The FCA published a Thematic Review (TR18/3) today detailing its findings of visits to 13 Electronic Money Institutions (EMIs) to assess their anti-money laundering (AML) and counter-terrorist financing (CTF) control frameworks. The review focused on e-money products, including prepaid cards and digital wallets. Overall, the review established that the 13 firms assessed had reasonably effective anti-money laundering and counter-terrorist financing systems and controls. However, the work did highlight some weaknesses, therefore all firms should avoid any complacency.
The main conclusions of the review are that:
* A positive culture, and good awareness and understanding of their financial crime obligations were generally demonstrated by all firms, as well as a low financial crime risk appetite;
* Most EMIs had revised and updated their policies and procedures to comply with current Money Laundering Regulations 2017;
* Most firms had effective transaction monitoring in place, largely based on automated technological solutions;
* Most EMIs with outsourced distribution of e-money and compliance to Programme Managers had adequate governance and audit measures to manage the risks;
* Most EMIs produced monthly or quarterly management information (MI) reports on fraud, money laundering and terrorist financing. The quality of MI was variable, depending on whether information on identified key risks was supported by data;
* All 13 EMIs had mandatory annual AML and sanctions training for existing staff members with a testing element (half of them through online providers);
* Most firms had a financial crime business-wide risk assessment covering money laundering, terrorist financing (and fraud, as noted), some of which was only in draft, and had not been approved or challenged at Board level, and with little definition of individual customer risk assessments.
EMIs are expected to have a governance structure appropriate to the nature, scale, and complexity of their business. Once again, senior managers are responsible for ensuring that the firm’s systems and controls are appropriately designed and implemented.
EMIs should read and digest this document, with a view to testing and reviewing their own internal arrangements in light of the guidance provided and of the good and poor practices detailed within the review. Whilst the FCA did not use any formal supervisory tools for remedial action against any of the 13 firms visited, it is fair to predict that, following publication of this thematic review and the clarification in regard to on AML and CTF control framework expectations contained within it, the regulatory focus on the sector may soon increase.