Under PSD2, payment services providers across the EU are required to provide statistical data on fraud to their respective competent authority.
In the UK, relevant firms are required to collect and submit data on the volume and value of all payment transactions, as well as the volume and value of fraudulent transactions, and provide this to the FCA through Gabriel using the REP017 report; this information is in turn aggregated and shared with the European Banking Authority and the European Central Bank.
Back in January, we released a blog to provide an overview of the FCA’s interim REP017 report to cover the reporting period between 13 January to 31 December 2018. However, since then, the FCA has released an updated and much expanded REP017 report (with most PSPs being switched to a bi-annual reporting period).
As with our last one, this blog aims to give a high-level overview of who REP017 applies to, what transactions it captures and how the data on fraudulent transactions need to be categorised; we will also detail the key changes in approach since then.
Broken down to its most basic level, an audit is a method by which firms seek an external opinion on their policies, procedures, systems and controls. Rather than an exercise in detecting shortcomings and failures, the process of a compliance audit should be viewed as a means of testing an AML/CTF framework to identify opportunities to undertake enhancements as well as highlighting any issues. In essence, the intention is to provide assurance that the firm is operating in an compliant manner within its own specific regulatory framework.
For the first time, the US Office of Foreign Assets Control (OFAC) has reached out to provide guidance to firms on creating and maintaining an effective sanctions risk mitigation framework. The guidance is primarily based on the essential criteria which OFAC regards as the tools necessary for firms to achieve their business aims, whilst also mitigating the inherent sanctions risks facing them.
Last month Standard Chartered bank agreed to pay a $1.1 billion for both Anti-Money Laundering and Sanctions violations. This blog is an overview of the bank’s failures in relation to both cross-border violations and what they mean for firms.
Last year saw an unwelcome re-emergence of the so-called ‘laundromat’ scandal; the term, which harks back to the dry-cleaning establishments into which Al Capone and the Chicago mob funnelled their ill-gotten gains, was popularly attributed to a large-scale criminal money laundering scheme (uncovered in 2014) in which $20.8bn was laundered out of Russia through 96 countries and, more recently, to the rapidly developing scandal involving Danske Bank and its Estonian subsidiaries.
Whether you call them cryptocurrencies, cryptoassets or virtual assets, these tokens and their underlying technology, Distributed Ledger Technology (DLT), remain at the forefront of regulators thoughts, often operating in an unregulated or semi-regulated world which sits somewhere between a land of opportunity and the wild wild west.