THE NEED FOR PAYMENTS INSTITUTIONS TO UP THEIR AML REVIEW

Payments institutions – that is, entities established for the primary purpose of providing payment services (such as money transmitters and money service bureaus) – have long been widely considered as presenting high AML risk. The reasons for this are numerous, including, as applicable, the cash-intensive nature of the services offered; the prevalence of occasional transactions rather than established business relationships that require CDD measures; the high-speed nature of transactions; facilitating cross-border payments, especially if involving high-risk third countries; a high-risk customer base (e.g., PEPs, crypto asset service providers, or customers who have been de-risked from the banking sector); the onboarding of customers remotely; services allowing anonymity through new technologies; and using a network of agents, particularly if they serve one or more PIs at the same time and frequently change PIs.

Notably, the terrorist financing risk associated with PIs also is significant, due to the cash-based nature and wide geographical reach of the service, which usually involves low-value transactions. This heightened risk is also linked to a more limited understanding of TF risks and reliance on sanctions screening as the only TF risk mitigating tool.

Last month, the European Banking Authority published a report concluding that?ML/TF risks in the payment institutions sector aren't assessed and managed effectively, and that the internal controls in payment institutions aren't robust enough. The EBA found that a general perception of AML/CFT supervisors is that PIs tend to have a relatively higher risk appetite.

Much of what is in the EBA’s report likely jives with the thinking of FinCEN and other AML supervisors and regulators globally. Thus, PIs and the financial institutions that bank them are well advised to carefully review their AML controls that mitigate payment risks.?

Below are suggestions for enhancing controls related to PI activities:

o???The incorporation of all ML/TF risks and mitigants into the institution’s overall AML assessment;

o???An ability to create, for each high-risk customer, a risk profile sufficient to identity ML/TF risks;

o???An ability to properly oversee the agent network used;

o???Rigorous training on AML/CFT issues, especially where agents are used;

o???Sufficient transaction monitoring together with suspicious transaction identification and reporting;

o???Implementation of systems and controls to comply with restrictive measures imposed, such as limits on dollar amounts, high-risk jurisdictions, and high-risk customers;

o???Sufficient ongoing screening of customers and transactions;

o???Limits on the ability to anonymize senders and recipients;

o???Adequate internal governance arrangements, including application of a clear three-lines-of-defense system; and

o???Periodic, rigorous independent testing.