The aim of the Financial Conduct Authority’s thematic review was to increase its understanding of the risks of money laundering and terrorist financing in the e-money sector. The UK regulator visited 13 authorised Electronic Money Institutions and registered small Electronic Money Institutions (referred to as EMIs) to assess their anti-money laundering (AML) and counter-terrorist financing (CTF) controls.
EMIs distribute e-money through a number of channels, including agents and distributors (known as Programme Managers – PMs). The FCA was concerned that using PMs may increase money laundering and terrorist financing risks, if firms outsource their commercial activities and due diligence procedures in this way.
Findings were mostly positive:
Governance, culture and management information: Some larger EMIs had management committees where money laundering and terrorist financing risks were regular agenda items. The FCA found that smaller EMIs had a more informal approach to escalating and managing these issues. However, considering the size and scale of these firms, the regulator found this to be equally effective.
The FCA found a well-embedded financial crime prevention culture in most of the EMIs. Overall, it found that EMIs had adequate controls in place to mitigate the risks of money laundering and terrorist financing.
The FCA found that the majority of EMIs produced monthly or quarterly management information reports on fraud, money laundering and terrorist financing. This helped communicate risk exposure to the Board. At smaller EMIs, it found that regular dialogue between senior management and the compliance team enabled them to manage risks effectively.
However, at one EMI, the outcomes of discussions on money laundering and terrorist financing were not recorded. This included responsibility for actions and deadlines.
Risk assessment: Business-wide risk assessments enable high-risk customers to be identified so that enhanced due diligence (EDD) and enhanced ongoing monitoring can be put in place. Business-wide risk assessments are performed for each product and programme to identify financial crime risks, as well as risk assessing PMs and customers during onboarding.
The FCA found poor practices in an instance where the business-wide risk assessment is too generic and not tailored to the firm’s specific business model and product offerings.