each other. In order for scheme organizers to be able to reuse a client once in a drop scheme, they cannot reuse it 5-10 times in other different banks. Each payment service provider will have its own criteria for payment transactions, which will require enhanced control, based on the characteristics of its client base and product line and channels,» the NBU press service noted in response to a request from dev.ua.
The National Bank added that abnormal behavior changes over time and adapts to existing rules and criteria, but the minimum requirements will be the subject of a separate regulatory act of the NBU.
How will the register be filled?
The task of filling the register with information, as noted in the NBU press service, is assigned to payment service providers.
«That is, the bank must itself see the suspicious activity of the client and determine whether it can classify such a client as a drop and enter the data into the register. It should be noted that individuals do not violate financial legislation, they make anomalous or atypical payments that are not inherent in normal financial behavior, which may indicate the participation of such individuals in certain schemes of using financial infrastructure for illegal purposes,» the National Bank specified.
At the same time, when asked by dev.ua whether the National Bank could return to regulatory restrictions on card transactions, they gave an ambiguous answer, still allowing such a development of events.
«If necessary, the National Bank will take additional measures in accordance with its regulatory mandate, including regulatory restrictions that will correspond to the situation in the market at the time of their application,» the NBU press service specified.
The National Bank confirmed that changes in legislation will be necessary for the emergence of such a register, and expressed hope for the support of people’s deputies on this issue.
What are drops?
Drops (from the English «to drop» — to throw), or «money mules» — are people who, for a reward, provide attackers with access to their bank details: to cards / accounts, including PIN codes and access to Internet banking. There are those who knowingly sell their details and access, and those who act under the influence of deception. The reward for droppers is paid depending on how their bank account will be used: these can be transactions between accounts, cash withdrawals at ATMs, replenishment of the account through payment terminals, etc. Drops can make transfers in different countries and on behalf of different people. Therefore, fraudsters easily move funds around the world, remaining «invisible». In many countries, «dropping» is a criminal offense. In Latvia, the penalty for participating in the scheme is up to 10 years.
«The memorandum is effective. It is even stricter than the restrictions imposed by the NBU»
The NBU commented on the issue of self-regulation of banks in this situation, noting that the relevant memorandum between Ukrainian financial institutions is being implemented and is effective.
«Currently, we see that compared to the restrictions imposed by the NBU, the Memorandum is effective. In some ways, it is even stricter than the restrictions initially introduced by the National Bank,» the regulator’s press service noted.
They added that the memorandum encourages banks to better study their own client base and, based on this data, set a stricter limit, and, in addition, the memorandum also limits account-to-account transactions, that is, using IBAN.
«After the introduction of the NBU restrictions, there was a significant increase in payments by IBAN. One part — a certain number of clients really transferred their usual transactions to IBAN. However, some drop organizers organized drop schemes at the IBAN level in advance,» the NBU clarified.
Accordingly, this is why, in the opinion of the National Bank, the memorandum fulfills its role in terms of restriction.
In addition, the NBU noted that they are working with the market to develop their own bank monitoring systems, and the National Bank is currently preparing consolidated recommendations based on all developments and experience in order to give banks and payment service providers a general understanding of where they need to go in this matter.
«The NBU also plans to create general regulations that will define the minimum necessary obligations of banks and payment service providers regarding the monitoring of drop transactions. If we see that not all players are taking a responsible approach to this issue, the National Bank will react directly in the field of supervisory actions,» they specified there.
