Investigations have linked UK-registered electronic money institutions (EMIs), which can issue pre-paid payment cards or digital wallets, to money laundering, fraud and other financial wrongdoing. Critics argue that the Financial Conduct Authority, under pressure to enable the UK’s fintech sector, has failed to provide proper oversight of the country’s EMI market. But experts told Tech Monitor that the money laundering risks of e-money are overstated – and pale in comparison to those of cryptocurrency.
What is ‘e-money’?
‘e-money’ is a specific kind of digital financial service, in which a conventional “fiat” currency, such as pounds or dollars, is stored in a payment card or wallet. It is not to be confused with cryptocurrencies, which are distinct from fiat currencies, or central bank digital currencies, which are directly controlled by central banks.
Under the EU’s second Payment Services Directive (PSD2), which still applies in the UK, companies that wish to offer e-money services must register as an electronic money institution (EMI) with their national regulator. The UK is home to around half of the 450 registered EMIs in Europe, according to TheBanks.eu. Many fintechs have secured an EMI license as it allows them to provide digital wallets without a banking license, which has higher regulatory and capital requirements.
A string of recent investigations have linked some EMI-license holders to money laundering and other financial crimes. This week, Bloomberg reported that the FCA has approved EMI licenses for companies "with executives or shareholders tied to Baltic money laundering scandals, alleged financial wrongdoing in Russia and Kyrgyzstan, healthcare fraud in the US and suspected wrongdoing in Luxembourg and Australia".
Bloomberg's investigation follows research from Transparency International last month which, according to reports, flagged 38% of UK EMI license holders as having "potential money laundering red flags", such as "having owners, directors or senior members of staff named in money laundering investigations". (Transparency International's report was not available for download at the time of writing; the organisation did not respond to a request for further details from Tech Monitor).
And in July last year, an investigation published by OpenDemocracy identified Russian language sites proposing EMIs, including those registered in the UK, as a money laundering mechanism.
Some of these investigations have raised doubts about the FCA's regulation of the 'e-money' market. Bloomberg writes that its investigation points to "oversight weaknesses", while Transparency International's Ben Cowdock reportedly warned that the FCA and UK government “need to act quickly to avoid a major scandal hitting this sector".
Oliver Irons, a partner at law firm Simmons and Simmons, who has acted for fintechs that have secured EMI licenses, disagrees. "If these reports had been written two or three years ago, I might have agreed," he says. "The FCA didn't understand e-money then."
But in the wake of the terrorist attack at the Bataclan nightclub in 2015, which was funded in part using pre-paid payment cards, the EU issued a new anti-money laundering directive. It stipulates that no more than €100 can be stored on anonymous accounts. This was transposed in to UK law last year.
Irons argues that the recent investigations' evidence that e-money is being used for money laundering is circumstantial. "I don't think they've exposed a fundamental weakness in the way in which 'e-money' is set up," Irons says. "e-money institutions have had to have fairly rigorous anti-money laundering checks, policies and procedures in place for quite a while."
Nevertheless, a 2020 report from HM Treasury identified payment and e-money services as a 'medium' risk for money laundering. While noting that 'Strong Customer Authentication' rules that came in 2019 "will help to reduce the risk of fraudulently authorised payments," the rapid evolution of the payments and e-money industry makes it "difficult to detect and identify money laundering methodologies, compared with criminal activity using traditional retail banking services".
As a result, the report concludes that "the money laundering and terrorist financing risks of such business operations will need to be monitored closely as this sub-sector develops further". "[I] agree it's an area of potential risk which should be kept under review," says Susannah Cogman, a partner a Herbert Smith Freehills specialising in financial crime.
e-Money vs cryptocurrency
Critics have suggested that the FCA has given a lot of leeway to fintechs to bolster the domestic market. "Of all the regulators across Europe, I think the FCA is probably the most accommodating," says Irons. "But it is still a regulator, and if you ask a fintech if they've been accommodated by the FCA, they'd laugh you out of the room."
Professor Philip Treleaven, director of the Financial Computing Centre at UCL, says the FCA has so far succeeded in striking a balance between innovation and regulation. "Fintech has been successful in the UK because the regulators – the Financial Conduct Authority and Bank of England's PRA – have struck a reasonable balance to encourage innovation while trying to remove excesses," he says.
However, he adds, decentralised finance (an umbrella term for cryptocurrencies and blockchain-related financial services) threatens regulators' ability to tackle fraud and money laundering. "Decentralised finance just throws the whole regulatory regime out the window," he says. "If a counterparty misbehaves, you don't know who they are."
Irons explains that some companies offering crypto-related services have applied for EMI licences to allow customers to exchange e-money with cryptocurrency. Here, he says, the FCA has been less consistent, with some applicants being told "you can't use that money for the purchase of digital assets" despite meeting the AML requirements for e-money services.
Businesses that wish to transact cryptocurrencies must register with the FCA - and demonstrate their AML precautions - if their operations are based in the UK. However, the FCA takes the view that if a business has "no offices or agents" in the UK, "we would not automatically consider that as business being carried on in the UK," and would therefore not be subject to the FCA's AML rules, even if it has UK-based customers.
"This means UK customers can access the services of firms which are outside the scope of UK regulation, potentially based in jurisdictions which have lower regulatory standards than the UK and over which the FCA has no jurisdiction," explains Cogman. "So the inherently cross border – or perhaps 'borderless' – nature of cryptocurrency operations therefore make them particularly difficult to regulate."