What does the law say?
The European framework regarding anti-money laundering and terrorist financing (AML/TF) is set by a series of anti-money laundering directives. These are regularly updated to reflect changes in the field and recommendations such as those by the Financial Action Task Force (FATF). The main text is currently the Fourth Anti-Money Laundering Directive (AMLD4), adopted in 2015.
Article 12 AMLD4 provides an exception to the principal obligation to conduct customer due diligence (CDD). Member States may allow obliged entities not to conduct CDD under the following conditions:
Member States may increase the EUR 250 limit to EUR 500 for payment instruments that can be used only in that Member State. Important to note is that this exception does not apply in the case of redemption in cash or cash withdrawal of the monetary value of the electronic money where the amount redeemed exceeds EUR 100.
As noted in the introduction, a Fifth Anti-Money Laundering Directive (AMLD5) was adopted in 2018. This directive makes a number of changes to AMLD4. For instance, it adds a number of new obliged entities to the existing money laundering legislation, including the exchange services and wallet providers for virtual currencies. AMLD5 also limits the possibilities for anonymous prepaid cards and gives financial intelligence units wider access to information through closer cooperation between Member States. Relations with high-risk third countries are subject to harmonized rules for enhanced customer due diligence. The register of beneficial owners and access to it is being expanded, mainly with regard to trusts and similar arrangements.
Specifically with regard to prepaid cards, AMLD5 lowers the EUR 250 limit to EUR 150. For cash redemption and withdrawals, the limit is lowered from EUR 100 to EUR 50. This EUR 50 limit now also applies to remote payment transactions where the amount paid exceeds EUR 50 per transaction. Member States may no longer increase these limits for national instruments. Member States must furthermore ensure that credit institutions and financial institutions acting as acquirers only accept payments carried out with anonymous prepaid cards issued in third countries where such cards meet requirements equivalent to those set out here. Member States may also decide not to accept on their territory payments carried out by using anonymous prepaid cards.
In the recitals to AMLD5, the European legislator justifies these changes by confirming that prepaid cards have legitimate uses and constitute an instrument contributing to social and financial inclusion. Nevertheless, they could be easily used in financing terrorist attacks and logistics. To curb such use, the legislator found it essential to reduce the limits under which no CDD would be necessary. It therefore not prohibits the use of prepaid cards, but only limits the threshold for their anonymous use. Furthermore, cards issued outside of the EU should comply with equivalent requirements.
So what does this mean in practice?
For obliged entities, it means that whenever a customer wants to pay using an e-money prepaid card – even when paying remotely – obliged entities will more likely than before have to conduct CDD. This is due to the lower limits, the inclusion of remote payments, and the abolishment of the derogation for national payment options. Additionally, it should be noted that Member States may even impose lower thresholds. More CDD of course means more administrative work for obliged entities. For instance, they will have to conduct more KYC assessments and deal with the increased burden of identity verifications required under it. Moreover, appropriate actions must be taken in response of the customer’s risk profile.
Furthermore, obliged entities will have to take specific care when accepting e-money prepaid cards issued outside of the EU. Either they must confirm that the issuing country imposes equivalent AML/TF legislation, or they have to refuse the card. This will likely require a few changes in their processes, as it may not always initially be clear where a card was issued. This problem could be countered by only accepting specific types of prepaid cards only issued within Europe, but that of course comes at the cost of limiting payment options for non-EU customers. It is therefore up to obliged entities to assess their customer base and make the appropriate decision on how to move forward with this.
For customers, the increased application of CDD when using e-money prepaid cards of course means less anonymity. That is because, as noted, any CDD will inevitably entail a KYC assessment. While with cash payments anonymity was fairly default, anonymous electronic payments are increasingly becoming a rarity.
While prepaid card fraud is indeed a significant problem worldwide, the AMLD4’s limits already greatly reduced the potential scope of such fraud in the EU. The even tighter limits under AMLD5 will of course reduce this a bit further, but also comes at the cost of increased compliance burdens on obliged entities and lesser anonymity for customers.
About Niels Vandezande
Niels Vandezande is specialised in fintech law, in particular virtual currencies, electronic payments, and blockchain. Niels also has extensive experience in privacy and data protection law (GDPR), security and trust services, identity management, digital archiving, e-government, ecommerce, e-health, and public information availability and re-use.
About Timelex
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now