Responsibilities and solutions for integrity and security (2024)

Risk

Compared to cash, use of e-money increases certain money laundering (ML) and terrorist financing (TF) risks while reducing others.

Four key money laundering risks

• Anonymity: Customer’s identity is unknown.
• Elusiveness: Ability to disguise amount, origin, and destination.
• Rapidity: Speed at which funds are transferred.
• Oversight: Extent and quality of oversight.

Compared to cash, e-money poses greater risks with respect to rapidity but lower risks with respect to anonymity, elusiveness, and oversight.

Source:

Risk

E-money raises specific ML/TF typologies that need to be properly mitigated.

Key e-money actors that may be involved in ML/TF

• Customers.
• Agents & Merchants.
• Employees.

Customers

Agents & Merchants

Employees

Source:

Tiered KYC

Introducing monetary amount-based risk tiers and simplifying the KYC requirements for lower- risk tiers is a practical and widely used way of risk-based KYC.

Source:

Tools

Source:

• Assessing the institutional ML/TF risks and applying a risk-based approach,
• Customer Due Diligence (simplified, standard, or enhanced, based on risk),
• Internal controls, compliance officer and organization,
• Screening for Politically Exposed Persons and terrorist entities (as-per UN TF Resolutions),
• Monitoring of unusual transactions,
• Suspicious transaction reporting,
• Due diligence and training of staff and agents,
• Record keeping.

• AML/CFT obligations and regulatory expectations should also be risk based. Especially in the low-risk tiers, the AML/CFT controls can be simplified. In proven low-risk situations exemptions from some AML/CFT obligations can be considered (by the regulators).

• Two AML/CFT obligations are particularly important in e-money context:

  • IT capacity to monitor, detect, and analyze unusual transactions,

  • Due diligence and training of the agents.

• In October 2020, the FATF revised its Standards to require countries and financial institutions (including e-money service providers) to identify, assess, understand and mitigate their proliferation financing risks. FATF has also issued a guidance on PF risk assessment and mitigation (FATF 2021). This guidance states that:
  • There is no one-size-fits-all approach when assessing or mitigating proliferation financing risks. Countries and private sector entities should implement measures …. in a manner that is proportionate to the risks faced by relevant entities, and be consistent with other complementary objectives such as financial inclusion.
  • The FATF Standards provide flexibility to countries to exempt a particular type of financial institution, DNFBP or VASP from the requirements to identify, assess, monitor, manage and mitigate proliferation financing risks, provided there is a proven low risk of proliferation financing relating to such private sector entities.
• With this revision, financial institutions have become directly subject to PF related obligations. However, the scope of this obligation is more focused than ML and TF and do not have cascading impact on broader set of AML/CFT obligations (such as STRs).
• Country’s PF risk assessment at national level (NRA) is of key importance and should inform the risk PF assessments of institutions.
• All references to AML/CFT in other parts of this document implicitly covers also Counter Proliferation Financing (CPF).
• This PF NRA, should also determine the regulatory expectations and guidance about institutional PF risk assessment and mitigation. Certain products or entities can be exempted from this obligation when there is proven-low risk.
• Countries and financial institutions can and should leverage their existing AML/CFT mechanisms to mitigate PF non-compliance risks.

In the context of Recommendation 1, “proliferation financing risk” refers strictly and only to the potential breach, non-implementation or evasion of the targeted financial obligations referred to in Recommendation 7. These R.7 obligations apply to two country-specific regimes for the Democratic People’s Republic of Korea (DPRK) and Iran, require countries to freeze without delay the funds or other assets of, and to ensure that no funds and other assets are made available, directly or indirectly to or for the benefit of

1. Any person or entity designated by the United Nations (UN).
2. Persons and entities acting on their behalf or at their direction.
3. Those owned or controlled by them. (FATF 2021).

Considerations for Regulators

• Multistakeholder approach: Regulations should be a product of close coordination among financial supervisors, telecom authority, Financial Intelligence Unit, national ID agency, and financial inclusion policy makers.
• Pro-active Regulatory Guidance: Regulators should provide clear guidance to e-money service providers about their risk-based AML/CFT obligations. Regulator should take initiative in interpretation of low and high risks (i.e. as in tiered KYC), rather than delegating the full responsibility to private sector.
• Level playing field: In principle, provision of same services should be subject to same KYC and other AML/CFT requirements to ensure a level playing field. Proportionality that is based on the risk-profile of institutions does not contradict with this principle and is in line with the spirit of risk-based approach.
• Risk-based account tiers and AML/CFT controls: Establishing different DFS account tiers with proportionate, risk-based Know Your Customer (KYC) requirements and transaction/ balance limits can promote both supply and demand of e-money services. This also relates to the allowed functions in each tier. i.e. if the demand is mostly for domestic transactions, limiting the international transactions for some tiers can reduce the risk significantly. G2P and P2G payments may also pose minimal ML/TF risks and can be the basis for further simplifications.