Payone GmbH: BaFin prohibits transactions due to high money laundering risks and inadequate security systems

As a rule, I do not publish notifications from BaFin, which reach me daily via e-mail. However, since I also advise or have advised blockchain providers and providers of financial services, including on issues of dealing as an e-money institution and how burdensome it is to implement BaFin requirements, I am making a distinction for once in this message. On July 26, 2023, BaFin prohibited namely Payone GmbH from conducting transactions for certain business customers belonging to the high-risk portfolio due to high money laundering risks and serious deficits in money laundering prevention. BaFin has also ordered a ban on new customers in this area. The ban on transactions and new customers is intended to prevent the e-money institution from being misused for money laundering.

The problem of compliance with AML (anti-money laundering) requirements is a huge one, especially in the web3/blockchain space.

How did the ban come about? In a special audit ordered by BaFin, which has not yet been completed, it was determined that Payone GmbH had serious deficits in complying with and implementing the required enhanced due diligence requirements under the German Money Laundering Act(GwG). As a result of inadequate anti-money laundering safeguards, Payone GmbH had built up a conspicuous high-risk portfolio in its e-commerce business. The business customers of this high-risk portfolio are probably merchants who operate their business models almost exclusively online via websites. Consumers can purchase products and services there and pay for them using credit cards. These credit card transactions are processed by Payone GmbH. Findings from ongoing oversight activities indicate that merchant websites are linked to fraudulent subscriptions, phishing, and fake stores, among other things.

The serious deficiencies identified relate to the measures Payone GmbH undertakes to assess merchants’ business models in the customer acceptance process. The deficiencies also relate to the ongoing monitoring of traders. In particular, the anomalies in the risk assessment by Payone GmbH did not result in merchants being rejected or ongoing business relationships being terminated.

Background

Payone GmbH holds a permit as an e-money institution pursuant to Section 1 (1) No. 2 of the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz– ZAG). It provides payment services by accepting and settling payment transactions (acquisition business).

Electronic money institutions must ensure that they are not abused for money laundering or terrorist financing. Money laundering is the smuggling of funds from criminal sources into the legal financial and economic circuit in order to disguise their origin.

If there are increased risks of money laundering or terrorist financing, e-money institutions must comply with enhanced due diligence requirements. If the respective enhanced due diligence requirements cannot be met, the termination obligation pursuant to Section 15 (9) GwG shall apply.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.