In 2022 Transactive Systems UAB was second among Lithuanian electronic money and payment institutions in terms of annual turnover (€13.1 billion), with operating income amounting to almost €4mn.

In revoking its electronic money authorisation, the Bank of Lithuania said that the following “main violations and deficiencies were identified” at the regulated #fintech firm Transactive Systems UAB:
 

• failed to properly identify clients, their representatives and beneficiaries;
• did not ensure adequate monitoring of business relations and operations*;
• in opening virtual accounts for its clients, Transactive Systems UAB enabled the opening of anonymous accounts;
• had absolutely no control measures for identifying cases of terrorist financing;
• failed to ensure proper implementation of international financial sanctions restrictive measures, and its monitoring and verification systems were ineffective;
• did not identify suspicious customer transactions and did not report them to the Financial Crimes Investigation Service;
• failed to ensure that the internal control function responsible for the organisation of money laundering and the prevention of terrorist financing was independent and a conflict of interest was avoided; and
• provided incorrect, incomplete and inaccurate information to the Bank of Lithuania.

* including that institution's immediate and retrospective monitoring of transactions was ineffective, the selected monitoring model did not correspond to the volume of processed transactions, suspicious transactions were not reviewed and properly analysed.

* measures aimed at determining whether the client's funds and assets were not obtained directly or indirectly from a criminal act or by participating in such an act were of poor quality and insufficient.
 

If these are a description of the ‘main violations and deficiencies’ identified, what else was going on?  

Over the past few weeks at events like ACAMS (ACAMSAssembly ACAMSEurope) Joby Carpenter Craig Timm Natasha Powell Shelley Schachter-Cahm and I discussed the situation of fintech and financial crime controls.
 
Many others and I had great discussions about good fintech companies having their reputations impinged by a few bad fintech actors both big (yes some fintech banks who know who they are and some from China who know who they are) and small (some from the east side of the EU bloc, Israel and disturbingly some regulated fintech firms from the UK who also know who they are) whose mentality is that an authorisation is akin to a driver's licence exam. They also often say if country A doesn't jump to our demands, then we will go to country B and will whine to your ministers and FDI agencies.

While it is good to see such decisive regulatory action here, the question has to be asked "How did Transactive Systems UAB get through what is supposed to be a thorough and rigorous common EU approach to regulatory authorisation by national competent authorities (NCAs) in the first place?"

​Particularly given the lengths that many EU authorities go to verifying the existence, performance and execution of the #financialcrime business wide risk assessments, the  risk registers, the risk appetite statements, #moneylaundering policies and procedures under EBA Guideline 14 and the vetting of managers, owners and directors of #blockchain emoney and #blockchain payments. Did this company say one thing, and then do the polar opposite? Did the regular trust but not verify?

Interestingly, back in January 2023, the Bank of Lithuania restricted the activities of the company by instructions:
 

• not to establish business relations with new clients and not to provide services to existing clients who provide financial services (including brokerage, investment ( Forex , CDF), money transfers, issuance of electronic money), as well as for customers whose activities are related to virtual currencies (including operators of virtual currency exchanges, operators of depository virtual currency wallets, exchange of virtual assets, loans with virtual assets).
• not to provide a payment account service when the conditions are created for the use of such a payment account by third parties whose identity has not been determined in accordance with the Law on the Prevention of Money Laundering and Terrorist Financing.
• not to provide a payment account service when the conditions are created for the use of such a payment account by third parties whose identity has not been determined in accordance with the Law on the Prevention of Money Laundering and Terrorist Financing

The news cannot but help take us to:
 

1. discussions of regulatory arbitrage between EU NCAs and consistency in approach by the European Banking Authority’s to ensure a level playing field for NCAs.
2. if the Lithuanian regulator is identifying and responding in a hard manner (the revocation, not the fine), are other regulators in the EU doing their bit too across ALL INDUSTRIES whether a bank, emoney, insurer etc.
3. would further examples like this lead to direct rule by ESAs if there is regulatory arbitrage and indeed greater powers for AMLA?
4. should penalties be higher and should there be higher Fitness & Probity standards harmonised across the EU?

​Well run regulated fintech must be getting depressed. Banks will jump on this example as evidence that fintechs cannot be trusted to adhere AML, sanction and financial crime laws properly and some regulators might do so too, recalibrating their supervisory engagement models. Those going through authorisation will find it tougher to satisfy their future regulator compared to others who went through the process a few years ago.
 
Another telling issue in this case is the fact the Bank of Lithuania says that it “has received many complaints and inquiries from individuals and legal entities of various European Union countries and financial market supervisory authorities regarding possible fraud related to clients of Transactive Systems UAB or accounts opened there. Although the Bank of Lithuania has repeatedly drawn the institution's attention to the importance of money laundering and terrorist financing risk management and fraud prevention, gross and systematic violations of the legal acts regulating the prevention of money laundering and terrorist financing were identified during the inspection.”  This comes across really weak.

​Separately, getting really tired of hearing from people who should know better saying that "I will not apply to country A for my authorisation (recommend my client not to do so) because I hear it is easier and faster at country B".  While I am not saying that country B is Lithuania, it is news that one would have to share as a both a positive and negative when asked "Peter what are the best 3-5 EU member states you would suggest for a fintech authorisation and why?" It's a question I am asked every month.  And you know what, the answer is ‘It depends – on your business model, access to banking services, access to talent and reputation of the regulator’ to name but a few points. 

​Contact Peter Oakes at the details here or via Linkedin if you want to know more about how I help fintech businesses get authorised in Europe and the UK and my non-executive director services to regulated fintech, MiFID and banks.

Links to sources:
1) Bank of Lithuania Announcement of 2 June 2023
2) Previous restriction imposed on Transactive Systems UAB on 20 January 2023
​3) Linkedin Post HERE

The Financial Times reported that "EU policymakers round on Lithuania for lax fintech oversight​" (18 May 2021).

In response Lithuania’s central bank insisted it was not “asleep at the wheel” over its regulation of a local fintech, that prosecutors suspect was used to steal more than €100m from Wirecard before it collapsed, and called for greater global sharing of information on financial crime among supervisors.

On 19 May, the Financial Times wrote "Lithuanian central bank rebuffs Wirecard criticism" (19 May 2021).

​Read more at FintechLithuania.com 

If you use all or any part of this blog, please ensure you cite and credit CompliReg and Peter Oakes in your re-use of this blog.


Another electronic money institution (EMI) fined and sanctioned in Lithuania for anti-money laundering regulatory requirements and in this case also for an equity capital requirement failure. 
 
While the case is worth noting for both aspects, it is particularly so because across Europe, following the collapse of Wirecard, there will be continuing heightened awareness of both safeguarding and capitalisation of regulated EMIs and payment institutions (PIs). The case also makes known that the BoL is conducting targeted inspections of EMIs across a range of themes.
 
In our previous blog, 2 June 2020, on the Lithuanian Central Bank (Bank of Lithuania / BoL) giving banks guidelines on opening accounts for electronic money institutions (EMIs) and payment institutions (PIs) Peter Oakes noted recent examples of fines against EMIs/PIs including failures to comply with requirements for: (i) anti-money laundering; (ii) safeguarding of customer funds; and (iii) segregation of customer funds and; execution of payment transactions. 
 
The Bank of Lithuania, which supervises 71 EMIs - which is the largest number of EMIs supervised by an EU financial regulator national competent authority* - has announced that it has taken regulatory action against Via Payments UAB for both:
 
(1) violations of the requirements for prevention of money laundering and terrorist financing (sanctioned with a fine of €120,000 and publicity); and
(2) failure to meet the equity capital requirement (sanctioned with publicity only).
 
Via Payments UAB holds an electronic money institution licence, issued on 10 October 2017.

As you will see from the graphic below, in addition to BoL supervising 71 EMIs we also learn that Q1 2020 income from EMI and payment services amounted to €17.3 million.

Keep reading below for the background to the facts of the Via Payments UAB enforcement action. 

(1) Background to the money laundering law violations:

The regulatory actions were taken on foot of a "targeted inspection of the electronic money institution Via Payments UAB". During the course of the inspection, the Supervision Service of the BoL identified breaches of the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing. In addition to a fine of €120,000, the BoL obligated Via Payments to remedy the deficiencies.

BoL says that Via Payments has confirmed that all deficiencies have been remediated.
 
With respect to the money laundering violations, the inspection revealed that:

• customer risk assessment procedures applied by the institution did not allow for the ensuring of proper allocation of customers into risk groups.
• customer’s beneficiary’s information was not, in all cases, checked against reliable and independent sources.
• information about the purpose and nature of the customer’s business relationship was not received.
• there were shortcomings in procedures to determine whether the customer was a politically exposed person.
• Via Payments did not take the appropriate measures to identify the source of the funds of high-risk customers.
• there were deficiencies found in the mandatory ongoing monitoring of business relationships and transactions.

 
BoL imposed a fine of €120,000 on Via Payments UAB.  As part of its mitigation Via Payments informed the BoL’s Supervision Service that it had already taken measures to strengthen its AML compliance by increasing the number of specialists and improving technological solutions.
 
 (2) background to the equity capital requirement failure
​
This regulatory failure came to the attention of the BoL through a separate analysis of the activities of EMIs.  Here the Supervision Service of the BoL recorded that Via Payments violated legal acts because as at 31 March 2020 the company “failed to meet the equity capital requirement”.  The BoL appears to have place a lot of reliance on the institution having “eliminated the indicated shortcomings without further delay, no interests of their clients have been violated” and therefore BoL “decided to impose a mild enforcement measure by making these infringements public”.
 
 
* Note that notwithstanding that the UK is in a post-Brexit transition period, it left the European Union on 31 January 2020.  Accordingly, Lithuania although it may have fewer EMIs than the UK, it records the largest number of EMIs in the European Union.
 
Sources:

• https://www.lb.lt/en/news/view_item/id.11484
• https://complireg.com/blogs--insights/lithuanian-central-bank-gives-banks-guidelines-on-opening-accounts-for-electronic-money-and-payment-institutions-some-examples-of-fines-against-emoneypayments-firms

 
This blog written by Peter Oakes.  Peter  advises on Lithuanian EMI/PI issues and advised on the authorisation of one Lithuania's first special bank authorisations.  If you require a licence to operate in Lithuania, Ireland, Cyprus, Malta or the UK, see our Authorisation Page.  We have a great network of experts in each country too, from lawyers, to accountants to technical experts. And get in contact if you have a question about this blog.