Risk identification & management for payment institutions

The EBA considers the payment institution sector to represent high inherent ML/TF risks. High risk factors include the customer base, geography, type of the financial products offered and the channels used to deliver them. Some examples of risks are set out below.

Customer base

PIs have an increased customer base of individuals who have been previously de-risked from the banking sector due to AML/CFT concerns.

High-risk sectors 

The number of customers from high-risk sectors such as gambling companies and crypto asset service providers (CASPs) is higher compared with the banking sector.

Cross-border

The cross-border nature of transactions, which are often executed with high-risk third countries, represents increased risk of ML/TF.

Anonymity

Products and services can facilitate anonymity, through new technologies, innovative products and the high speed of transactions.

Occasional transactions

There is a prevalence of occasional transactions rather than established business relationships, resulting in PIs being unable to create a customer risk profile to support the identification and management of ML/TF risks.

Intermediaries

There is widespread use of intermediaries, including agents who have limited awareness of applicable AML/CFT rules and for which oversight is difficult by PIs. The risk that agents are being exploited by criminals or criminal networks is high.

Outsourcing

Outsourcing without appropriate safeguards and oversight in place can adversely affect the robustness of PIs’ control and risk management frameworks.

The EBA, in its report, has identified weaknesses that involve a poor overall awareness and management of ML/TF risks and lack of rigorous training on AML/CFT issues. The deficiencies in the treatment of AML/CFT has led to regulatory breaches.

The most common breaches in the treatment of AML/CFT risks by the payment institution sector for 2022 are as follows: 

The most common weakness is related to deficient transaction monitoring systems. Other weaknesses found are derived from insufficient suspicious transaction identification and reporting (STR). Many PIs appear to rely on the STR reporting systems of the credit institutions with which they bank, rather than implementing their own.

The EBA also noted for some PIs that the ongoing screening of customers and transactions was not happening on a consistent basis or was not happening at all. It was also noted that internal governance arrangements were inadequate with a lack of application of a clear three-lines-of defence approach.

Other risks identified were associated with the participation of shareholders in the running of the business, which interfered with the PI’s sound and prudent ML/TF risk management.

EBA observed that TF risks are poorly understood and managed, particularly because of the specific features of the product and services such as the cash-based nature and the wide geographical reach of the service. EBA noted the reliance on sanctions screening as the only TF risk mitigating tool.

We are ready to assist you in the identification and assessment of Money Laundering and Terrorism Financing risks. We can help you understand the regulatory requirements and incorporate them into your broader strategies to ensure a safe environment for your customers, which will fuel your growth in the market.

KPMG has an active, market leading global financial practice, with proven methodologies and risk libraries to meet regulatory expectations. We combine this will our substantial experience in the use of tech and data to support our clients in driving the right risk, regulatory and cost outcomes.

Drawing on deep sectoral experience, we can support you in the following:

• Conducting review and assurance exercises on your Risk Assessment Methodology and your AML framework to evaluate ML/TF threats and risks to your business;
• Ensuring that all relevant risk criteria have been adequately identified and assessed against known and emerging typologies and tailored for the risks presented in your business model;
• Reviewing that your assessments are supported by both qualitative and quantitative data;
• Ensuring your key risk indicators are adequately identified and reported within the business;
• Implementing controls designed and operational to effectively mitigate these risks; and,
• Providing global better practice insights to help you shift the mindset towards transformation and innovation on the way your company treat the risks, including emerging risks.

• Support you in assessing your Fincrime operating model across tech, data, people and process;
• Developing and executing a technology strategy and operating model that supports the utilisation and development of existing and future data for a more effective AML program;
• Implementing a dynamic system of Customer Identification and Verification, Customer Due Diligence and Customer Risk Assessment, including PEPs, for a more effective mitigation of Risks;
• Providing benchmark practices, including the use of tech and data and capability against peers, mindful of emerging technologies;
• Optimising investment spend, to give best bang for your buck; and,
• Devising a roadmap and supporting implementation for the maturing of your operational model, based on the specific AML risks your company wants to address, to meet the ever-changing FinCrime landscape.

• Ensuring adequate identification of risk scenarios against the risk assessment;
• Assessment of detection scenarios to ensure sufficient coverage;
• Advising on data lineage across the customer lifecycle to ensure integrity;
• Advising on the right tools, technology, strategy, analytics and data to help you move to innovative customer and transaction monitoring; and,
• Ensuring that data usage is optimised, and tech is configured to reduce level of false positives and therefore cost.