The UK’s Electronic Money Institutions, known also as e-money institutions or EMIs, generally have strong controls to mitigate money laundering and terrorist financing risks, according to a recent thematic review published by the UK Financial Conduct Authority (FCA) in October 2018 (the “Thematic Review”).
The Thematic Review was the FCA’s first since the 2017 Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations (MLRs) replaced the 2007 Money Laundering Regulations in the UK, and introduced some particularly significant changes for EMIs related to the thresholds that their product has to meet in order to not apply customer due diligence (CDD).
The scope of the Thematic Review focused on e-money products, including pre-paid cards and digital wallets, as well as the activity of EMIs’ distributors and agents (referred to in the Thematic Review as the “Programme Managers”), and excluded some other services the EMIs provide, such as money remittance. It also excluded activities which the FCA considered to be outside of its supervisory remit, including gift cards that can only be used within a limited network, or any prepaid product denominated in a cryptocurrency.
As the FCA explained, while the National Risk Assessment (NRA) 2015 assessed the money laundering and terrorist financing risks as medium and low, respectively, the NRA 2017 assessed both the money laundering and terrorist financing risks for e-money as medium. Among the elements of products offered by EMIs that could increase money laundering and terrorist financing risk in the e-money industry, the FCA listed products that: (i) enable cash loading or withdrawals, (ii) an absence of limits on usage or uploading funds, (iii) accounts that permit multiple users, (iv) situations where due diligence is not required and consumers can obtain products anonymously, and (v) the potential outsourcing risks that arise from using Programme Managers (i.e., distributors and agents) to distribute e-money products.
It found that, with the exception of one EMI, most EMIs had updated their policies and procedures to comply with the 2017 MLRs. Given its findings, it did not need to begin a formal process against any EMI to remedy violations.
The FCA detailed examples of good and bad practices in several areas, namely, information management, business-wide risk assessment, customer risk assessment, policies and procedures, customer due diligence, enhanced due diligence, ongoing monitoring, outsourcing to third party providers, and staff training. These findings in the Thematic Review will be particularly useful for EMIs, especially with regard to how EMIs should manage their relationship with Programme Managers. EMIs should review these examples in detail to determine if they are following best practices for the industry and identify areas for potential improvement.
