.svg)
A new Lithuanian government report has identified payments and e-money institutions and virtual asset service providers (VASPs) as the business sectors facing the highest risk of money laundering and terrorist financing (ML/TF).
The government’s third National Money Laundering and Terrorist Financing Risk Assessment (NRA), covering the years 2019-22, indicates that supervisory bodies should prioritise monitoring and regulatory efforts on VASPs and e-money and payment institutions, which have a “very high” risk level.
The NRA says that these entities are exposed for several reasons, including the ease of client anonymity, low monitoring of transaction chains and the vast cross-border payment network, which often hampers tracking efforts.
Reacting to the NRA, the Bank of Lithuania, which oversees these sectors, made clear that it is aware of the risks, and that it has it under control.
“As the supervisory authority of one of the European fintech centres, we pay a lot of attention to proper risk assessment and management,” said Simonas Krėpšta, a member of the board of the Bank of Lithuania, in a press statement.
Krėpšta said that the central bank is also “seeing positive developments”.
“We invest heavily in market consulting, and entities that manage risks poorly are identified and such activities are not tolerated.”
Competition and broad geographical coverage
According to the NRA, one reason for the weaknesses in the payments and e-money space is that its “intense competition” has resulted in firms taking on greater ML/TF risks by establishing business relationships with higher-risk clients and providing services across a wider geographical area, beyond the EU.
The NRA comes days after the Bank of Lithuania released data showing that payments and e-money institutions’ highest value transactions are being made to high-risk third countries, including Haiti, Chad, Myanmar and the Democratic Republic of the Congo.
The regulator warned that such countries have “extremely significant deficiencies in the prevention of money laundering and terrorist financing, which provide the opportunity to exploit the sector for illegal purposes”.
“Serving clients from different geographical zones requires sector participants to align their risk management strategies to match the specifics of each region,” the NRA says, adding that this “necessitates additional resources and more complex processes to effectively manage risk and prevent clients from engaging in illegal activities” through e-money and payment accounts.
This makes the sector particularly attractive not only to individual criminals but also to organised criminal groups from Lithuania or foreign countries, the NRA suggests.
The sector's risk is elevated by its large non-resident client base, including businesses conducting substantial transactions.
This risk is exacerbated by complex management structures and remote identity verification processes, which criminals can exploit using forged documents to bypass checks.
Payments and e-money institutions’ geographical stretch has also resulted in higher TF vulnerabilities, the NRA reveals.
For example, transactions are often labelled in foreign languages, complicating detection, and limited information on beneficial owners is hindering effective sanctions monitoring.
Although sector participants conduct know your customer (KYC) checks and monitor client transactions, these measures often fall short in detecting terrorist financing activities.
This is because they are not always tailored to the risk profile of the client base, and some companies lack specific controls in this area.
Lack of experience
The NRA data also reveals a shortage of anti-money laundering/counter-terrorism financing (AML/CTF) staff in Lithuania’s financial sector, which it says is a key vulnerability.
On average, institutions in the sector have 6.6 AML/CTF employees with around five years of experience, although some did not disclose this information. E-money institutions employ 8.8 AML/CTF staff on average, compared with 2.8 for payment institutions.
With 59 percent of e-money institutions and 80 percent of payment institutions having just one to five staff members dedicated to AML/CTF for 3.3m active clients, the sector faces a shortage that could impair effective monitoring and reporting of suspicious activities.
In addition, overlapping job roles in some institutions risk conflicts of interest, further weakening AML/CTF measures.
Crypto’s problems
As well as payments and e-money, the burgeoning crypto sector and the global nature of virtual currencies and crypto-assets present significant challenges for law enforcement, the NRA says.
For example, these assets enable anonymity and are widely used on platforms such as the dark web for illegal transactions.
Unregulated exchanges, anonymous wallets and privacy tools such as virtual private networks (VPNs) make tracking difficult, allowing criminals to evade controls and facilitating ML/TF activities.
The sector's accessibility, combined with its low monitoring thresholds, attracts illicit users who conduct cross-border transactions quickly and anonymously.
The NRA also warns that the rapid growth and diversity of service providers further complicate effective implementation of ML/TF controls, heightening the sector's risk profile.
This comes at the same time as a lack of compliance awareness from the sector.
According to the NRA, the sector's “awareness regarding money laundering prevention measures and supervision is considered inadequate”.
“It has been noted that some crypto-asset service providers have submitted inaccurate contact information to the Financial Crime Investigation Service, which has impeded the supervisory authority's ability to contact them,” the report reveals.
Some respondents to the NRA could not specify the measures used for sanctions implementation and were unaware of specific provisions of Lithuania’s financial crime regulation.
“This indicates that staff competence is insufficient to ensure effective and continuous identification, assessment, and management of ML/TF risks,” the NRA says.
What next?
In his press statement, the Bank of Lithuania’s Krėpšta said that “a new challenge awaits next year — the licensing and supervision of the crypto-asset market, for which we are intensively preparing”.
The senior official’s wording shows that the central bank is ready and waiting to impose stricter oversight on crypto firms with the Markets in Crypto Assets (MiCA) regulation, which could see it outlaw some of the bad actors currently in the system.
It will also likely mean that crypto firms will be required to sharpen their attention to detail when it comes to issues such as ML/TF compliance.
The Bank of Lithuania may tighten licensing conditions for crypto, e-money and payment institutions as a result of the NRA’s findings, meaning even more scrutiny being placed on firms than was already the case.
New entrants may face more rigorous assessments, including background checks, operational transparency and client verification capabilities.
The NRA shows that the Lithuanian government is still very much in a love-hate relationship with its new reputation as the fintech hub of the EU.
Although the fintech sector undoubtedly brings jobs and spurs growth in the Baltic state, the country has also become more exposed to financial crime risks due to a lack of experience among compliance professionals and various questionable clients still getting through onboarding, despite the central bank’s continued drive for better standards.
