Re: National implementation of the Fifth Money Laundering Directive (“5MLD”)
The Electronic Money Association is the trade body for electronic money issuers and innovative payment service providers. Our members include leading payments and e-commerce businesses worldwide, representing online payments, card-based products, vouchers, and those employing mobile channels of payment. Please find full list of our members attached to this letter.
The e-money-specific exemption from customer due diligence contained in Article 12 and virtual currency registration provision Article 47 of the 4MLD as amended by 5MLD, are crucial to our members’ businesses. Below we provide some detailed comments with regard to the proposed implementation of these provisions in Norway.
Chief Executive Officer
Electronic Money Association
- 1. Anonymous prepaid cards (s.7.3.1)
We note that the Ministry of Finance is proposing to ban the use of anonymous prepaid cards in Sweden under the Member State option in 5MLD. We request the Ministry of Finance to reconsider this position, and permit the issuance and acceptance in Norway of e-money products that benefit from the exemption from CDD set out in Article 12 4MLD. We have set out our rationale below.
Anonymous payment instruments play an important role in facilitating the uptake of electronic money products by consumers and provide convenient payment functionality to those who either are unable to verify their identity or do not wish do so out of privacy concerns. Anonymous prepaid instruments are limited by the conditions imposed on their issuance under Article 12 4MLD (as amended), which minimise the risk that they are used for money laundering or terrorist financing purposes.
- storage limits of €150, or monthly payment transaction limits of €150
- limited to purchasing goods and services
- cannot be funded with anonymous e-money
- monitoring for the purpose of SARs
- redemption or use online limited to €50
As the Finanstilsynet (FSA) points out, the use of anonymous payment instruments beyond the Article 12 thresholds is prohibited unless the payment service user (“PSU”) is verified. In addition, such products cannot be funded by cash or anonymous e-money, limiting the use for illicit purposes. Ongoing monitoring applies to anonymous payment instruments issued under the Article 12 exemption, and as funds have to be deposited onto the payment instrument, they can be seen when they are spent, and can be tracked and reported upon in real time. Where there were reported use of e-money products by terrorist groups, it has been documented that these products had been subject to customer due diligence. In other words, the use is not linked to anonymity.
Under 4MLD and 5MLD the opportunity for criminal use is greatly diminished and the limits for anonymous use are sufficiently low (EUR 150), that the product would be of limited utility to most consumers.
Please note that the use of the term ‘anonymous’ is misleading as it implies that there is no means of connecting the user to the product and product use is entirely non transparent. However secondary identifiers such as CCTV, shipping information, IP address, geolocation information, non-verified ID, device fingerprinting etc. all provide fragments of information that cumulatively reveal the identity of the user, or provide sufficient information for an investigator to do so.
Cash remains the preferred means of laundering money because it requires less expertise, is anonymous and leaves no electronic trace. In this respect, it should be acknowledged that one of the side effects of the continuous tightening of the regulatory regime for e-money is the increasing use by criminals of cash, with a resulting loss of transaction data available from e-money transactions.
The 5MLD limits, and even those in 4MLD, make e-money products a poor means of laundering cash, if the intention is to use it anonymously. Given the specific purpose of most e-money products, use for money laundering would be easily observable, and would lead to an SAR or STR and meaningful information being provided to the FIU. Use of e-money generates an electronic trail that assists law enforcement, and should therefore be regarded as reducing risk.
We note the Consultation guidance statement that:
“Prepaid e-money cards enable anonymous payments and transfer of funds across national boundaries and between people.”
Please note that Article 12 applies to payment instruments that are used exclusively for purchase of goods and services, meaning that person-to-person transfers are not permitted.
We also note the Consultation guidance statement below:
“[…]believed to present challenges for the redeemer, with the redeemer first having to identify whether an anonymous prepaid e-money card has been used and, if applicable, if the electronic money card is issued in third countries that have similar requirements in case of exemptions from customer measures such as within the EEA.
[…] whether anonymous prepaid cards are also intended to be included prepaid digital or electronic cards and codes. The directive is unclear on this point, which may lead to different transfers across the EEA.”
Although Article 12 refers to e-money ‘payment instrument’ when listing risk mitigating conditions, the Member State option specifically refers to ‘prepaid cards’.
Prepaid cards that bear card scheme acceptance brands (e.g., MasterCard and Visa) are issued by banks and financial institutions which are members of the relevant card scheme.
Card schemes have developed solutions for acquirers – an indicator – which identifies to the acquirer whether a prepaid card is:
- i. full customer due diligence measures applied,
- ii. anonymous but meets the EU regulations, or
- iii. anonymous and is not compliant with EU standards.
The third category will be blocked by the acquiring Payment Service Provider (PSP) – which is the PSP of the merchant at which a customer is attempting to make a purchase.
2. Registration of virtual currency service providers (s.3.3.3)
EU AML legislation is largely implemented on an establishment basis, with the expectation of home country supervisors sharing information and intelligence with host member states as and when required. This avoids the situation where cross-border service providers have to obtain registration or a licence in all 27 member states.
We would therefore urge you to reconsider the application of the registration requirement to virtual currency service providers providing services on a cross-border basis, and to limit the application to those established in Norway.
The growing tendency for host member state regulation is at variance with the principles of harmonisation, the single market and the freedom to provide services without additional barriers. It is also an inefficient way to address AML data access, creating a significant burden on firms.
Furthermore, the European Commission is developing an EU-wide framework for regulating virtual currency service providers in order to deliver a harmonised regime across the member states.