Print Article

EBA says Payments Institutions do not Manage ML/TF Effectively


The European Banking Authority (EBA)  published its Report [Date 16/06/2023] on money laundering and terrorist financing (ML/TF) risks associated with EU payment institutions.

Its findings suggest that ML/TF risks in the sector may not be assessed and managed effectively by institutions and their supervisors.

In 2022, the EBA assessed the scale and nature of ML/TF risk in the payment institutions sector. It considered how payment institutions identify and manage ML/TF risks and what supervisors do to mitigate those risks when considering an application for the authorisation of a payment institution and during the life of a payment institution.

The EBA's findings suggest that institutions generally do not adequately manage ML/TF risk.

AML/CFT internal controls in payment institutions are often insufficient to prevent ML/TF, despite the high inherent ML/TF risk to which the sector is exposed.

The EBA's findings also suggest that not all competent authorities do enough to supervise the sector effectively.

As a result, payment institutions with weak AML/CFT controls can operate in the EU, for example, by establishing themselves in Member States where authorisation and AML/CFT supervision processes are less stringent to passport their activities cross-border afterwards.

Failure to manage ML/TF risks in the payment institutions sector can impact the integrity of the EU's financial system. The EBA's work on access to financial services further suggests that failure to address those risks will also undermine efforts to improve access by payment institutions to payment accounts.

Several of these findings relate to issues addressed in EBA Guidelines. A more robust implementation by supervisors and institutions of provisions in these guidelines will mitigate the sector's exposure to ML/TF risks.

Legal basis and background

Article 9a(5) of Regulation (EU) 1095/2010 ('EBA founding regulation') mandates the EBA to perform risk assessments on significant ML/TF risks affecting the EU's financial sector.

The EBA drew on several sources to inform this risk assessment. These include the findings of the EBA peer review on the authorisation of payment institutions under PSD2, data extracted from the EBA's AML/CFT database, EuReCA (available here), questionnaire responses, bilateral interviews with selected EU supervisors, national and supervisory assessments of ML/TF risks in the sector, and any other information available to EBA through its work on ML/TF risks and supervision.

The findings of this risk assessment will feed into the EBA's bi-annual ML/TF risk assessment exercise under Article 6(5) of Directive (EU) 2015/849.

In line with its legal duty to lead, coordinate and monitor the AML/CFT efforts of all EU financial services providers and supervisors, the EBA remains committed to holistically tackling ML/TF risks across all economic sectors within its remit.


Report on ML TF risks associated with payment institutions


Anti-Money Laundering and Countering the Financing of Terrorism


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email