Safeguarding the financial system from the perils of money laundering and terrorist financing is a growing concern among regulatory bodies worldwide. The European Banking Authority (EBA) recently released a crucial report shedding light on assessing and managing these risks. The findings of this comprehensive study have revealed alarming inadequacies in addressing money laundering and terrorist financing (ML/TF) risks, indicating a pressing need for immediate action.

The report highlights several key issues and concerns regarding assessing and managing ML/TF risks in the payment institutions sector. This comprehensive analysis highlights alarming findings, emphasizing the need for immediate action to strengthen the industry's AML/CFT risk management. Addressing the report's recommendations is of utmost importance to safeguard the financial system's integrity and maintain the trust of customers and stakeholders. 

PIs are not immune to the significant risks posed by ML/TF. The report highlights several key factors contributing to the high inherent risk associated with payment institutions. Understanding these risks is crucial in developing effective AML/CFT measures to combat illicit activities within the sector.

Payment institutions often have a customer base that includes higher-risk individuals and entities. This includes non-resident customers, customers de-risked from the banking sector, and corporate customers from high-risk sectors like gambling and crypto asset services. Additionally, the emergence of new client typologies, such as platforms and marketplaces, further increases the overall ML/TF risk level.

The cross-border nature of transactions conducted by payment institutions introduces significant risks, mainly when operating with high-risk third countries. Money remittance services, in particular, provide access to payment services in regions where traditional credit institutions may be lacking.

New technologies, anonymous transactions, and the speed of transactions contribute to higher ML/TF risks. Cash-based transactions, especially those without an established business relationship between counterparties, are of particular concern. The report highlights the trend of customers transferring money to money remitters using platforms like PayPal, adding a layer to the chain of cash remittances. Moreover, the prevalence of one-off transactions limits the ability of payment institutions to create customer risk profiles and effectively identify and manage ML/TF risks associated with individual transactions.

The EBA identifies the widespread use of intermediaries, including agents, as the most significant risk associated with delivery channels. Agents often operate businesses unrelated to the financial services industry. Their limited awareness of applicable AML/CFT rules can hinder the effective implementation of AML/CFT controls established by payment institutions. 

Additionally, agents frequently serve multiple payment institutions simultaneously and often change affiliations, contributing to weaker oversight by payment institutions and challenges in implementing adequate controls. AML/CFT supervisors confirm that this area's ML/TF risk is high.

The report emphasizes that outsourcing can undermine the robustness of a payment institution's control and risk management framework if appropriate safeguards are not in place. Outsourcing services without proper oversight and control, especially in jurisdictions different from the payment institution's establishment, can lead to limited oversight of the quality of outsourced services and create vulnerabilities in AML/CFT measures.

The EBA report also addresses the ML/TF risks arising from the withdrawal of the United Kingdom from the European Union. The relocation of institutions previously headquartered in the UK to EU member states posed AML/CFT challenges. Payment institutions that relocated to EU member states were found to have inadequate AML/CFT systems and controls and poor compliance culture. Requirements imposed on these institutions during authorization, such as strengthening compliance functions and recruiting local staff, had yet to be fully implemented, creating significant ML/TF vulnerabilities. This risk was further amplified as some payment institutions experienced accelerated growth post-authorization and provided services across the EU through passporting.

White Labeling: The increased use of "white labeling" poses ML/TF concerns. Payment institutions offer their licenses to independent agents who develop their products under the regulated PI's license. This arrangement raises challenges in managing ML/TF risks as agents gain control over the business relationship, communicate with users, and sometimes control financial flows or funds.

Virtual International Bank Account Numbers (IBANs): Virtual IBANs are viewed as an emerging risk due to the blurred jurisdiction of the underlying account. This lack of clarity may lead to non-compliance with payment institutions' applicable AML/CFT frameworks.

Third-Party Merchant Acquiring: This emerging trend introduces potential ML/TF risks. Payment institutions outsource parts of the acquiring process to third-party acquirers (TPAs) responsible for complying with AML/CFT laws. Suppose the TPA's AML/CFT program is vulnerable. In that case, the merchant acquirer may indirectly process illicit funds, exposing them to associated risks.

There is a pressing need for payment institutions to strengthen their AML/CFT measures. The report finds that implementing these measures by PIs has been less robust than in the banking sector. Limited awareness of money laundering risks within the payment institutions sector is a rampant problem, along with insufficient internal control systems.

Some of the most prevalent areas of weaknesses identified by the supervisors include:

There is a lack of rigorous training on AML/CFT issues, especially regarding agents used by payment institutions. Business-wide and individual risk assessments are often of low quality, indicating a need for improved risk awareness.

Many payment institutions lack effective transaction monitoring systems or fail to monitor transactions meaningfully, which hampers the detection of suspicious activities.

The sector cannot identify unusual transactions and report suspicious activities due to deficiencies in ongoing transaction monitoring and a lack of awareness of ML/TF risks. Some payment institutions rely on the STR reporting systems of the credit institutions they bank with rather than implementing their own as required.

There needs to be better or more implementation of and more understanding of restrictive measures regimes by payment institutions. In some cases, ongoing screening of customers and transactions may need to be more consistent or present.

Inadequate internal governance arrangements are observed, particularly among new entrants seeking rapid growth and maximum profit. Transparent three-lines-of-defense systems may not be applied, and the turnover of key staff positions may be relatively high. Shareholders' active participation in business management can interfere with sound ML/TF risk management.

Many AML/CFT supervisors consider the TF risk associated with payment institutions significant. Cash-based nature, broad geographical reach, and reliance on sanctions screening as the sole TF risk mitigating tool contributes to the inadequate understanding and management of TF risks.

Weaknesses are observed in the remote onboarding of customers without adequate safeguards. Payment institutions often do not identify high-risk customers, including politically exposed persons (PEPs).

One major issue identified is the lack of a consistent approach to AML/CFT supervision of payment institutions, particularly those with widespread agent networks. Not all AML/CFT supervisors base supervision frequency and intensity on individual payment institutions' risk profiles. This inconsistency in supervision practices can lead to ineffective assessment and management of ML/TF risks. The report suggests that changes to the EU legal framework are needed to establish a more consistent approach to assessing AML/CFT risks in payment institutions.

Ensuring consistent and effective supervision is the most important step in safeguarding the financial system. Supervisors can better assess and manage potential vulnerabilities by tailoring the frequency and intensity of supervision based on inherent risks. This risk-based approach ensures that resources are allocated where they are most needed, optimizing the effectiveness of AML/CFT oversight.

The EBA issued guidelines specifying the documentation required to authorize payment institutions, including information on internal AML/CFT systems and controls. However, the authorization processes for payment institutions are not always robust enough to allow applicants to obtain licenses despite inadequate AML/CFT controls. The scrutiny of internal AML/CFT control documents varies across competent authorities. A lack of transparent and objective methodologies for assessing ML/TF risk may lead to accepting applicants with an inadequate understanding of their risk exposure.

With the report's findings in mind, the EBA aims to improve the financial landscape of the EU in the future. Most of the challenges uncovered can be mitigated through the more robust implementation of existing EBA guidelines, such as the risk factor guidelines and the guidelines for risk-based supervision.

However, other findings require changes to the EU legal framework. These include establishing a consistent approach to assessing the AML/CFT component during the authorization of payment institutions, strengthening provisions related to ML/TF risks in the passport process, and ensuring a coherent and consistent AML/CFT supervision of agents across Europe.

The report's findings will be incorporated into the EBA's bi-annual ML/TF risk assessment exercise. Emerging ML/TF risks, such as virtual IBANs and white labeling, will be investigated for a more in-depth understanding. 

The EBA report provides valuable insights into the challenges faced by the sector and the importance of addressing ML/TF risks. It is a wake-up call for EU PIs and their supervisors, highlighting the pressing need for more effective risk management.

The key takeaways from the report highlight the need for urgent action to strengthen controls and enhance risk-based supervision in payment institutions. Addressing these risks is paramount to protecting the integrity of the financial system. By taking decisive action, the sector can strengthen its resilience against money laundering and terrorist financing activities, ensuring the financial system's integrity and reinforcing trust among customers and stakeholders.

By strengthening AML/CFT controls and promoting effective KYC compliance measures, PIs can become more equipped to protect themselves from financial crimes and maintain trust in the industry.

At KYC Hub, we are always up-to-date on the current laws and regulations. Our solution aligns with the industry's best practices, helping you maintain compliance with existing and updated legal frameworks. Foster a consistent approach to assessing AML/CFT risks, and embrace the future of effective KYC compliance today with KYC Hub.