EBA Plots Licence Withdrawal For Serious AML Breaches

June 7, 2022
Proposed new rules would formalise the ability for European authorities to recommend to national counterparts to remove the licence of financial firms that breach regulations, while evidence suggests that this could hit payment firms the hardest.

Proposed new rules would formalise the ability for European authorities to recommend to national counterparts to remove the licence of financial firms that breach regulations, while evidence suggests that this could hit payment firms the hardest.

Three European supervisory authorities — the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) — have published a joint report calling for the introduction of rules to revoke licences of firms for serious breaches of anti-money laundering (AML) rules.

The report analyses the uniformity of existing national laws across the different financial regulated spaces and finds that although all authorities had existing grounds to revoke licences for AML rule breaches, there were variations, both between different authorities and across different sectors.

As a consequence, the report recommends harmonising sectoral acts in certain areas, such as enabling regulators to revoke licences solely as a result of AML rule breaches, particularly if not in domestic law. It would also put in place a requirement for regulators to consider a firm’s exposure to money laundering risk when granting a licence in the first place.

The report also provides insight into the types of firms that have had their licences revoked over the last ten years, with payment firms by far the worst hit.

Of the 26 withdrawals of authorisation/registration, eight were from payment/e-money institutions, six from credit institutions and one virtual asset provider, making up almost 60 percent of licence withdrawals.

Last resort

The findings of the surveys from national regulators show that in a large number of cases the withdrawal decision was based on a serious breach of AML rules in combination with other legal grounds, such as the breach of prudential requirements, failure to continue meeting the condition for authorisation, or breaches of other laws and regulations.

Reported breaches were found to be similar across the financial sector and concerned shortcomings in operational risk, internal controls, customer/enhanced due diligence, transactions reporting and record-keeping.

Additionally, the report finds that regulators already use a mix of domestic and EU law to withdraw authorisation.

However, the report also notes that the decision for national regulators to withdraw a licence is a “last resort measure, subject to a discretionary and proportionality assessment”, balancing a mixture of regulatory and market factors, specifically:

  • Absence of supervisory measures to effectively remedy the serious breach of AML rules.
  • Considering the consequences of withdrawing the licence on financial stability grounds.
  • Absence of private measures to remedy serious breaches of AML rules.
  • The destruction in value of the firm and/or the market.
  • Breach of property rights for shareholders and creditors.
  • Consequences of the licence withdrawal for the real economy.

These factors highlight that national regulators are at least trying to find a way to remedy the situation without overly meddling in the market, which could cause a loss of investor confidence. The low volume of licence withdrawals over the last ten years also affirms this point.

Targeting crypto

The report also makes several notable callouts around virtual/crypto-assets, as well as making several references to the upcoming Market in Crypto-Assets Regulation (MiCAR), despite only one virtual asset provider in the EU having had its licence revoked in the last ten years over AML rule breaches.

This push from EU regulators to make sure that firms dealing with crypto-assets are adhering strictly to AML rules is a trend seen elsewhere, including the US and Lithuania, as well as previously at the EU level, with the reporting highlighting “the need for MiCAR to appropriately integrate AML/CFT issues” as the recommended avenue to forward this desire.

Combined with licence withdrawals data, this further highlights the disproportionately impact these new rules will likely have on payments firms, relative to other sectors.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.