The European Banking Authority (EBA) recently published a report highlighting weaknesses in the supervision of payment institutions' anti-money laundering (AML) controls. The report is based on the EBA's review of its guidelines on authorizations and risk-based supervision, and it raises concerns about the effectiveness of internal controls, risk assessments, and supervision practices across EU member states.
The report emphasizes several deficiencies in the authorization and supervision of payment institutions' AML and counter financing of terrorism (CFT) controls. One major concern is the insufficient scrutiny of documentation during the authorization process. Some competent authorities responsible for authorizations did not adequately review the submitted documentation, allowing applicants with inadequate controls to obtain licenses. Another issue is the inconsistent involvement of AML/CFT experts in the assessment process.
Furthermore, the report reveals shortcomings in the risk-based supervision of payment institutions. AML/CFT supervisors often based their risk assessments on outdated or insufficient national risk assessments rather than adopting a formal sectoral risk assessment methodology. This approach raises questions about the accuracy and comprehensiveness of the risk assessments conducted.
The frequency of supervisory activities for payment institutions was found to be lower compared to the banking sector, indicating potential shortcomings in the overall AML/CFT supervision in this sector. This raises concerns about the adequacy of ongoing monitoring and compliance enforcement.
The report also highlights challenges faced by AML/CFT supervisors in allocating resources for payment institution supervision. Many supervisors have only a single team responsible for AML/CFT supervision across all financial sectors. As a result, they often face trade-offs between supervising payment institutions and other financial institutions, potentially leading to insufficient attention being given to payment institutions' AML/CFT controls.
Another area of concern is the use of agents by payment institutions. Agents are not considered obligated entities under the EU AML Directive. However, they pose risks of being exploited by criminals. The lack of direct oversight by host supervisors creates challenges in enforcing AML/CFT requirements, and there is no common supervisory practice regarding the AML/CFT oversight of agents.
In light of these findings, the report calls for robust and consistent supervisory practices in order to ensure effective AML/CFT compliance within the payment institutions sector. It emphasizes the need for the involvement of AML/CFT experts in the authorization process, improved risk assessments based on a formal sectoral methodology, and enhanced oversight of intermediaries, including agents.
Addressing these weaknesses is crucial to safeguard the integrity of the financial system and maintain effective AML/CFT controls within the payment institutions sector.
By fLEXI tEAM