Clari5 Market Insights
European Union
European Banking Authority
Report on ML / TF Risk for Payment Institutions
EBA has Published a Report on ML / TF Risks Associated with Payment Institutions.
By when must Payment Institutions (PIs) comply with the guidelines?
PIs must meet the EBA guidelines with immediate effect.
Why has the EBA issued the new guidelines?
Payment institutions are commonly associated with higher ML / TF risks. The EBA, in its 2021 Opinion on ML / TF risk factors affecting the European Union’s financial sector, noted that more than two-thirds of all AML / CFT supervisors considered that the sector poses significant or very significant ML / TF risks. It also noted that the significant risk profile associated with this sector did not always appear to be matched with a commensurate level of supervisory activity in all cases.
The European Commission, in its 2022 supranational risk assessment, considered that payment institutions are inherently exposed to both ML and TF risks and they ‘appeared to be most vulnerable to risks arising from weaknesses in AML / CFT systems and controls’. Payment institutions are impacted, as customers, by de-risking. ‘De-risking’ refers to decisions taken by financial institutions to refuse to onboard or to discontinue servicing existing customers that they associate with higher ML / TF risks.
This raises concerns about the robustness of the overall implementation, by payment institutions, of AML / CFT measures; and the adequacy and proportionality of the level of resources allocated by national competent authorities to the AML / CFT supervision of the payment institutions sector.
In April 2022, the EBA decided to assess the scale and nature of ML / TF risk associated with the sector, the extent to which payment institutions’ AML / CFT systems and controls are adequate and effective in tackling those risks, and the extent to which current supervisory approaches to tackling ML / TF risk in payment institutions are effective. The EBA’s findings suggest that ML / TF risks in the payment institutions sector may not be assessed and managed effectively.
Highlights of the guidelines
The report highlights the risks associated with ML / TF in the payments institutions sector. It specifically talks about:
- Risks linked to customers of payment institutions
- Geographical risks linked to payment institutions
- Risks linked to the types of products and services offered by payment institutions
- Risks linked to delivery channels and the use of intermediaries (agents)
- Risks emanating from outsourcing of AML / CFT-related tasks of PIs
- Other risk factors like Brexit
- Emerging risks in the PIs sector
The report further assesses the implementation of AML / CFT measures taken by payment institutions to mitigate the above-mentioned risks as a counter-measure. But despite that the report finds that there are several weaknesses in the AML / CFT practices, such as:
A Poor Overall Awareness of ML / TF Risk
Lack of rigorous training on AML / CFT issue.
Insufficient Transaction Monitoring
Transaction monitoring systems deficient or not in place at all.
Insufficient Suspicious Transaction Identification and Reporting (STR)
Lack of awareness of ML / TF risk and deficiencies in ongoing transaction monitoring, relying on the STR reporting systems of the credit institutions with which the PIs bank, rather than implement their own as would be required under the applicable EU legal framework.
Failure to Implement Systems and Controls to Comply with Restrictive Measures
Poor or insufficient implementation, and a limited understanding, by the sector, of restrictive measures regimes, sporadic ongoing screening of customers and transactions or none at all.
Weak Internal Governance Arrangements
Lack of application of a clear three-lines-of defense system as well as a relatively high turnover of staff in the key function holder positions, active participation of shareholders in the running of the business, which could interfere with the institution’s sound and prudent ML / TF risk management.
TF Risks are Poorly Understood and Managed
Limited understanding, by the sector of TF risks, and reliance on sanctions screening as the only TF risk mitigating tool.
Remote / Online Onboarding without Appropriate Safeguards
Specific weaknesses stemming from the remote onboarding of customers in the sector, without appropriate safeguards, fails to identify high-risk customers, including PEPs.
EBA’s survey on ML / TF risks associated with payment institutions also reports that AML / CFT supervisors have indicated that most breaches in the sector are related to ongoing monitoring, internal controls and overall AML / CFT policies and procedures, customer identification and verification of ID, and customer and business-wide risk assessment. This is broadly in line with the quality of controls that competent authorities were generally concerned about in the sector.
European supervisors responsible for the authorization of payment institutions are therefore expected to scrutinize the documentation to satisfy themselves that:
- The PI’s ML / TF risk assessment is appropriate and complete
- The PI has or will put in place adequate systems and controls to ensure that the ML / TF risks associated with its branches, agents or distributors are managed effectively
- The person designated as responsible for the PI’s compliance with AML / CFT requirements has sufficient AML / CFT expertise to carry out their functions. As per the points mentioned, Payment Institutions need to improve their AML / CFT measures and systems.
How Clari5 helps EU’s PIs quickly comply with EBA’s guidelines
Highlights
Advantages
Highlights
- End- to End AML compliance solution with pre-packaged AML scenarios, which cover recommendations made by various regulatory agencies.
- Real-time Customer Due Diligence module which can be integrated to any type of watchlist, PEP list and has capabilities to screen any parameter or entity.
- Enables profile-based risk assessments and periodic reassessments of onboarded customers and entities for the customer based on diverse high-risk red flags derived from transaction, demographics, geography and products / delivery channels.
- Up to 5 risk levels available with configurable inputs and covers Enhanced Due Diligence.
- Scenario Authoring Tool to configure new scenarios and modify existing scenarios with multiple variables to combat emerging money laundering patterns and risks, however sophisticated. Various parameters like Threshold & Time Duration can be configured based on the business policies- from floor to ceiling values.
- Real-time transaction processing systems (Core Banking and remittance systems) to correlate and detect any suspicious money laundering schemes which also generates a case for investigation.
- Supports regulatory reporting for timely filing along with integrated role-based reports and dashboards for any investigator or supervisor.
Advantages
- Clari5’s web-based Scenario Authoring Tool configures new scenarios as / when required, without any coding or effort from the IT team.
- Our pre-packaged AML scenarios cover recommendations made by various regulatory agencies
- Parallel use of AI / ML tools and graph analytics to extract new patterns, deploy them for better detection rates with lower false positives.
- Entity link analysis feature helps expose customer / account associations and organized money laundering.
- Case Management System to shrink analyst time on false positive investigation, using AI / ML driven models on past resolution data; workflow-driven investigation in a configurable centralized or decentralized manner.
- Quicker implementation because of prepackaged AML scenarios and built-in interfaces for integration
- Low-cost commodity hardware infrastructure leading to reduced TCO.