Discussing reporting obligations with our payments clients recently has revealed a lack of awareness of REP018, a report driven by the requirements of the second payment services directive (PSD2). PSD2 included Article 95(2), which requires payment services providers (PSPs) to report to the competent authority with an operational and security risk assessment. So, what is REP018 and why has it caught so many by surprise?
If you’ve been following the news over the past week or so you’ll no doubt be aware of the latest dossier on leaked information – titled the Paradise Papers – from the International Consortium of International Journalists (ICIJ).
Risk assessments have been a part of the EU Anti Money Laundering landscape for some time now and while 4MLD brought to the fore the need to have documented risk assessments, they are by no means a new concept.