The Impacts of Money Laundering Regulation on the E-Money Industry
On July 5th, 2016 the European Commission published a “Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 (“4AMLD“) on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directive 2009/101/(EC) (“5AMLD”). Besides many other amendments to 4AMLD (see our redline of 4AMLD and 5AMLD), the legal requirements that allow the issuance of anonymous e-money products shall become significantly more restrictive under 5AMLD. To that end not only the thresholds for identification needed for e-money products shall be lowered to EUR 150 (see Art. 12 paragraph 2 of 5AMLD). Such thresholds shall no longer apply, if E-Money products, reloadable or not, can be used for online-payment. As a consequence, 5AMLD would no longer allow for the issuance of anonymous e-money products (see Art. 12 paragraph 2 of 5AMLD), but in general require “full KYC”.
Many battle lines in defence have been drawn by the e-money industry to counterstrike the “killer provision” of Art. 12 paragraph 2 of 5AMLD (see my blog article “Proposal for a fifth AML Directive – Impacts on the E-money Business”). In its comprehensive “Position Paper on the Revisions of the Anti-Money Laundering Directive”, the Prepaid Association of Germany (Prepaid Verband Deutschland) concluded:
The elimination of the threshold value for using anonymous e-money products for online payments proposed by the European Commission will hardly entail any added value in the fight against terrorist financing and is not in keeping with the risk-based approach. It would, however, have a far-reaching, negative impact on the entire e-money market and puts the existence of innovative payment possibilities at stake. With its minimal actual benefit and lack of proportionality in mind, the proposed measure should be rejected. The possibility of anonymous online payment of small amounts must be retained at all costs. The PVD therefore pleads in favour of removing the insertion „either of online payment or“ in Article 12 (2) of the submitted draft Directive.
On October 28, 2016, the Slovakian Presidency published a compromise text (“Presidency Compromise Text”). In the Presidency Compromise Text, the “killer provision” of Article 12 (2) was replaced by the following:
2. Member States shall ensure that the derogation provided for in paragraph 1 is not applicable in the case
eitherof:
online payment
a)or ofredemption in cash or cash withdrawal of the monetary value of the electronic money where the amount redeemed exceeds EUR 50 or
b) remote payment transactions as defined in point (6) of Article 4 of the Directive 2015/2366/EC where the amount paid exceeds EUR 50 and as from the date of entry into force of this directive + 24 months for all remote payment transactions.
It is needless to say that this compromise is merely, if at all, a ceasefire that does not end the battle or reasonably consider the legitimate interests of the European e-money business.
However, on November 7, 2016 the Committee on Economic and Monetary Affairs Committee on Civil Liberties (ECON) and Justice and Home Affairs European Parliament (LIBE) published a draft report on the 5AMLD. By striking out the terms “either of online payment or” in Article 12 (2) (cf. Amendment 17) and “and suppress the customer due diligence exemption for their online use” in Recital 11 (cf. Amendment 1), the ECON/LIBE’s draft, if transposed, is a reasonable suggestion and a real compromise to end this battle threating the future of the e-money business, right? At least, that is one might suppose. Another well-known villain is threatening the e-money business.
Could Strong Customer Authentication give the Industry a Deathblow?
Many detailed and comprehensive statements have been made with regard to the impacts of the strong customer authentication on the payment industry (e.g. see the blog article “PSD2: A Broken Promise Already?” by Nadja van der Veer; see also my blog articles with regard to SCA). Many aspects are still unclear and subject to further discussions. In particular, the EBA’s first draft of the so called Regulatory Technical Standards on SCA (RTS) is facing a lot of push-back from the market with some 230 responses (!). Besides the various complaints addressed in the market’s responses on the EBA’s draft RTS, there is one particular aspect that could be a serious menace to the e-money business:
PSD 2 requires SCA for all remote payment transaction (e.g. internet payments, contactless payment at the POS). Unlike the ECB’s Recommendations for the Security of Internet Payments ECB, the EBA’s draft RTS does not provide an exemption for anonymous prepaid instruments (e. g. gift cards, prepaid credit cards, etc.). As a consequence, one must apply SCA to all e-money transactions triggered via a remote channel, i.e. when paying with e-money online.
So what? Not really!
The problem is: How would one apply SCA with anonymous e-money, where the holder of the e-money is anonymous. How would the holder of the e-money receive the “one-time password”, the EBA’s draft RTS require? One might suggest to linking the anonymous payment instrument to a user’s “device” (e.g. mobile phone, email-address?). Regardless of whether this would constitute a feasible solution, it would require some sort of “simplified due diligence” and that would ultimately eliminate anonymous e-money that can be used for online payments.
It is Time to Act NOW
Correct me if I am wrong or missing something. If not, the e-money industry would be well-advised to quickly line up before the shadow warrior named SCA will give a deathblow to the ailing e-money business with the upcoming regulatory framework.