As part of its policy of improving AML controls at financial institutions, the European Union has set itself and each of its member-countries the task of producing regular reports about money-laundering and terrorist-financing 'threats' within its voluminous borders.

No firm is capable on its own of assessing all of the current and active threats and trends in the EU because it does not have access to the right intelligence or enough data. The states and their governmental club are therefore obliged to do the job by EU law.
 
The resulting report assesses different industries and works out the significance (on a scale of 1 rising to 4) of the threats and weaknesses associated with each product.
 
It should be noted that the EU produced its final report for 2017 before MLD IV came into force. The report dwells on the weaknesses that sprang from "simplified due diligence" or SDD, a loophole that MLD IV reduced heavily and MLD V will reduce further still.
 
The following is a summary of the prime risks associated with payments, e-money and currency exchange.
 
Payments
 
The report looks at a number of different payment services including money value transfer services and card issuance, but also covers some different industries under the heading of 'payments,' which weakens the assessment slightly and makes it less useful for firms. The EU's second Payment Services Directive defines money value transfer or money remittance as a payment service where funds are received from a payer, without any payment accounts being created in the name of the payer or the payee, for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee, and/or where such funds are received on behalf of and made available to the payee.
 
The prime risk that the EU note is that "payment services allow cross-border transactions that may rely on different mechanisms of identification (depending on national legislation) that may lead the terrorists to use false identity." The report concedes that terrorist and criminal groups need specific skills to do this, but these skills are widespread and well-known to terrorist groups and in money-laundering circles.
 
The report ascribes the risks it identifies to the use of new payment methods and delivery channels such as mobile or internet payment, which make it easier than ever for people to be anonymous. These risks, when combined with the interactions of highly risky customers in highly risky locations, are considered to be the most dangerous.
 
The authorities also paid further consideration to payment service providers who use their relationships with agents. They thought that they ought to ensure that their agents are fully aware of and committed to their AML requirements. To this end, the EU calls on its subject countries to place the onus on the supervisor of the "agent relationship" to inspect and review both onsite compliance and the training of the agents in the relationship regularly.
 
On the whole, the EU thinks that the risks inherent in payment services are only moderately significant, whereas the risks associated with money value transfer services are very significant. The prime difference in outcomes is that money value transfer services are typically associated with cash-based remittance services on the high street that allow funds to be sent anonymously to riskier locations with limited "due diligence" (i.e.s identification and verification).
 
The provisions of MLD IV and the EU's revised wire regulations sought to reduce these risks further by requiring ID to be provided for all transactions that are initiated in cash and so this risk has been largely offset.
 
The report also suggests that all the EU's national supervisors should inspect the sector within the next two years. This could lead to a large increase in the amount of regulatory scrutiny that remittance firms have to endure.
 
Electronic money
 
Here the assessment points out that "certain e-money products require identification of the owner, [while] others allow owners to remain anonymous," which is a risk that MLD IV has reduced. However, the report says that non-anonymous products on which few or no identification processes are performed are open to abuse through "circumvention of verification measures by using fake or stolen identities, or using straw men or nominees etc."
 
The result is that "perpetrators can load multiple cards under the anonymous prepaid card model. This multiple reloading could lead to substantial values which can then be carried out abroad with limited traceability."
 
In short, the highly limited levels of identification and verification being applied in the name of SDD meant that people were able to take out multiple cards, using either fake or limited identification and verification and then use these cards overseas.
 
The low barrier to entry for e-money products and a lack of specialist knowledge in the circumvention of controls makes it attractive to both money launderers and terrorists. However, owing to a limited barrier to entry, "cash is still the preferred option to finance travels to war zones...but may be an option which is more attractive when cash transactions are not an available option."

The problem appears to come from inconsistencies in the way that many e-money issuers that offer a variety of diverse products apply AML and TF controls. As the report says, "inherent risks of e-money depend on the structure of the product, the nature of the operator and its capability in managing these new technologies to effectively identify and report suspicious transactions."
 
Regulators have noted that the AML performance of e-money operators differs wildly and that in many cases no identification, verification or SDD happens.
 
The report concludes that once SDD is reduced, the EU authorities believe that the risks of e-money will diminish, but they also think that controls in the sector are insignificant and that this is evident from the number of suspicious transaction reports that the industry produces. It is considered a moderately significant money-laundering threat/weakness.  
 
A Belgian takeaway
 
Firms should look at the risks associated with its own sector, but  should also look at their correspondent relationships, providers and partners and look at the risks associated with their chosen funding sources and pay-out methods as part of its overall product risk assessments by reviewing other relevant industries. When a firm realises that a specific funding method carries a high risk, it should work out how this may affect its overall product risk assessment.
 
The full report can be found at europeanmemoranda.cabinetoffice.gov.uk/files/2017/07/10977-17-ADD-2.pdf

* Michael Southgate can be reached on +44 28 9042 5451 or at michael.southgate@fscom.co.uk