On 3 October 2018, the FCA published Thematic Review 18/3: Money laundering and terrorist financing risks in the e-money sector (TR18/3).
TR18/3 sets out the FCA’s findings following visits to 13 authorised Electronic Money Institutions and registered small Electronic Money Institutions (collectively EMIs) to assess their anti-money laundering (AML) and counter-terrorist financing (CTF) controls. EMIs distribute e-money through a number of channels, including agents and distributors (known as Programme Managers (PMs)). The FCA has been concerned that using PMs may increase money laundering and terrorist financing risks, if firms outsource their commercial activities and due diligence procedures in this way. The FCA also looked at this business model as part of the review.
In summary the FCA found:
- the majority of EMIs it visited had effective AML systems and controls to mitigate their money laundering and terrorist financing risk;
- most EMIs had revised and updated their policies and procedures to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). This included amending their customer due diligence (CDD) processes to take account of the lower transaction thresholds and other changes to simplified due diligence (SDD) in the MLRs, compared to the 2007 Money Laundering Regulations;
- EMIs took a number of approaches to comply with changes in the MLRs to due diligence measures and limits. This included establishing a ‘lifetime’ spending limit for e-money products issued under SDD, for existing customers and new customers, after which the EMI will either complete CDD or close the business relationship;
- most EMIs had effective transaction monitoring which was largely based on automated technological solutions. However, the quality of management information in relation to money laundering and terrorist financing varied. Senior management were better engaged and had a more effective understanding where the information had clearly identified key risks supported by data; and
- fraud was clearly seen as a key risk by EMIs. Most EMIs had a financial crime business-wide risk assessment covering money laundering, terrorist financing and fraud. In some EMIs, this was only in draft, and had not been approved or challenged at board level. The FCA also found individual customer risk assessments to be less defined in most EMIs.
The FCA also sets out in TR18/3 examples of good and poor practice it found within the EMIs it reviewed. For example, in relation to ongoing monitoring the good practice the FCA observed included:
- spot-checks being performed on accounts where potentially suspicious activity has been identified to ensure decisions are appropriate and documented;
- daily and weekly transaction monitoring reports including information on loads, spending, jurisdiction and loading method were compiled at one large EMI. These reports were reviewed by the compliance team; and
- the principal firm performs its own transaction monitoring of their PMs’ underlying customers to ensure compliance with regulation 38(3) of the MLRs.
The FCA has provided individual feedback to all 13 EMIs. It did not find any cases where it needed to use formal supervisory tools to remediate issues.
The FCA encourages all EMIs to review TR18/3, including the examples of good and poor practice, and consider whether their AML and CTF systems and controls could be improved.