Report on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities

Brussels, 27.10.2022

SWD(2022) 344 final

COMMISSION STAFF WORKING DOCUMENT

Accompanying the document

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities

{COM(2022) 554 final}

Table of Contents

INTRODUCTION3

ANNEX 1 – RISK ANALYSIS BY PRODUCT/SECTOR5

I.CASH -RELATED PRODUCTS6

1. Cash couriers6

2. Cash intensive business14

3. High value banknotes22

4. Payments in cash27

5. Privately owned ATMs33

II.FINANCIAL SECTOR37

1. Retail banking sector (formerly “Deposits on accounts”) 37

2. Retail and Institutional investment sector (formerly “Institutional investment sector — Banking”) 43

3. Corporate banking sector48

4. Private banking sector51

5. Crowdfunding54

6. Currency exchange60

7. E-money65

8. Transfers of funds and money remittance (formerly “Transfers of funds”) 74

9. Illegal transfers of funds — Hawala81

10. Payment services86

11. Crypto-assets (formerly “Virtual currencies and other virtual assets”) 94

12. Business loans104

13. Consumer credit and low-value loans107

14. Mortgage credit and high-value asset-backed credits112

15. Life insurance116

16. Non-life insurance121

17. Safe custody services125

III.NON-FINANCIAL SECTOR129

1. Trusts129

2. Nominees138

3. Companies144

4. High value goods – artefacts and antiquities153

5. High value assets – Precious metals and precious stones164

6. High value assets – other than precious metals and stones171

7. Couriers in precious metals and stones175

8. Investment real estate179

9. Services provided by accountants, auditors, advisors, and tax advisors185

10. Legal services from notaries and other independent legal professionals194

IV.GAMBLING201

1. Betting203

2. Bingo209

3. Casinos212

4. Gaming machines (outside casinos) 217

5. Lotteries222

6. Poker 226

7. Online gambling230

V.NON-PROFIT ORGANISATIONS (NPO) 238

1.Collection and transfers of funds through a NPO238

VI.PROFESSIONAL SPORTS247

1.Investments in professional football and transfer agreements247

VII.FREE-TRADE ZONES256

1.Free Zones256

VIII.CITIZENSHIP-RESIDENCE265

1.Investor citizenship and residence schemes265

RISK MATRIX BY PRODUCT/SECTOR – Comparative table 2017-2019-2022 275

ANNEX 2 – METHODOLOGY277

ANNEX 3 – EU LEGAL FRAMEWORK 288

ANNEX 4 – GLOSSARY291

ANNEX 5 – BIBLIOGRAPHY294

1. INTRODUCTION

This Supra-National Risk Assessment (SNRA) follows the methodology 1 used for the 2017 and 2019 SNRAs, which provides a systematic analysis of the money laundering and terrorist financing risks linked to the methods used by perpetrators. The aim is to identify circumstances in which services and products in a given sector could be abused for money laundering (ML) or terrorist financing (TF) purposes, without passing judgement on the sector as a whole.

As with its previous editions, this SNRA focuses on vulnerabilities at EU level, in terms of both the legal framework and its effective application. It presents the main risks for the internal market in a wide range of sectors and the horizontal vulnerabilities that can affect those sectors.

This report sets out mitigating measures that should be taken at EU and national level to address the risks and makes a number of recommendations for the various actors concerned. It does not prejudge the mitigating measures that some Member States have taken or may decide to take in response to national ML/TF risks. The mitigating measures in this report should therefore be considered a baseline that can be adapted, depending on the national measures already in place.

Under Article 6(4) of Directive 2015/849 (‘the 4th Anti-Money Laundering Directive’) as modified by Directive 2018/843 (‘the 5th Anti-Money Laundering Directive’), hereby ‘the Anti-Money Laundering Directive’ or ‘the AMLD’, if Member States decide not to apply any of the previous SNRA recommendations, they should notify the Commission of their decision and provide a justification for it (‘comply or explain’). No such notification was received to date by the Commission.

Process followed for the 3rd edition of the Commission SNRA

The Commission has built this third edition of the SNRA updating the analysis and conclusions of its second edition as well as further consulting individual experts, private stakeholders (representative organizations at EU level) and national authorities. These consultations have taken place from 2020 to 2022.

The Commission also consulted other regulatory agencies and national authorities, such as Europol, the European supervisory authorities (ESAs) and the FIUs’ Platform (FIUnet) 2 .

The purpose of this consultation exercise was twofold: to follow up on the recommendations made in the 2019 SNRA and to update and further fine-tune its analysis and conclusions, mainly as regards quantitative data and perceived risk levels.

Finally, given the evolving nature of ML/TF threats and vulnerabilities, the SNRA takes an integrated approach to assessing the effectiveness of national AML/CFT arrangements.

In order to monitor their compliance with EU requirements, their implementation and their preventive capacity, the Commission assessment takes due account of national risk assessments (NRAs) produced by the Member States to ensure the proper identification and mitigation of specific national risks 3 .

Individual sectors are also assessed taking stock of their relevant risk factors, including those relating to specific customers, countries, products, services, transactions and delivery channels.

These three layers (supranational, national and sectoral) of risk assessment, along with risk mitigation, where appropriate feed into a comprehensive awareness and analysis of ML/TF risks in the EU in which different layers complement each other and are equally relevant.

The Commission draws on and complements national and sectoral assessments by assessing risks that affect the Union internal market and are related to cross border activities.

During this exercise Commission analysis has also benefited from the audit conducted by the European Court of Auditors (ECA) during 2019-2020. This audit has led to the adoption by the ECA of a special report 4 .

The conclusions of the ECA report as well as the methodology followed by the Commission in its SNRAs are further discussed under Annex 2 (“Methodology”).

The legal framework

The risk assessment needs to provide a snapshot of the money laundering and terrorist financing risks and requires a clear-cut timing. The assessment of risks affecting the EU was carried out at a time when the relevant legislative framework was the 4th Anti-money Laundering Directive as modified by the 5th Anti-Money Laundering Directive. Transposition deadline for the latter elapsed on January 20, 2020. At the time of drafting this report, all Member States save the Netherlands have declared a complete transposition.

While the main EU instrument is the Anti-money Laundering Directive, the Union’s anti- Money Laundering and Countering Terrorist Financing legal framework is complemented by other EU legislation. An indicative list is attached in Annex 3.

In addition, an index of abbreviations used in the risk analysis is attached in Annex 4 and a bibliography in Annex 5.

ANNEX 1 – RISK ANALYSIS BY PRODUCT/SECTOR

This SNRA has followed a specific methodology involving systematic analysis of the ML/TF risks linked to perpetrators’ methods. The aim is to identify the circumstances under which the services and products a given sector provides could be abused for ML/TF purposes (without passing judgment on a sector as a whole). Methodology is presented in detail in Annex 2.

It is based on Directive (EU) 2015/849 (4th Anti-money Laundering Directive) as modified by Directive (EU) 2018/843 (the AMLD).

Each risk is rated for threat and vulnerability. The ratings are on a scale from 1 to 4 and coloured for easy identification as follows:

1)low significance – value: 1,

2)moderately significant – value: 2,

3)significant – value: 3,

4)very significant – value: 4,

The ratings were used only to summarise the analysis. They should not be considered in isolation from the factual description of the risk.

The risk matrix:

Then, the residual risk level is presented for every product/sector in a graded table:

CASH-RELATED PRODUCTS

1. Cash couriers

Product

Cash couriers / cross external border cash movements

Sector

This assessment covers the supranational risks – i.e. cash entering/leaving the European Union at the EU external borders.

Since 15 June 2007, movements of cash entering or leaving the EU had been governed by Regulation 1889/2005, which implements Recommendation 32 of FATF on cash couriers at EU level. That Regulation is an integral part of the EU’s Anti-Money Laundering and Terrorist Financing framework. As part of the European Agenda on Security and Action Plan for strengthening the fight against terrorist financing, the Commission adopted a proposal for a Cash Controls Regulation in December 2016. Regulation (EU) 2018/1672 5 was adopted in October 2018 and has entered into application on 3rd June 2021 (the new Cash Controls Regulation).

Regulation 1889/2005 established a uniform EU approach towards cash controls based on a mandatory declaration system. If a natural person entering or leaving the EU (including transiting) with cash of a value of EUR 10 000 or more, they should declare them to the relevant customs authorities. The EUR 10 000 threshold is considered high enough not to burden the majority of travellers and traders with disproportionate administrative formalities. However, when there were indications of illegal activities linked with movements of cash lower than EUR 10 000, the collecting and recording of information related to these movements was also authorised. This provision was introduced in order to limit the practice of ’smurfing‘ or ’structuring‘, the practice of deliberately carrying amounts lower than the threshold with the intention to escape the obligation to declare (e.g. splitting the amount between different connected persons from a same group/family).

In keeping with the latest developments in international standards on combating money laundering and terrorism financing developed by the FATF, the new Cash Controls Regulation has significantly beefed up controls both in terms of scope and in terms of authorities’ powers:

·In terms of scope, under the new Cash Controls Regulation, the definition of cash has been extended to cover not only currency and bearer negotiable instruments (e.g. cheques or money orders) but also commodities used as highly–liquid stores of value such as gold. Its scope was also extended to cover cash that is sent by post, freight or courier shipment;

·The new Cash Controls Regulation also provides for the obligation for any traveller entering or leaving the EU and carrying cash to a value of EUR 10 000 or more to declare it to the customs authorities. The declaration is required irrespective of whether travellers are carrying the cash in person, in their luggage or means of transport and the cash has to be made available for control;

·Moreover, where the cash is sent by other means (“unaccompanied cash”), the relevant authorities have the power to ask the sender or the recipient to make a disclosure declaration. The authorities are able to carry out controls on any consignments, packages or means of transport which may contain unaccompanied cash.

·The new Cash Controls Regulation enables Customs authorities to act on amounts lower than the threshold of EUR 10 000, where there are indications that cash is related to criminal activity.

In addition, the Regulation further enhances coordination of actions across authorities:

·The new Regulation improves the exchange of information between authorities (Customs and Financial Intelligence Units) and Member States 6 .

·In case where there are indications that cash is related to criminal activity which could adversely affect the financial interests of the EU, this information is also transmitted to the European Commission, the European Public Prosecutor’s Office and to Europol, where they are competent to act;

·The new Cash Controls Regulation provides in its Article 5(4) that the risk assessments produced by the Commission and by national Financial Intelligence Units (FIUs) will be taken into account when establishing the common risk management framework for performing controls.

The new Cash Controls Regulation does not prevent Member States from providing additional national controls on movements of cash within the Union under their national law, provided that these controls are in accordance with the Union’s fundamental freedoms.

Before the pandemic, per year on average there were around 110 000 cash cases, representing a total amount of around EUR 55 billion. Customs controls detected around 13 000 cases where cash was not declared or was incorrectly declared representing around EUR 364 million per year.

As of the second quarter of 2020, due to the pandemic, travel was severely disrupted and, consequently also the physical movement of cash resulting to lower values of cash controls declarations (and non- declared cash or incorrect declarations) than the previous years.

For 2020, there were almost 57 000 cash cases, representing a total amount of around EUR 37 billion. Customs controls detected almost 9 000 cases where cash was not declared or was incorrectly declared representing around EUR 245 million.

Description of the risk scenario

This risk scenario is intrinsically linked to use of/payment in cash and to high value denomination banknotes risk scenario 7 .

Criminals or terrorist financiers who generate/accumulate cash proceeds seek to aggregate and move these profits from their source, either to repatriate funds or to move them to locations where access to placement in the legal economy is easier. This includes locations characterised by a predominant use of cash, more lax supervision of the financial system or stronger bank secrecy regulations. Terrorists may also transfer rapidly and safely funds from one location to another, including by using cash concealed in air transit.

Cash couriers may use air, sea, road or rail transport to cross an EU external border. In addition, cash may be moved across external borders unaccompanied such as in containerised or other forms of cargo, or concealed in mail or post parcels. To move very large amounts of cash, perpetrators often conceal it in cargo that can be containerised or otherwise transported across borders.

Perpetrators may also use sophisticated concealment methods of cash within goods which are either carried across the external border by a courier or are sent by regular mail or post parcel services. Although unaccompanied consignments (except cargo) tend to be smaller than those secreted within vehicles, or on the person of cash couriers, the use of high denomination banknotes can still result in seizures of significant value.

On the other hand, the seizure of large amounts of cash within EU is also possible. It is not only important to control EU external borders, but also the intra-EU transportation of cash. This fact is relevant because of the different intra-EU rules that Member States have regarding the use of cash to, for instance, purchase goods, deposit in bank accounts, etc. Additionally, the external borders are not monitored with the same efficiency level. Criminals know that fact, and they try to cross the most permeable borders with cash, even if they have to drive thousands of kilometres within EU. National thresholds of intra-EU movements of cash exist in some Member States: in Spain, for instance, it is EUR 100 000 for internal travel and EUR 10 000 when crossing borders.

Threat

Terrorist financing

Terrorist groups have made use of various techniques to move physical cash across the external borders, particularly in the case of larger organisations. This includes the following:

·The threat is particularly relevant for cash couriers from the EU to third countries. Law enforcement authorities have seized large amounts of money in conflicts zones that was supposed to finance terrorist organisations;

·Cases have been identified where (prospective) foreign terrorist fighters doubled as cash couriers to fund their travels and sojourn in conflict areas. These individuals typically carry lower amounts that are more difficult to detect and may not be subject to an obligation to declare incumbent on natural persons carrying EUR 10 000 Euro or more is cash. As it allows for anonymity, this modus operandi is perceived as attractive and fairly secure, despite still carrying some risks. That is the reason why this modus operandi shall also be considered in conjunction with the analysis of high denomination banknotes. The more high denomination banknotes are used, the easier the cash transportation is – although risks associated with acquiring high denomination notes (not readily available) may not outweigh the benefit of additional compactness. Cash transportation has been a recurring modus operandi for terrorist groups in Syria– although the average amounts carried by a foreign fighter leaving the EU may not be significant compared to locally available funds;

·The threat of cash transportation into the EU from a third country may also exist, in particular from countries exposed to TF risks or conflict areas (e.g. cash couriers from Syria, Gulf region, Russia into the EU have been reported). There are limited indications of high-value movements of cash into the Union (i.e. much in excess of the declaration threshold) for the purposes of terrorism financing. Cases have been identified concerning lower amounts and involving integration of cash amounts carried from third countries into the financial system/legal economy of the EU (analysed separately below).

From a perpetrator risk-management perspective, sending cash through post or freight consignments, using multiple consignments each containing lower amounts presents a theoretically attractive option as there is no courier physically crossing the external border carrying the cash who could be intercepted. While customs controls may take place, these do not allow for the capture of all relevant data.

Finally, perpetrators may also have an incentive to convert cash in other types of anonymous assets which are not subject to cash declarations (e.g. prepaid cards) 8 .

Money laundering

Threats posed by cash couriers have been documented in the FATF Report: Money laundering through the physical transportation of cash (October 2015) 9 .

That report points to physical transportation of cash across an international border, as ‚one of the oldest and most basic forms of money laundering‘. Transportation of cash is also used for terrorist financing 10 . Although there is no reliable data on the amount of money ‘laundered’ in this way, the report estimated its volume to be between ‚hundreds of billions and a trillion US dollars per year‘. The report explains that the most frequently encountered and ‚laundered‘ currencies are stable and widely used currencies such as the US dollar, the euro, the Swiss franc and the British pound, usually, with high denomination notes used. The report also highlights that criminals exploit the existing cash declaration systems mechanisms, for example, by ‚reusing cash declarations several times for the same purpose‘ 11 .

In the above-mentioned 2015 Europol report “Why cash is still king?”, law enforcement investigations confirm that cash, and in particular high denomination notes, are commonly used by criminal groups as a facilitator for money laundering. Operations have revealed huge sums of cash moved and stashed by criminals which are steadily invested and integrated in the legal economy in a multitude of ways which rid them of bulky cash holdings at risk of being confiscated. These methods require an army of criminal associates and complicit or negligent gatekeepers to ensure that their insertion in the legal economy doesn’t arouse suspicion.

In the EU, the use of cash is still the main reason triggering suspicious transaction reports within the financial system, accounting for 34% of all reports.

Criminals who generate cash proceeds seek to aggregate and move these profits from their source, either to repatriate funds or to move them to locations where access to placement in the legal economy is easier (in particular due to the predominant use of cash in some jurisdictions’ economies, more lax supervision of the financial system or stronger banking secrecy regulations, or because criminals may have greater influence in the economic and political establishment).

Cash smuggling may occur at other stages and is also used by non-cash generating offences. For example cybercrimes such as phishing and hacking make use of money mules to receive and withdraw sums fraudulently obtained from victims’ bank accounts in cash. These funds are thereafter sent via wire transfer to other jurisdictions where they are collected in cash by a select number of individuals, likely for onward transportation.

Since 2017, cash has remained a relevant threat in regard to money laundering. European investigations indicate that movements of cash inside the EU and outside are associated with criminal offences. The most relevant crime area is drug trafficking 12 . Drug related cash proceeds generated through the sales and distribution of predominantly cocaine and hashish are accumulated and received by the designated collectors working for a money laundering controller network. The money laundering controller networks provide money laundering as a service -cash out, cash in and payment for third parties- to any criminal organisation that approaches them. They offer similar services than financial institutions do, but outside of the regulated financial framework.

The drug trafficking organizations (DTO) then engage with money laundering controller networks(traditionally outside of the EU)these controllers charge a commission for facilitating towards the DTOs the value of their proceeds. The money laundering controller networks dispose of their own cash pool in different countries operated by coordinators and cash collectors. After the arrangement is made, the cash collectors deliver the cash proceeds to the designated intermediaries. From there the cash starts moving, crossing the EU towards the designated exit point (still within the EU) or exiting directly the EU. The current legal framework in the EU has significantly hindered the opportunities for introducing into the financial system large amount of illegal drug proceeds. Because of this, money is used in Trade-Based Money Laundering (TBML) schemes 13 or is transported out of the EU towards “cash friendlier” jurisdictions. Turkey, Dubai and Beirut have in the last years shown steady presence as preferred cash destinations and growing financial hubs in the EU.

The use of cash, sometimes in conjunction with other tools such as trade-based transactions, crypto currencies and hawala, is also an essential part of the drug trade, all the way from street level to purchase in production countries.

Vulnerability

Terrorist financing

a)Risk exposure

The cash couriers are associated with the threat of the large denomination banknotes: 500 (no longer issued since April 2019) and 200 Euro. The assessment of the TF vulnerability related to cash couriers shows that due to the nature of cash, the use of cash couriers allows significant volumes of transactions/transportation to take place speedily and anonymously.

The cross-border aspect of this modus operandi increases the risk to involve geographical areas identified as high risks

b)Risk awareness

The legislation in place (mandatory cash declarations by natural persons at the external borders of the EU) has increased the risk awareness, at least as far as persons are concerned.

Risk awareness exists for unaccompanied cash transportation, which is now covered by the new Cash Control Regulation – but is more limited.

c) Legal framework and checks

There are controls in place through the mandatory declaration of cash transportation at the EU external borders 14 . Under the new Cash Controls Regulation these controls are extended to cash sent in postal parcels or freight shipments, and to commodities used as highly- liquid stores of value such as gold, which were not previously subject to cash controls. This legislation has also increased the risk awareness.

Where unaccompanied cash is concerned (cash sent through consignments or parcels) the new Cash Controls Regulation enables the competent authorities to request the sender or the recipient, as the case may be, to make a disclosure declaration The authorities will also have the power to carry out controls on any consignments, receptacles or means of transport which may contain unaccompanied cash.. The declarations and disclosure declarations are done in writing or electronically using a standard form. These cash declarations allow for more effective reporting to the FIUs.

Money laundering

a)Risk exposure

The risk exposure is intrinsically linked to the cash based activity (anonymity, speediness). Hence the risk exposure is particularly important for this modus operandi.

b)Risk awareness

The legislation in place (mandatory cash declarations at the external borders for cash carried by natural persons) has increased the risk awareness, at least as far as persons are concerned.

Risk awareness exists for unaccompanied physical cash transportation – but is more limited with regard to shipping/freight/couriers.

c)Legal framework and checks

Similarly to TF, there are controls in place through the mandatory declaration of cash transportation at the EU external borders (Cash Controls Regulation) by natural persons.

These cash declarations allow an easier detection of suspicious transactions and are reported to the FIUs (although shortcomings in information sharing exist and enforcement in application may also vary between Member States).

Where unaccompanied cash is concerned (cash sent through consignments or parcels) the new Regulation allows the competent authorities to carry out risk analysis and concentrate their efforts on shipments deemed to present the highest risk, while not imposing systematic additional formalities. The disclosure obligation is subject to a threshold identical to that for cash carried by natural persons.

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (4).

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant/very significant (level 4).

Mitigating measures

The new Cash Controls Regulation, applicable from 3 June 2021, has reinforced the existing rules on cash movements:

·It enables authorities to act on amounts lower than the declaration threshold of EUR 10 000, where there are indications that cash is related to criminal activity;

·Improves the exchange of information between authorities and Member States;

·Enables competent authorities to demand disclosure for cash sent in unaccompanied consignments such as cash sent in postal parcels or freight shipments;

·Extends the definition of ‚cash‘ to also include commodities used as highly–liquid stores of value such as gold.

For the Member States:

·Given the difficulties caused by non-harmonised intra-EU movements of cash rules, Member States could consider aligning those national thresholds.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol. In particular, relevant authorities in Member States should consider reporting to Europol the cash seizures and related information (destination/origin/type of banknotes…) 15 .

2. Cash intensive business

Product

Cash intensive business

Sector

Cash intensive businesses include bars, restaurants, constructions companies, motor vehicle retailers, car washes, art and antique dealers, auction houses, pawnshops, jewelleries, textile retail, liquor and tobacco stores, retail/night shops, gambling services, strip clubs, massage parlours.

An insightful description of the use of cash features in European Central Bank’s report “Trends and developments in the use of euro cash over the past ten years” 16 (published as part of the ECB Economic Bulletin, Issue 6/2018) 17 . In terms of transactions, 83% of the transactions in restaurants, bars and cafés and for hotels and accommodation were made using cash while this share was 48% in shops selling durable goods 18 .

In order to increase vigilance and mitigate the risks posed by cash payments, the AML Directive subjects persons trading in goods to AML/CFT requirements when they make or receive cash payments of 10 000 EUR or more, including through linked payments. This measure does not amount to a blanket restriction on the use of cash, and its effectiveness heavily hinges on faithful adherence and implementation by private sector as well as effective oversight on part of national public authorities. Therefore, the Directive recognises that Member States may take different approaches, and allows them to lower the above threshold, introduce additional general limitations to the use of cash, or adopt other stricter measures.

Measures adopted at national level vary from one Member State to another:

·Currently, 19 Member States have introduced or are introducing limitations to cash payments 19 , ranging from EUR 500 in Greece to EUR 10 300 in the Czech Republic, with an average value of about EUR 4 500 20 ;

·The situation is constantly evolving, with Malta having recently introduced a limit of EUR 10 000 to payments in cash for some sectors, and other Member States having decided or planning to lower these limits (e.g. Denmark is planning to lower the limit to DKK 20 000 / EUR 2 700 and Italy will see its limit lowered to EUR 1 000 as of 2022);

·In three cases (France, Italy and Spain), higher thresholds apply to non-residents (between EUR 10 000 and EUR 15 000);

·In Hungary and Poland limits apply only to business-to-business (B2B) transactions, while some countries such as Slovenia have set different thresholds for business-to-consumers (B2C) and B2B transactions;

·Among the countries that have not set any limit to cash payments, Ireland and Sweden allow traders to refuse payments in cash.

The graph below summarises the situation across EU Member States.

Green: no cash limits set – HU, PL: limits only apply to business-to-business transactions

The map below provides a graphical representation of the intensity of the cash limits set (from the darkest to the lightest blue), where they exist, and where countries without cash limits are located. The map shows that generally neighbouring EU countries have applied different thresholds or often taken different approaches (limit/no limit), which impacts on the effectiveness of the national measures.

In its Report to the European Parliament and the Council on restrictions on payments in cash of 12 June 2018 21 , the Commission noted that introducing cash limits at EU level could have potential benefits on fighting money laundering. The report also concluded that diverging national provisions on payments in cash distort competition in the internal market, leading to potential relocations of businesses across borders, in particular for some specific sectors relying significantly on cash transactions, such as jewellery or car dealers. The report finally noted that diverging national restrictions potentially create loopholes allowing the bypassing of national cash payment limits, therefore decreasing their efficiency.

The Action plan for a comprehensive Union policy on preventing money laundering and terrorist financing, adopted by the Commission in May 2020, noted the different approaches taken by Member States to mitigate the ML/TF risks associated with cash. The Action Plan pointed out that the introduction of ceilings for large cash payments is one of the measures that could deliver a reinforced AML/CFT rulebook.

In reaction to the Action Plan, the Council conclusions of 17 June 2020 on enhancing financial investigations to fight serious and organised crime noted that the analytical work done by the Commission and Europol shows that criminals use cash payments to launder money and to finance terrorism. The conclusions called on the Commission to re-engage in a discussion with Member States on the need for a legislative limitation on cash payments at EU level.

Against this background, the Commission has proposed in its AML package published on 20 July 2021 a ceiling on cash payment. According to Commission’s proposal 22 , traders in good or services will be prevented from accepting cash payments of over EUR 10 000 for a single purchase, while allowing Member States to maintain in force lower ceilings for large cash transactions 23 . This ceiling does not apply to private operations between individuals. The Commission will assess the benefits and impacts of further lowering of this threshold within three years of application of the proposed Regulation.

Description of the risk scenario

Cash-intensive businesses are used by perpetrators:

·to launder large amounts of cash, which are proceeds of criminal activity, by claiming that the funds originate from economic activities;

·to launder amounts of cash, which are proceeds of criminal activity, by justifying its origin based on fictitious economic activities (both for goods and services);

·to finance, through often small amounts of cash, terrorist activities without any traceability.

This risk scenario is intrinsically linked to the use of/payment in cash and to the high value denomination banknotes risk scenario.

It must be noted that diverging national restrictions weaken the effectiveness of national cash threshold, by displacing illegal activities from a Member State with cash payment restrictions to a neighbour with more lenient restrictions or no restrictions at all. This was confirmed by anti-mafia prosecutors at the Commission’s High-Level Conference on AML/CFT of 30 September 2020, who noted that the absence of cash ceilings in many EU Member States facilitates laundering of proceeds for organised crime across the EU.

Threat

Terrorist financing

Cash intensive businesses are generally run by individuals through bars, restaurants, phone shops, etc. but are managed by a network of persons forming a terrorist organisation. In general, they are used to get clean cash in a speedy way (e.g. selling cars or jewelleries). However, this risk scenario is not used equally by all terrorist organisations (never seen for Daesh for instance) and not largely widespread as it requires capabilities to run the business.

.

Money laundering

Cash intensive business is exploited by criminals as it represents a viable option which is rather attractive and secure. It constitutes the easiest way to hide illegitimate proceeds of crime. However, as for TF, it requires a moderate level of expertise to be able to run the business and to escape detection.

Law enforcement authorities confirm that cash intensive businesses continue to be used to launder criminal proceeds.

Vulnerability

Terrorist financing

a) Risk exposure

While cash intensive business is less attractive to terrorist organisations than to criminals (see threat assessment below), when they are used by terrorists they present some vulnerabilities because the underlying risk is the one related to cash. The vulnerability assessment of TF related to cash intensive business is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rationale. Cash intensive businesses allow the processing of a huge number of anonymous transactions which require no management of new technologies and tracking tools. Hence it has a high inherent risk exposure.

b) Risk awareness

The risk awareness appears to be quite low because, even if large sums of cash can be obtained from cash intensive business, some FIUs notice that terrorist organisations seem to prefer lower denomination banknotes which are less easy to be considered as suspicious by obliged entities and LEAs.

c) Legal framework and checks

The legal frameworks in place related to cash payment limitations that some Member States have introduced. This framework varies a lot from one Member State to another concerning cash controls and cash payment limitations and, thus, controls can potentially be inexistent.

Money laundering

The assessment of the ML vulnerability related to cash intensive business shows that the main factors are linked to the risk posed by cash.

a)Risk exposure

The vulnerability assessment of ML related to cash intensive business is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rational. Cash intensive businesses allow the processing of a huge number of anonymous transactions which require no management of new technologies and tracking tools. This risk exposure concerns cash payments both for goods and services. Hence it has a high inherent risk exposure.

b)Risk awareness

The risk awareness appears to be quite low because, even if large sums of cash can be obtained from cash intensive business, some FIUs notice that terrorist organisations seem to prefer lower denomination banknotes which are less easy to be considered as suspicious by obliged entities and LEAs.

c)Legal framework and checks

Pending the adoption of Commission’s proposal 24 on cash ceiling by the European Parliament and Council, currently no upper limits to cash payments are in place at the EU-wide level.

The vulnerability of the sector is affected by the existence, or lack thereof, of rules relating to cash payment limitations:

·where cash limitation rules exist, ML vulnerabilities related to cash intensive business have been more easily mitigated due to the legal requirements which allow the refusal of cash payments above a certain threshold. In these cases, controls are in place and allow detecting red flags and suspicious transactions more easily. In addition, these cash payment thresholds are perceived by the sector and by LEAs as more efficient and, eventually, less burdensome than imposing customer due diligence measures. However, these legal businesses can also hide shadow and illicit activities which are able to circumvent cash limitations.

·where cash limitations rules do not exist, and whilst the risk awareness is quite high, the sector does not know how to manage the risks. It has no tools to control and detect suspicions transactions. The result is that the number of suspicious transactions reports (STRs) is rather low, or even inexistent.

Some Member States have introduced cash transaction reports to be declared for cash operations over a certain threshold. However, there is no common approach at EU level.

From an internal market perspective, the differences between Member States legislations on cash limitations increases the vulnerability for the internal market; perpetrators may more easily circumvent controls in their country of origin by investing in cash intensive business in another Member States having lower/no control on cash limitation. The existence of cash payments limitations in some Member States, and their absence in other Member States, creates the possibility to bypass the restrictions by moving to the Member States where there are no restrictions, whilst still conducting their terrorist or other illegal activities in the ’stricter‘ Member State.

To increase vigilance and mitigate the risks posed by such cash payments, persons trading in goods are covered by the AML Directive to the extent that they make or receive cash payments of EUR 10 000 or more. Member States are able to adopt lower thresholds, additional general limitations to the use of cash and further stricter provisions.

However, the effectiveness of those measures is still limited given the number of STRs. The volume of STR reporting is generally low because cash transactions are difficult to detect, there is not much available information and dealers may lose their clients to the benefit of competitors applying looser controls. In addition, it may be difficult for a trader in high value goods to design an AML/CFT policy in the limited events where a cash transaction beyond the threshold takes place (i.e. it is not the sector in itself which is covered by AML/CFT regime – but only high value dealers faced with cash transactions beyond a threshold). For this reason, some Member States have extended the scope to cover certain sectors regardless of the use of cash. Some Member States have also decided to apply a general cash restriction regime at this threshold to reduce the risk of ineffective or cumbersome application of customer due diligence (CDD) rules by high value dealers. However, it does not mitigate situations of cash intensive business which are based on lower amount cash transactions – or a repeated number of low amount cash transactions.

This is the reason why the Commission has proposed in its AML package proposed on 20 July 2021 the introduction of a cash ceiling of EUR 10 000.

In addition, cash intensive businesses are inherently risky because there are no rules dealing with fit and proper testing of these businesses‘ managers. Some cash intensive businesses are more vulnerable than others because they may give rise to cash exchange more easily (motor retails or pawnshops).

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as very significant (4).

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant/very significant (level 4).

Mitigating measures

·Money laundering and terrorist financing risks have not been sufficiently mitigated by the requirement for traders in goods to be subject to anti-money laundering rules when making or receiving cash payment of EUR 10 000. At the same time, differences in approaches among Member States have created loopholes within the internal market. The Commission deems it therefore necessary to propose a Union-wide limit to large cash payments of EUR 10 000. Member States should be able to adopt lower thresholds and further stricter provisions to mitigate the risk of money laundering and terrorist financing.

·The Commission will continue to monitor the application of limits to large cash payments across Member States. According to Commission’s proposal for a Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing published on 20 July, the Commission intends to present by 3 years from the date of application of that Regulation a report assessing the need and proportionality of further lowering the limit for large cash payments.

·Member States should take into account in their national risk assessments the risks posed by payment in cash in order to define appropriate mitigating measures. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their NRA. In that respect, Commission’s proposal for a Directive on the mechanisms for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing allows Member States to extend the application of money laundering requirements to sectors not covered in the scope of the Regulation. For this purpose, should the proposal be adopted, Member States will have to notify and explain their intention to the Commission that will adopt an Opinion on these plans.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

3. High value banknotes

Product

High value banknotes

Sector

In spite of a steady growth in non-cash payment and a moderate decline in the use of cash for payments, the total value of euro banknotes in circulation continues to rise year-on-year beyond the rate of inflation. This trend is referred to as “the paradox of banknotes”: the demand for euro banknotes has constantly increased while the use of banknotes for retail transactions seems to have decreased 25 . According to the ECB, this seemingly counterintuitive paradox can be explained by demand for banknotes as a store of value in the euro area (e.g. euro area citizens holding cash savings) coupled with demand for euro banknotes outside the euro area 26 .

Cash is largely used for low value payments 27 and its use for transaction purposes is estimated to account for less than one-third of banknotes in circulation 28 . Meanwhile the demand for high denomination notes, such as the EUR 500 note, not commonly associated with payments, has been sustained in spite of the EUR 500 note not being issued anymore since April 2019. These are anomalies which may be linked to criminal activity.

There is insufficient information around the use of cash, both for legitimate and illicit purposes. The nature of cash and the nature of criminal finances mean that there is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals. The ECB only provides broad estimates 29 .

While statistics exist on the volume and value of bank notes issued and in circulation in the EU, the question remains as to the use of a large proportion of cash in issuance especially when considering the EUR 500 note. The use of a significant proportion of banknotes remains unknown. Furthermore, the EUR 500 note accounts for 13,2% of the value of all banknotes in circulation, despite it not being a common means of payment. The EUR 200 and EUR 100 banknote account respectively for 10,2% and 23,5% 30 . Although it has been suggested that these notes are used for hoarding, this assumption is not proven. Even if this is the case, the nature of the cash being hoarded (criminal or legitimate) is unknown.

As evidenced in the Chart 1.1.2 above, the EUR 200 banknote whose circulation has significantly increased tends to replace the EUR 500 banknote since 2019.

On 4 May 2016, the Governing Council of the European Central Bank (ECB) decided to discontinue the production and issuance of the EUR 500 banknote. It did so taking into account the concerns of Europol 31 and many Member States that this is a banknote that facilitates illicit activities. Based on the ECB’s decision, since 27 April 2019, the banknote has no longer been issued by central banks in the euro area, but continues to be legal tender and can be used as a means of payment 32 .

Description of the risk scenario

Perpetrators use high value denominations, such as EUR 500 banknotes, to make the cash transportation easier (the larger the denomination, the more funds can be shrunk to take up less space).

This risk scenario is intrinsically linked to use of/payment in cash and to cash intensive business risk scenario.

Threat

Terrorist financing

The assessment of the TF threat related to high value denomination banknotes shows that terrorist groups are not keen on using high value denominations. They are not necessarily easy to access and, given that they can be detected quite easily they are not attractive for terrorist groups whose first objective is to get cash as quickly as possible. For the sake of discretion, terrorist groups tend to favour low denominations banknotes. Law enforcement authorities have detected few cases which tend to demonstrate that the intent and capability are not really significant.

Money laundering

The assessment of the ML threat related to high value denomination banknotes shows that they are recurrently exploited by criminal organisations to launder proceed of crime. The risk related to high value banknotes is not limited to EUR 500 and as long as long large sums in cash are gathered they are considered as attractive by criminal organisations. It does not require any major planning or complex operation – i.e. perpetrators have the technical skills to easily use this product. It remains a „low cost“ operation and allows storing of large amounts in very small volumes – which makes it very attractive for organised crime. It has been reported by law enforcement authorities that some criminal groups seek EUR 500 banknotes by paying a premium in order to get access to those large denominations; this demonstrates its attractiveness.

Operations themselves reveal huge sums of cash moved and stashed by criminals which are steadily invested and integrated in the legal economy in a multitude of ways which rid them of bulky cash holdings at risk of being confiscated. These methods require numerous criminal associates and complicit or negligent gatekeepers to ensure that their insertion in the legal economy does not arouse suspicion.

In the EU, the use of cash is still the main reason triggering suspicious transaction reports within the financial system, accounting for 34% of all reports.

Criminals who generate cash proceeds seek to aggregate and move these profits from their source, either to repatriate funds or to move them to locations where one has easier access to placement in the legal economy, perhaps due to the predominant use of cash in some jurisdictions’ economies, more lax supervision of the financial system or stronger banking secrecy regulations, or because they may have greater influence in the economic and political establishment.

Cash smuggling may occur at other stages and is also used by non-cash generating offences. For example cybercrimes such as phishing and hacking make use of money mules to receive and withdraw sums fraudulently obtained from victims’ bank accounts in cash. These funds are thereafter sent via wire transfer to other jurisdictions where they are collected in cash by a select number of individuals, likely for onward transportation.

The cash couriers are associated with the threat of the large denomination banknotes: 500 and 200 Euro. These banknotes are not used as a legal tender and in fact in Europe in many locations they are not accepted as payment. The high denomination banknotes are used by criminals to store value or for transportation (decreased volume of high overall amount). For example, the safety deposit box of a Belgian underground operator identified during the investigation of laundering hashish proceeds of Moroccan organised criminal groups revealed predominantly 500 and 200 banknotes in overall value of 1 600 000 Euro.

Counterfeit euro banknotes continue to be trafficked in bulk on lorries, and by couriers. Post and parcel services are increasingly used to distribute counterfeit euro banknotes sold via online platforms. Currency counterfeiters continue to introduce counterfeit banknotes into circulation by purchasing low-value goods with high-value banknotes to receive legitimate currency in exchange.

Vulnerability

Terrorist financing

a) Risk exposure

Large volume of high value denominations is in circulation, despite low use in commercial transactions. Cash still allows carrying transactions in an expedited, anonymous, and untraceable way.

b) Risk awareness

Especially LEAs and FIUs have high risk awareness, as do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially Europol reports, point to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

c) Legal framework and checks

Even if terrorist groups are less attracted to high value denomination banknotes, detection is quite difficult because there is no EU harmonisation concerning the legal framework related to the use of high value denomination banknotes. Controls are uneven; reports to FIUs are rather few, and most of the time they cannot distinguish between ML and TF. The use of high value denomination banknotes for ML purposes may be impacted by the ECB decision to gradually phase out EUR 500 because of the recognised links with criminal activities. However, the return rate is generally quite low and these banknotes may be still in use for a long time. Therefore, this cannot be seen as an immediate mitigation measure.

Money laundering

a)Risk exposure

High value denominations allow the storing/putting into circulation of large volumes of cash in a speedy and anonymous way. A large volume of high value denominations is in circulation, despite the low level of use in commercial transactions. Even if the use of high value denominations raises red flags, it remains that these denominations are not necessarily used for payments but rather to move funds. Large amounts can be stored in very small volumes. They are less easy to detect by FIUs and obliged entities.

b)Risk awareness

Especially LEAs and FIUs have high risk awareness, as do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially Europol reports, point to the blind spot in risk awareness (i.e. the precise use of high 27 value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

c)Legal framework and checks

The use of high value denomination banknotes for ML purposes may be impacted by the ECB decision to gradually phase out EUR 500 because of the recognised links with criminal activities. However, the return rate is generally quite low and these banknotes may be still in use for a long time. The EUR 500 will remain legal tender and can therefore continue to be used as a means of payment and store of value. Therefore, this cannot be seen as an immediate mitigation measure.

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as very significant (4).

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (level 4).

Mitigating measures

Monitoring of the return rate of EUR 500 banknotes will continue as well as an assessment of the evolution of the usage of the EUR 200 banknote.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

4. Payments in cash

Product

Payments in cash

Sector

According to a December 2020 ECB’s study on the payment attitudes of consumers in the euro area (SPACE) 33 , consumers still predominantly use cash for Point of Sale (POS) and Person-to-person (P2P) payments:

·73% of the volume of POS and P2P transactions was carried out using cash as a payment instruments;

·In value terms, cash transactions accounted for 48% of all transactions;

·Cash usage of 79% in terms of number of transactions.

The significant difference between number of transactions and value is due to the more frequent use of cash for low-value transactions. As shown in the ECB SPACE study, for both POS and P2P, payments below EUR 15 represent most of the transactions. 92% of payments below EUR 5 are made in cash while only 33% of transactions above EUR 100 (which represent only 3% of all POS and P2P transactions) are paid in cash.

Use of payment instrument at POS and P2P, by value range

(x-axis: percentage, share in all transactions; y-axis: value, transactions)

Sources: ECB, De Nederlandsche Bank, Dutch Payments Association and Deutsche Bundesbank

While the increase in banknote circulation has been abnormally high during the COVID-19 pandemic 34 , the use of cash payment has been only slightly impacted. According to ECB SPACE survey, almost half of the respondents reported that they used cards and cash in a similar way. Nevertheless, 40% of respondents used contactless payment more often and the same percentage of respondents declared that they used cash much less often or somewhat less often as they did before the start of the Pandemic.

Description of the risk scenario

This risk scenario is intrinsically linked to cash intensive business and high value denomination banknotes risk scenario.

Perpetrators frequently need to use a significant portion of the cash that they have acquired to pay for the illicit goods they have sold, to purchase further consignments, or to pay the various expenses incurred in transporting the merchandise to where it is required.

Despite the advantages and disadvantages of dealing in cash (detailed earlier in this report) for criminal groups, there is often little choice. The criminal economy is still overwhelmingly cash based. This means that, whether they like it or not, perpetrators selling some form of illicit product are likely to be paid in cash. The more successful the perpetrators are and the more of the commodity they sell, the more cash they will generate. This can cause perpetrators significant problems in using, storing and disposing of their proceeds. Yet despite these problems, cash is perceived to confer some significant benefits on them.

In addition, the objective of criminals is to launder large amounts of cash, which are proceeds of criminal activity, by claiming that the funds originate from economic activities. They may launder amounts of cash by justifying its origin based on fictitious economic activities (both for goods and services). Terrorists may finance, through often small amounts of cash, terrorist activities without any traceability (see general description under cash intensive business).

In the European Supervisory Authorities’ Joint Opinion of 2019, the risk deriving from the use of cash was one of the key concerns for competent authorities. According to EBA 35 , the risk continues to be relevant for a much smaller proportion of competent authorities. Some competent authorities noted in that regard an increase in the use of contactless methods of payment, which has since been exacerbated in the current context of COVID-19.

Threat

Terrorist financing

Terrorist groups use recurrently cash, as this modus operandi is widely accessible and low cost. Cash is at the basis of all illicit trafficking and illicit purchase of products. In general, cash is really attractive, difficult (even impossible) to detect and does not require specific expertise to be used.

.

Money laundering

The assessment of the ML threat related to payments in cash is considered as similar to the assessment of TF threat. For ML, cash is also the preferred option for criminals, which allows hiding illicit proceeds of crime easily and moving funds rapidly, including cross-border. As for TF, it does not require specific expertise, knowledge or planning capacities.

Illegal cash is supplied to intermediaries to buy goods in countries with no or few restrictions on cash payments. Products purchased either hold considerable value, such as luxury goods, or for which there is a specific but considerable demand: such as vehicles (whether second-hand or luxury, construction machineries).

Cash integration by buying from legitimate trading companies goods that are exported at market price is increasing.

Vulnerability

Terrorist financing

a) Risk exposure

Cash payments allow speedy and anonymous transactions. The level of risk exposure is very high considering that large sums can also be moved across borders and may involve high risk customers and/or geographical areas.

b) Risk awareness

Especially LEAs and FIUs have high risk awareness, and so do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature points to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

c) Legal framework and checks

While cash payment limitations may allow a mitigation of the level of vulnerability, legal frameworks in place related to cash payment limitations vary a lot from one Member State to another and, therefore, controls can potentially be inexistent 36 . From an internal market perspective, the differences between Member States legislations on cash limitations increases the vulnerability for the internal market; perpetrators may more easily circumvent controls in their country of origin by investing cash intensive business in another Member States having lower/no control on cash limitation.

The 4th AML Directive provides that high value dealers accepting payment in cash beyond EUR 10 000 are subject to AML/CFT rules and have to apply customer due diligence (CDD) requirements. This obligation applies to any persons trading in goods when the payment is made in cash beyond EUR 10 000 – but it does not cover services, apart from gambling services, and in that case when carrying out transactions amounting to EUR 2 000. These same thresholds are followed by Directive 2018/843 (the 5th AML Directive).

However, the effectiveness of those measures is still limited considering the number of STRs. The volume of STR reporting is generally low because cash transactions are difficult to detect, there are few available information and dealers may lose their clients for the benefit of competitors applying looser controls. For those Member States who have put in place currency transactions reports (CTR), most of the time they are not connected to any STR and the analysis cannot be conducted (for instance, large sums withdrawn from an ATM will trigger CTR but no specific suspicion is related to that and the FIU cannot launch any investigation).

In addition, it may be difficult for a trader in high value goods to design an AML/CFT policy in the limited events where a cash transaction beyond the threshold takes place (i.e. it is not the sector in itself which is covered by AML/CFT regime – but only high value dealers faced with cash transactions beyond a threshold). For this reason, some Member States have extended the scope to cover certain sectors regardless of the use of cash. Some Member States have also decided to apply a general cash restriction regime at this threshold to reduce the risk of ineffective or cumbersome application of CDD rules by high value dealers. However, it does not mitigate situations of cash intensive business which are based on lower amount cash transactions – or a repeated number of low amount cash transactions.

Against this background, in its proposal for an AML package presented on 20 July 2021, the Commission has proposed to prevent traders in good or services from accepting cash payments of over EUR 10,000 for a single purchase, while allowing Member States to maintain in force lower ceilings for large cash transactions. This ceiling does not apply to private operations between individuals. As a consequence of the introduction of cash limits, traders in goods would be removed from the list of obliged entities. Going forward, the Commission will assess the benefits and impacts of further lowering this threshold within three years of application of the proposed Regulation.

It must be noted that some competent authorities consider that even when cash payment limitations exist, enforcement of these limitations is very challenging and may limit their impact on TF activities.

Money laundering

a)Risk exposure

The sector shows the same vulnerability to TF as to ML. As for TF, cash payments allow speedy and anonymous transactions to launder proceeds of ML crime. The level of risk exposure is very high considering that large sums can also be moved across borders and may involve high risk customers and/or geographical areas.

b)Risk awareness

Especially LEAs and FIUs have high risk awareness, and so do obliged entities subject to AML/CFT obligations. Risk awareness of sectors not covered by AML/CFT obligations or cash limitations obligations remains challenging. Existing literature, especially the Europol report, points to the blind spot in risk awareness (i.e. the precise use of high value denominations, difference of issuance between Member States, disconnection with GDP). There is little, if any, reliable data available on the scale and use of cash by ordinary citizens, let alone by criminals.

c)Legal framework and checks

While cash payment limitations may allow mitigating the level of vulnerability, legal frameworks in place related to cash payment limitations vary a lot from one Member State to another and, therefore, controls can potentially be inexistent. From an internal market perspective, the differences of Member States legislation in cash limitations increases the vulnerability for the internal market; perpetrators may more easily circumvent controls in their country of origin by investing cash intensive business in another Member States having lower/no control on cash limitation.

The volume of reporting is very low because cash transactions are difficult to detect. For those Member States who have put in place CTR, most of the time they are not connected to any STR and the analysis cannot be conducted (for instance, large sums withdrawn from an ATM will trigger CTR but no specific suspicion is related to that and the FIU cannot trigger any investigation).

In any case, some competent authorities consider that even when cash payment limitations exist, enforcement of these limitations is really challenging and may limit their impact on ML activities.

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (4).

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant/very significant (level 4).

Mitigating measures

·The Commission will continue to monitor the application of AML/CFT obligations by dealers in goods covered by the AMLD and further assess risks posed by providers of services accepting cash payments. It will further assess the added value and benefit for making additional sectors subject to AML/CFT rules.

·Member States should take into account in their NRA the risks posed by payment in cash in order to define appropriate mitigating measures suitable to address the risk. Member States should consider making sectors particularly exposed to money laundering and terrorist financing risks subject to the AML/CFT preventative regime based on the results of their NRA.

·The prohibition of payments in cash for some types of dangerous products – like those included in national databases on dangerous chemical products – should be considered.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

In the Commission proposed AML Regulation 37 , Member States will keep the possibility to extend the scope of application to other sectors not covered in the scope of that Regulation. For this purpose, Member States would have to notify and explain their intention to the Commission and suspend the effect of such extension for 6 months, during which time the Commission will adopt an Opinion on the plans. The Commission may then choose to propose legislation at Union level.

5. Privately owned ATMs

Product

Privately owned ATMs Sector

Sector

There exists a growing use of privately owned cash machines (ATMs) across the Union and its possible misuse for money laundering purposes has been brought to the attention of LEAs. According to information received the legal possibility for private parties to buy and rent ATMs from wholesale suppliers is creating a loophole that criminals are taking advantage of.

For many merchants, owners of clubs, bars and restaurants installing one of these ATMs has proven to be a business-oriented decision – the client is offered the convenience to withdraw cash and the merchant is maximizing the probability that some of that cash will be spent in his business.

Private ATMs tend to be located in cash-intensive businesses. In addition, privately owned ATMs can also be found in money service businesses (MSB). Taking into consideration the fact that the presence of an ATM in a MSB is illogical due to the nature of an MSB service and also the fact that many hawaladars’ side legal business 38 is running an MSB or a currency exchange service, the risk of misuse can be clearly identified. In addition, privately owned ATM may be used to purchase virtual currencies 39 .

Description of the risk scenario

a)ATM loading options

In order to load the machine one option is to use the services of cash management/cash delivery company.

Another option for the merchant operating a business is to load the cash from his teller. This provides additional opportunities for traders to commit tax evasion by selling goods in exchange of cash without issuing receipts. They then simply place their black cash inside their ATM machine and wait for it to be taken by normal clients. At the end of the year such sales are never declared to their tax authority.

The third and most concerning option is simply to load the ATM with criminal cash 40 . Intelligence gathered shows that in cases where criminal cash is used the modus operandi is the following: a courier delivers to the ATM owner/merchant criminal cash. It may derive from different cash generating activities like drug trafficking, illegal immigration, trafficking in human beings, labour and sexual exploitation, selling of counterfeit of smuggled goods, theft, robbery, etc. The criminal cash is then loaded into the machine. As unsuspecting customers or passers-by in need of cash are using their cards to withdraw cash the same amount is debited from their bank accounts and credited into the account of the owner of the ATM/merchant. Afterwards, he can simply transfer the money to any given account controlled by the criminal, minus the commission agreed upon.

b)De-linking bank accounts and internationalization risks

An internationalized, potentially much more dangerous risk scenario appears when national regulations require that a private entity buying an ATM should upon its purchase provide a national bank account number which is linked to the ATM and its activities, but there is no requirement for the merchant to request cash for the ATM from the same bank account that he linked to his ATM or even from the same bank. This hampers the proper monitoring by banks.

A review of the companies offering private ATM services shows that there are several major suppliers, British and American 41 who have managed to make their business international 42 .

Important questions arise concerning the accounts to which these ATMs (sold by EU and US companies and present in EU countries) are linked. If they are linked to an EU national bank account, but physically present in another country, then it is virtually impossible to establish the origin of the cash being inserted in them.

c)Tax evasion and fraud

Private ATMs are also used for tax evasion and fraud especially as some cash-intensive business operators encourage their clients to extract cash for services that are not invoiced or recorded. The amount of money lost in tax revenues from tax evasion and fraud through private ATMs is more significant than the amount laundered.

d)Micro-structuring by organized crime

With respect to money laundering, private ATMs are often used to “microstructure” – depositing and withdrawing of small sums of money that are consistent with normal ATM withdrawal amounts, going undetected by bank controls. Organized crime members will make voluminous small daily cash deposits into 100 or more bank accounts using private ATMs to avoid triggering anti-money laundering reporting requirements.

Threat

Terrorist financing

There exist currently few specific assessments of the TF threat related to privately owned ATMs. Nevertheless, the combined assessment on payments in cash as well as the analysis on cash couriers show that this modus operandi is widely accessible and low cost. The threat of cash transportation into the EU from a third country may also exist, in particular from countries exposed to TF risks or conflict areas. Cases have been identified concerning low amounts and involving integration of cash carried from third countries into the financial system/legal economy of the EU (analysed in a separate section of this report).

Money laundering

The assessment of the ML threat related to privately owned ATMs shows that this modus operandi is exploited by criminals as it represents a viable option which is rather attractive and secure. It constitutes an easy way to evade taxes and hide illegitimate proceeds of crime. However, as for TF, it requires a moderate level of expertise to be able to run the business and to escape detection. This modus operandi is also used to purchase virtual currency, as reported by FIUs and confirmed by EUROPOL: As there exists not harmonised or control of crypto-ATM, it is easy to deposit cash in those crypto ATM to transform cash into crypto 43 .

Vulnerability

Terrorist financing

a) risk exposure

The vulnerability assessment of TF related to privately owned ATMs is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rationale. Privately owned ATMs allow the processing of a huge number of anonymous transactions which require but an initial investment. Hence it has a high inherent risk exposure.

b) risk awareness

The risk awareness appears to be quite low.

c) legal framework and checks

According to the EU legal framework, the service of cash withdrawal can be offered by unregulated entities (i.e. not subject to AML/CFT requirement). The legal frameworks in place vary from one Member State to another and, thus, controls can potentially be inexistent.

Money laundering

a)risk exposure

The vulnerability assessment of money laundering related to privately owned ATMs is intrinsically linked to the assessment related to the use of/payments in cash in general and can follow the same rationale. Privately owned ATMs allow the processing of a huge number of anonymous transactions which require but an initial investment. Hence it has a high inherent risk exposure.

b)risk awareness

The risk awareness appears to be quite low.

c) legal framework and checks

According to the EU legal framework, the service of cash withdrawal may be offered by unregulated entities (i.e. not subject to AML/CFT requirement). The legal frameworks in place vary from one Member State to another and, thus, controls can potentially be inexistent.

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (4).

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant/very significant (level 4).

Mitigating measures

Private ATM companies pose an increased risk to banks and should be treated as high-risk in money laundering compliance risk assessments. The risks for banks are not just financial but reputational.

·Firstly, customers who have privately owned or operated ATMs should be duly identified.

·Once the bank has identified an ATM owner or operator, it should obtain additional information to gain an understanding about the ATM owner/operators well as an understanding of the ATM owner’s procedures.

·After sufficient information is obtained, the sponsoring bank should implement a process to monitor the accounts of the ATM owners. The information obtained during the due diligence process should enable the bank to determine the amount of monitoring necessary as well as how often.

·Member States should guarantee the obligation to register, limit ownership, monitor, or examine privately owned ATMs – up to and including the obligation to link ATMs to a bank account of the Member Sate they are physically located in.

· An enhanced collaboration with customs agency will help acquire further information on the importation of AML machines.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

FINANCIAL SECTOR

1. Retail banking sector

Product

Retail deposits on accounts (excluding private banking)

Sector

Credit and financial institutions

General description of the sector and related product/activity concerned

European Union total deposits was reported at EUR 14,8 billion in October 2021 44 . The data reached an all-time high of EUR 15,3 billion in May 2021 and a record low of EUR 3,7 USD billion in October 2000. This is the sum of all deposits by non-financial corporates, households, insurance corporates, pension funds and other financial intermediaries, which covers all Monetary Financial Institutions (MFIs).

In Euro area, the European Central Bank reported the total of EUR 8,665.6 billion of deposits vis-à-vis other Euro area residents in Q3 of 2021 45 . This figure similarly includes both retail and corporate deposits.

In terms of trends, the global pandemic has driven an increase in savings by households, which is reflected in the increase of the total deposits from around EUR 12,4 trillion in January 2020 in the wake of the pandemics to current EUR 14,8 trillion in Q3 2021. The level of deposits has only started to decrease in May 2021, reflecting a tentative return to normalised consumer spending behaviour.

Description of the risk scenario

Money launderers place the proceeds of crime into the financial system through the regulated credit and financial sector in order to hide its illegitimate origin. Terrorists, supporters or facilitators place funds from legitimate or criminal sources into the financial system with a view to using it for terrorist purposes.

Money mule mechanisms may be used to transfer proceeds out of the banking sector using personal accounts, either through cybercrime (scamming, fake banking websites etc.) or through money value transfer services.

‘Bridge accounts’ are also used to launder money. These are accounts of legal or natural persons in the EU with the sole purpose of transferring funds to non-EU countries.

Natural persons may open bank accounts based on fake identification documents. Usage of such bank accounts to collect and transfer money from illegal sources (i.e. to introduce resources to the banking system and to further transfer these).

Threat

Terrorist financing

The assessment of the terrorist financing threat related to deposits on account shows that this risk scenario concerns both the placing and withdrawing of funds (i.e. deposits on account and use of this account withdrawing those funds or transferring to another bank accounts).

Account deposits are frequently used not only by terrorists, but also by their relatives/friends; this extends the scope of the intent and capability analysis 46 . Furthermore, law enforcement authorities have reported the use of forged or stolen documents by terrorists to open bank accounts. According to information from competent authorities, terrorist fighters generally withdraw bank account deposits through ATMs located in high-risk non-EU countries or conflict zones in general, or in bordering countries. Terrorists outside conflict zones also withdraw funds through ATMs in order to pay in cash some of the expenses related to their operations. The use of deposit accounts for TF purposes may, in conflict zones, be complicated by difficulties to access funds, especially where access to ATMs or a functioning banking network is disrupted. The source of the funds deposited on bank accounts may come from both legitimate and non-legitimate origins.

In general, deposits accounts are easily accessible, especially when legitimate funds are used, and thus they do not trigger any suspicion when the bank account is opened. It appears that terrorist groups do not experience specific challenges in hiding the real beneficiary of the funds or the exact purpose of the transaction (destination of funds) given that they may still include family members or relatives in the ownership chain.

This requires at least basic planning and basic knowledge of how banking systems work. At the same time, once executed, cash withdrawals allow cross-border movements, which makes this risk scenario rather attractive.

Money laundering

The assessment of the money laundering threat related to deposits on account shows that this risk scenario concerns both the placing and withdrawal of funds (i.e. deposits in an account and subsequent use of this account, withdrawing money from that deposit account or transferring money to disguise the origin of funds).

Deposits on account are frequently used by organised crime organisations, but also by relatives/close associates, which extends the scope of the intent and capability analysis 47 . Law enforcement authorities report frequent use of this method as one of the easiest ways to integrate illicit funds into the financial system. Although in the case of small amounts of money, deep planning and knowledge of how banking systems work may not be necessary, in the case of a complex money laundering case involving funds deposited on accounts transiting via a chain of complex operations, more in-depth knowledge is necessary and perpetrators may use available expertise from intermediaries.

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to deposits on accounts looked at the placement and withdrawing of funds

a) risk exposure

Banks continue to be exposed to terrorist financing risks: deposits on accounts represent the most straightforward and least sophisticated way to introduce money into the financial system. In the case of the risk from terrorist financing, the risk exposure is even higher when the origin of funds is legitimate.

The use of funds in deposit accounts for terrorist purposes is difficult to detect as low amounts of money are usually used by terrorist groups. When it comes to sending money to conflict zones, the terrorist financing risk is lower in deposits on accounts as perpetrators prefer the use of other products such as money value transfer services or E-money products.

b) risk awareness

The risk awareness of credit and financial institutions is generally good, and the banking sector has put in place guidance to detect the relevant red flags on terrorist financing.

However, systems and checks that firms put in place to mitigate the terrorist financing risk are similar to, and often the same as, the checks put in place for anti-money laundering purposes. Supervisors and law enforcement agencies are aware of vulnerabilities to terrorist financing and are proactively engaged with the sector.

c) legal framework and checks

Deposits on accounts have been included in the scope of the framework on anti-money laundering (AML) and countering the financing of terrorism (CFT) since the first AML/CFT legislation at EU level in 1991. Checks in place are generally considered as efficient, although some banks limit them to sanctions screening, which is an element of, but not a substitute for, effective CFT checks. Financial sanctions target individuals or groups that are already known to pose a threat, whereas the risk from terrorist financing often emanates from individuals who are not caught by the sanctions regime. This is why risk‐based AML/CFT checks, and transaction monitoring in particular, are key to an effective fight against terrorist financing.

Usually, banks do not have access to relevant information that would help them identify terrorist financing risks before they materialise, as such information is often held by law enforcement agencies. Likewise, law enforcement agencies’ efforts to disrupt terrorist activities and networks can be hampered in cases where they are unable to obtain information about finance flows that only firms can provide. There are now initiatives at national and supranational levels to test how law enforcement agencies can provide firms with more specific and meaningful information on specific persons of interest, allowing firms to focus their transaction monitoring on these persons.

Money laundering

Money laundering vulnerability mainly depends on the effectiveness of monitoring systems to detect suspicious transactions when cash enters bank accounts or transactions linked to cash. Vulnerability is also high when it comes to transfers of funds from high-risk customers.

a) risk exposure

Deposits on account represent the most straightforward way of introducing money from illicit activities into the financial system. There volume of deposits where, in the case of cash, the origin of funds cannot be always traced, is relatively high. While deposits are a rather common practice for credit and financial institutions, they represent a high number of operations that may involve different kind of customers. Some customers may be high-risk because they are politically exposed or because they are identified as high-risk customers (i.e. some non-resident bank accounts in EU banks).

The extensive use of cash in some sub‐sectors and in some Member States is considered by most supervisors to be one of the contributing factors that exposes the sector to money laundering vulnerabilities, particularly where the sector is made up of many retail banks. The inherent risk deposits on accounts can also be increased by the use of new technologies and non-face-to-face business relationships.

Supervisors also consider cross‐border activities as being exposed to a significant and very significant money laundering risk, particularly in those Member States that are known as international financial centres. Non‐resident customers from high‐risk jurisdictions and off‐shore companies also contribute to the increased inherent risk in this sector. In some Member States where the domestic deposit base is small to relative to the size of the financial sector, non-resident deposits, especially from bordering non-EU countries, are an attractive source of funding. However, experience of recent years has shown that such deposits, depending on the source jurisdiction and other circumstances, often required reinforced AML controls, which were not in place or not commensurate to the level of risk they presented. Excessive risk taking by credit institutions resulted in significant exposure of the EU jurisdictions to the flow of funds of potentially suspicious origin from third countries. A recent trend is a steady decrease of the proportion of non-resident deposits in EU jurisdictions – due to both voluntary de-risking by the banking sector as well as public policies of the EU jurisdictions concerned.

b) risk awareness

The risk awareness is generally good, as the sector has in place guidance to detect the relevant red flags on money laundering. While the banking sector has an inherently high exposure to money laundering risks, it also has adequate tools to detect them. This is confirmed by a high levels of reporting. Financial intelligence units and law enforcement agencies are also well aware of the vulnerabilities of the sector and are proactively engaged with it. At the same time, in accordance with Study on EU Payment Accounts Market , 55% of the respondents answered that the suspicion of money laundering or terrorism financing was a key reason for refusing customers the opening of a payment account 48 .

For supervisors, while the banking sector is considered inherently risky, as credit institutions are often the first entry point into the overall financial services sector, the concentration of firms rated at very significant risk is relatively small. However, 2020 was the year when record amount of AML/CFT compliance-related fines were issued in the financial sector globally, and another record for fines in the Union banking sector 49 .

c) legal framework and checks

Deposits on accounts have been covered by the AML/CFT framework since the first AML/CFT legislation at EU level in 1991. Checks in place are considered as efficient, but it may be necessary to perform thematic supervision to check the effectiveness of the monitoring systems used to detect suspicious cash transactions, especially when legal entities and legal arrangements are involved. Supervisors are also concerned about checks put in place by credit institutions for managing risks associated with customers involving complex off‐shore structures; in particular, checks to identify and verify beneficial owners are considered insufficiently robust.

Risk level

As regards terrorist financing, the level of threat has been assessed as significant.

As regards money laundering, the level of threat has been assessed as significant (3), and the level of vulnerability has been assessed as very significant (level 4).

Mitigating measures

For the Commission:

·Introduction of a harmonised, directly applicable framework of customer due diligence requirements, including remote on boarding requirements.

·Introduction of harmonised requirements for identification of beneficial owners and a harmonised framework of requirements applicable to beneficial owners and their associates.

·Introduction of Union-wide large cash payments limit of EUR 10 000.

·Collect and promote best practices in the area of cooperation between law enforcement agencies and financial institutions to improve effectiveness of terrorist financing alert systems at supranational level.

For Member States / competent authorities:

·public-private sector cooperation to exchange information related to terrorist financing.

·thematic inspections focusing on:

oassessing the efficiency of monitoring systems for cash transactions and the limits on cash transactions currently in force in the Member State and the placing of funds in bank accounts linked to the simultaneous transfer of funds to high-risk non-EU countries.

oeffectiveness of customer due diligence and enhanced customer due diligence for legal entities and legal arrangements.

oCompetent authorities should ensure that systems and checks are put in place to reduce firms’ ability to design or recommend products and services that help their customers commit tax crimes.

2. Retail and institutional investment sector

Product

Retail and institutional investment products and services

Sector

Financial institutions – credit institutions, asset management companies, investment firms

General description of the sector and related product/activity concerned

The EU asset management sector can be subdivided into three categories. The first category comprises the mutual fund industry, the Undertakings for Collective Investment in Transferable Securities (‘UCITS’) funds (11.6 trillion euros of net assets domiciled in Europe under management in 2020). The second category includes alternative investment funds (‘AIFs’) (the alternative investment fund industry had a net asset value of 7.1 trillion euros at the end of 2020) such as hedge funds, private equity, funds of funds and real estate funds. The third subcategory relates to discretionary mandates. Altogether, the asset management sector has steadily increased which is reflected by the fact that 27 trillion euros (or 157% of European GDP) of European Assets are estimated to be managed by the first quarter of 2021, 55% on behalf of investment funds and 45% in managing discretionary mandates.

Total fund ownership in Europe which relates to the funds that are bought and held by investors in Europe and excludes funds domiciled in Europe that are sold outside Europe has also been steadily growing. For instance, there has been an increase to 13.6 trillion euros at the end of 2020, compared to 6.3 trillion euros in 2010. The highest levels of fund ownership can be found in Germany, France, the Netherlands and Italy.

Overall, there are more than 4,500 asset management companies operating in Europe with most of the activity taking place in the United Kingdom, France, Germany, Switzerland, Italy and the Netherlands. In terms of domiciles, Luxembourg and Ireland are leading with market share in 2020 of 27% and 18%, respectively.

The EU asset management industry serves both retail clients — usually composed of households and high net worth individuals — as well as institutional clients. Institutional clients which include insurance companies and pension funds, still account for the largest stake of investment funds held with 74.7% while households account for 25.3% 50 .

Description of the risk scenario

There are various scenarios where criminals can commit abuses against investors or financial markets resulting in, or amounting to, money laundering. For instance, criminal proceeds may be used to purchase investment products (e.g. using brokerage accounts), such as title of shares to conceal beneficial ownership, investment activity may be used to justify criminal proceeds such as profit obtained from other (illicit) activity Predicate investment fraud, or placement of proceeds using specialised high-return financial services, and market abuse (which comprises insider dealing, market manipulation, and unlawful disclosure of inside information, all of which are covered by the scope of the EU Market Abuse Regulation 51 and the EU Criminal Sanctions for Market Abuse Directive 52 ), are also examples of money laundering risk scenarios.

General comments

The main risk scenario considered from the perspective of money laundering vulnerability is linked to intermediated investment services

Threat

Terrorist financing

The terrorist financing threat related to retail and institutional investment could be significant if large amounts of legitimate funds are invested to finance terrorism, but when it comes to generating small amounts to commit terrorist attacks, the terrorist financing threat is not significant in this product/sector.

Money laundering

The increasing role of facilitators in money laundering schemes can make the sector more exposed to such threats, although knowledge and technical expertise are needed to carry them out. Criminal organisations could rely on such facilitators to launder the proceeds of illegal activities. Although large amounts of funds can be involved in investment-related activities, they are not easy to access, the investment activities themselves not necessarily financially viable (depending on the quality of investment) and in any case requires knowledge and technical expertise. Therefore, criminal organisations usually abstain from carrying out investment activities themselves 53 , which makes the role of facilitators essential for both creating and utilising opaque structures to hide the proceeds of criminal activities.

A few methods for moving large illicit flows, prepared by highly skilled facilitators, have remained relevant:

·capital market commodity participants conducting over-the-counter future swaps 54 through exchanges, and using illicit funds to settle once expired;

·the simultaneous purchase, transfer and sale of securities across jurisdictions by two seemingly unrelated, but mutually controlled, entities;

·capital market fixed income participants conducting bond trades on behalf of organised criminals, using illegitimate money to purchase bonds and then deposit funds into financial institutions after sale of those bonds.

Vulnerability

Terrorist financing

Terrorist financing vulnerability related to investment services presents a less significant inherent risk. Risk factors (products, customers, geographies and delivery channels) do not favour the use of this products and services for terrorist financing purposes.

Perpetrators usually do not have the expertise to access the sector, while the low amounts of money used to finance terrorist attacks made other sectors more attractive for their purposes.

Money laundering

The assessment of the money laundering vulnerability related to retail and institutional investment sector is as follows:

a) risk exposure

The main factor that mitigates the inherent risk of money laundering is the low level of cash-based transactions, despite the fact that the sector is exposed to high-risk customers, including politically exposed persons, while the volume and level of cross-border transactions are high. To have access to the investment sector, perpetrators need to introduce money through the banking system, and hiding illegal money through opaque structures requires a high degree of expertise and/or high cost. Therefore, banks are often a first barrier that mitigates the inherent money laundering risk.

b) risk awareness

Risk awareness in the sector is not high when transactions are performed out of the banking sector. This is because firms usually rely on banks to apply customer due diligence and monitoring when money enters bank accounts.

Supervisors consider the overall risk of the sector moderately significant; however, the risk profile at firm level shows that a significant proportion of firms are classified as a less significant risk. Despite this, most supervisors consider this sector to pose a very significant cross-border risk. Another key risk this sector is exposed to is reconciling the anti-money laundering standards of the home and host Member States where there are branches of a group in different countries.

According to financial intelligence units, the number of suspicious transaction reports is quite low compared to the volume of transactions concerned, due to the sector being more familiar with detecting fraud such as insider trading or market abuse than suspicions of money laundering. At the same time, the financial transactions concerned are more complex and the suspicious ones are probably less easy to detect by obliged entities.

The sector also experiences significant conflict of interest between concerns over potential money laundering and the need to attract customers, some with a high money laundering risk profile, such as politically exposed persons, customers from high-risk non-EU countries and high-income customers. In that sense, where the investment service is intermediated, the level of vulnerability to money laundering is higher than the vulnerability of retail or institutional investment services provided directly to the end client.

c) legal framework and checks

Institutional and retail investments services through all types of financial sector entities are covered by AML/CFT requirements at EU level. In the investment field, the client manager has a vested interest in conducting the business relationship (reward/salary), and this may reduce incentives to carry out rigorous customer due diligence.

Supervisors consider that poor checks are limiting the effectiveness of suspicious transaction reporting and the effectiveness of ongoing monitoring policies and procedures, including transaction monitoring. In contrast, most breaches identified in inspections were considered as minor. The most common finding was poor quality checks on politically exposed persons.

Risk level

As regards terrorist financing, the level of threat has been assessed as non-relevant (1>).

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as moderately significant/ significant (level 2/3).

Mitigating measures

For the Commission:

·Introduction of a harmonised, directly applicable framework of customer due diligence requirements for all the relevant types of financial sector obliged entities active in the area of retail and institutional investment services.

·Introduction of a harmonised requirements for identification of beneficial owners and harmonised framework of requirements applicable to beneficial owners and their associates.

·Establishment of the interconnection of beneficial owner registers at EU level.

For Member States / competent authorities:

·Effective implementation of Directive 2018/822/EU from 2020, under which intermediaries are required to submit information on reportable cross-border tax arrangements to their national authorities.

·Thematic inspections to assess:

oeffectiveness of customer due diligence and enhanced customer due diligence as well as beneficial owner identification requirements are implemented by financial sector entities providing retail and institutional investment services.

For the European supervisory authorities:

·Guidelines on best supervisory practices to the investment sector. Define the main money laundering risk scenarios and products, alongside the most effective ways to conduct on-site and off-site inspections.

3. Corporate banking sector

Product

Corporate banking products (including trade finance)

Sector

Credit institutions — Corporate banking

Description of the risk scenario

Perpetrators use cash front businesses to inject proceeds into the legal economy using company accounts with multiple signatories.

Threat

Terrorist financing

Corporate banking can provide large amounts of legitimate funds to finance terrorist activities or send money to conflict zones. However, that risk scenario is not probable as small amounts of money are used to carry out individual terrorist attacks and other products/sectors which are less traceable may be utilised. Individuals who would wish to finance terrorist activities do not prefer these type of products, and there is currently a lack of evidence to suggest that terrorist organisations are using corporate banking services in the EU. Therefore the terrorist financing threat is not significant in this product/sector.

Money laundering

The assessment of the money laundering threat related to corporate banking shows that this risk scenario is plausible. However, using corporate banking for money laundering requires more sophistication than the retail financial sector. Specifically, using corporate banking products or services for money laundering would require the complicity of financial/legal intermediaries who need to be paid for their ‘services’. There is evidence of the risk posed by such intermediaries. 55

Law enforcement agencies have evidence of professional money launderers acting as intermediaries for other organised crime groups that set up bank accounts for front or shell companies. Those corporate bank accounts are used for fake trade transactions, back-to-back loans with other corporate entities and real estate investments.

Vulnerability

Terrorist financing

The inherent risk of terrorist financing vulnerability in the corporate banking sector is of low significance. The different risk factors, products, customers, geographies and delivery channels in the sector mean that its use for terrorist financing purposes is not favoured. Individual perpetrators usually do not have the expertise to access the sector, while the low amounts of money used in terrorist attacks made other sectors more attractive for their purposes.

Money laundering

The assessment of the money laundering vulnerability related to corporate banking made the following findings:

a) risk exposure

The inherent risk is potentially high due to the nature of customers and due to more complex transactions than in retail banking being involved. The identification of the beneficial owner of some firms is one of the main vulnerabilities of this product. Some trade-base transactions linked to corporate bank accounts can increase the money laundering risk, especially when high-risk jurisdictions are involved. The risk linked to forged documentation also affects the level of risk exposure, while the increasing role of intermediaries and facilitators working for organised crime groups can also affect the inherent risk of these products. Some cash-based transactions can be settled using these products when firms involved in corporate banking products are cash-intensive businesses.

Moreover, the inherent risk in these banking products can also be increased by the use of new technologies and non-face-to-face business relationships.

For anti-money laundering supervisors, differences in the make‐up and nature of Member States’ credit institution sectors are reflected in inherent risk ratings, which range from ‘significant’ and ‘very significant’ to ‘moderately significant’ and even ‘less significant’.

b) risk awareness

Sector awareness of risk is high, and the sector has developed tools to trigger appropriate red flags. Usually red flags are triggered in response to high-risk customers, high-risk jurisdictions and the existence of cross-border transactions. Financial intelligence units have confirmed this element, mentioning that a high number of suspicious transaction reports have been received on this matter. However, the sector complains about the lack of feedback from FIUs. That fact is limiting the sector’s ability to improve its monitoring systems.

In most Member States, AML supervisors provide guidelines to help credit institutions detect potentially suspicious corporate banking transactions.

c) legal framework and checks

Corporate banking is covered by AML/CFT requirements at EU level. This framework is considered as satisfactory as the framework covering other financial activities undertaken by credit institutions.

Most supervisors assessed the checks put in place by credit institutions to mitigate money laundering risks as ‘good’ or ‘very good’ overall. Despite this, they assess the effectiveness of these policies and procedures, particularly those related to ongoing monitoring of transactions and suspicious transactions reporting, as poor or very poor.

Risk level

As regards terrorist financing, the level of threat has been assessed as low (1).

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as moderately significant/significant (level 2/3).

Mitigating measures

For the Commission:

· Introduction of a harmonised, directly applicable framework of customer due diligence requirements.

·Introduction of a harmonised requirements for identification of beneficial owners and harmonised framework of requirements applicable to beneficial owners and their associates.

·Establishment of the interconnection of beneficial owner registers at EU level.

For Member States / competent authorities:

·Effective implementation of Directive 2018/822/EU from 2020, under which intermediaries are required to submit information on reportable cross-border tax arrangements to their national authorities.

·Authorities should provide more substantive feedback on the submitted suspicious activities and transaction reports, organise training sessions and guidance on risk factors, with specific focus on non-face-to-face business relationships, offshore professional intermediaries, customers or jurisdictions, and on complex/shell structures.

·Thematic inspections to assess:

oeffectiveness of customer due diligence and enhanced customer due diligence as they apply to legal entities and legal arrangements, and how beneficial owner identification requirements are implemented.

4. Private banking sector

Product

Private banking and wealth management products and services

Sector

Credit institutions

Description of the risk scenario

Private banking is a service provided by credit institutions and investment firms to high net worth individuals, their families and corporate entities. In general, these services are tailored for each customer by combining multiple banking and other financial services in one package. For example, private banking services may include a mix of banking services (current accounts, mortgages and foreign exchange), investment management and advice, fiduciary services, safe custody, insurance, accounting, tax and estate planning and associated services, such as legal support.

Perpetrators are using all private banking and wealth management services for integration of criminal proceeds. Given the combination of sophisticated financial products and services, and a wealthy customer base, which sometimes includes politically exposed persons (PEPs), the sector can be abused also for tax evasion, especially in cases where assets of the beneficial owners are hidden behind complex ownership structures and direct private banking customers are the associates or family members of the actual beneficial owners.

General comments

For this risk scenario, financial services concern services provided to high net worth individuals only.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to private banking (wealth management) has not been considered as relevant. Therefore the terrorist financing threat is not part of the assessment. Nevertheless, wealthy terrorism sponsors might enter into asset or wealth management agreements with private banks with a view to harbouring their assets even though their assets or wealth under management might not be related directly to TF.

Money laundering

The assessment of the money laundering threat related to private banking (wealth management) shows that this sector is most often used in connection with the following predicate offences: corruption and drug trafficking, fraud and tax evasion. This reduces the ‘scope’ of organised crime organisations that may rely on this risk scenario. It also requires some level of expertise, which makes it less easy to access and not very attractive (not financially viable). In private banking, the service is quite ‘high cost’ (need for sufficient funds to access the services) and the business relationship less easy to establish.

However, some groups can use facilitators to obtain access to private banking services through frontmen or legal persons.

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to private banking (wealth management) has not been considered as relevant. In this context, the terrorist financing vulnerability is not part of the assessment.

Money laundering

The assessment of the money laundering vulnerability related to private banking (wealth management) made the following findings:

a) risk exposure

The combination of sophisticated financial products and services, and a wealthy customer base (sometimes politically exposed persons) with often complex ownership structures of assets under wealth management make this sector highly vulnerable for money laundering purposes. Some of the products and services offered are also considered to present money laundering vulnerabilities, particularly those linked to tax compliance and planning. ‘Aggressive’ tax planning appears to be one such type of service. Furthermore, the sector presents a higher geographical risk due to the establishment of branches in some non-EU countries that do not necessarily have equivalent AML/CFT regimes to the EU AML/CFT framework.

b) risk awareness

According to financial intelligence units, private banking is characterised by a very low (almost non-existent) level of suspicious transaction reporting. As for private banking-related investment services, institutions sometimes face conflict between their commercial objectives and the need to fight against money laundering. The competition component is not negligible. However, for private banking the risk assessment is not always precise enough to ensure that the sector is aware of the risks it faces, in particular risks linked to fraud and tax evasion.

Supervisors consider that firms in this sector do not adequately mitigate the risk of the sector being abused for tax evasion purposes.

c) legal framework and checks

Private banking is covered by AML/CFT requirements at EU level. Most competent authorities that have inspected providers of private banking services have assessed the level of checks as ‘inadequate’ for customer due diligence (verification of customer’s identity, information about the origin of funds, verification of beneficial ownership — specifically with legal persons), monitoring transactions, and compliance function. They explain this weakness by: (i) the fact that the quality of the checks depends on the financial culture of a country; and (ii) that the understanding of the risks posed by this sector is not the same from one Member State to another.

Risk level

As regards terrorist financing, the level of threat has been assessed as non-relevant.

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant/very significant (level 3/4).

Mitigating measures

For the Commission:

•Introduction of a harmonised, directly applicable framework of customer due diligence requirements, including enhanced customer due diligence requirements related to Politically Exposed Persons and/or high-risk third country jurisdictions.

·Introduction of a harmonised requirements for identification of beneficial owners and harmonised framework of requirements applicable to beneficial owners and their associates.

·Establishment of the interconnection of beneficial owner registers at EU level.

For Member States / competent authorities:

•Effective implementation of Directive 2018/822/EU from 2020, under which intermediaries are required to submit information on reportable cross-border tax arrangements to their national authorities.

•Thematic inspections to assess:

oEffectiveness of customer due diligence and enhanced customer due diligence as they apply to legal entities and legal arrangements and how beneficial owner identification requirements are implemented.

oRisks associated with this sector should be clearly set out in the competent authorities’ money laundering/terrorist financing risk assessment. Competent authorities should issue guidance on best practices and provide training to the sector.

5. Crowdfunding

Product

Crowdfunding

Sector

Crowdfunding platforms

Description of the risk scenario

Crowdfunding service providers have different crowdfunding models, carrying different level of money laundering and terrorist financing risks. For instance, the activities to collect funds for later onward transmission are particularly vulnerable to money laundering, notably where the funds collected for an undetermined project remain in the investor’s account until the project is formaklly determined. Donation platforms can also be misused to disguise the illicit origin of funds or for TF purposes 56 . Perpetrators can also use platforms to collect/accumulate funds and transfers them abroad. As of 10 November 2023, the Regulation on European Crowdfunding Service Providers (ECSP) for business 57 will be in application and will require all payment be carried out through an authorised Payment Service Provider (PSP) as well as introduced other safeguards to mitigate these risks. There will however still be platforms operating in sectors not regulated under EU law, for example donation or reward-based crowdfunding platforms. Crowdfunding platforms, which are unregulated, could be set up under fictitious projects in order to allow collection of funds which are then withdrawn within the EU or transferred abroad, potentially for ML purposes or to finance terrorist attacks. This could be used either to collect funds from legitimate sources for the purpose of terrorist financing – or to collect illicit funds from criminal activities using anonymous products. ECSPs that collect funds for later onward transmission are particularly vulnerable to money laundering, including business models where the funds are collected for an undetermined project and consequently held in the investor’s account until the project is determined.

Threat

Terrorist financing

Terrorist groups may have the intent to use the crowdsourcing techniques to collect funds. Unregulated crowdfunding platforms may be used to fund fictitious investment projects with illicit funds or being misused for TF purposes where a fictitious reason is given for a crowdfunding project, which never materialises and the funds obtained from crowdsourcing are thereafter used for terrorist financing purposes. Overall, law enforcement authorities reported some cases relating to (unregulated) donation platforms where these techniques have been used; where they have, it has usually been to raise smaller amounts. In addition, suspicious activities are somewhat easier to detect and may deter terrorist groups from using this method, as it is not the most secure option. However, if perpetrators are more methodical in their planning, this could enable them to set up collection platforms with scope for more anonymous operations (use of strawmen or relatives), thus making this method more attractive. Law enforcement agencies have detected some cases of crowdfunding calls for donation, citing ‘support for widows, martyrs, religious groups’ in an attempt to avoid clear a linkage with terrorist financing. The value of the donations are low ($10, 20, 50, with most amounts in US dollars). The difficulty for law enforcement agencies is identifying the end recipient and the use of the donations (proof of terrorist financing). Risks are also increased due to the borderless nature of platforms given that potential donors can be located anywhere in the world, including in high-risk jurisdictions.

.

Money laundering

The assessment of the money laundering threat related to crowdfunding shows that there are different ways for criminals to use Crowdfunding platforms to actually launder the proceeds of crime. Thus, poorly supervised or unregulated Crowdfunding platforms could be vulnerable to being abused for ML purposes in case of collusion between the project owner and investor for fictitious projects. National competent authorities note that this risk was high as long as it was relatively easy to launch and market a crowdfunding project and the use of criminal intermediaries could make the sector more attractive for money laundering purposes. However, the Regulation on European Crowdfunding Service Providers (ECSP) should enhance the monitoring of the ECSPs and limit their misuses risk once it will be in force and law enforcement agencies consider that risks relating to crowdfunding platforms remain low, with some signs of instances where they could have been used for scam fundraising and fraud rather than to launder illicit funds.

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to crowdfunding shows that the sector cannot be assessed in isolation.

a) risk exposure

The level of risk exposure varies depending on depending on whether the crowdfunding platform is supervised as a provider of financial services or is left unregulated (private initiatives on the internet). Likewise, the terrorist financing risk also depends on the type of platform. Unregulated donation-based crowdfunding platforms present a higher inherent risk of misuse for terrorist financing purposes as these platforms are outside the scope of financial institutions and of prudential and anti-money laundering supervisors. The inherent risk of crowdfunding is higher if crowdfunding platforms allow use of virtual currencies or (anonymous) electronic money. The inherent risk is also higher if perpetrators set up donation-based crowdfunding platforms allowing the use of strawmen, relatives or individuals out of the scope of sanction lists.

The level of risk exposure varies depending on whether crowdfunding is directly linked to financial institutions or left to private initiatives on the internet. The risk is higher if crowdfunding platforms use virtual currencies or (anonymous) electronic money. Depending on the type of platform vary TF risk as well, the riskier platforms for TF are donation platforms which are out of the scope of financial institutions and out of the AML legal framework.

b) risk awareness

Even when a crowdfunding platform is regulated as a financial service provider, there may be a lack of knowledge about the sources of funds and the purpose. When provided through unregulated platforms, crowdfunding services providers are outside the scope of any AML/CFT monitoring. Competent authorities, including at EU level, are aware that terrorist financing risks exist, but the risk assessment is still incomplete in most Member States. It should, however, be stressed that where these platforms are included in the list of obliged entities, financial intelligence units will receive suspicious transaction reports.

c) legal framework and checks

Legal divergence in this area is until now a major source of concern, and the absence of a harmonised framework setting out clear AML/CFT obligations applicable to crowdfunding platforms significantly increases the EU’s exposure to ML/TF risks. Crowdfunding platforms as such are not obliged entities under the AMLD, and while some Member States have included CFPs in their national legislation transposing the AMLD, not all Member States consider crowdfunding platforms as obliged entities 58 . Regulation (EU) 2020/1503 of the European Parliament of the Council on European Crowdfunding Service Providers for business 59 harmonises the regulatory approach for business investment and lending-based crowdfunding platforms across the Union and ensures that adequate and coherent safeguards are in place to deal with potential money laundering and terrorist financing risks. Among those, there are requirements for the management of funds and payments in relation to all the financial transactions executed on these platforms. Crowdfunding service providers must either seek a license or partner with a payment service provider or a credit institution, which are obliged entities under this Regulation, for the execution of such transactions. The Regulation also sets out safeguards in the authorisation procedure, in the assessment of good repute of management and through due diligence procedures for project owners. The Commission will assess by 10 November 2023 in its report on that Regulation whether further safeguards may be necessary. It is therefore justified not to subject crowdfunding platforms licensed under Regulation (EU) 2020/1503 to EU AML/CFT legislation.

Crowdfunding platforms that are not licensed under Regulation (EU) 2020/1503 are currently left either unregulated or to diverging regulatory approaches, including in relation to rules and procedures to tackle anti-money laundering and terrorist financing risks. To bring consistency and ensure that there are no uncontrolled risks in such environment, the European Commission envisages to add the crowdfunding platforms that will not be licensed under Regulation (EU) 2020/1503 to the obliged entities of the EU AML/CFT framework 60 . It is therefore reasonable to expect to have a more comprehensive and enhanced legal framework for crowdfunding platforms in the coming years.

For the time being however, some competent authorities consider that checks and supervisory actions are weak, particularly as many platforms are not established physically in the territory where they operate, which hinders the efficiency of checks. Where credit and financial institutions are involved, the effectiveness of obliged entities’ checks is lower as the obliged entities can rely only on more limited information to monitor transactions and apply red flags.

Money laundering

The assessment of the money laundering vulnerability related to crowdfunding shows similar vulnerability assessment as for terrorist financing.

a) risk exposure

The level of risk exposure varies depending on whether crowdfunding is directly linked to financial institutions or left to private initiatives on the internet. In both cases, the use of virtual currencies may increase the inherent money laundering risk. Depending on the type of platform, crowdfunding services may facilitate anonymous transactions. On lending and securities platforms, it is possible to raise larger amounts, making the inherent risk of money laundering higher than for donation platforms. However these crowdfunding platforms would normally be regulated, thus complying with disclosure requirements, and partner with payment or credit institutions in order to carry out payment transactions.

b) risk awareness

The infiltration of such platforms by criminal organisations should also be considered an additional vulnerability factor. Some law enforcement agencies and financial intelligence units tend to regard crowdfunding as a widespread way to launder money. Even when a financial institution is involved, there is a lack of knowledge about the sources of funds, the scope of the funding and its purpose. When provided through unregulated entities, crowdfunding services are outside the scope of any AML/CFT monitoring. Competent authorities, including at EU level, are aware that money laundering risks exist but some of them consider this sector as low risk and are not considering including crowdfunding platforms as obliged entities. It should, however, be stressed that where these platforms are included in the list of obliged entities, financial intelligence units will receive suspicious transaction reports.

c) legal framework and checks

Regulation (EU) 2020/1503 of the European Parliament of the Council on European Crowdfunding Service Providers for business 61 harmonises the regulatory approach for business investment and lending-based crowdfunding platforms across the Union and ensures that adequate and coherent safeguards are in place to deal with potential money laundering and terrorist financing risks. Among those, there are requirements for the management of funds and payments in relation to all the financial transactions executed on these platforms. Crowdfunding service providers must either seek a license or partner with a payment service provider or a credit institution, which are obliged entities under this Regulation, for the execution of such transactions. The Regulation also sets out safeguards in the authorisation procedure, in the assessment of good repute of management and through due diligence procedures for project owners. The Commission will assess by 10 November 2023 in its report on that Regulation whether further safeguards may be necessary. It is therefore justified not to subject crowdfunding platforms licensed under Regulation (EU) 2020/1503 to EU AML/CFT legislation.

Crowdfunding platforms that are not licensed under Regulation (EU) 2020/1503 are currently left either unregulated or to diverging regulatory approaches, including in relation to rules and procedures to tackle anti-money laundering and terrorist financing risks. To bring consistency and ensure that there are no uncontrolled risks in such environment, the European Commission envisages to add the crowdfunding platforms that will not be licensed under Regulation (EU) 2020/1503 to the obliged entities of the EU AML/CFT framework 62 . It is therefore reasonable to expect to have a more comprehensive and enhanced legal framework for Crowdfunding platforms in the coming years.

For the time being however, even when crowdfunding platforms are considered obliged entities, competent authorities consider that checks and supervisory actions are weak, particularly as many platforms are not established physically in the territory where they operate, which hinders the efficiency of checks. Where credit and financial institutions are involved, the intensity of obliged entities’ checks may be lower if the obliged entities can rely only on more limited information to monitor transactions and apply red flags.

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as moderately significant (2).

As regards money laundering, the level of threat has been assessed as moderately significant (2), while the level of vulnerability has been assessed as moderately significant (2).

Mitigating measures

In its legislative proposal the Commission has added as obliged entities “crowdfunding service providers other than those regulated by Regulation (EU) 2020/1503”.

For the competent authorities:

·Member States should consider the need to define unregulated crowdfunding platforms as complementary obliged entities subject to AML/CFT requirements.

·Member States should closely monitor the legal developments related to the treatment of crowdfunding services providers and crowdfunding platforms for AML/CFT purposes.

·Member States should assess risks associated with crowdfunding in their jurisdiction, even where crowdfunding services providers and crowdfunding platforms are not obliged entities, as these risks may have an impact on regulated services.

·Member States should consider further communication to set out clearly their regulatory expectations in respect of the sector as well as the risks to which crowdfunding services providers and crowdfunding platforms are exposed 63 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

For the sector:

·Crowdfunding services providers (CSPs) should know their customers to prevent their crowdfunding platforms from being used to fund fictitious investment projects with illicit funds or being misused for ML or TF purposes.

·Crowdfunding services providers should take into account, among others 64 , the following risk factors as potentially contributing to increased risk when performing customer due diligences:

obusiness models where funds are collected through the crowdfunding platform but allows for later onward transmission (including where money is collected for an undetermined project and consequently held in the investor’s account until the project is determined; or where money is collected but may be returned to the investors where the fundraising target is not met, or where the project owner has not received the money);

obusiness models allowing early redemption of investments, early repayment of loans, or resale of the investments or loans through secondary markets;

othe absence of restriction on the size, volume or value of the transactions, loading or redemption processed through the crowdfunding platform, or the amount of funds to be stored in individual investor accounts;

othe possibility for investors to make payments through the crowdfunding platform with instruments not regulated or subject to less robust AML/CFT requirements than those required by Directive (EU) 2015/849.

6. Currency exchange

Product

Conversion of funds

Sector

Currency exchange offices (Bureaux de change)

Description of the risk scenario

Perpetrators are converting their funds into another currency to facilitate the conversion, transfer or laundering of funds 65 . Currency exchange offices can be used for money laundering purposes either by performing relevant transactions without knowledge of the illegal origin or destination of the funds concerned or by a direct involvement of the staff/management of the provider through complicity or takeover of such businesses by the criminal organisation 66 . Currency exchange offices are usually key nodes with the money laundering controller networks.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to currency exchange shows that this modus operandi is exploited by terrorist groups, especially by foreign terrorist fighters.

The EUR/USD conversion is particularly attractive for these groups. Bringing currency into conflict zones is one of the main ways of financing the movement of foreign terrorist fighters. From a technical point of view, the conversion of funds does not require specific planning, knowledge or expertise and is quite easy to access. Although it does not consist in raising or transferring funds, it is a necessary step for moving physically ‘clean’ currency (most of the time in cash). Terrorist groups may consider that currency exchange is as attractive as collecting or transferring funds to finance their activities.

.

Money laundering

The exchange office method is highly suitable to achieving money laundering objectives. In particular, the launderer can employ the office either as an operator or customer. The former is riskier; however, it facilitates an integration, whereas the latter is only applicable to the placement or the preparation of a placement. If the money launderer desires to launder smaller amounts of money on an irregular basis, they may frequent the office as a customer or send a straw man. 67

The most adequate placement should be in a city with many tourists holding different currencies from various nations. High volumes of money can be easily converted, making it easy for these criminal organisations to access to ‘clean’ currency. As with terrorist financing, currency exchange does not require specific planning or expertise for money laundering purposes. However, the volume of suspicious transactions is currently difficult to assess.

Currency exchange offices could also be part of a cash pool in a money laundering controller network.

Vulnerability

Terrorist financing

Vulnerability in currency exchange is linked to the transfer of funds. There are two different ways to perform the transactions:

·use of cash to exchange and transfer the funds to a specified bank or payment account;

·use of the internet to perform the currency exchange and transfer the funds to a bank account or payment account.

a) risk exposure

The fact that most of the transactions are in cash increases the sector’s vulnerability. Moreover, potential transactions linked to terrorist financing usually involve small amounts of cash that are more difficult to detect by currency exchange offices.

b) risk awareness

In some risk scenarios, money value transfer services (MVTS) providers are associated with currency exchange offices or even operate from the same premises. In such cases, alert systems and red flags applied by MVTS providers to detect terrorist financing-linked transactions are applied to the previous currency exchange transaction. The negative effect is that currency exchange offices rely on MVTS providers’ terrorist financing checks. The currency exchange office itself is not always in a position to trace the whole transaction, detect potentially suspicious transactions and have a complete business relationship with their customers.

Risk awareness in the sector is high, especially when currency exchange offices are close to MVTS, but the level of suspicious transaction reporting remains low except in specific cases such as USD conversion requested from high-risk non-EU countries (e.g. Syria).

c) legal framework and checks

Currency exchange offices are covered by the AML/CFT framework at EU level. Supervisors consider that checks relating to the effectiveness of suspicious transaction reporting are in general poor or very poor, similar to checks related to customer identification and verification 68 . In that sense, new technological developments may become an important mitigating force for this sector with the increase of online payments. Supervisory activities have been mostly limited to off-site inspections, with some thematic inspections carried out in response to identified concrete risks. When some jurisdictions apply thresholds for occasional transactions, vulnerability is higher, especially for terrorism financing risks, where low amounts are the norm.

Money laundering

The assessment of the money laundering vulnerability related to currency exchange made the following findings:

a) risk exposure

The fact that most transactions are in cash affects vulnerability; that effect is more pronounced when the customer uses large denomination notes, which are not well monitored. Other factors that increase the sectoral risk are the use of these services by politically exposed persons or the currency exchange offices being located in border zones. The main risk factor is the infiltration of currency exchange offices or agencies by criminal organisations. Inherent risk increases if firms have inadequate tools to detect potentially bad currency exchange agents.

b) risk awareness

In some risk scenarios, MVTS providers are associated with currency exchange offices, operate out of the same premises, or even the same employee takes charge of both transactions. In such cases, alert systems and red flags applied by MVTS providers to detect money laundering-linked transactions are applied to the previous currency exchange transaction. The negative effect is that currency exchange offices rely on MVTS providers’ money laundering checks. For anti-money laundering purposes, the level of reporting is uneven from one Member State to another, and does not necessarily consist in suspicious transaction reports (mostly currency transaction reports).

Supervisors’ assessments of the inherent risk for currency exchange sector are divergent, ranging from very significant to less significant. The core current risks identified include: the anonymity of transactions, proximity to border regions and itinerant communities (migrants, cross-border workers, asylum seekers, tourism), and the prevalence of cash transactions. Different competent authorities have identified these as the source of greatest concern.

c) legal framework and checks

Currency exchange offices are covered by the AML/CFT framework at EU level. Supervisors do not consider the currency exchange sector as high-risk in general; according to this assessment, resources to supervise this sector are lower than other sectors. Additionally, many competent authorities cited as ongoing risk factors poor internal checks, a lack of awareness of the relevant regulatory context and poor reporting practices on suspicious activity, despite checks being implemented. Another factor that hinders proper checks in currency exchange offices is the threshold that can be set out in different countries to apply customer due diligence obligations only for occasional transactions; in any case, most Member States apply thresholds lower than EUR 15,000.

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (3).

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (3).

Mitigating measures

For Member States / competent authorities:

·Competent authorities should conduct a number of on-site thematic inspections focusing on risks posed by agents. The scope of these thematic inspections should include checking that MVTS or currency exchange firms have a comprehensive agent oversight function including efficient monitoring systems, on-site reviews and training.

·Member States should eliminate thresholds for applying customer due diligence to occasional transactions in currency exchange sector in order to improve monitoring of suspicious transactions. An alternative option could be to impose a complete identification of customers doing several exchange transactions in a limited period (3-5 consecutive days). Some operators already applied such mechanism to monitor suspicious transactions.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

For the sector:

Technology assists the industry to meet compliance requirements set out by the regulator: some exchange business rely on cameras connected into a database, which alert authorities in case a listed, or even non-habitual, person is recognised. Systems for scanning photo ID documents can already indicate whether ID documents presented for the transaction are valid.

·Compliance should be accompanied by the implementation of suitable CDD mechanisms to accurately establish the identities of customers, and of transaction monitoring and screening measures.

·Transaction monitoring and screening measures should be focused on identifying high-risk customers and transactions, characterized by “red flag” behaviours and activities like, for instance:

oSuspicious transactions patterns or transactions taking place in unusual circumstances.

oTransactions through non-face-to-face services.

oPossible indications on agents or mules being used to conduct transactions on behalf of a third party.

oCustomers who falsify or conceal their identities.

oCases of multiple connected transfers in different currencies or into and out of different countries.

oTransactions to high risk third countries known to be major international and regional financial centres and trading hubs where many bureaux de change are situated, such as UAE and Hong Kong.

oCustomers who are politically exposed persons (PEPs), or who are on sanctions lists.

7. E-money sector

Product

E-money

Sector

Credit and financial institutions

General description of the sector and related product/activity concerned

‚Electronic money’ is defined under the second E-Money Directive (‘EMD2’, 2009/110/EC) as electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions and which is accepted by a natural or legal person other than the electronic money issuer. ‘Electronic money institutions’ are legal persons that have been granted authorisation under E-Money Directive requirements to issue electronic money, they are also considered as obliged entities submitted to Directive (EU) 2015/849 (AMLD) as modified by directive 2018/843. A key characteristic of e-money is its pre-paid nature. This means that an account, card or a device needs to be credited with a monetary value in order for that value to constitute e money. E-money can for example be stored on cards, on mobile devices, and in online accounts. Depending on the way e-money is stored, it can be classified as ‘hardware-based’ or ‘software-based’. Most e-money products require identification of the owner, however some products benefit from the exemptions under the AMLD, which allow owners to remain anonymous.

E-money typology

A first classification of e-money products depends on the technology used to store the monetary value: products can be hardware-based or software-based.

For hardware-based products, the purchasing power resides in a physical device, such as a chip card, with hardware-based security features. Monetary values are typically transferred by means of device readers that do not need real-time network connectivity to a remote server.

Software-based products have specialised software that functions on common devices such as computers or tablets. To enable the transfer of monetary values, the device typically needs to establish an online connection with a remote server that controls the use of the purchasing power. Schemes mixing both hardware and software-based features also exist.

Other potential distinctions between e-money products is the manner in which e money is created or issued. The key distinction relates to whether e-money is pre-paid by the user (payer) or by a third party on behalf of or in favour of the payer (e.g. by a company in the case of business-to-business cards or by a merchant in multi merchant loyalty schemes).

E-money products can be reloaded (to add more value after the initial issuing of e-money by the issuer) or not.

How e-money products are classified depends on whether the product is multifunctional or is linked to a platform. Both types are used online, but the latter only allows purchases in a single platform and does not allow peer-to-peer transfers. In both cases, a bank account is needed for loading the e-money products. Another category includes prepaid cards or vouchers with customer due diligence exemptions: these products can be used online or offline and can be purchased with cash.

Not all monetary value that is stored electronically should be considered as e-money in the context of the EMD2. Limited network products such as gift cards and public transport cards that can only be used with a certain retailer or a chain of defined retailers are outside the scope of EMD2, to the extent such instruments meet the conditions to fall under the limited network exemption in the EMD. Also, virtual assets such as Bitcoin are not considered as e-money as they are not issued on receipt of funds.

Description of the sector

Systematic examination of the market in terms of volume and value of e-money transactions is more complex. Although the European Central Bank (ECB) serves as a central source of statistical data on the value and volume of e-money transactions, there are numerous data gaps. According to the ECB, this is mainly because only euro area Member States are required to report statistical information, with remaining Member States doing this voluntarily.

Although existing ECB statistics do not provide a full picture of the size of the e-money market, they provide some indications concerning the orders of magnitude related to the market size, as well as changes over time.

According to the ECB data on the e-money market, in 2019, the value of e-money payment transactions with e-money issued by resident PSPs – from EU amounted to EUR 195,8 billion 69 . The same year, the value of e-money payment transactions with e-money issued by resident PSPs – from Luxembourg (hosting PayPal and Amazon) amounted EUR 143,674 billion 70 , while reaching EUR 36,6 billion in Italy 71 and only EUR 0,9 billion in Germany and EUR 0,561 billion in France. The average transaction value on that basis was of EUR 42. The number of e-money payment transactions – with e-money issued by resident PSPs from EU in 2019 was 4,66 billion 72 (including EUR 3,35 billion in Luxembourg, some EUR 0,98 billion in Italy but only 61 million in France and 33 million in Germany). The number of e-money payment transactions with e-money issued by resident PSPs from EU reached EUR 4,66 billion in 2019 73 . In the five-year period from 2015-2019, the number of e-money payment transactions with e-money issued by resident PSPs from EU increased by 95,7% (EUR 2,38 billion in 2015). These data are however not complete as they do not include several non-euro area markets and therefore underestimate the actual size of the EU market.

The ECB statistics do not cover limited network markets, including the gift card market. However, these cards are outside the scope of the AML/CTF legislation, at EU or national level, as their use is restricted to limited networks of retailers, or petrol stations (for fuel cards), and hence such cards present low AML/CTF risks.

Relevant actors

Electronic money can be issued by credit institutions, electronic money institutions and post office giro institutions are entitled under national law to issue electronic money. E-money can also be issued by the European Central Bank and national central banks when not acting in their capacity as monetary authority or other public authorities. Member States or their regional or local authorities when acting in their public capacity can also issue electronic money.

This sector appears to be highly concentrated, with the majority of e-money issuers within the EU based in Belgium, the Czech Republic, Denmark, Latvia and the Netherlands. Outside of the EU, the United Kingdom is also a major market for the industry. As regards the different business models, three types of actors are recognised in EMD2:

·the issuer: entity which ‘sells’ e-money to the customer (whether a consumer or a business) in exchange for a payment. It is also the entity that requires authorisation to issue electronic money and is regulated by EMD2;

·the distributor: entity other than the issuer that can distribute or redeem e-money on behalf of the issuer (i.e. it re-sells the e-money issued by the issuer, such as a retail outlet selling prepaid cards);

·the agent: entity that acts on behalf of the e-money issuer, enabling issuer to carry out payment services activities (except for issuing e-money) in another Member State without establishing a branch there.

In practice, this distinction appears to be most frequently used by the consulted e-money issuers primarily in the context of cross-border provision of e-money services, with selected issuers using ‘distribution partners’ in order to operate in other Member States 74 .

Description of the risk scenario

Perpetrators use characteristics and features of some of new payment methods ‘directly’ using truly anonymous products (i.e. without any customer identification) or ‘indirectly’ by abusing non-anonymous products (i.e. circumvention of verification measures using fake or stolen identities, or using strawmen or nominees etc.). Nevertheless, the latter option is costly and it is an easier option for perpetrators to deal with intermediaries in the delivery channel.

Perpetrators can load multiple cards under the anonymous prepaid card model. This multiple reloading could lead to substantial values, which can then be carried out abroad with limited traceability. It is also to be noted that some cards can still be loaded with cash, which increases the risk of ML. It is only when money stored in cards is used that e-money issuers have a chance to trace or monitor transactions.

Threat

The main contributing factors that expose the sector to ML/TF risks are those associated with distribution channels, as the use of intermediaries in the distribution chain can make it more difficult to perform adequate AML/CFT controls and oversight. Other risks factors according to national competent Authorities are linked to the sector’s extensive reliance on non-face-to-face identification processes (with increased risks of computer fraud and use of false documents), the relative anonymity of the customer for some of the products benefitting from exemptions under the AMLD, the ease and speed of e-money transactions and the poor overall awareness of ML/TF risks 75 .

Terrorist financing

E-money products present some advantages over cash when it comes to making online payments, and the use of these products does not require great expertise. Taking into account the low amounts of money needed for terrorist attacks, it can sometimes be easier to pay for some products or services (hotels, car rentals) using e-money products than by cash, even if perpetrators have to pass customer due diligence measures because payments are above the thresholds. On the other hand, e-money products are more traceable than cash.

When perpetrators send money to conflict zones e-money products can be safer to carry out, but using them as a means of payment in those countries can be more complicated than using cash as some e-money issues have placed restrictions on certain geographical areas where the cards can be used.

Law enforcement authorities have gathered evidence that e-money loaded onto prepaid cards has been used to finance terrorist activities, in particular to help terrorists commit attacks (e.g. hotel or car rentals). However, the threat from using prepaid cards or e-money products for this purpose is independent of the need to get through customer due diligence measures to gain access to e-money products.

In summary, e-money products may have better traceability than cash, however, considering the speed of transactions and the possibility to physically transport the cards to jurisdictions designated as high risk for terrorism, even when the transactions are traced, it may be difficult to track the perpetrators. The level of threat is independent of the thresholds for applying customer due diligence if perpetrators are not included in sanction lists.

Money laundering

The assessment of the money laundering threat is linked to some cash-based products that can be used by criminal organisations, including non-EU ones, through distributors of these products. E-money products have some advantages over cash when it comes to moving that money outside the EU or to different Member States. Nevertheless, cash remains a preferred option for these groups.

Financial intelligence units have detected multiples cases of misuse of e-money (tax fraud, drug trafficking, prostitution) through the purchase of multiple prepaid cards. Law enforcement authorities have found cases where the proceeds of drug trafficking were laundered by prepaid cards. Prepaid cards may enable large amounts to be moved about easily. However, since the use of frontmen is costly when circumventing customer due diligence thresholds and laundering large amounts of money, it easier to use agents involved in the delivery channel of e-money products.

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to e-money made the following findings:

a) risk exposure

The e-money sector is not homogeneous, due the wide range of products in which the level of terrorist financing and money laundering risks are completely different. Some e-money products of low value that are not linked to a current account (cash-based products 76 ) offer anonymity features similar to cash because they are exempt from customer due diligence measures. Particular concerns concerning prepaid cards are also linked to situations where there is no limit to the number of cards a customer could own. The terrorist financing inherent risk can be significant in these specific e-money products due the low amounts used in terrorist attacks and because they offer a discrete way to make low payments in comparison with cash. Nevertheless, perpetrators still consider the use of cash as a preferred option due to the complete anonymity.

The terrorist financing inherent risk for non-cash-based e-money products can be considered similar to that of other banking products or credit cards. Despite the origins of funds being known and traceability of payments being complete, perpetrators can use these products as a means of payment even if they have to pass customer due diligence measures. This is because most of the time perpetrators may provide evidence of legitimate income and are not within the scope of sanctions regime. Regtech 77 solutions were also identified as key current risks, with increased risks of computer fraud and use of false documents.

In respect of TF, e-money products is of particular interest for moving safely money to conflict zones, including for terrorist financing purpose.

Inherent risk depends mainly on the structure of the product, but even e-money products non-cash-based can present a significant risk if the funds are legitimate, perpetrators are not on the sanction lists and the amounts of money needed are low. It is remarkable that financial sanctions target individuals or groups that are already known to pose a threat, whereas risk often emanates from individuals who are not yet identified. In that sense, the terrorist financing inherent risk is independent of the thresholds or the customer due diligence measures applied.

b) risk awareness

Sector awareness can be considered high, especially after some terrorist attacks where e-money products were used. However, there are still some concerns among supervisors as to whether e-money firms who sell products with an exemption from customer due diligence are able to perform efficient monitoring and reporting of suspicious transactions. On the other hand, the results of thematic inspections to the sector has shown a good level of checks and risk assessment in the firms inspected. Most supervisors classify the sector’s overall risk as ‘moderately significant’ or ‘significant’.

There is an increasing number of initiatives aimed at engaging with competent authorities and law enforcement authorities; these can contribute to raising the risk awareness in the sector and to improving efficiency.

c) legal framework and checks

E-money is covered by AML/CFT requirements at EU level. Under the AMLD, some e-money products benefit from an exemption regime which means that when some risk-mitigating conditions are met (the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 150, which can be used only in the Member State of issuance, the payment instrument is used exclusively to purchase goods or services and cannot be funded with anonymous electronic money), certain customer due diligence measures need not to be applied. On the other hand, the AML Directive require e-money issuers to always carry out sufficient monitoring of the transactions, the thresholds for allowing these customer due diligence derogations have already been lowered in 2018 and the European Commission envisages to possibly further limit these possibilities in the future.

In addition, Member States may require electronic money issuers whose head office is situated in another Member State (home Member State) but operating in their jurisdictions (host Member State) under either the right of establishment or the freedom to provide services to appoint a central contact point in their territory. That central contact point shall ensure, on behalf of the institution operating on a cross-border basis, compliance with AML/CFT rules and shall facilitate supervision by supervisors, including by providing supervisors with documents and information on request.

Having effective checks in place in relation to terrorist financing can require a lot of AML/CFT staff, which can affect the business model of small e-money firms and reduce the efficiency of their monitoring systems, even when they have proper software tools to monitor transactions. In that sense, when it comes to terrorist financing risks, the efficiency of checks is independent of the customer due diligence measures applied and depends more on the quality of the databases checked to detect transactions and customers linked with terrorist financing. The sector’s engagement with competent authorities and law enforcement authorities is crucial to improve efficiency and mitigate such risks.

Money laundering

The assessment of the money laundering vulnerability related to e-money shows made the following findings:

a) risk exposure

Among the wide range of e-money products, the products most exposed to money laundering risks are the ones that can be purchased for cash. The use of these products individually for money laundering purposes is costly because of the lower thresholds and the cost of hiring frontmen to circumvent the thresholds for applying customer due diligence. As a result of their supervisory activities, National competent authorities identified a relatively small number of breaches. In 2018, where breaches were identified, these were mostly serious, with egregious breaches identified in only few cases. In 2019, breaches identified were mostly minor or moderate, with no egregious breaches reported 78 . However, the main contributing factors that expose the sector to ML/TF risks are those associated with distribution channels. This is because the use of intermediaries in the distribution chain is common in the sector, which can make adequate AML/CFT controls and oversight more difficult.

Perpetrators or facilitators can have an external agreement with these agents or distributors to purchase large amounts of prepaid cards and move those funds across Member States or non-EU countries, or even to sell such amounts of prepaid cards at a discount to third parties.

If e-money firms do not have robust checks over their distributor’s network and detect potential rogue distributors, such distributors will be able to avoid applying customer due diligence measures properly and to introduce fake documents into the system, in a similar way as occurs with rogue agents of money remittance firms. As a consequence, the risk inherent in distribution models is determined primarily by the extent to which e‐money is distributed by persons other than the e‐money issuer.

The money laundering inherent risk is considerably lower for the remaining e-money products linked to a bank account or a payment account.

b) risk awareness

The sector trusts in the use of technology for its checks over e-money products and assesses the money laundering risk posed by its products, even pre-paid cards or cash-based vouchers, as ‘less significant’ or ‘moderately significant’. The issuer of the e-money has access to the product at every moment and has resources to deactivate cards in case of suspicious transactions. Most supervisors have assessed the sector’s overall risk profile as ‘moderately significant’ or ‘significant’. The difference in perception between the sector and supervisors stems mainly from divergent views of the extent to which e-money issuers’ AML/CFT checks are effective. On the other hand, in one EU Member State where many licences have been issued, the supervisory authority has recently conducted a thematic inspection in the sector and has found a good level of checks and risk assessment in the firms inspected.

c) legal framework and checks

E-money is covered by AML/CFT requirements at EU level. Under the AMLD, e-money products benefit from an exemption regime which means that when some risk-mitigating conditions are met (the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 150, which can be used only in the Member State of issuance, the payment instrument is used exclusively to purchase goods or services and cannot be funded with anonymous electronic money), certain customer due diligence measures need not to be applied. On the other hand, the AML Directive requires e-money issuers to always carry out sufficient monitoring of the transactions, the thresholds for allowing these customer due diligence derogations have already been lowered in 2018 and the European Commission envisages to possibly further limit these possibilities in the future.

In addition, Member States may require electronic money issuers whose head office is situated in another Member State (home Member State) but operating in their jurisdictions (host Member State) under either the right of establishment or the freedom to provide services to appoint a central contact point in their territory. That central contact point shall ensure, on behalf of the institution operating on a cross-border basis, compliance with AML/CFT rules and shall facilitate supervision by supervisors, including by providing supervisors with documents and information on request.

Supervisors identified weaknesses in particular in the effectiveness of monitoring, the identification of suspicious transactions, and internal checks and oversight. However, the sector relies heavily on transaction monitoring as a risk mitigation tool, which includes effective distributor’s network oversight, that may require additional staff in addition to technology, increasing vulnerability in small e-money firms.

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (3).

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (3).

Mitigating measures

For the competent authorities:

·Member States competent authorities should carry out more robust risk assessment of the sector to the extent that Electronic money issuers are active on their territory, clearly identifying and assessing all ML/TF risk factors in their national risk assessments 79 .

·Member States competent authorities should also consider how best they can use a mix of different supervisory tools to supervise the sector more efficiently and in line with that risk profile. While full-scope on-site inspections may not be necessary in every case, Member States competent authorities should consider how they can use, for instance, on-site thematic reviews to ensure adequate supervisory coverage of a sufficiently large number of firms.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

For the European Commission:

·The European Commission should reassess whether the current exemption contained in the AML directive with respect to customer due diligences in the context of electronic money transaction keeps a legitimacy and should be maintained or whether it could possibly be further limited.

8. Transfers of funds and money remittance

Product

Transfers of funds and money remittance

Sector

Credit and financial institutions — money value transfer services

General description of the sector and related product/activity concerned

Under Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (Text with EEA relevance), ‘transfer of funds’ means any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including (a) a credit transfer 80 ; (b) a direct debit 81 ; (c) a money remittance 82 , whether national or cross border; (d) a transfer carried out using a payment card, an electronic money instrument, or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics.

Money value transfer or money remittance is defined under the second Payment Services Directive (PSD2) as a payment service where funds are received from a payer by means of a communication, message, transfer, or through a clearing network to which the MVTS provider belongs, without any payment accounts being created in the name of the payer or the payee, for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee, and/or where such funds are received on behalf of and made available to the payee. Transactions performed by such services can involve one or more intermediaries and a final payment to a third party, and may include any new payment methods. They represent one of the most risky activity among the different payment services performing transfer of funds. A key example of money remittance is the remittances service offered by large agency network providers (money value transfer systems or ‘MVTS’), where the payer gives cash to a payment service provider’s agent to make it available to the payee through another agent.

Statistics

Money remittance is a payment service that can be provided by payment service providers including credit institutions, e-money institutions, and authorised payment institutions. Money remittance is the payment service for which authorised payment institutions are most commonly authorised for.

Most migrants use MVTS services for a variety of reasons, including because they offer lower fees than banks, are more widely accessible (i.e. opening hours), and more fundamentally, because in most developing countries, the network on MVTS is the widest (as compared to banks) and many people do not have access to bank accounts in developing countries. According to the World Bank, inflows from remittances were equivalent to more than 10% of 2015 GDP in 29 countries, and more than 20% in eight of them 83 .

General ECB statistics also show that in 2019, the total amount of remittances sent from EU Member States amounted to EUR 200,4 billion, with a slight increase compared to 2018 (EUR 194,5 billion) 84 .

The market landscape shows that different types of MVTS providers are operating. This is reflected in the Payment Services Directive, which provides for ‘registered MVTS’ and ‘authorised MVTS’.

Description of the risk scenario

Terrorist financing

Perpetrators use money and value transfer services provided by financial institutions to place and/or transfer funds that are in cash or in anonymous e-money (non-account-based transactions). They use MVTS services to transfer rapidly amounts across jurisdictions, usually favouring a series of low value transactions to avoid raising red flags.

Money laundering

Perpetrators may use MVTS services to carry out a number of illicit operations. Most licensed or registered MVTS providers hold accounts at banks in order to process transfers and settle accounts with agents both domestically and internationally. However, settlement may be done through wire transfers, often involving aggregated amounts, processed through the international banking system. In addition, settlement can be done through third party payment providers 85 :

·Proceeds of crime are laundered through settlement systems in a non-EU country. MVTS providers channel funds through highly complex payment chains with a high number of intermediaries and jurisdictions involved in the funds circuit, hindering the traceability of illicit funds. MVTS providers operating along the payment chain often establish formal and/or informal settlement systems (frequently along with trade-based money laundering techniques), also hampering traceability of illicit funds.

·Large sums of cash are broken down into smaller amounts that are below the thresholds for which stricter customer identification is required.

·Proceeds of crime are placed in the financial system through a regulated MVTS offering payment accounts or similar products. Perpetrators may also use such regulated MVTS providers to channel their funds.

·Funds are placed and/or transferred through money remittance services. Risks of money laundering / terrorist financing activity may be particularly high when funds to be transferred are received in cash or in anonymous e-money.

Rogue agents usually perform transactions using fake IDs and fake invoices.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to money value transfers services shows that terrorist groups recurrently use this method. Payment institutions, e-money institutions and bureaux de change are also perceived by several CAs as being particularly vulnerable to TF, in particular as regards the use of cash, pre-paid instruments, the importance of transactions from/to high-risk jurisdictions and the anonymity allowed from transactions below the CDD threshold 86 . Law enforcement authorities and financial intelligence units have gathered strong evidence that these services are used to collect and transfer funds used to support the financing of terrorist activities within the EU and in particular to transfer funds by/for foreign terrorist fighters travelling to/from conflict zones.

MVTS providers are, depending on their organisation, easy to access and terrorists do not require specific expertise or techniques to abuse this service for finance terrorist activities. Terrorists might be more attracted to large MVTS providers due to their global network of agents, while smaller MVTS providers might not be so attractive since they usually operate in a limited number of countries. The specific features of MVTS providers (see vulnerabilities part) mean that they are perceived as attractive and secure.

Money laundering

Organised crime groups recurrently use this method. Law enforcement authorities and financial intelligence units have gathered strong evidence that these services are used to collect and transfer funds used to support money laundering activities. MVTS providers are, depending on their organisation, easy to access and do not require specific expertise or techniques to launder proceeds of crime. The specific features of MVTS providers mean that they are perceived as attractive and secure. Usually perpetrators get in touch with agents to launder the money of an organised crime group in exchange for a percentage of the amount of money laundered. Agents linked with these perpetrators usually perform fake transactions with fake customer IDs if they are aware of weak customer due diligence checks by the MVTS firm. Otherwise, they can use real customer forms to add new transactions.

Based on the principle of non-exclusivity, agents can work for different companies at the same time. This means that when they are connected with perpetrators, agents can easily split transactions between firms in order to launder large amounts; such activities are difficult to detect for individual firms and competent authorities.

Vulnerability

Terrorist financing

a) risk exposure

Reliance on cash-based transactions and the recurring use of these services in high-risk areas lead to a high risk exposure. When money is used for terrorist attacks in the EU, a higher inherent risk results from the sending of low amounts and from payers who are not included on sanctions lists.

The sector is vulnerable to cross‐border abuse for terrorist financing purposes. Investigations carried out by law enforcement authorities following recent terrorist attacks, for example in Paris and the UK, have confirmed that terrorists used money remittance to raise and move funds. In contrast to money launderers, individuals looking to finance terrorism may not seek to hide their identity and may use legitimate funding sources, often in small amounts. Additionally, the terrorist financing risk often emanates from individuals who are not covered by the sanctions regime.

The significant risk of money laundering and terrorist financing in the MVTS sector has led banks to adopt ‘de-risking’ policies towards money remittance services in certain higher risk regions. This trend raises concerns, as de‐risking may ultimately lead to money remittance services being driven underground (i.e. informal service providers such as hawala services). Financial inclusion concerns also arise, as money remittance services play an important role for customers who have limited or no access to other regulated financial services. A decline in the number of correspondent banking relationships is a source of concern for developing countries where remittance flows are a key source of funds for households as it has a significant impact on Remittance service providers’ ability to access banking services 87 .

b) risk awareness

According to the competent authorities, risk awareness in the sector is high (due to the recent terrorist attacks). Law enforcement authorities notice that the bigger players are more often misused by terrorists than the smaller ones due to their bigger agent networks in different countries. While MVTS providers have put in place measures to identify their customers and verify their identities, an effective ongoing monitoring of transactions would require a better access to relevant information, often held by law enforcement authorities, that would help them identify terrorist financing risks before they materialise. Likewise, law enforcement authorities’ efforts to disrupt terrorist activities and networks can be hampered when they are unable to obtain information about finance flows that only firms can provide.

The majority of supervisors consider the overall risk profile of the sector as significant or very significant, and more than 50% of the firms in the sector are rated as a very significant risk. However, it is important to highlight that the entire sector is not submitted to the same level of risk and must be addressed on a case-by-case basis. In that regard, the FATF interpretive note to recommendation 10 (Customer Due Diligence) sets out examples of potentially higher-risk situations, including businesses that are cash intensive, or involving non-resident customers.

c) legal framework and checks

Registered and authorised MVTS providers are subject to AML/CFT requirements at EU level. Regulation (EU) 2015/847 specifies the duties of payment service providers regarding the information on the payer and the payee that must be attached to the fund transfers. It also requires payment service providers to put in place effective procedures to detect transfers of funds that lack this information, and to determine whether to execute, reject or suspend such transfers of funds. Its aim is to prevent the abuse of fund transfers for ML/TF purposes, to detect such abuse should it occur, and to allow relevant authorities promptly to access information on the payer and the payee associated with a particular transfer where necessary. The effectiveness of checks in place remains however until now rated as generally poor by supervisors. Firms in the sector, especially large firms, rely on their customer checks and alert systems to mitigate risks.

The efficiency of current systems to detect suspicious transactions linked to terrorist financing is not high, despite their being intensive in human resources. As with inherent risk, terrorist financing risk often emanates from individuals who are not covered by the sanctions regime. As a result, closer cooperation is needed between firms and law enforcement authorities so that they become more efficient at detecting customers linked to terrorist activities.

Money laundering

The MVTS sector is made up of a very diverse range of actors, from independent business with limited outlet locations to large multinational corporations having on the contrary a big geographical scope and using a network of agents. Money laundering vulnerability related to money value transfers services cannot be assessed without considering that most important MVTS providers rely on agents. Therefore agents constitute the main factor for risk exposure for MVTS providers.

a) risk exposure

MVTS services allow for speedy transactions. They are more and more provided by companies ensuring a fully traceable and digital service -and this change was accelerated by the COVID 19 pandemics. They remain however, in a number of cases, cash-based and. Due to their specific features and in particular their reliance on agents, MVTS services can be provided in high-risk non-EU countries and may be used by high-risk customers meant to be subject to specific monitoring and checks. Therefore, the most prevalent risks in the MVTS sector are linked to their high speed, the consolidated volume they represent (although individual transactions are usually low), factors that can be worsen in cases where they involve cash-intensive services and transfers to high-risk jurisdictions.

Performing consistent customer due diligence can be problematic due to the nature of the customers, who usually make isolated transactions, and due to the risk that frontmen will be used to perform transactions (despite this being a more expensive method to launder money). However, inherent risk is higher when money remittance firms does not have robust monitoring systems to check retail agents’ networks, especially in firms with large retail agent’s networks.

The significant risk of money laundering and terrorist financing in the MVTS sector has led banks mainly to adopt ‘de-risking’ policies towards money remittance services in certain higher risk regions. This trend raises concerns, as de‐risking may ultimately lead to money remittance services being driven underground (i.e. to informal service providers such as hawala services). Financial concerns also arise, first for the developing countries that rely on the income and the important weight they represent in their gross domestic product, and as money remittance services play an important role for customers who have limited or no access to other regulated financial services.

b) risk awareness

Risk awareness can be considered high in the sector. Checks are in general effective when focused on customer risk; however, when it comes to the money laundering risk from rogue agents, checks are not so effective across the EU. In addition, in some countries de minimis thresholds are in place for triggering customer due diligence obligations, leading to possibly a too light oversight of agents in the context of a very competitive sector, pushing sometimes to a trade-off between profitability and compliance. Agents linked with money laundering activities are usually the most profitable ones. Hence, if firms are not able to detect a clear connection with such activities, they prefer to keep the agent in their networks but under surveillance (usually setting quantitative limits for their transactions), rather than report the agent to the financial intelligence unit and thus break the commercial relationship.

Supervisory awareness of such risks is high. In their risk assessments, some supervisors have cited the following risks associated with agent networks: inadequate agent governance, training and monitoring. In contrast, most supervisors perceive the sector’s risk awareness as poor or very poor.

Reporting of suspicious transactions to financial intelligence units is not always effective if firms report large amounts of isolated customer transactions instead of reporting agents or groups of agents performing those transactions.

c) legal framework and checks

Registered and authorised MVTS providers are subject to AML/CFT requirements at EU level. Regulation (EU) 2015/847 specifies which information on the payer and the payee must accompany the fund transfers. It also requires payment service providers to put in place effective procedures to detect transfers of funds that lack this information, and to determine whether to execute, reject or suspend such transfers of funds. Its aim is to prevent the abuse of fund transfers for ML/TF purposes, to detect such abuse should it occur, and to allow relevant authorities promptly to access information on the payer and the payee associated with a particular transfer where necessary. Because of the reliance on agents, supervision of the sector is very challenging. Firms rely more and more on new technologies and software to conduct robust customer due diligence and agent oversight, measures which should enhance their efficiency once they will be more generally used. MVTS providers need to develop trainings of their agents to make them perform proper customer due diligence while they should more efficiently ban rogue agents from their networks.

Currently, cross-border cooperation is not working properly and supervisors are not able to put in place appropriate checks and an appropriate sanctions regime. That being the case, one of the aims of the 4th and 5th AMLDs is to enhance cooperation between AML supervisors. In this light, setting up ‘AML colleges of supervisors’ when obliged entities operate in different jurisdictions can improve supervision across EU.

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), and the level of vulnerability has also been assessed as very significant (4).

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant (3).

Mitigating measures

For the competent authorities:

·Member States could envisage lowering or eliminating thresholds to occasional transactions, consider applying systematic customer due diligence to all transactions, so that MVTS firms can efficiently monitor and detect suspicious transactions and suspicious agents linked to money launderers.

·Set up and promote a system in which suspicious agents reported by MVTS firms are recorded in a database to which all firms in the sector have access. This would limit or eliminate the activity of suspicious agents.

·Competent authorities should conduct a number of on-site thematic inspections focusing on risks posed in agents. The scope of these thematic inspections should include checking that MVTS firms have a comprehensive agent oversight function including efficient monitoring systems, on-site reviews and training.

·Considering the cross-border nature of ML/TF, Member States should encourage relevant authorities in charge of preventing and combatting ML/TF to request support from Europol.

For the sector:

·Payment service providers must take measures to detect missing or incomplete information on the payer or the payee in a transfer of funds, and procedures in place to manage a transfer of funds lacking the required information.

For the European supervisory authorities:

·Encourage competent authorities to dedicate appropriate resources, proportionate to the level of risks, to MVTS inspections, focusing on oversight of agents.

For the European Commission:

·Promote cooperation between law enforcement authorities and financial institutions in order to improve effectiveness of terrorist financing alert systems at supranational level.

9. Illegal transfers of funds — Hawala

Product

Illegal/informal transfer of funds through hawala

General description

Hawala is a system of money transmission which arranges the transfer and receipt of funds or equivalent value. It is often reliant on ties within specific geographical regions or ethnic communities. These movements of value may be settled through trade or cash businesses engaged in remittance activities. They often operate in areas of expatriate communities. Hawaladars (those that operate hawala) often run parallel businesses, particularly currency exchange, travel agencies or telephone shops, or even work as agents of official money transfer providers. The term hawala is often used to describe a number of different informal value transfer systems which have similar properties and operate in similar ways, although they are not strictly hawala. Such fund transfers are considered as unregulated payment services under EU law, meaning that they are illegal within the EU. Informal systems of value transfer, like Hawala, can be used for legitimate purposes, like money remittances, but also for criminal ones.

In 2013, the Financial Action Task Force (FATF) came up with the wider term ‘Hawala and other similar service providers’ or ‘HOSSPs’ to describe this activity. HOSSPs are a subset of informal value transfer services; forms other than hawala include hundi, Chinese underground banking and black market peso exchange. Informal value transfer systems are concerned with the movement of value without the need for money to be physically or electronically moved.

Members of diaspora and migrant communities use these MLCN extensively to send legitimate remittances to their country of origin. At the same time, the implementation of stricter anti-money laundering regulations in mainstream financial institutions has also made informal value transfer systems, and MLCN increasingly attractive to organised crime groups, who frequently use them to transfer illegitimate remittances, i.e. transfer large amounts of criminal proceeds or to launder such criminal proceeds, providing layering and remittance services within and outside the EU.

Hawala payments are informal funds transfers that are made without the involvement of authorised financial institutions. In principle, the money does not physically move from the payer to the payee. Instead, as is also often the case in money remittances, this is done by offsetting balances between the hawaladar of the payer and the hawaladar of the payee. To illustrate this method, a hawaladar from country A (HA) receives funds in one value (cryptocurrency, gold, goods, etc.) from the payer and, in return, gives the payer a code for authentication purposes. He then instructs his country B correspondent (HB) to deliver an equivalent amount in the local currency to a designated beneficiary, who needs to disclose the code to receive the funds. After the remittance, HA has a liability to HB, and the settlement of their positions is made by various means, either financial or goods and services.

Normally, all operators providing payment services as defined in Annex I, point 6 of the second Payment Services Directive (PSD2) should be appropriately registered and regulated. Such providers should seek the status of authorised payment institutions.

Recent and significant law enforcement efforts have proved beyond doubt that the unregulated and clandestine nature of HOSSP informal remittance systems has made them the preferred choice of criminals in money laundering.

Although hawaladars must be registered and properly licensed under the Payment Services Directive, these payment service providers often choose to carry out such transfers irregularly, outside of the conventional banking system and without proper licensing. This means that they circumvent their anti-money laundering and tax obligations and avoid mandatory supervision under the anti-money laundering regulations. Often authorities lack the means to detect these networks and properly enforce the application of PSD2 and AML obligations to these providers.

Description of the risk scenario

Contrary to all other remittance systems, hawala is based on a network of key players (hawaladars) tied by trust due to specific geographical regions, families, tribes, ethnic communities, nationalities, commercial activity, etc. Hawaladars settle transactions between themselves over a long period of time by net settlement using banking channels, trade or cash. This means that contrary to all other remittance systems, funds are not transferred for each and every transaction. Instead, each day they use a local cash pool with money that was already in the system to pay the beneficiary. After a set period only the net amount is settled. Hawaladars aggregate months of funds received through individual remitters and then perform the settlement. It needs to be stressed that legitimate and licensed value transfer services also usually operate in this way.

Margins on even small international transfers may be as low as 1%, far less than banks’ charges. It is not only cheaper to use a hawala merchant than a bank, but quicker and easier too. Transfers can typically be picked up the same day. Customers do not need to prove their identity, or explain why the money is being sent. That is why it is essential in countries, where large parts of the population do not have identity documents.

The hawala network also uses some unique techniques:

·bilateral settlement: ‘reverse hawala’ between two hawaladars;

·multilateral settlement: ‘triangular’, ‘quadrangular’ or other arrangements between several hawaladars in the same network;

·value settlement through trade transactions, usually applying trade-based money laundering techniques (shipment of the equivalent value through trade transactions such as merchandise, paying a debt, or invoice of same value that they owe; over-invoicing or under-invoicing; double invoicing; black market peso exchange; transformation of the value into cryptocurrencies or gold; etc.);

·cash settlement via cross-border cash couriers, banking and money service business channels.

Specific hawala networks are created to serve exclusively criminal needs; these place and layer criminal money and pay the equivalent value on demand elsewhere in the world.

Such networks are known to use the techniques described above. In addition, to protect themselves, hawala networks use the following techniques:

·quick cash pick-ups;

·authentication via a token (a regular feature of criminal cash handovers is the use of the unique serial number on a banknote to act as a means of identification and a rudimentary receipt for the handover);

·placement via cuckoo smurfing (a form of money laundering linked to alternative remittance systems in which criminal funds are transferred through the accounts of unwitting persons who are expecting genuine funds or payments from overseas).

All these techniques are unique to the hawala system and are all known red flag indicators of hawala activities for EU law enforcement agencies.

Such criminal hawala networks also follow a particular structure composed of:

·controllers or money brokers — these make the deal with organised crime groups for the collection of dirty cash and for delivery of its value to a chosen destination;

·coordinators — these are intermediaries working for the controller and managing different collectors;

·collectors — these collect dirty cash from criminals and dispose of it;

·transmitters — these receive and dispatch the money obtained by the collector (usually a money service business operator).

The impact of COVID-19

COVID-19 has affected and still is affecting hawala negatively, having dried up cross-border trade and closed the small shops and businesses that do transfers. But the bigger hit has been to goods trade. With borders closed, importers did not need to move money around, or to borrow to cover liquidity gaps 88 .

In countries like Somalia, where telecoms operators are largely unregulated, hawaladars have started to work as mobile-money agents on the side and transactions around the country can be done instantaneously on phones. According to the World Bank, around three-quarters of Somalis use mobile money—mostly denominated in dollars—and it is more common than cash 89 .

On the other hand, LEAs inform that the post-lockdown time has been one of the busiest periods for the money launderers globally, as they saw a huge opportunity to pump unaccounted money into the market by financing small-time traders and people who were looking for funds to start a trade of their own 90 .

Threat 91

The scale of hawala in the EU is unknown. As a tool for comparison, the central bank of the UEMOA (West African Economic and Monetary Union) space of eight countries says that over $450 million is moved back and forth each year through this method 92 , with the actual figure possibly being at least twice or thrice the initial estimate. Estimations in South Asia refer to nearly $400 billion passing through the hawala networks every year 93 . Europol is also aware of several multi-million EUR on-going money laundering investigations focusing on criminal hawala 94 in Europe.

Hawala is known to be associated with certain businesses of certain ethnic communities (India, Afghanistan, Pakistan, Iran, United Arab Emirates, sub-Saharan Africa, Somalia and China) that are common in the EU. Examples of the kinds of business involved are travel agencies, pawn shops, mobile phone and SIM cards sales, top-up of mobile cards, grocery stores, import/export business, as well as various neighbourhood-type businesses such as nail salons, hairdressers, beauty salons, flower shops.

There are no direct money/value flows between sender and receiver that law enforcement agencies can track or trace. This makes tracing the money/value flow in a Hawala network virtually impossible 95 even if ledgers are seized — they are usually encrypted, and more and more often located on cloud servers located in non-cooperative jurisdictions. This opacity makes it attractive for perpetrators. LEAs have detected some overlap between official and informal value transfer systems, notably through “cuckoo smurfing”. On the other hand, hawaladars are able to launder large sums of cash for different proceeds of crime (drug trafficking, tax evasion, terrorist financing, etc.).

.

Vulnerability

Mitigating measures

For Member States / competent authorities:

·Set up joint money laundering intelligence task forces. Ensure cooperation between the financial sector and government institutions on the exchange of intelligence to prevent money laundering (which may also extend to Hawala services). This cooperation may take place in the framework of national risk assessments, the organisation of conferences with private sector engagement, or FIUs informing the financial sector on emerging threats and the financial sector issuing suspicious transaction reports as a result.

·Carry out administrative inspections to verify that obliged entities, especially money remitters, have in place checks to detect hawaladars using registered agents as window dressing to attract customers in order to offer them hawala. The points where those networks are more vulnerable being:

oCash handovers.

oCash transportation.

oInternational transactions made by third parties.

oMoney Service Businesses, Exchange Houses and Hawaladars in the cash pool.

oOTC Crypto Brokers.

oTax and customs declarations.

·In the most affected countries, establish specialised investigation teams within the anti-money laundering or drugs units, as the work against criminal hawaladars often involves developing physical and technical surveillance on the suspects involved in cash movements related to drug traffics.

·Set up actions in airports and ports focusing on cash couriers.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

10. Payment services

Product

Payment services

Sector

Credit and financial sector

General description of the sector and related product/activity concerned

Payment services products

Payment services are regulated by the revised Payment Services Directive (‘PSD2’) 97 . They are listed in Annex I of PSD2 and cover a wide variety of services, including:

·services enabling cash to be placed on or withdrawn from a payment account (cash deposits are addressed in a separate section of this report);

·money remittance (also covered in another section of this report);

·execution of payment transactions such as credit transfers or direct debits;

·execution of payment transactions through payment cards or similar devices;

·issuance of payment instruments;

·payment transactions acquisition.

A ‘payment transaction’ is defined as an act initiated by the payer or on his behalf or by the payee, of placing, transferring or withdrawing funds, irrespective of any underlying obligations between the payer and the payee.

PSD2 covers additional payment services, which have emerged during the past years in the wake of the digitalisation of services. These services are referred to as payment initiation services and account information services. The money laundering and terrorist financing risk of these operations is considered the most relevant in the context of this fiche. Other specific aspects are dealt with in other parts of the Supra-national risk assessment 98 .

Payment initiation services allow consumers to pay for their purchases by a credit transfer instead of a card payment. The payment initiation service provider can receive information whether there are sufficient funds on the consumer’s account balance to make the payment. It informs the merchant that the payment order has been successfully initiated. On this basis, the web merchant may decide to ship the goods or provide the service before the amount is booked on his account. PSD2 covers these new payments, addressing potential issues over confidentiality, liability and the security of such transactions.

Most of the PSD2 became applicable on 13 January 2018, some selected provisions on strong customer authentication (SCA) and access to payment accounts on 14 September 2019. PSD2 does not regulate all payments. Payments in cash or paper cheque payments are not covered. Payment transactions by a provider of electronic communication networks, under a certain value are also excluded from the scope of the Directive.

In 2021, the Commission consulted stakeholders on remaining obstacles as well as possible enabling actions that could be taken to ensure a wide availability and use of instant payments in the EU. Instant payment represent an innovation opportunity but will also raise new challenges that will be carefully considered to ensure that the money laundering and terrorism financing risks are mitigated appropriately.

The total value of payment transactions in the EU involving non-monetary financial institutions reached EUR 195,1 trillion 99 in 2019. The large majority of payments was done electronically. The total number of payment transactions in the euro area increased by 8.1% to 98.0 billion in 2019 compared with the previous year, with a total value of EUR 162.1 trillion 100 . Card payments accounted for 48% of the total number of non-cash payments in the euro area 101 .

The number of cards in the euro area with a payment function increased in 2020 by 6.5% to 609.3 million. With a total euro area population of 343 million, this represented around 1.8 payment cards per euro area inhabitant 102 .

SEPA

The Single Euro Payments Area (SEPA) aims to harmonise and integrate payment markets across Europe, with one set of euro payment instruments: credit transfers, direct debits and payment cards, common standards and practices, and a harmonised legal basis.

SEPA covers around 465 million people in the 27 EU Member States and other non-EU countries (United Kingdom, Iceland, Norway, Liechtenstein, Switzerland, Monaco, San Marino, Andorra and Vatican City State/Holy See) 103 .

Retail payment systems

Retail payment systems in the EU are payments made by the public, with a relatively low value, a high volume and limited time-criticality. In 2019, around 44 retail payment systems existed in the EU as a whole 104 and almost 45 billion transactions were processed by retail payment systems in the euro area worth EUR 35.0 trillion 105 .

Large-value payment systems

Large-value payment systems are designed primarily to process urgent or large-value interbank payments, but some of them also settle a large number of retail payments.

In 2019, there were 9 active large value payment systems 106 in the EU. The two main large-value payment systems in the euro area (TARGET2 and EURO1/STEP1) settled 141,5 million transactions amounting to EUR 497 trillion in 2019 107 .

Payment service providers

Banks are players in national and international payment systems. Some 120 billion cashless payments were made by non-bank payment service providers (the nonfinancial sector and non-monetary financial institutions 108 ) in 2019 at EU-27 level 109 . More than half (62 billion) of those were card payments, while credit transfers or direct debits represented respectively 30 billion and 22 billion payments 110 .

Within the EU, not only credit institutions are allowed to provide payment services.

These can also be provided by payment institutions, e-money institutions, post giro institutions and regional or local authorities where they do not act as public authorities. Payment institutions emerged with the adoption of the Payment Service Directive. These companies can provide payment services and engage in other business activities; they are not allowed to take deposits or issue e-money. Under PSD2, new categories of payment service providers were introduced: payment initiation service providers and account information service providers. These actors can provide exclusively the services of payment initiation and account information respectively.

Even though the introduction of payment institutions has increased competition in the payments market, the majority of provided payment service are still performed by credit institutions.

As for the other players, EU-wide there were 111 :

·682 authorised payment institutions;

·1640 exempted payment institutions according to article 32 of PSD2;

·239 e-money institutions and

·1331 Service providers excluded from the scope of PSD2′ under points (i) and (ii) of point (k) and point (l) of Article 3 of PSD2 .

The distribution of payment institutions (authorised payment institutions and small payment institutions) is distributed among countries in the EEA. The biggest countries account for the largest numbers of payment service providers: Germany (11%), Netherlands (10%), France (9%), Spain (8%), and Sweden (7%), Italy (6%), account for 51% of all authorised payment institutions in the EEA. As for the exempted payment institutions, it is worth noticing that 85% were registered in Poland 112

More general data on the number of financial institutions providing payment services in the EU can be found in the central registers of the EBA.

Description of the risk scenario

Perpetrators are using the banking and financial system to channel their funds through bank accounts, credit transfers and direct debits, peer-to-peer transfers made with a payment card, an electronic money instrument or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics.

Effects of the Covid-19 pandemic: Misuse public funds

Criminal actors use a variety of techniques to exploit vulnerabilities in processes relating to the application and distribution of public funds. However, a common approach is the rapid movement of funds out of the jurisdiction by quickly withdrawing the funds in cash once government agencies transfer the financial aid.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to payment services shows that account-based transactions are used by terrorists to store and transfer funds and to pay for the services or products needed to carry out their operations, in particular when processed through the internet. According to research on the financing of European jihadist terrorist cells, the formal banking system is one of the six methods most commonly used by terrorist groups. The majority of terrorist cells located in Europe have derived some income from legal sources — usually received through the formal banking system — and use bank accounts and credit cards both for their everyday economic activities and for attack-related expenses. Due to the account-based elements, terrorist groups‘ intent to rely on this risk scenario is more limited. However, their capability to use it is quite high.

Most payment services allow cross-border transactions that may rely on different mechanisms of identification (depending on national legislation) that may lead terrorists to use a false identity. This means that law enforcement authorities cannot track the originator or beneficiary of the transaction in such cases. The misuse of payment services requires specific skills but, according to law enforcement authorities, these skills are commonly widespread within terrorist groups and do not constitute an obstacle (mobile/internet payments are quite easy). The individual average amounts of the payments concerned appear to remain, nevertheless, quite limited,.

Money laundering

The assessment of the money laundering threat related to payment services is considered as presenting similarities with the use of funds deposited on account: a customer might not be submitted to customer due diligence checks, if the payment or transfer of funds is below the threshold triggering compulsory checks and does not raise particular suspicion of money laundering or terrorist financing. This risk scenario concerns both the moments of placing and withdrawing of funds (i.e. deposits on account and use of this account). It is frequently used by criminals, but also by relatives/close associates, which extends the scope of the intent and capability analysis 113 . It requires some planning and knowledge of how the banking systems work.

According to law enforcement authorities, payment services providers (PSPs) can be used for criminal purpose, notably by money mules. For example, a PSP has been investigated by several EU Member States. The PSP registered in one EU Member State also registered as an e-money issuer in another jurisdiction and thus obtained a passporting licence. The PSP was approached by a criminal structure claiming to conduct online trade. The PSP supplied the client with point of sale terminals. The terminals were taken out of Europe and used in black peso market exchange ‘swipe out’ operations. The information collected in the investigations demonstrated that the PSP did not perform any monitoring of the client, which would have resulted in identification of the risk because the declared small online business led to the accumulation of several million euro in a limited amount of time. Nor were the point of sale terminals monitored, as they were physically not present in the EU for when the order was placed. The same PSP was also approached by another criminal structure in another EU Member State. The criminal structure controlled front tourist businesses used to make cash deposits of cocaine proceeds. These businesses became clients of the PSP and requested to be issued with payment cards (as the PSP is a Visa and Mastercard card issuer). The cards were taken out of Europe and cash was withdrawn in Colombia.

In addition, the Europol Financial Intelligence Public Private Partnership (EFIPPP) identifies multiple ways of criminal use of payment services:

·Use of credit cards, e-money and payment institutions as financial products/institutions in relation to corruption and bribery.

·A transactional indicator of ransomware payments is the payment to a crypto exchange platform or foreign-located Money Service Business (MSB) – such as Western Union, MoneyGram – in a high-risk jurisdiction lacking, or known to have inadequate, AML/CFT regulations for crypto exchange platform entities.

·Ransomware criminals ask their victims to pay a ransom through online payment method, typically cryptocurrency, to regain control of their data. Hackers typically demand ransoms in cryptocurrency.

A victim indicator for investment fraud: Increasing online presence and use of online payment services of potential victims, especially among vulnerable segments of the population, such as the elderly or those on lower incomes.

Vulnerability

Terrorist financing

When assessing the terrorist financing vulnerability related to payment services, one must take into account their cash-intensive nature, the prevalence of occasional transactions on established business relationships, the large volume and high speed of transactions, the possible involvement of high-risk jurisdictions in which PIs operate, the use of new technologies to facilitate the onboarding of customers remotely and the distribution channel used.

a) risk exposure

The risk exposure is inherently high due to the characteristics of payment services, as they involve very significant volumes of products and services. Although payments are generally not anonymous (when they are linked to an identified account), they may interact with very significant volumes of higher risk customers or countries, including cross- border movements of funds. They also interact with new payment methods (mobile/internet), which may increase the level of risk exposure because they imply a non-face-to-face business relationship.

b) risk awareness

While the sector has put in place guidance to detect the relevant red flags on terrorist financing, the risk awareness remains perfectible. While Competent authorities noted a good level of reporting, and an improvement in the level of controls in place in the sector, a large proportion of these controls are still rated as poor or very poor. Despite a significant risk profile and although almost all Competent authorities indicated they carried out some supervisory activity during the period under review, the EBA notes that the sector, in view of its risk profile, saw a relatively low level of supervisory activity 114 . Competent authorities are well aware of the vulnerabilities of the sector and are proactively engaged with it.

c) legal framework and checks

Payment services are included in the AML/CFT legal framework at EU level. This framework has been in place for many years and checks are considered overall not to be yet fully efficient. As far as the legal framework is concerned, it covers equally credit institutions and other payment service providers, such as payment institutions and e-money institutions. Similar to deposits on accounts, checks in place are generally considered as efficient, however, sanctions screening is not a substitute for effective counter-terrorist financing checks. Financial sanctions target individuals or groups that are already known to pose a threat, whereas terrorist financing risk often emanates from individuals who are not caught by the sanctions regime. This is why risk‐based AML/CFT checks, and transaction monitoring in particular, are key to an effective fight against terrorist financing.

Usually, credit and payment institutions do not have access to relevant intelligence, often held by law enforcement authorities, that would help them to better identify and prevent terrorist financing risks before they materialise. Likewise, law enforcement authorities efforts to disrupt terrorist activities and networks can be hampered when they are unable to obtain information about finance flows that only firms can provide. There are now initiatives at the national and supranational level designed to test how law enforcement agencies can provide firms with more specific and meaningful information on specific persons of interest, allowing firms to focus their transaction monitoring on these persons.

Money laundering

When assessing the money laundering vulnerability related to retail payment services, one must take into account their cash-intensive nature, the prevalence of occasional transactions on established business relationships, the large volume and high speed of transactions, the possible involvement of high-risk jurisdictions in which PIs operate, the use of new technologies to facilitate the onboarding of customers remotely and the distribution channel used.

a) risk exposure

Risk exposure is inherently high due to the characteristics of payment services, which involve very significant volumes of funds, and are associated with a broad diversity of customers and jurisdictions, including high risk ones. Although payments are generally not anonymous (when they are linked to an identified account), they are often not monitored (notably if they are under the amount requiring systematic customer due diligence measures for occasional transactions and take place outside of a business relationship framework) and may entail contact with higher risk customers or countries, especially where cross-border movements of funds are involved. Payment institutions often use agents to process payments, which significantly increases the risk due to the risk that these agents may collude with criminals 115 . They also make use of new payment methods, which may also increase the level of risk exposure because they imply, a non-face-to-face business relationship.

b) risk awareness

Competent authorities have noted discrepancies between banking and payment institutions, the latter being less aware of money laundering risks. Most competent authorities viewed the overall risk profile of payment institutions as either significant or very significant; this was especially the view of the authorities supervising the highest numbers of payment institutions. The potential misuse of new technologies such as mobile payments to facilitate peer‐to‐peer money transfers was commonly considered as an emerging risk by competent authorities (see the section on crypto-assets/virtual currencies). There is currently insufficient monitoring both when a payment account is opened (entry point) and when the transaction is processed.

c) legal framework and checks

Payment services are included in the AML/CFT legal framework at EU level. As far as the legal framework is concerned, it covers equally bank and payment institutions. The reliance on account-based transactions implies that the legal framework applies commonly to the banking sector and to the payments institutions sector. This framework has been in place for many years and checks are considered overall as efficient. Payment institutions rely on bank controls to mitigate their inherent money laundering risk, but some alert systems in banks are not robust enough to detect suspicious cash transactions transferred by payment institutions afterwards.

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (level 3).

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as significant (level 3).

Mitigating measures

For the Commission:

·clarify and set up a common framework for electronic identification and customer due diligence;

·identify risks associated with Fin-Tech and set up standards to mitigate those risks;

·promote cooperation between law enforcement agencies and financial institutions in order to improve effectiveness of terrorist financing alert systems at supranational level;

·submit exchange of crypto-asset to funds and of funds to crypto-assets activities to AML/CFT obligations;

·consider possible lowering of the thresholds triggering compulsory customer due diligences for occasional transactions involving funds.

For Member States / competent authorities:

·Member States should ensure that supervisors conduct regularly on-site thematic inspections focusing on risk assessments of payment services providers, and ensure that their alert systems are effective.

·In addition, competent authorities should continue to raise risk awareness and risk indicators relating to terrorist financing with payment service providers (PSP), via close Public Private Partnership cooperation.

·Member States could envisage lowering or eliminating thresholds for occasional transactions, applying customer due diligence to all transactions so that payment institutions efficiently monitor and detect suspicious transactions.

·Considering the cross-border nature of ML/TF, Member States should seek international cooperation encourage relevant authorities in charge of preventing and combatting ML/TF to request support from agencies such as Europol.

11. Crypto assets

and

Virtual currencies

Product

Crypto-assets, including so-called virtual currencies

Sector

Crypto-assets issuers and service providers

Description of the risk scenario

According to its opinion on ML/TF risks released in March 2021 116 , the EBA notes that compared to its previous Opinion issued in 2019, risks arising from crypto-assets appear to have increased further. They attribute this to the growth of the crypto-asset market, in terms of both the number of transactions processed and customers, the increased range of products and services and their often-unregulated nature o and associated lack of customer due diligence measures 117 , and a compliance immaturity and overall limited overall understanding of ML/TF risks in the sector. The main factors contributing to the increased exposure to the ML/TF risks is said to be the limited transparency of crypto-assets transactions and the identities of the individuals involved in these transactions. We note, however, that crypto-assets transactions conducted on public distributed ledgers leave immutable traces and are there for everyone to see. Persons engaging in ML/TF via such crypto asset transactions expose themselves to public scrutiny of their transactions 118 .

Custodian wallet providers and providers engaged in exchange services between virtual and fiat currencies are now within the scope of the AML/CFT legal framework by defining them as obliged entities in the AMLD. The related provisions apply and should now have been transposed by all Member States in January 2020. However, not all MS have transposed these provisions yet 119 . The European Commission’s proposal for a Regulation on Markets in Crypto-assets 120 (MiCA) published in September 2020 will have, when adopted, the effect of expanding the EU financial services regulatory perimeter to a wide range of crypto-asset activities. With the EU’s proposals released in July 2021 to strengthen the EU’s AML/CFT framework, AML rules will be extended to all crypto-asset service providers covered by MiCA. This will also align EU AML/CFT rules with the latest international standards and guidance from the FATF.

However, a particular attention will still have to be given on how to best address possible emerging threats having a link with the crypto-assets and their industry but not fitting fully with existing legal framework in that field. This is in particular the case of non-fungible tokens (NFTs), assets representing a unique token that acts as a non-duplicable digital certificate of ownership for a specific digital asset, and which legal qualification may differ from a jurisdiction to another. First analysis by regulators suggest that NFTs should not always be considered as crypto-assets 121 , especially if they are not used as payment or instruments for investment. Exposure to ML risks arise due to the limited application of customer due diligence checks on many of the major NFT sales platforms and the fact that many services seem now created for the express purpose of obfuscating the origin and destination of funds through NFTs. It is possible for criminals to set up an account, list a number of NFTs and then purchase said NFTs from themselves for an inflated price. The current popularity experienced by NFTs, and subsequent high prices, further complicate the process of identifying which transactions are wash trading and which are legitimate purchases. There are, meaning that the proceeds from malicious sales can be hidden with relative ease.

Another key concern also arise from crypto-assets exchange, lending or transfer services, activities normally offered by regulated crypto-assets services providers but made through decentralized or distributed application, often run on a decentralized ledger, with no legal or natural person with control or influence over it, often referred to as ‘decentralised finance’ (DeFi) 122 . There seems to be a broadly shared consensus among jurisdictions that DeFi applications should not be considered crypto-assets services providers if there is no identified body that can be held liable for their use.

This makes DeFi’s exposure to risk of ML/TF rather high, as DeFi applications can be used to avoid existing AML/CFT legislation and the “travel rule” obligations as set out by the FATF 123 . However, in case a person or a managing body can be identified, despite its qualification, the DeFi application shall be treated as a crypto-assets services provider and fall under the same AML/CFT obligations. Therefore, much like with NFTs, DEFIs may be subjected to the application of the relevant rules covering crypto-assets on a case-by-case basis but keep posing regulatory challenges that are not yet fully addressed and could conduct to take additional measures to better tackle them in the future.

Threat

Crypto-assets related activity represents a growing money laundering/terrorist financing threat. Financial intelligence units (FIUs) across the FATF global network have seen a rise in the number of suspicious transaction reports that relate to crypto-assets. Several law enforcement authorities indicated that ML/TF risks from crypto-assets have increased further since 2019 124 , linked to the growth of the crypto-asset market, in terms of transactions processed and number of firms’ clients that use crypto-assets or are crypto-assets service providers. Law enforcement authorities identify the limited transparency of transactions and identities of end-customers involved in crypto-asset activities as the most significant risk factor that may facilitate illegal activities such as fraud, trading of illicit goods/services and terrorist financing.

Europol regards Bitcoin as the crypto-assets of choice for the majority of criminals, but anticipates a more pronounced shift towards anonymity-enhanced crypto-assets, which offer greater anonymity and capacity to obfuscate transactions. Some of such anonymity enhanced crypto-assets are, however, harder to acquire and transact than Bitcoin.

Exchangers can offer crypto-assets to crypto-assets transactions that obfuscate the transaction trail and decentralised mixers have also been used.

A particular set of challenges arises from crypto-assets services provided by criminals or non-compliant entities:

·individuals buy/sell large volumes of crypto-assets for any asset peer-to-peer (no intermediation) without involvement of registered crypto-asset service providers subject to AML/TF requirements; and

·payment services providers offering crypto cards 125 were initially offered only for Bitcoin, but there has been a shift towards support of multiple crypto-assets. They often register in jurisdictions with ‘favourable’ regulatory arrangements that do not facilitate their monitoring.

Law enforcement agencies also face particular challenges in collecting information when crypto-assets services are offered in a country other than that in which the originator / beneficiary are located (which itself may be anywhere in the world).

Terrorist financing

Crypto-assets generally involve non-face-to-face customer relationships and may allow for anonymous – and not yet always traceable – funding or purchases (cash funding or third-party funding through virtual exchanges in which the funding source is not properly identified). They may also allow for anonymous transfers, if the sender and the recipient are not properly identified. The assessment shows that terrorist groups may have an interest in using crypto-assets to finance terrorist activities. A limited, but growing number of cases related to crypto-assets have been reported 126 . The Egmont Group of FIUs has detected cases of terrorist groups using crypto-assets and groups are known to have given instructions on the internet (including via Twitter) on how to use crypto-assets.

Money laundering

Crypto-assets carry a significant ML/TF risk, due to the ease of transferring crypto-assets to different countries as well as the absence of homogeneous controls and prevention measures implemented at the global level, due to some delay by several jurisdictions in implementing FATF standards on virtual assets. Perpetrators use crypto-assets systems to transfer value or purchase goods anonymously (cash funding or third-party funding through virtual exchanges). The assessment of the money laundering threat related to crypto-assets shows that organised crime organisations may use them to access ‘clean cash’ (paying in and paying out). Not only cybercriminals use crypto-assets – other organised crime groups such as drug traffickers use them to move and launder the proceeds of crime. Crypto-assets allow such groups to access cash anonymously and hide the transaction trail. Criminals may acquire private keys for e-wallets or withdraw cash from cashpoint machines.

Vulnerability

Terrorist financing

In assessing the terrorist financing vulnerability related to crypto-assets providers, we must bear in mind that, while the EU started to regulate the provision of services involving crypto-assets in 2018 and is implementing further changes (the proposals for MiCA and the new AML/CFT package), the risks of crypto-assets being misused to finance terrorism are only just emerging.

a) risk exposure

When used anonymously, crypto-assets make it possible to conduct transactions speedily without having to disclose the identity of the ‘owner’. They are provided through the internet and the cross-border element is the most obvious risk factor, as it allows for interaction with high-risk areas or high-risk customers that cannot be easily identified, even if the transactions leave digital footprints that can be analysed. The implementation of FATF standards on virtual assets require crypto-assets service providers to register in the place of legal creation or incorporation (legal persons) or in the jurisdiction in which the place of business is located (natural persons) and to comply with AML/TF requirements, notably information duties on the originators and beneficiaries of crypto-assets transfers. This will reduce the scope for anonymous transactions with crypto-assets through crypto asset service providers.

b) risk awareness

This component of terrorist financing vulnerability is difficult to assess in a comprehensive manner but competent authorities and financial intelligence units have noted in their contacts with the crypto-assets services providers sector that the level of awareness of terrorist financing risk is still rather low, although the sector is calling for the adoption of an appropriate AML/CFT legal framework.

Crypto-assets are among the emerging risks in almost all sectors, due to:

·a lack of knowledge and understanding, which prevents firms and competent authorities from carrying out a proper impact assessment;

·gaps or ambiguities in the application of existing regulation;

·potential exposure of financial and credit institutions to increased risks of money laundering and terrorist financing related to crypto-assets where they act as intermediaries or exchange platforms between crypto-assets and fiat currencies (in the absence of a proper risk assessment); and

The sector is not yet well structured and the policies to increase the level of awareness were until recently rather limited.

c) legal framework and checks

AMLD5 introduced a first EU definition of virtual currencies and extended anti-money laundering obligations to ‘providers engaged in exchange services between virtual currencies and fiat currencies’ and custodian wallet providers. In addition to ordinary customer due diligence, Member States must ensure that these new obliged entities are registered. They must also require competent authorities to ensure that only fit and proper persons hold management functions in these entities or are their beneficial owners. While related provisions should have been transposed by all Member States in January 2020, it is not fully the case yet 127 .

The European Commission’s proposal for a Regulation on Markets in Crypto-assets 128 (MiCA) published in September 2020 will have, when adopted, the effect of expanding the EU regulatory perimeter to a wide range of crypto-asset activities. The publication of the EU’s proposals to strengthen the EU’s AML/CFT framework in July 2021, include a proposal to align the scope of the AMLD with the activities covered by MiCA and to introduce an obligation for all crypto-assets services providers involved in crypto-assets transfers to collect and make accessible data concerning the originators and beneficiaries of the transfers of virtual or crypto assets they operate (the “travel rule” of the FATF). These proposals also imply to ban the possibility to use or open an anonymous crypto-assets account and to broaden to crypto-assets services providers the possibility to appoint contact points in Member States where they are active via freedom to provide services (as it is currently the case for Electronic money issuers and payment service providers).

These new rules, if adopted, will significantly enhance the monitoring of crypto-assets service providers, and ensure compliance with the relevant measures called for in the FATF Recommendations.

Money laundering

Crypto-assets are partially regulated in the EU and there is growing evidence of crypto-assets being misused for money laundering as well as a means of payment for prohibited goods such as drugs.

a) risk exposure

As mentioned above, when used anonymously, crypto-assets make it possible to conduct transactions speedily and without having to disclose the identity of the ‘owner’. They are provided through the internet and the cross-border element is the most obvious risk factor, as it enables interaction with high-risk areas or high-risk customers (darknet 130 ) that cannot be identified. At the stage of the conversion, the use of cash also becomes a new element of vulnerability. The AMLD5 rules address this risks for ‘providers engaged in exchange services between virtual currencies and fiat currencies’. However, several types of crypto-assets activities still fall today outside of the scope of Union legislation on financial services and the information obligations linked to transfers of virtual assets are not yet fully in place at EU level.

b) risk awareness

Crypto-assets rely on, in part, still recent technology but the level of risk awareness in the sector has significantly improved recently. The FATF international standards and their progressive implementation at EU level are responding to the need expressed by the sector for a clearer and more structured legal framework in which crypto-assets activities are subject to AML/CFT requirements.

Some specific risks are however linked to the absence of awareness of new high-value crypto-assets (such as some Non Fungible Tokens which can be considered as works of art). Another risk is linked to the possible control of some crypto-assets service providers by criminal organisation (either taken over by organised crime groups, or because the Virtual Asset Service Provider was created by an OCG).

c) legal framework and checks

Directive (EU) 2018/843 131 was the first legal instrument to address the risks of money laundering and terrorist financing posed by crypto-assets in the Union. It extended the scope of the AML/CFT framework to two types of crypto-assets services providers: providers engaged in exchange services between virtual currencies and fiat currencies and custodian wallet providers. Due to rapid technological developments and the advancement in FATF standards, it was then deemed necessary to review this approach.

The European Commission’s proposal for a Regulation on Markets in Crypto-assets (MiCA) published in September 2020 will have, once adopted, the effect of expanding the EU regulatory perimeter to a wide range of crypto-asset activities. Further action is expected in 2021 with the publication of the EU’s proposals to strengthen the EU’s AML/CFT framework, including a proposal to align the scope of the AMLD with the activities covered by MiCA.

A first step to complete and update the Union legal framework will be achieved with the adoption of the MiCA Regulation 132 , which set requirements for issuers of crypto-assets in the Union and crypto-asset service providers wishing to apply for an authorisation to provide their services in the single market. It also introduced a definition of crypto-assets and crypto-assets services providers encompassing a broad range of activities that corresponds to the FATF standards requirements and go even beyond:

·the custody and administration of crypto-assets on behalf of third parties;

·the operation of a trading platform for crypto-assets;

·the exchange of crypto-assets for funds;

·the exchange of crypto-assets for other crypto-assets;

·the execution of orders for crypto-assets on behalf of third parties;

·the placing of crypto-assets;

·the reception and transmission of orders for crypto-assets on behalf of third parties

·providing advice on crypto-assets;

·providing portfolio management on crypto-assets.

The MiCA regulation also introduce requirements for these services providers to be licensed and submit their senior management to fit and proper tests.

The Commission proposals of July 2021 to strengthen the EU’s AML/CFT framework will allow to cover a greater scope of crypto-assets activities, by aligning the scope of the AMLD with all crypto-asset service providers covered by MICA in line with the FATF standards requirements. These proposals shall introduce an obligation for all crypto-assets services providers involved in crypto-assets transfers to collect and make accessible data concerning the originators and beneficiaries of the transfers of virtual or crypto assets they operate (thus applying the so-called “travel rule” contained in FATF Recommendation 15 on VASPs). They may also end the possibility to use or open an anonymous crypto-assets account and to broaden the possibility for Member States to require that crypto-assets services providers established on their with a head office situated in another Member State to appoint a central contact point (as it is currently already the case the case for Electronic money issuers and payment service providers).

These new rules, if adopted, will significantly enhance the monitoring of crypto-assets service providers, and ensure compliance with the relevant measures called for in the FATF Recommendations.

Risk level

As regards terrorist financing, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as very significant (4).

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant (4).

Mitigating measures

For the competent authorities:

·Europol should consider

ousing blockchain analysis tools in order to analyse addresses and transactions for critical information such as geolocation data or the cryptocurrency exchange (used to purchase the coins);

othe use of coinbase services offered to the law enforcement community. EU Member States could cross check their operational data (selectors) with coinbase (one of the largest exchangers) and receive useful information on entities/ persons/ IP addresses/ Bitcoins addresses.

·Competent authorities should continue their outreach to the crypto-assets services providers sector to raise awareness and understanding of new AML/CFT requirements, and promote expertise on these requirement also in the public sector.

·Competent authorities that have supervisory responsibilities over custodian wallet providers, and over providers engaged in exchange services between virtual and fiat currencies, should perform formal sectoral assessments of risks arising from such firms and promote risk awareness and guidance to the firms using available legal tools.

· Competent authorities should also consider the extent to which financial sectors they supervise are particularly exposed to the risks associated with crypto-assets, for example, because they accept firms dealing with crypto-assets as customers, and take steps to raise awareness of those risks as appropriate.

·Competent authorities should monitor developments in this area closely and assess whether changes to national legal and regulatory AML/CFT frameworks are required taking account of the EC legislative proposals highlighted above.

·Competent authorities should ensure that NFT sales platforms are covered under the categories of obliged entities submitted to their customer due diligence and other AML/CFT obligations.

·Competent authorities should further regulate DeFi applications to ensure they do not perform crypto-assets services providers while escaping the correspondent responsibilities as obliged entities, and reinforce the monitoring of their functioning to ensure there are no hidden management body that should be made liable for the activities of declared DEFIs.

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

For the sector:

·Crypto-assets services providers should prepare themselves to an effective implementation of new AML/CFT obligations like the travel rule, including through the development of travel rule solutions.

For the Commission 133 :

·The Commission will assess suitable ways to complete its regulatory framework so as to ensure that crypto-assets and all crypto-assets service providers are properly covered by anti-money laundering obligations and notably the FATF travel rule on information accompanying crypto-assets transfers.

· The Commission will assess the possibility to give the Member States the possibility to require that crypto-assets services providers established on their territory in forms other than a branch and the head office of which is situated in another Member State to appoint a central contact point (as it is currently the case for Electronic money issuers and payment service providers).

·The Commission will assess the possibility to ban the opening, the custody and the use of anonymous crypto-assets wallets.

·In 2022, the Commission will issue a report on the implementation of AMLD5 and efforts by the Member States to implement the FATF standards.

12. Business loans

Product

Credit loans

Sector

Credit and financial sector (including insurance companies)

Description of the risk scenario

Perpetrators repay business loans with criminal funds (sometimes using credit cards in order to legitimise sources of funds). Loans give criminal funds an appearance of legitimacy.

Additionally, loans between private entities constitute an important typology, often difficult to detect.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to business loans shows that there have been few cases of terrorist organisations using them as a means of collecting funds. Generally, members of these organisations do not qualify for such loans (level of salary too low, funds originating from social benefits). This is confirmed by, in some cases, sanctioned entities (listed organisations) having tried to use business loans to finance terrorist activities through shell companies. Nevertheless this scheme requires a high level of expertise and knowledge. Further, competent national authorities found that TF risks can arise from consumer financing and the use of counterfeit identities or other frauds in loan application documents 134 .

Money laundering

While loan fraud (e.g. using strawmen, false documentation or establishing a fake loan to use a bank to transfer funds) are more common, incidents of laundering money through business loans have also been identified.

In addition, the Covid-19 pandemic gave rise to new crime typologies, such as misuse of government funds, in particular in relation to the quick disbursement of Covid-relief funds which firms under pressure to pay out may be ill equipped to manage 135 . Some organised criminal groups have been active in providing loans to businesses in need by lending money during the COVID-19 crisis (“loan sharking”). Organised criminal groups target distressed companies with the view of later acquiring control over them and using them as a cover for their illegal ventures. Furthermore, criminals can acquire non-performing loans, using front-runners and front companies, and achieve the desired infiltration.

Further, perpetrators may be increasingly attempt to launder money through dormant companies, buy out financially the risk of loan fraud 136 .

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to business loans has been considered in conjunction with money laundering schemes related to business loans.

Money laundering

The assessment of the money laundering vulnerability related to made the following findings:

a) risk exposure

The main risk posed by these products lies in their possible early redemption by firms, sometimes in cash (with funds from increasing capital operations of unknown origin).

b) risk awareness

Financial institutions appear to be sufficiently aware of the risk of fraud that may arise in relation to business loans. The assessments are expected to be more thorough than for consumer loans, as the value of business loans are generally higher and financial institutions need to be sure that they can recover the funds. Vulnerability is lower where cash redemption is not accepted. Some conflicts of interest arise where non-performing loans are redeemed. However, more attention could be paid to remote onboarding solutions for Customer Due Diligence purposes. 137

c) legal framework and checks

The regulatory requirements on business loans are robust as European rules (going beyond the AML/CFT framework) require financial institutions to take adequate measures, e.g. customer due diligence and ongoing monitoring, to identify the borrower and to address potential AML/CFT and credit risks. At least in the banking sector, the checks in place are considered to be consistent with the volume of transactions.

Risk level

As regards terrorist financing, both the levels of threat and vulnerability have been assessed as lowly significant (1).

As regards money laundering, both the level of threat and the level of vulnerability have been assessed as moderately significant (2).

Mitigating measures

For Member States / competent authorities:

·Thematic inspections of non-bank operators, focusing on the monitoring systems to detect the early redemption of loans.

·NCAs should (on a comply-or-explain basis) monitor the mitigating measures suggested in the EBA Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (‘The ML/TF Risk Factors Guidelines’) 138 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

13. Consumer credit and low-value loans

Product

Credit loans

Sector

Credit and financial sector

Description of the risk scenario

Members of terrorist/organised crime groups take out ‘payday’ loans (i.e. short term, low value but high interest loans), consumer credit or student loans. They also use credit cards to withdraw cash from cashpoint machines, generating a negative account balance. They disappear with the funds, with no intention of reimbursing the credit.

These kind of loans can also be used to launder the proceeds of criminal activity. The loans can be used to buy high value goods (e.g. cars, jewellery) and then redeemed early.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to consumer credit and low value loans suggests that members of terrorist groups use this method to finance travel by foreign terrorist fighters to high risk non-EU countries. The most commonly used low-value product is consumer credit. The attraction of low value loans is that they do not necessarily require a high level of expertise or planning and the fact that credit providers need to process large number of loans every day.

As summarised by the EBA, the majority of competent authorities assessed the inherent ML/TF risk as moderately significant and only a limited number of NCAs found the risk to be significant or very significant. However, as the European AML/CFT regime does not require NCAs to cover also credit intermediaries, not all NCAs involved might have assessed this additional risk stemming from credit intermediaries with few direct contacts with their customers, and therefore potentially facing difficulties in ongoing monitoring and lack of oversight in the application of Customer Due Diligence (CDD) measures 139 .

Money laundering

Due to their low value, these products offer less money laundering potential than other financial products, but criminal organisations use them to finance the purchase of goods and then redeem the loans by cash. This might be even more problematic with quick consumer credit offered digitally, often by non-bank lenders, since access becomes very fast and creditworthiness checks can be less thorough (e.g. because some products are exempted from legislative requirements or because supervision is more difficult) 140 .

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to consumer credit/low-value loans made the following findings:

a) risk exposure

While the products are quite common, they generally involve low amounts and have a limited cross-border dimension. 141 Nonetheless, the amounts in question can facilitate terrorist action, so the terrorist financing risk exposure is not negligible. The inherent risk can be greater in relation to institutions and intermediaries that specialise in fast consumer loans, in particular due to the enhanced risk the usage of counterfeit identities that need appropriate assessments even when processing a high number of loan applications on a daily basis. CAs also noted that the sector was vulnerable to being used for terrorist financing purposes, as small amounts of credit can be obtained to finance terrorism 142 .

b) risk awareness

This assumed low risk exposure is outweighed by the fact that, because of the small amounts and the high number of rapidly processed loans, risk awareness may be lower than for individual loan applications. In addition, as with business loans, there is more awareness of risks of fraud than of terrorist financing, so terrorist financing red flags may not necessarily be triggered. The IT systems in place are not necessarily equipped to detect forged documents.

Where credit or other financial institutions are involved, the terrorist financing checks can be considered robust as European rules (going beyond the AML/CFT framework) require these entities to take adequate measures, e.g. customer due diligence and ongoing monitoring, to identify the borrower and to address potential AML/CFT and credit risks. However, other credit intermediaries, that are currently not supervised, such as recent market entrants or telecommunications companies, are less aware of the risks and have less effective monitoring systems.

c) legal framework and checks

While consumer credit/low-value loans provided by credit institutions or financial institutions are covered by the AML/CFT framework and other relevant sectoral legislation (e.g. CRD/CRR, CCD) at EU level, national legislations vary considerably as regards documentation requirements. Some Member States require specific documents, while others do not. In particular, the rules regulating the use of digital identities for digital customer identification and verification still vary due to a lack of harmonised requirements at EU level.

Money laundering

The assessment of money laundering vulnerability related to consumer credit/low-value loans made the following findings:

a) risk exposure

Despite the relatively low amounts associated with consumer credit, vulnerabilities can be high if, for instance, firms in the sector lack the proper monitoring systems to detect linked transactions or if customers can repay loans using cash payments. The low solvency thresholds to qualify for loans can affect the customer due diligence requirements in the case of financial institutions. The risk is higher where loans are granted by non-financial institutions that are not subject to AML/CFT obligations – the so-called “non-banking lending”.

Competent authorities have identified risks of fraud deriving from delivery channels that often involve agents, whom firms find harder to monitor. Competent authorities are also concerned about the risk of abuse of credit cards, risks related to money mules and mule accounts, and transfers of funds from cybercrime or online fraud.

b) risk awareness

As with terrorist financing, the assumed low risk exposure is outweighed by the fact that, because of the small amounts and the high number of rapidly processed loans, risk awareness may be lower than for individual loan applications. Again, risk awareness seems more oriented towards risks of fraud than of money laundering. Hence, money laundering red flags may not necessarily be triggered in the sector, especially in the event of early redemption of the loan. Where financial institutions are involved, money laundering checks may be considered more robust, but recent market entrants, such as telecommunications companies, are not subject to AML/CFT obligations, might be less aware of money laundering risks and may have less effective monitoring systems.

c) legal framework and checks

While consumer credit/low-value loans are covered by the AML/CFT framework at EU level, national legislations vary considerably as regards documentation requirements and the required due diligence due to the current lack of a harmonised rulebook at EU level.

As regards other credit intermediaries that are currently not covered by the definition of obliged entities within the AML/CFT framework, some Member States require specific due diligence measures, while others do not. Both shortcomings of the current AML/CFT framework are being addressed by legislative proposals of the AML/CFT package published by the European Commission in July 2021.

Risk level

As regards terrorist financing, both the levels of threat and vulnerability have been assessed as significant (3).

As regards money laundering, both the levels of threat and vulnerability have been assessed as moderately significant (2).

Mitigating measures

For Member States / competent authorities:

·Thematic inspections in the sector, focusing on the assessment of monitoring systems to detect the early redemption of loans.

For the Commission:

·Improve cooperation between obliged entities (mainly financial institutions) and law enforcement agencies in order to improve the effectiveness of systems for monitoring terrorist financing.

·Remote on-boarding: In the AML package from July 2021, the European Commissions proposed amendments to the rules on Customer Due Diligence (CDD). The new rules should facilitate and strengthen secure remote customer onboarding, and have been designed to be coherent with the Commission’s proposed amendment to the eIDAS Regulation in relation to a framework for a European Digital Identity, including European digital identity wallets and relevant trust service, in particular electronic attestations of attributes 143 .

·Credit intermediaries that are not financial institutions are currently not subject to AML/CFT obligations at EU level, except in certain Member States. In order to close this regulatory loophole, the European Commission proposed that credit intermediaries and consumer credit providers, regardless of whether they are licenced as credit or financial institutions, should be considered obliged entities under the revised AML/CFT framework 144 .

·As highlighted by the EBA, prudential supervisors should pay attention to ML/TF risks within the context of the credit granting process of the institution. In particular, prudential supervisors are encouraged to assess that institutions have systems and controls in place to ensure funds used to repay loans are from legitimate sources. In this context, financial institutions should ensure that they comply with the national measures implementing the EBA guidelines on loan origination and monitoring, which – among others – require financial institutions to identify, assess and manage the ML/TF risk associated with the type of customers they serve, the lending products they provide, the geographies to which they are exposed and the distribution channels they use. They should consider the purpose of the credit and take risk-sensitive measures to understand if the funds used to repay the credit, including cash or equivalents provided as collateral, are from legitimate sources 145 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

14. Mortgage credit and high-value asset-backed credits

Product

Mortgage credits

Sector

Credit and financial sector

Description of the risk scenario

Money laundering: Perpetrators disguise and invest the proceeds of crime by way of real-estate investment. The proceeds are used for deposits, repayments and early redemption of the credit agreement.

Terrorist financing: Perpetrators use (medium/long-term, low-interest) high-value asset-backed credit/mortgage loans to fund plots. Loans are taken out for relatively high amounts to access funds that are untraceable as long as the money is not transferred.

According to the latest Europol report on serious and organised crime threat assessment in the European Union from April 2021, most criminal groups and networks (68%) use basic money laundering methods such as investing in property or high-value goods. While investments in real estate and high-value goods is a common way to disguise the origin of the criminally acquired funds (see separate fiche on real estate), the Europol report does not provide any indication as regards to an enhanced usage of mortgage or high-value asset backed credits. However, as regards fraud, it points out that the most common form of bank fraud is loan and mortgage fraud (e.g. using by recruiting straw persons and forged documents) 146 .

Impact of the Covid-19 pandemic

The current economic climate may make real estate firms or their customers more susceptible to financial difficulties or other pressures, thus creating incentives to ignore or circumvent AML rules and other controls. Less stringent controls by real estate operators and professionals may result in a higher risk of being exposed to mortgage-related fraud.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to mortgage credit shows that terrorist groups find this method difficult to use and to access. In only a few actual cases have terrorist organisations used it to collect funds. It does not correspond to their needs as it requires extensive documentation requested by creditors to the future borrowers as part of the creditworthiness assessment, or the ownership of real estate goods to sell. In addition, the purpose of mortgage credit is to give a third party access to funds, so it does not give terrorist organisations easy and speedy access to funds unless they have built up a relationship of complicity with such a third party. Finally, buying an asset at an inflated price can still be a way to transfer big amounts of money, but the property valuation usually done by creditors should help mitigate this risk.

Money laundering

The assessment of the money laundering threat related to mortgage credit shows that organised crime organisations have frequently used this method. They are well equipped to provide false documentation and the structure of the mortgage (with third-party involvement) helps them to hide the real beneficiary of the funds. Mortgage credit constitutes an easy way to enable criminals to own several properties and to hide the true scale of their assets. This method is still used for the integration phase (mostly for lower amounts, as it does not require sophisticated operations). However, it is more often used in combination with concealment of the beneficial owner of real estate behind a complex chain of ownership.

.

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to mortgage credit shows that it is not vulnerable to terrorist financing risks — law enforcement agencies have detected few cases (if any). The terrorist financing checks and risk awareness are similar to those for retail banking.

Money laundering

The assessment of money laundering vulnerability related to mortgage credit shows that:

a) risk exposure

Inherent risk can be high, because of the link with the real-estate sector, which criminal organisations prefer to use to launder the proceeds of their activity by means of high-value transactions. Where credit institutions are involved, inherent risk can be lower, but it is also exposed to high-risk customers (e.g. politically exposed persons). Further, mortgage creditors and intermediaries that are not financial institutions are currently not subject to AML/CFT obligations at EU level they are subject to greater risks.

b) risk awareness

Awareness in credit institutions can be considered as satisfactory, however some shortcomings have been identified in some key checks performed by credit institutions. 147 In addition, other actors in this sector (e.g. notaries) can help to mitigate inherent risk. Nevertheless, banks can face conflicts of interest where laxer checks will allow high-risk customers to redeem large mortgages or non-performing loans.

Vulnerability is higher where real-estate transactions and associated mortgages involve transfers of funds from a bank account in a Member State with weaker anti-money laundering checks for high-risk customers. This weakness is linked to horizontal vulnerabilities in supervision and a lack of full harmonisation of the current AMLD framework.

Further, EBA has highlighted that where a product allows payments from third parties that are neither associated with the product nor identified upfront, where such payments would not be expected, for example for mortgages or loans, and lending (including mortgages) secured against the value of assets in other jurisdictions, particularly countries where it is difficult to ascertain whether the customer has legitimate title to the collateral, or where the identities of parties guaranteeing the loan are hard to verify may contribute to increasing risk.

c) legal framework and checks

Mortgage credit is included in the AML/CFT framework at EU level. The checks are considered quite effective where the mortgage credit is provided by credit institutions (e.g. information checked as part of the credit worthiness assessment, verification of the source of collateral, and tax or financial statements on the borrower). In addition, other participants in the process (such as notaries) can contribute to further mitigating the risk. In addition, EBA has provided further guidance factors that may contribute to reducing the AML/CFT risk for mortgages. 148

Risk level

As regards terrorist financing, both the levels of threat and vulnerability have been assessed as lowly significant (1).

As regards money laundering, the level of threat has been assessed as moderately significant (2), whereas the level of vulnerability has been assessed as significant (3).

Mitigating measures

For Member States / competent authorities:

·Thematic inspections in the sector, focusing on the assessment of the monitoring systems to detect the early redemption of loans, and on the effectiveness of customer due diligence measures, especially where High-risk Third Countries customers are involved.

·Mortgage creditors and intermediaries that are not financial institutions are currently not subject to AML/CFT obligations at EU level, but in certain Member States. In order to close this regulatory loophole the European Commission proposed that mortgage credit intermediaries and consumer credit providers regardless of whether they are licenced as credit or financial institutions should be considered obliged entities under the revised AML/CFT framework 149 .

·As highlighted by the EBA, prudential supervisors should pay attention to ML/TF risks within the context of the credit granting process of the institution. In particular, prudential supervisors are encouraged to assess that institutions have systems and controls in place to ensure funds used to repay loans are from legitimate sources. In this context, financial institutions should pay intention to comply with the national measures implementing the EBA guidelines on loan origination and monitoring, which – among others – require financial institutions to identify, assess and manage the ML/TF risk associated with the type of customers they serve, the lending products they provide, the geographies to which they are exposed and the distribution channels they use. They should consider the purpose of the credit and take risk-sensitive measures to understand if the funds used to repay the credit, including cash or equivalents provided as collateral, are from legitimate sources 150 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

15. Life insurance

Product

Life insurance

Sector

Insurance sector

General description of the sector and related product/activity concerned

Life insurance companies offer a range of investment products, with or without guarantees, and include life insurance benefit as a component. Based on the gross written premiums, the most dominant lines of life insurance business in the EEA are unit-linked and index-linked insurance, other life insurance, and with profits insurance.

According to the EIOPA statistical database 151 , the total reported assets of insurance corporations in the euro area for end of 2019 were EUR 12.706 billion covering EUR 11.105 billion of liabilities. Around EUR 9.009 billion is allocated to life insurance obligations. EU life premiums amounted to EUR 938 billion in 2019.

In addition to the AMLD (and in the future AMLR), specific provisions in the sectoral legislation aim to mitigate the risks involved in using life insurance companies as an investment vehicle. Article 59 of Directive 2009/138/EC (Solvency II) (resp. Article 323 of Commission Delegated Regulation (EU) 2015/35) requires an assessment as to whether there are reasonable grounds to suspect that, in connection with the proposed acquisition (resp. qualifying holding of the shareholder or members having a qualifying holding in the special purpose vehicle), money laundering or terrorist financing is being / has been committed or attempted, or that the proposed acquisition (resp. qualifying holding) could increase the risk thereof.

Description of the risk scenario

Perpetrators can use life-insurance products to fund their activities. The ML/TF risk mainly stems from the investment related components, such as paying a high one-off premium or capital accumulation. In addition, life policies can be redeemed early to generate lump sums and the proceeds can be transferred to other beneficiaries.

Money laundering and terrorist financing risks in the insurance industry relate in particular to life insurance and annuity products. These allow a customer to place funds into the financial system and potentially disguise their criminal origin, or to finance illegal activities. Relevant risk scenarios typically involve investment products in life insurance (rather than death or retirement benefit products as such).

The risks may arise where:

·an insurer* accepts a premium payment in cash (this is not a common practice);

·an insurer refunds premiums, upon policy cancellation or surrender, including when the premium is refunded to an account other than the source of the original funding (owned by a party other than the policyholder);

·the insurer fails to establish the source of investments on a risk sensitive basis;

·an insurer sells transferable policies (these are uncommon);

·investment transactions involve trusts, mandate holders, etc.;

·an insurer sells a small investment policy initially and the investor makes subsequent large investments without undergoing additional ‘know your customer’ due diligence;

·complex distribution channels are used (e.g. long chains of intermediaries, no face-to-face sales).

One of the specific TF risks associated with the life insurance products is that a beneficiary does not have to be identified and verified at the outset of the business relationship. So often the beneficiary of a life insurance policy is someone else than the customer. He/she only needs to be identified and verified at the payout stage.

There is a money laundering risk in all of the above scenarios. Perpetrators use risk scenarios 1 and 6 for placement, 2, 4 and 7 for layering and 2, 4, 6 and 7 for integration.

Threat

Terrorist financing

The assessment of the terrorist financing threat related to life insurance shows that terrorist groups have limited interest in this method. It requires specific knowledge of the product and its specific characteristics. Further, life insurances are mostly designed for the long term or verifiable event, such as death or retirement and thus provide limited flexibility. Foreign terrorist fighters may take out life insurance and ask for the funds to be redeemed for the benefit of their family in the event of their suicide or death in battle. However, Member State legislation or insurance companies’ underwriting policies often do not allow this type of clause. Therefore, this risk is limited.

Money laundering

The assessment of the money laundering threat related to life insurance shows that perpetuators can use this method, but complex arrangements are required to hide the proceeds of crime (bank account wrapped in an insurance policy, multiple accounts in third countries loaded with cash and used as collateral for a credit loan, sending money to the life insurance policy). Cases exist, but they are few and sophisticated planning and knowledge are required to make life insurance a viable option.

Vulnerability

Terrorist financing

The assessment of terrorist financing vulnerability related to life insurance shows that:

a) risk exposure

The misuse of life insurance mostly involves the placing of funds rather than their withdrawal. However, the risk exposure seems limited, given the volume of transactions concerned and the limited flexibility of these products. Most competent authorities assess the overall level of inherent terrorist financing risk as being of low or moderate significance. They consider the sector’s exposure to the terrorist financing risks arising from cross‐border transactions and activities to be insignificant. 152

b) risk awareness

The sector seems quite unaware of terrorist financing risks. Even though life insurers, as other obliged entities are required to continuously screen their customer database against PEP lists and high risk country lists most suspicious transaction reports are sent quite late in the process, because life insurers tend to wait for funds to be withdrawn before considering whether it is suspicious. Further, insurance companies often do not have client relationships with beneficiaries of the insurance policies and thus have access to much less information about their customers and beneficiaries than other sectors (e.g. banks), which reduces their ability to build comprehensive customer risk profiles. The lack of transactions means that suspicious activity is detected mainly on the basis of ‘unusual behaviour’. In the future, this risk could be addressed by further measures to identifying the beneficiary 153 .

c) legal framework and checks

Life insurance is included in the AML/CFT framework at EU level.

Competent authorities assess the quality of checks in this sector as largely good or very good. Where they identified weaknesses, these related mainly to the quality of both the business‐wide and individual risk assessments, and associated shortcomings in relation to the effectiveness of transaction monitoring and the identification and reporting of suspicious transactions.

Money laundering

The assessment of the money laundering vulnerability related to life insurance shows that:

a) risk exposure

The misuse of life insurance mostly involves the placing of funds and the capital accumulation, rather than their withdrawal. However, the risk exposure seems rather limited, given the volume of transactions concerned. Most competent authorities assess the overall level of inherent money laundering risk as being of low or moderate significance. A small number of competent authorities, however, considered that the risk was significant and that the quality of the controls of insurance undertakings from an AML/CFT perspective could be improved. They consider the sector’s exposure to the money laundering risks arising from cross‐border transactions and activities to be less significant 154 .

b) risk awareness

The sector is well aware of the money laundering risks. However, as insurance companies often do not have client relationships with beneficiaries of the insurance policies they typically have access to much less information about their customers’ transactions than other sectors (e.g. banks), which reduces their ability to build up comprehensive customer risk profiles. 155

c) legal framework and checks

Customers are generally required to forward their investments to the insurance undertaking via their common bank accounts, which fall under the general requirements of the AMLD framework. Competent authorities assess the quality of checks in the sector as largely good or very good. Where they identified weaknesses, these related mainly to the quality of both the business‐wide and individual risk assessments, and associated shortcomings in relation to the effectiveness of transaction monitoring and the identification and reporting of suspicious transactions.

As in other sectors, Fin-Tech and Reg-Tech solutions are becoming more prevalent in the sector. They are considered an emerging risk by several competent authorities concerned about the lack of awareness (and sometimes the absence) of AML/CTF regulatory requirements applicable to Reg-Tech solutions and Fin-Tech services. A related emerging risk identified by competent authorities is the sector’s move to web‐based insurance platforms and associated challenges posed by accounts opened without the physical presence of the customer.

Risk level

As regards terrorist financing, the level of threat has been assessed as moderately significant (2), whereas the level of vulnerability has been assessed as low/moderately significant (1/2).

As regards money laundering, the level of threat has been assessed as moderately significant (2), whereas the level of vulnerability has been assessed as low/moderately significant (1/2).

Mitigating measures

·Insurance undertakings should be able to identify higher risk situations, such as when the proceeds of the policy benefit a politically exposed person. To determine whether this is the case, the Commission presented a proposal in July 2021 that would require insurance policies to include reasonable measures to identify the beneficiary, as if this person were a new client. Such measures should be taken at the time of the payout or at the time of the assignment of the policy, but not later. Where there are higher risks identified, obliged entities shall: (a) inform senior management before payout of policy proceeds; (b) conduct enhanced scrutiny of the entire business relationship with the policyholder 156 .

·Considering the cross-border nature of ML and TF, Member States should seek international cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol. Other risk mitigating measures can be found in EBA’s sectoral guideline for life insurance undertakings 157 .

16. Non-Life insurance

Product

Non-Life insurance

Sector

Insurance sector

General description of the sector and related product/activity concerned

Non-life insurance policies are generally short-term in nature and serve to provide protection against unexpected loss, such as damage to property. Based on the gross written premiums, the most dominant lines of non-life insurance business are those linked to motor vehicle liability, fire and other damage to property, and medical expenses.

According to the EIOPA statistical database 158 , the total reported assets of insurance corporations in the euro area for end of 2019 were EUR 12.706 billion covering EUR 11.105 billion of liabilities. Around EUR 820 billion of those liabilities is allocated to non-life insurance obligations.

At EEA level the most dominant non-life line of business is fire and other damage to property (Gross written premiums of EUR 152 billion over 2019), followed by medical expense (GWP of EUR 152 billion) and motor vehicle liability (GWP of EUR 98 billion).

Specific provisions aim to mitigate the risks involved in holding shares of insurance companies. Article 59 of Directive 2009/138/EC (Solvency II) (resp. Article 323 of Commission Delegated Regulation (EU) 2015/35) requires an assessment as to whether there are reasonable grounds to suspect that, in connection with the proposed acquisition (resp. qualifying holding of the shareholder or members having a qualifying holding in the special purpose vehicle), money laundering or terrorist financing is being / has been committed or attempted, or that the proposed acquisition (resp. qualifying holding) could increase the risk thereof.

Description of the risk scenario

Perpetrators commit fraud involving workplace, car insurance, etc. to fund their activities.

Money laundering can occur in the context of, and as the motive behind, insurance fraud involving non-life insurance, e.g. where this results in a claim to recover part of the invested illegitimate funds. Relevant risk scenarios typically feature high-frequency premiums and cancellations. The risks may arise or materialise where an insurer*:

1.accepts premium payments in cash, although this is not a common practice; or

2.refunds premiums, upon policy cancellation or surrender, to an account other than the source of original funding (owned by a party other than the policyholder).

Money launderers seek to use scenario 1 for placement and scenario 2 for layering/integration.

Threat

Terrorist financing

Similarly, the terrorist financing risk relates to insurance fraud to access sources of revenue for terrorist activities. Such schemes have been detected in workplace insurance and car insurance, for instance. It is difficult to say that this method has no relevance and some evidence of its use has been gathered following terrorist attacks, but it does require a degree of planning and large paper trails that make it relatively unattractive for terrorist groups.

Money laundering

The assessment of the money laundering threat related to non-life (e.g. car or workplace) insurance shows that, unlike terrorist financing, money laundering abuses require sophisticated schemes that render the risk scenario insufficiently secure or attractive. Law enforcement agencies have limited evidence of non-life insurance being used to launder the proceeds of crime 159 .

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerability related to non-life (e.g. car or workplace) insurance shows that two main situations may occur:

I.fictitious claims in motor vehicle retail /

II.car insurance fraud: funds from the fraud are sent by cash transfer.

a) risk exposure

The risk exposure is limited, as huge sums of money are concerned and the funds cannot be accessed without prior identification.

b) risk awareness

In general, non-life insurance could be more vulnerable than life insurance, not because of its business model but because the sector is not necessarily aware of the risks (customer due diligence is not implemented and there is no record-keeping) and specific terrorist financing or money laundering red flags are not always triggered. Insurance issuers tend to pay more attention at the moment of the pay-out, when the risk is perceived to be greater, and to insurance fraud more broadly.

c) legal framework and checks

Non-life insurance is not covered by the AML/CFT framework at EU level. Where Member States have regulation in place, checks (in some cases involving self-declarations) seem to work satisfactorily.

Money laundering

The assessment of money laundering vulnerability related to non-life (e.g. car or workplace) insurance shows that:

a) risk exposure

As usually prior identification is necessary for the transfer of funds, the risk is limited. However, non-life insurance can be misused for money laundering purposes in a broader context of fraud (fake investment, empty shell).

b) risk awareness

The implementation of customer due diligence is not widespread in the EU, but when Member States have an anti-money laundering framework in place for non-life insurance, they note that obliged entities tend not to apply any customer due diligence at all.

However, considering the number of cases concerned, there is no evidence that this increases the ML risk.

c) legal framework and checks

There are no EU requirements to include non-life insurance in the scope of AML/CFT. The non-life insurance framework depends on national legislation.

Risk level

As regards terrorist financing, the level of threat has been assessed as of low significance and the level of vulnerability as moderately significant (2).

As regards money laundering, the levels of threat and vulnerability have been assessed as lowly significant (1).

Mitigating measures

No further proposal is made at this stage.

17. Safe custody services

Product

Safe custody services

Sector

Credit and financial sector and private security companies

Description of the risk scenario

Safe deposit boxes are viewed as a tool to store cash whilst implementing the three stages of money laundering (Placement, Layering and Integration). Perpetrators rent multiple (commercial or banking) safe custody services to store large amounts of currency, monetary instruments or high-value assets pending their conversion to currency, for placement into the banking system. Similarly, they may establish multiple safe custody accounts to park large amounts of securities pending their sale and conversion into currency, monetary instruments, outgoing funds transfers or a combination of these, for placement into the banking system. Perpetrators can also buy the relevant services through front persons, thus rendering them directly or indirectly via a front person.

Threat

Terrorist financing

For the purpose of this Supranational Risk Assessment the terrorist financing threat related to safe custody services would be no different from the threat relating to organised crime and money laundering. Therefore, it is not being considered as different to the threat of abuse for the purpose of money laundering.

Money laundering

The assessment of the money laundering threat related to safe custody services shows that a particular characteristic of this risk scenario is that the assets are stored and not necessarily converted. As a result, it may not be financially attractive. However, it does make it possible to hide the proceeds of crime with no risk of detection. According to law enforcement agencies, these ‘dormant’ deposit systems are being used increasingly to make safe deposits and take assets out of the financial system.

Exact data on the number of persons that have access to a safe deposit box are difficult to obtain, because safe custody services are also used for relatives, associates, friends, etc. This is an additional aspect of the money laundering threat, as the person who has deposited funds will not necessarily be the one withdrawing them. The ability to obtain a safe deposit box using fraudulent identification also adds another element of risk to the cash storage sector.

Also, market players other than banks provide such services (storage facilities), which extends the range of tools available to criminal organisations and raises the threat level. Risk rating is primarily due to the inability of safe custody services employees to obtain information relating to the contents of the boxes and customers having unlimited access to facilities.

Vulnerability

Terrorist financing

Terrorist financing vulnerability related to safe custody services is not considered particularly relevant. Therefore, terrorist financing vulnerability is not part of the assessment.

Money laundering

In assessing the money laundering vulnerability related to safe deposits, a distinction should be made between services provided by credit institutions and those provided by non-banking entities (storage facilities).

a) risk exposure

In both cases, the risk exposure is high, because large sums of cash may be at stake. This level of risk exposure may be greater where high-risk customers are involved.

b) risk awareness

Basic aspects of customer due diligence apply to safe custody services provided by credit institutions. Some competent authorities take a proactive approach in this sector, but banks remain vulnerable with regard to the contents of safe deposit boxes. Generally, they have no information on the funds placed in them. The private companies that provide such services do not all comply with AML/CFT requirements and some accept cash payment for the rental of safe deposit boxes. Another question is whether the risk of money laundering arises at the time of the storage or only once the funds are inserted in the real economy 160 . From a law enforcement perspective, the more funds are stored, the easier it is to maintain the anonymity of a transaction.

c) legal framework and checks

Safe custody services are not included, as such, in the AML/CFT legal framework at EU level. However, safe custody services provided by credit and financial institutions are included in the framework applicable to those obliged entities.

Undertakings providing safe custody services as listed in point 14 in Annex I to Directive 2013/36/EU are specifically subject to AML/CFT rules. However, in practice, financial institutions may not be in a position to meet their monitoring obligations and assess the source of funds, since they are not aware of the contents of the safe deposit boxes 161 . In addition, this does not cover commercial storage companies or other storage facilities that may be used for similar services. In some countries, certain storage/safe services in general are regulated and supervised as such.

Risk level

As regards terrorist financing, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as moderately significant/ significant (level 2/3).

As regards money laundering, the level of threat has been assessed as significant (3), while the level of vulnerability has been assessed as moderately significant/ significant (level 2/3).

Mitigating measures

There already exist limited controls to overcome the privacy requirements in the safe deposit box sector. Nevertheless, consideration should be given to improving current identity verification processes and access monitoring capabilities to address that fact that parties other than the initial customer may deposit or collect funds.

For Member States / competent authorities:

·Thematic inspections in the sector, focusing on the effectiveness of customer due diligence requirements of financial and non-financial institutions offering safe custody services.

·Considering the cross-border nature of ML and TF, Member States should seek internal cooperation and encourage relevant authorities in charge of preventing and combatting ML and TF to request support from agencies such as Europol.

NON-FINANCIAL PRODUCTS

1. (Legal arrangements including) Trusts

Product

Trusts

Sector

Non-financial products

Description of the sector

Recent money-laundering scandals confirm that legal entities and arrangements are a favourite vehicle employed by criminals to disguise the proceeds of crime as legitimate corporate trade, often through complex structures and networks, which hide the beneficial owners.

Trusts are legal arrangements originally developed in common law jurisdictions. Within a trust, a settlor transfers assets to a trustee, who exerts control over these assets in the interests of one or more beneficiaries as determined by the settlor. The assets held in the trust constitute a separate patrimony from that of the trustee, while other parties, such as the settlor and protector, may also exert some level of control or influence over it 162 .

Other arrangements may emerge as similar to trust by structure or function. Like trusts, they enable a separation of legal and beneficial ownership of assets. This does not necessarily mean divisibility of ownership – a concept typical of common law but not recognised under civil law 163 . Rather, a mechanism where the property is entrusted to one person, who holds the title to it or manages it for the benefit of one or more other persons or for a specific purpose 164 .

As commonly used within the Union, EU rules and FATF standards 165 point to the following arrangements as to be considered similar to trusts 166 :

–Fiducies;

–Treuhand;

–Svěřenský fond;

The Commission published an overview of legal arrangements notified by the Member States as having a similar structure or function to trusts 167 , which resulted in a fragmented picture due to the complexity of identifying and classifying the legal arrangements at hand.

Sixteen Member States 168 indicated that no trusts or similar legal arrangements are governed by their laws, while the remaining Member States 169 notified trusts or similar legal arrangements being governed by their laws.

Threat

Terrorist financing

In general, there is little evidence to date that trusts and other type of legal arrangements have been misused for the purpose of financing terrorism. Possibly due to the costs associated with setting up these arrangements, they do not appear to be particularly attractive to groups that carry out TF activities. The configuration of fiduciary structures does not allow the rapid management or disposition of funds – that usually accompanies TF activities – and demands a series of requirements to be carried out – which makes it difficult to use these structures for TF purposes 170 .

Money laundering

Perpetrators can make use of trusts and similar legal arrangements in order to increase opacity within money laundering operations, by hiding the link with the real beneficial owner.

A recent study estimates that, on average, “1.2% of limited companies in the EU Member States, UK and Switzerland are controlled by a trust, a fiduciary or another legal arrangement that does not allow the beneficial owners to be identified. In some countries, such as the Netherlands (25.6%) and Luxembourg (8.7%), the percentage is much higher” 171 .

Cases, as reported below, show that trusts and similar legal arrangements can be misused in order to hide (personal) assets from being detected, frozen and confiscated, and to commit tax crimes 172 and cross-border operations of money laundering.

Additionally, the risks of misusing trusts seems to increase when several participants to the trust coincide with the same natural or legal person, or when trusts are set up under the law of a foreign jurisdictions (so-called, foreign trusts) 173 . Due to the potential lack of coordination and exchange of information between national authorities, foreign trusts can make the most of the differing treatment of these legal arrangements by different Member States 174 and put transparency particularly at risk 175 . A related risk is the use of intermediaries to hide the existence of a trust established in another jurisdiction in order to prevent its detection by a Member State – where a rigorous system of due diligence and communication by the obliged entities may apply 176 .

The case-studies presented below highlight some of the main ML threats posed by the misuse of trusts. In particular:

–In-depth analysis of trust deeds reveal the truth on ultimate control by paying attention to attribution of certain powers to the settlor;

–Enhanced anonymity offered by trusts and similar legal arrangements can provide significant benefits to criminal operations;

–Almost all of the cases involving the use of legal arrangements also involve company or other legal entities. Trusts and similar legal arrangements are rarely used in isolation to hold assets and obscure beneficial owners, but they generally are part of a wider scheme;

–Client is reluctant or unable to explain their source of wealth/funds;

–Legal person or arrangement incorporated/formed in a low-tax jurisdiction or international trade or financial centre;

–Focused on aggressive tax minimisation strategies;

–Correct documents not filed with the tax authority;

–Falsified paper trail;

–Funds involved in the transaction are sent to, or received from, a low-tax jurisdiction or international trade or finance centre.

.

Vulnerability

Terrorist financing

The assessment of the terrorist financing vulnerabilities posed by legal arrangements has been considered together with money laundering schemes related to legal arrangements. There are indeed no indications that vulnerabilities vary in type or intensity according to the type of misuse.

Money Laundering

A recent report by the FATF notes that “the complex structure of trusts makes the identification of the beneficial owners difficult, and requires further efforts to determine the true nature of the trust relationship” 180 .

Generally, a trust can be used for a variety of goals. For example, transferring the administration of an asset to a third party to organise an inheritance; protecting assets for children; or investing and accumulate money for future important expenses (such as education fees or retirement) 181 .

However, trusts and similar legal arrangements can be also misused to enhance anonymity by adding an additional layer of complexity through the separation of the legal and beneficial ownership of an asset. The enhanced anonymity offered by trusts and similar arrangements can provide significant benefits and can present challenges to financial transparency. The ability to disconnect legal from beneficial ownership presents a range of challenges for authorities and service providers seeking to determine beneficial ownership. Additionally, trusts may be used by criminals as part of complex and opaque structures, comprising multiple legal entities and arrangements across multiple jurisdictions, which can be used to obscure who owns and controls assets 182 .

This concern is even greater with respect to the risks linked to certain types of trusts or similar structures, such as those that 183 :

–Have one or more natural or legal persons or legal instruments in the chain of control, in most cases in order to make it difficult to detect the beneficial owner of that structure and the origin of the funds and assets managed;

–Have a purely instrumental character, meaning that they are owners (mere holders) of assets, but do not perform asset management activities of a commercial or financial nature;

–Have been incorporated in certain higher risk jurisdictions without apparent economic justification (vehicles off-shore corporations, shell companies, intervention of nominal holders etc.);

–Carry out operations, including payments and collections, without a clear connection with the purpose of the trust;

–Are configured as an asset protection trust.

Risk level

As regards terrorist financing, the level of threat has been assessed as lowly/moderately significant (1/2), while the level of vulnerability has been assessed as significant (3).

As regards money laundering, the level of threat has been assessed as very significant (4), while the level of vulnerability has been assessed as significant (3).

Many threats and vulnerabilities for money laundering have been identified in relation to (domestic and foreign) trusts and similar legal arrangements. They are to be considered as lucrative tools to lauder the proceeds of crime. Considering also the weaknesses in the mitigating measures, the level of money laundering risk is assessed as very high.

In contrast, there is little evidence that trusts and similar legal arrangements have been misused for the purpose of financing terrorism. However, their secrecy and the possibility to use them in combination to legal entities make trusts and similar legal arrangements vulnerable to abuse for terrorist-financing purposes. Thus, the level of risk here is assessed as medium.

Mitigating measures

In light of the above-mentioned risks and vulnerabilities, it is essential to stress that the integrity of the EU financial system depends on the transparency of trusts and similar legal arrangements.

For this reason, the EU has always been committed to implement an effective AML/CTF framework, specifically targeting the main issues related to trusts and alike arrangements.

In this context, and going beyond 2012 FATF Recommendations, since 2015 the EU adopted:

–Directive (EU) 2018/843 184 , the 5th AMLD (Amendments to the 4th AMLD);

–Regulation (EU) 2015/847 on information on the payer accompanying transfers of funds 185 in order to make fund transfers more transparent and to help law enforcement authorities to track down terrorists and criminals;

–Directive 2018/822/EU 186 which requires intermediaries to submit information on reportable cross-border tax arrangements to their national authorities comes into effect as from 2020.

In particular, Article 31 AMLD requires trustees or persons holding an equivalent position in a similar legal arrangement to:

–Obtain and hold adequate, accurate and up-to-date information on the arrangement’s beneficial ownership;

–Disclose their status and provide information on the arrangement’s beneficial ownership to obliged entities in a timely manner;

–Submit information on the arrangement’s beneficial ownership to the central beneficial ownership register set up in the country where the trustee is established or resides, or the country where the arrangement enters into a business relationship or acquires real estate when the trustee is established or resides outside the EU; and

–Provide proof of registration in the central beneficial ownership register or an excerpt of it when wishing to enter into a business relationship in another Member State.

The AMLD also obliges Member States to establish effective, proportionate and dissuasive measures or sanctions for breaches of the above obligations.

Based on the information reported by the Member States, the above mentioned obligations have been implemented or are in the process of being implemented. However, implementation has been particularly problematic in relation to art. 31 AMLD para. 1, 2, 3, 4, 5, 7, 9.

Further, violations of CDD and reporting obligations by trust companies and services providers (TCSPs) have been reported in Member States. Such breaches of EU and national AML regulations included lack of identification of the clients; lack of identification of beneficial owners; and lack of reporting suspicious transactions 187 .