As a rule, I do not publish notifications from BaFin, which reach me daily via e-mail. However, since I also advise or have advised blockchain providers and providers of financial services, including on issues of dealing as an e-money institution and how burdensome it is to implement BaFin requirements, I am making a distinction for once in this message. On July 26, 2023,
BaFin prohibited namely Payone
GmbH from conducting transactions for certain business customers belonging to the high-risk portfolio due to high money laundering risks and serious deficits in money laundering prevention.
BaFin has also ordered a ban on new customers in this area. The ban on transactions and new customers is intended to prevent the
e-money institution from being misused for money laundering.
The problem of compliance with AML (anti-money laundering) requirements is a huge one, especially in the web3/blockchain space.
How did the ban come about? In a special audit ordered by
BaFin, which has not yet been completed, it was determined that Payone
GmbH had serious deficits in complying with and implementing the required enhanced due diligence requirements under the German Money Laundering Act
(GwG). As a result of inadequate anti-money laundering safeguards, Payone
GmbH had built up a conspicuous high-risk portfolio in its
e-commerce business. The business customers of this high-risk portfolio are probably merchants who operate their business models almost exclusively online via websites. Consumers can purchase products and services there and pay for them using credit cards. These credit card transactions are processed by Payone
GmbH. Findings from ongoing oversight activities indicate that merchant websites are linked to fraudulent subscriptions, phishing, and fake stores, among other things.
The serious deficiencies identified relate to the measures Payone GmbH undertakes to assess merchants’ business models in the customer acceptance process. The deficiencies also relate to the ongoing monitoring of traders. In particular, the anomalies in the risk assessment by Payone GmbH did not result in merchants being rejected or ongoing business relationships being terminated.
Background
Payone GmbH holds a permit as an e-money institution pursuant to Section 1 (1) No. 2 of the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz– ZAG). It provides payment services by accepting and settling payment transactions (acquisition business).
Electronic money institutions must ensure that they are not abused for money laundering or terrorist financing. Money laundering is the smuggling of funds from criminal sources into the legal financial and economic circuit in order to disguise their origin.
If there are increased risks of money laundering or terrorist financing, e-money institutions must comply with enhanced due diligence requirements. If the respective enhanced due diligence requirements cannot be met, the termination obligation pursuant to Section 15 (9) GwG shall apply.