Inadequate money laundering and terrorist financing controls found in EU payment institutions

money laundering and terrorist financing controls

The European Banking Authority (EBA) recently released its comprehensive report on the risks associated with money laundering and terrorist financing (ML/TF) in EU payment institutions. The report sheds light on the inadequate assessment and management of ML/TF risks by both institutions and their supervisors. In this update we will provide an overview of the EBA report, including the background, risk factors identified, and weaknesses identified in the payment institutions sector.

Background of the report

In 2022, the EBA conducted an assessment of the ML/TF risks in the payment institutions sector, focusing on how these institutions identify and manage risks and the role of supervisors in mitigating these risks. The findings of the report indicate that overall, payment institutions in the sector are not effectively managing ML/TF risks, despite the high inherent risk associated with their activities.

Money laundering and terrorist financing risks Identified

The money laundering and terrorist financing risks in the payment institutions sector vary depending on the size and business models of the entities involved. Certain factors increase the risk, such as the provision of cash-based money remittance services without triggering customer due diligence measures. On the other hand, account information service providers (AISPs) that are not involved in the payment chain and do not hold customer funds are considered to have limited ML/TF risks.

However, most AML/CFT supervisors assess the controls implemented by payment institutions as insufficient to mitigate these risks effectively. While some supervisors reported slight improvements in AML/CFT controls in recent years, these improvements have not translated into overall reduced residual risk ratings.

Risk factors:

  • Risks Linked to Customers: Payment institutions often have a customer base that includes non-residents, individuals de-risked from the banking sector, and institutional customers from high-risk sectors such as gambling companies and crypto asset service providers (CASPs). The emergence of new client typologies, such as platforms and marketplaces, further increases the overall ML/TF risk level.
  • Geographical Risks: AML/CFT supervisors consider geographical risks as major factors in the payment institutions sector, especially in transactions with high-risk third countries or offshore countries. Money remitters, in particular, operate in areas where credit institutions are less present, resulting in a higher ML/TF risk.
  • Risks Linked to Products and Services: Risks associated with payment institution products and services include the use of new technologies, innovative products, high-speed transactions, cash-based transactions without established business relationships, and occasional or one-off transactions exempt from customer due diligence measures.
  • Risks Linked to Delivery Channels and Intermediaries: Non-face-to-face business relationships without adequate risk management tools increase the ML/TF risk exposure of payment institutions. The widespread use of intermediaries and agents, often from non-financial sectors, can also pose significant AML/CFT weaknesses and vulnerabilities.
  • Risks from Outsourcing AML/CFT-Related Tasks: The outsourcing of important AML/CFT functions to third parties can weaken institutions’ control and risk management frameworks. Cross-border outsourcing can also jeopardise the “local substance” requirement, resulting in limited oversight of outsourced services.
  • Other Risk Factors: The report highlights the ML/TF risks arising from the Brexit-related relocation of payment institutions, as well as emerging risks associated with white labelling, virtual International Bank Account Numbers (IBANs), and third-party acquirers.

AML/CFT weaknesses in payment institutions

The report identifies several weaknesses in the implementation of AML/CFT measures by payment institutions, including:

  • Poor awareness of ML/TF risk: Many payment institutions lack a comprehensive understanding of ML/TF risks. Insufficient training on AML/CFT issues, particularly for agents, contributes to this concern.
  • Insufficient transaction monitoring: The sector often fails to monitor transactions effectively, with deficient or non-existent transaction monitoring systems in place.
  • Weak suspicious transaction identification and reporting (STR): Limited awareness of ML/TF risk and deficiencies in ongoing transaction monitoring hinder the sector’s ability to identify unusual transactions and report suspicious ones. Some payment institutions rely on the STR reporting systems of their banking partners instead of implementing their own, as required by EU regulations.
  • Non-compliance with restrictive measures: Many payment institutions struggle to implement systems and controls to comply with restrictive measures. Issues include sporadic or non-existent screening of customers and transactions.
  • Weak internal governance arrangements: Some payment institutions lack adequate internal governance arrangements, particularly new entrants focused on rapid growth and profit. This includes the absence of a clear three-lines-of-defence system and high turnover in key function holder positions, potentially compromising sound ML/TF risk management.
  • Poor understanding and management of terrorist financing (TF) risks: A significant TF risk exists in the payment institutions sector due to factors such as cash-based transactions and wide geographical reach. The sector’s limited understanding of TF risks and overreliance on sanctions screening as the primary mitigation tool contribute to this concern.
  • Remote/online onboarding without appropriate safeguards: Payment institutions often onboard customers remotely without sufficient safeguards, leading to weaknesses in customer identification, including high-risk customers such as politically exposed persons (PEPs).

Most common breaches identified in the payment institutions sector, 2022


How 123signed can help

In light of the weaknesses identified in the implementation of AML/CFT measures by payment institutions, it is crucial to seek solutions that address these vulnerabilities effectively. 123signed, a leading provider of AML compliance solutions, offers a comprehensive suite of services specifically tailored for payment institutions. Our advanced transaction monitoring system, streamlined customer due diligence processes, and expert guidance, empower payment institutions to strengthen their AML/CFT capabilities. We enable payment institutions to enhance their monitoring capabilities, identify and flag suspicious transactions effectively, and prevent illicit funds from entering their systems.

We also work alongside our partners at Neopay to offer a wide range of services that empower payment institutions to strengthen their financial crime efforts. From tailored risk assessments and comprehensive training programs to regulatory guidance, compliance and financial crime audits, and ongoing support, we provide the necessary tools to enhance your firm’s resilience.

Discover how we can bolster your financial crime prevention strategies by contacting our team of experts today.