Skip to content


Inadequate money laundering and terrorist financing controls found in EU payment institutions

Share on facebook
Share on twitter
Share on linkedin

The European Banking Authority (EBA) recently released its comprehensive report on the risks associated with money laundering and terrorist financing (ML/TF) in EU payment institutions. The report sheds light on the inadequate assessment and management of ML/TF risks by both institutions and their supervisors. In this update we will provide an overview of the EBA report, including the background, risk factors identified, and weaknesses identified in the payment institutions sector.

Background of the report

In 2022, the EBA conducted an assessment of the ML/TF risks in the payment institutions sector, focusing on how these institutions identify and manage risks and the role of supervisors in mitigating these risks. The findings of the report indicate that overall, payment institutions in the sector are not effectively managing ML/TF risks, despite the high inherent risk associated with their activities.

Money laundering and terrorist financing risks Identified

The money laundering and terrorist financing risks in the payment institutions sector vary depending on the size and business models of the entities involved. Certain factors increase the risk, such as the provision of cash-based money remittance services without triggering customer due diligence measures. On the other hand, account information service providers (AISPs) that are not involved in the payment chain and do not hold customer funds are considered to have limited ML/TF risks.

However, most AML/CFT supervisors assess the controls implemented by payment institutions as insufficient to mitigate these risks effectively. While some supervisors reported slight improvements in AML/CFT controls in recent years, these improvements have not translated into overall reduced residual risk ratings.

Risk factors:

  • Risks Linked to Customers: Payment institutions often have a customer base that includes non-residents, individuals de-risked from the banking sector, and institutional customers from high-risk sectors such as gambling companies and crypto asset service providers (CASPs). The emergence of new client typologies, such as platforms and marketplaces, further increases the overall ML/TF risk level.
  • Geographical Risks: AML/CFT supervisors consider geographical risks as major factors in the payment institutions sector, especially in transactions with high-risk third countries or offshore countries. Money remitters, in particular, operate in areas where credit institutions are less present, resulting in a higher ML/TF risk.
  • Risks Linked to Products and Services: Risks associated with payment institution products and services include the use of new technologies, innovative products, high-speed transactions, cash-based transactions without established business relationships, and occasional or one-off transactions exempt from customer due diligence measures.
  • Risks Linked to Delivery Channels and Intermediaries: Non-face-to-face business relationships without adequate risk management tools increase the ML/TF risk exposure of payment institutions. The widespread use of intermediaries and agents, often from non-financial sectors, can also pose significant AML/CFT weaknesses and vulnerabilities.
  • Risks from Outsourcing AML/CFT-Related Tasks: The outsourcing of important AML/CFT functions to third parties can weaken institutions’ control and risk management frameworks. Cross-border outsourcing can also jeopardise the “local substance” requirement, resulting in limited oversight of outsourced services.
  • Other Risk Factors: The report highlights the ML/TF risks arising from the Brexit-related relocation of payment institutions, as well as emerging risks associated with white labelling, virtual International Bank Account Numbers (IBANs), and third-party acquirers.

AML/CFT weaknesses in payment institutions

The report identifies several weaknesses in the implementation of AML/CFT measures by payment institutions, including:

  • Poor awareness of ML/TF risk: Many payment institutions lack a comprehensive understanding of ML/TF risks. Insufficient training on AML/CFT issues, particularly for agents, contributes to this concern.
  • Insufficient transaction monitoring: The sector often fails to monitor transactions effectively, with deficient or non-existent transaction monitoring systems in place.
  • Weak suspicious transaction identification and reporting (STR): Limited awareness of ML/TF risk and deficiencies in ongoing transaction monitoring hinder the sector’s ability to identify unusual transactions and report suspicious ones. Some payment institutions rely on the STR reporting systems of their banking partners instead of implementing their own, as required by EU regulations.
  • Non-compliance with restrictive measures: Many payment institutions struggle to implement systems and controls to comply with restrictive measures. Issues include sporadic or non-existent screening of customers and transactions.
  • Weak internal governance arrangements: Some payment institutions lack adequate internal governance arrangements, particularly new entrants focused on rapid growth and profit. This includes the absence of a clear three-lines-of-defence system and high turnover in key function holder positions, potentially compromising sound ML/TF risk management.
  • Poor understanding and management of terrorist financing (TF) risks: A significant TF risk exists in the payment institutions sector due to factors such as cash-based transactions and wide geographical reach. The sector’s limited understanding of TF risks and overreliance on sanctions screening as the primary mitigation tool contribute to this concern.
  • Remote/online onboarding without appropriate safeguards: Payment institutions often onboard customers remotely without sufficient safeguards, leading to weaknesses in customer identification, including high-risk customers such as politically exposed persons (PEPs).


Most common breaches identified in the payment institutions sector, 2022


How Neopay can help

At Neopay we offer specialised expertise and solutions to address the identified weaknesses in AML/CFT measures in payment institutions. With our tailored risk assessments, comprehensive training programs, regulatory guidance, compliance audits and continuous support, payment institutions can bolster their AML/CFT capabilities effectively. We also go beyond standard compliance audits by providing financial crime audits, ensuring a thorough examination of financial crime prevention and detection measures. Our financial crime audits offer a comprehensive assessment of payment institutions’ systems and processes, identifying potential vulnerabilities and providing actionable recommendations to mitigate the risk of financial crimes.

Also, our advanced technology solution, 123signed, offers cutting-edge tools for transaction monitoring, identity verification, and suspicious activity detection. This solution enables payment institutions to enhance their monitoring capabilities, identify and flag suspicious transactions effectively, and prevent illicit funds from entering their systems.

Contact us today to learn how our comprehensive compliance solutions can help you bolster your financial crime prevention efforts.

To read the full report, click here.

Share on facebook
Share on twitter
Share on linkedin

Related Posts

What’s happening with the FCA and AML?

With the change in the anti-money laundering (AML) supervisory approach of the Financial Conduct Authority (FCA), many firms are nervous about whether they will face FCA scrutiny and what to
Read More >

Reminder: Consumer Duty board reports due 31 July 2024

As the one-year mark of the Consumer Duty’s implementation approaches, firms are reminded that the first board reports on Consumer Duty implementation and outcomes are due by 31 July 2024.
Read More >