FCA e-money thematic review shows AML expectations

4 October 2018

The FCA’s thematic review of e-money institutions gives clarity on expectations around anti-money laundering controls. Highlighting good and bad practice, firms can use the findings to get a greater understanding of the regulator’s expectations and formulate a plan to improve controls, where necessary.
e-money thematic review

As part of this diagnostic thematic review, the FCA assessed the AML and CTF controls in place at thirteen electronic money institutions (EMIs).

E-money thematic review findings

The findings provide examples of good practice, such as an annual MLRO report, business risk assessments which cover all products and multi-factor customer risk assessment models.

The review also highlights observed poor practice, including: failing to assess the nature and intended purpose of business relationships; unclear enhanced due diligence procedures; and overly narrow AML/CTF training.

The main conclusions of the thematic review were:

  • the majority of firms had effective controls, demonstrated positive culture and had low appetite for financial crime risk
  • policies and procedures had generally been updated to account for the Money Laundering Regulations 2017, resulting in less use of simplified due diligence provisions
  • the use of automated systems meant that transaction monitoring was generally effective
  • the quality of management information was variable and senior management engagement is increased where key risks are supported by data
  • some firms had only draft, and therefore non-approved, business risk assessments
  • customer risk assessment approaches would benefit from greater definition
  • although e-money is generally considered a medium risk product, certain product features can lead to increased risk.

What does the FCA expect from e-money firms?

The FCA has clearly set out its expectations of e-money firms with respect to AML and CTF, in a number of areas:

Governance and culture

  • Appropriate governance structures including clear and effective communication to senior management
  • A well embedded financial crime prevention culture.

Risk assessments

  • Comprehensive business risk assessments which are approved by senior management, used in designing risk controls and kept under review
  • Multi-factor customer risk assessments to determine risk ratings and determine the extent of customer due diligence and monitoring
  • Risk-based policies and procedures which take account of new operational, legal and regulatory developments and emerging risks and are subject to senior management approval.

Customer due diligence and monitoring

  • Have a back-up plan to electronic identity verification and use additional tools (such as geolocation and IP address checks) in non face-to-face cases
  • Shareholders and beneficial owners are subject to identity verification and screening for PEP and sanctions purposes
  • Assess the nature and purpose of a proposed relationship to better understand risk and enable effective monitoring
  • Enhanced due diligence should focus on the particular risks identified and be conducted at onboarding
  • E-money institutions should follow the FCA’s guidance on the treatment of PEPs
  • Transaction monitoring parameters should be kept under regular review and arising alerts should be followed by appropriate action, for example investigation, account blocks or restrictions, SAR submission.

Outsourcing

  • Where key tasks are outsourced (for example, to a Programme Manager), e-money institutions must exercise effective oversight (which might include: a flow of MI; sample testing; on-site visits; or audits).

Training

  • Training should be relevant to the nature of the business, provided to all relevant employees and include an assessment exercise.

What should e-money institutions do now?

All EMIs should digest the FCA’s thematic review and consider their AML and CTF programmes in light of the guidance provided. Where control enhancements are required, an action plan should be formed, delivered and tested. In our experience of working with EMIs, the components likely to require greatest attention are business risk assessments, assessing the nature and purpose of customer relationships and deploying appropriately tailored AML/CTF training.

Although the FCA has said that it is not deploying its formal supervisory tools with respect to any of the thirteen firms visited, now that its knowledge is enhanced and expectations have been communicated to the sector, the likelihood of future focussed action is greater, particularly as the FCA continues to sharpen its supervisory focus on the broader Payment Services market.

The clarity provided by the e-money thematic review might help with the access to banking challenge given that AML concerns have been cited by banks as a reason for declining to provide services to payment service providers, including EMIs.

If you’d like to discuss your e-money AML programme or any element of the thematic review of AML/CTF at EMIs, please get in touch with the team below.

Share this