.svg)
The exposé on French payments giant Worldline may see European payment service providers (PSPs) face increased scrutiny from both national and regional anti-money laundering (AML) authorities.
Last month, European Investigative Collaborations (EIC) published ‘Dirty Payments’, a series of almost 100 articles in more than a dozen countries and languages, alleging widespread AML and fraud prevention failures by Worldline.
For at least the past 10 years, EIC members claim, the firm has “operated with impunity” and “turned a blind eye” to illegal use of its services throughout Europe.
Allegations that Worldline processed payments for transnational crime gangs engaged in fraud, romance scams, illegal gambling and prostitution caused the company’s stock to crash 40 percent in a single day.
Two days later, prosecutors in Belgium announced that they had opened a money laundering investigation into Worldline’s local subsidiary.
In response, Worldline said that since 2023 it has “strengthened” its merchant risk framework to ensure “full compliance” with the laws and regulations of each of its markets.
The company also downplayed the importance of its high brand risk (HBR) portfolio, which includes online casinos and adult dating services, noting that such clients make up only 1.5 percent of its acquired volumes.
“All HBR clients still active within this portfolio are now subject to enhanced oversight, based on specific procedures,” it said in a statement.
“Wherever the Group identifies indications of non-compliant situations, additional checks are immediately undertaken, potentially leading to termination of the client relationship.”
Walls close in on Worldline
As regulators in other jurisdictions digest the EIC material, it is likely that other enforcement actions will be announced over the coming months.
Worldline is already under increased regulatory scrutiny in Germany, its largest market.
In January this year, Germany’s Federal Financial Supervisory Authority (BaFin) ordered Payone, Worldline’s local subsidiary, to maintain increased capital and address deficiencies in AML compliance.
BaFin also said it has appointed a special representative to monitor Payone’s implementation of the required changes.
The German regulator’s move follows audits of Payone it conducted in 2022 and 2023, which identified shortcomings in “all” audited areas of business organisation and outsourcing.
According to internal documents seen by EIC members, Worldline’s Dutch subsidiary, Global Collect Services, was also under investigation in 2022 due to its inadequate merchant screening practices.
This claim, which was made by Dutch newspaper NRC, has not been confirmed either by Worldline or De Nederlandsche Bank (DNB), the regulator in question.
Since 2021, rumours of regulatory action against Worldline have been published in France, Italy and Belgium, and during that time, the company’s stock dropped more than 90 percent.
A job for AMLA?
The EIC exposé broke just one week prior to the launch of the European Anti‑Money Laundering Authority (AMLA).
As covered by Vixio, AMLA is a new pan-European regulator that aims to unify AML supervision and enforcement under a single authority.
For example, AMLA will directly supervise a select group of 40 financial institutions that are exposed to a “high risk” of money laundering and that operate in at least six member states.
Based on the EIC’s allegations, it is possible that Worldline may find itself under direct AMLA supervision in 2028, following a selection process that is set to take place in 2027.
In addition to the select group of 40, AMLA can take over the supervision of any financial institution at any time, either on its own initiative or at the request of a national authority.
AMLA will also support the activities of national-level financial intelligence units (FIUs) by facilitating cooperation, identifying best practices and developing new forms of information exchange between regulators.
Private-sector information sharing
The EIC exposé is also likely to lead to greater calls for increased information sharing between financial institutions, including cross-border information sharing.
In the past, Worldline itself has been among the voices calling for European AML rules to be “redesigned” for private sector collaboration.
In 2019, Worldline called for new regulations that would allow banks to share know your customer (KYC) and know your business (KYB) information with one another.
It also suggested that banks work with non-bank PSPs – like itself – to improve their transaction monitoring capabilities.
“The fact that we process huge amounts of transactions from both consumers and retailers via different payment types can serve as an extra weapon for the detection of fraud in the future,” it said.
“If banks and other financial institutions that are subject to regulation fill a database with useful information, it will be a lot easier to map out suspicious behavior.”
Ironically, EIC member Le Soir claims that Worldline was debanked by Société Générale after the bank told the PSP that it had “limited confidence in their [risk] monitoring tools”.
Other banks, such as ING Belgium, were apparently less risk averse, and became “preferred partners” for suspicious payments facilitated by Worldline.
But, as Worldline said in 2019, information sharing between these banks could have contributed to a clearer picture of suspicious activity and stronger risk mitigation.
Simpler solutions
To prevent fraud and other forms of illegality, PSPs may need to improve their existing KYC, KYB and customer due diligence (CDD) practices.
A recurring theme in the EIC allegations is that Worldline could have detected fraudulent companies among their merchant clients long before they began to scam money from victims.
Aether Group, for example, claimed to be an “omnichannel marketing firm” with offices in the UAE, the Netherlands and the Philippines.
However, EIC members allege that Aether Group owned more than 300 companies and at least 1,000 scam websites, all of which used Worldline’s services as “high-risk” clients.
More than 100 of the companies were identified as shell companies using UK residential addresses, and these companies were used to launder scam proceeds out of the UK.
In 2023 alone, companies linked to Aether Group generated more than £45m in revenue via Worldline, with almost £20m flowing through UK shell companies.
Aether Group was terminated by Worldline in 2024 after more than seven years as a merchant client.
Robust identity verification, ultimate beneficial owner verification, nature of business checks, and subsequent traffic profiling of Aether Group websites could have identified the issue much sooner.
The example of Worldline and the impact of the scandal should act as a reminder for PSPs of the importance of getting their KYC, KYB and CDD processes right.
Regulators across Europe are prioritising AML enforcement. Vixio’s 2024 Enforcement Outlook found that AML violations accounted for more than half of all enforcement activity in the UK and the EU during the first half of last year, and that trend remains strong.
The likelihood of further action by regulators, which could lead to fines, licence withdrawals or public censure, and the effect of the wave of articles on Worldline’s share price, demonstrate that AML compliance must be a priority for PSPs operating in the region.
