BaFin prohibition Payone: Money laundering risks | IT-Medienrecht

Learn about BaFin's prohibition on Payone GmbH due to severe money laundering risks and inadequate security systems. Understand the impact on e-money…

BaFin Sanctions Payone GmbH Over Money Laundering Deficits: A Closer Look at E-Money Institution Compliance

Typically, I do not publish notifications received daily from the BaFin via email. However, as I advise blockchain providers and financial service institutions, particularly on issues concerning e-money institutions and the burden of implementing BaFin requirements, this notification warrants a distinction.

On July 26, 2023, BaFin prohibited Payone GmbH from conducting transactions for certain business customers within its high-risk portfolio. This prohibition was issued due to significant money laundering risks and serious deficiencies in money laundering prevention. Furthermore, BaFin imposed a ban on acquiring new customers in this segment. These measures aim to prevent the e-money institution from being misused for money laundering activities.

The Challenge of AML Compliance for E-Money Institutions

The issue of complying with AML (Anti-Money Laundering) requirements is substantial, especially within the web3 and blockchain space. Financial institutions operating in these innovative sectors often face unique challenges in ensuring robust prevention mechanisms against financial crime.

Implementing BaFin requirements for anti-money laundering can be particularly burdensome. These regulations demand meticulous adherence to due diligence and ongoing monitoring, which requires significant resources and expertise.

Deficiencies Leading to BaFin's Ban

The ban originated from a special audit ordered by BaFin, which is still ongoing. This audit identified grave shortcomings at Payone GmbH in adhering to and implementing the enhanced due diligence requirements mandated by the German Money Laundering Act (GwG).

As a direct consequence of these inadequate anti-money laundering safeguards, Payone GmbH had accumulated a conspicuous high-risk portfolio within its e-commerce business. The business customers in this portfolio are likely merchants operating primarily online. These merchants facilitate consumer purchases of products and services via credit card, with Payone GmbH processing these transactions.

Ongoing oversight activities have revealed that these merchant websites are associated with various illicit activities, including:

Systemic Failures in Risk Assessment

The identified deficiencies primarily concern the measures Payone GmbH employed to assess merchant business models during the customer acceptance process. Furthermore, significant lapses were found in the continuous monitoring of these traders.

Crucially, anomalies in Payone GmbH's risk assessment did not lead to the rejection of problematic merchants or the termination of existing business relationships. This indicates a systemic failure in their risk management protocols.

Background on E-Money Institutions and Money Laundering Prevention

Payone GmbH operates under a license as an e-money institution, granted pursuant to Section 1 (1) No. 2 of the German Payment Services Supervision Act (ZAG). Its services include processing payment transactions, a practice known as acquisition business.

E-money institutions bear a fundamental responsibility to ensure they are not exploited for money laundering or the financing of terrorism. Money laundering, in essence, involves integrating funds derived from criminal activities into the legitimate financial and economic system to obscure their illegal origin.

When heightened risks of money laundering or terrorist financing are present, e-money institutions are legally bound to apply enhanced due diligence requirements. If these enhanced requirements cannot be adequately met, the institution is obligated to terminate the business relationship, as stipulated by Section 15 (9) GwG.

Fazit

The BaFin's decisive action against Payone GmbH underscores the critical importance of robust anti-money laundering measures for all financial service providers, particularly e-money institutions. This case serves as a clear reminder that deficiencies in compliance and risk management can lead to significant regulatory intervention. It reinforces the need for continuous vigilance and stringent adherence to legal obligations to prevent financial crime.