In June the EBA published the findings from its assessment of the scale and nature of ML/TF risks associated with payment institutions. It considered how payment institutions identify and manage ML/TF risks and what supervisors do to mitigate those risks when considering an application for the authorisation of a payment institution and during the life of a payment institution.

The sector consists of a heterogenous set of institutions of different sizes and business models, each carrying different levels of ML/TF risk. Nevertheless, the EBA’s findings suggest that overall, the sector does not manage ML/TF risk adequately. AML/CFT internal controls in payment institutions are often insufficient to prevent or detect ML/TF.

The EBA’s findings also suggest that not all competent authorities are currently doing enough to supervise the sector effectively. As a result, payment institutions with weak AML/CFT controls can operate in the EU, for example by establishing themselves in Member States where authorisation and AML/CFT supervision processes are less stringent to passport their activities cross-border afterwards.