4MLD – impact of a new KYC regime for the e-money sector
The Fourth Money Laundering Directive (4MLD) will introduce a number of changes to anti-money laundering (AML) regulation within Europe.
Risk assessments are central to 4MLD, and will be required at a firm, Member State and supranational level. For the e-money sector specific changes re-work the risk based approach to customer due diligence (CDD), broadly impacting two product categories.
Non-reloadable vs reloadable products
Under 4MLD, CDD may only be waived for non-reloadable products subject to member state approval and only where the products meets all of the following conditions: (i) a maximum storage value of EUR 250; (ii) usage restricted to purchasing goods or services only; (iii) blocking purchase of the product with anonymous e-money; (iv) undertaking transaction monitoring; and (v) imposing a redemption limit of EUR 100.
For reloadable products which are intended to be sold without CDD the above criteria also apply however the EUR 250 cap becomes a monthly spend limit and the product must be restricted to domestic use only.
Impact of the exemptions
The business impact of these changes is three-fold. Firstly, it will become more difficult for issuers, especially those selling at physical point of sale (POS) outlets to acquire customers due to the attractiveness of the product being diminished: product functionality is limited while CDD requirements are imposed at lower thresholds.
Secondly, the compliance overhead associated with upfront CDD requirements at an earlier stage of the product life cycle will place an extended cost burden on issuers who will need to divert budget and resources to cope with the additional expense.
Finally, issuers will be placed on the back foot in terms of competing against established banking products. It’s difficult enough for FinTech companies to compete against larger players in an already saturated market. The new rules may drive consumer behavior towards bank issued products or even cash and away from innovative payment technology options.
The SDD approach
Despite the above, 4MLD does provide a simplified due diligence (SDD) regime which may help dampen some of the impact from the revised CDD exemptions. SDD is not an exemption of CDD but rather an obligation to collect certain information on customers that constitute identity – for example name, date of birth and address – but with a delayed obligation to verify that information or the possibility to apply a lighter degree of verification based on risk.
Under 4MLD issuers are permitted to conduct SDD in situations that are identified as being low risk based on various risk factors set out in the annexes to 4MLD including customer, geographical, product and delivery channel risks.
SDD would therefore provide issuers some potential of maintaining reasonable compliance costs without compromising on an uncomplicated customer experience at the POS. Critical to the approach will be the manner in which issuers set out their e-money risk assessments and how these are viewed by member state regulatory authorities who have final say on the matter.
Outcomes – what’s in store for industry?
Industry faces several challenges under 4MLD. One is the level of subjectivity afforded to regulatory authorities in terms of their risk assessments. This may lead to a fragmented approach to the adoption of SDD across EU member states which will frustrate competition in the single market.
The European Commission has also indicated its intention to impose further restrictions on e-money products in the wake of the recent terrorist attacks perpetrated in Europe. It is not yet clear what these restrictions may entail but it could reasonably be expected that a decrease in the hard exemption limits will be proposed. The European Commission is looking to fast track any requisite legislative changes regarding additional restrictions and has also requested that member states transpose 4MLD into national law by the end of 2016.
Given the scope and timing of upcoming regulatory changes, e-money issuers should start considering their own product risk assessments, sales and compliance strategies and would be well placed to explore alternative methods of collecting customer ID information at the POS in a manner that helps minimise potential friction.