- BaFin prohibits Payone GmbH from carrying out transactions for certain high-risk customers on July 26, 2023 due to money laundering risks.
- A ban on new customers was ordered to prevent abuse for money laundering.
- Compliance with AML requirements is challenging in the Web3/blockchain area.
- Serious deficits in the prevention of money laundering were identified in a special audit.
- Payone GmbH created a conspicuous high-risk portfolio due to inadequate hedging systems.
- Traders in the high-risk portfolio are often involved in fraudulent activities.
- Electronic money institutions must strictly prevent money laundering and terrorist financing.
As a rule, I do not publish notifications from BaFin, which reach me daily via e-mail. However, since I also advise or have advised blockchain providers and providers of financial services, including on issues of dealing as an e-money institution and how burdensome it is to implement BaFin requirements, I am making a distinction for once in this message. On July 26, 2023, BaFin prohibited namely Payone GmbH from conducting transactions for certain business customers belonging to the high-risk portfolio due to high money laundering risks and serious deficits in money laundering prevention. BaFin has also ordered a ban on new customers in this area. The ban on transactions and new customers is intended to prevent the e-money institution from being misused for money laundering.
The problem of compliance with AML (anti-money laundering) requirements is a huge one, especially in the web3/blockchain space.
How did the ban come about? In a special audit ordered by BaFin, which has not yet been completed, it was determined that Payone GmbH had serious deficits in complying with and implementing the required enhanced due diligence requirements under the German Money Laundering Act(GwG). As a result of inadequate anti-money laundering safeguards, Payone GmbH had built up a conspicuous high-risk portfolio in its e-commerce business. The business customers of this high-risk portfolio are probably merchants who operate their business models almost exclusively online via websites. Consumers can purchase products and services there and pay for them using credit cards. These credit card transactions are processed by Payone GmbH. Findings from ongoing oversight activities indicate that merchant websites are linked to fraudulent subscriptions, phishing, and fake stores, among other things.
The serious deficiencies identified relate to the measures Payone GmbH undertakes to assess merchants’ business models in the customer acceptance process. The deficiencies also relate to the ongoing monitoring of traders. In particular, the anomalies in the risk assessment by Payone GmbH did not result in merchants being rejected or ongoing business relationships being terminated.
Background
Payone GmbH holds a permit as an e-money institution pursuant to Section 1 (1) No. 2 of the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz– ZAG). It provides payment services by accepting and settling payment transactions (acquisition business).
Electronic money institutions must ensure that they are not abused for money laundering or terrorist financing. Money laundering is the smuggling of funds from criminal sources into the legal financial and economic circuit in order to disguise their origin.
If there are increased risks of money laundering or terrorist financing, e-money institutions must comply with enhanced due diligence requirements. If the respective enhanced due diligence requirements cannot be met, the termination obligation pursuant to Section 15 (9) GwG shall apply.