Key points of Law 10/2010 on the prevention of money laundering in payment institutions

Prevention of money laundering

The anti-money laundering risks that payment institutions may face in today’s world are one of the biggest challenges for these financial organisations. As technology has become increasingly advanced and accessible, so have the various forms of money laundering. Payment institutions are especially at risk due to their key role in the handling and transfer of funds.

This article will analyse the main anti-money laundering risks that payment institutions may face as well as the measures established by Organic Law 10/2010 of 28 April on the prevention of money laundering and terrorist financing to prevent such illegal practices.

Main risks and measures to mitigate them

One of the main risks is the lack of knowledge about the customer, especially when dealing with new customers. Thus, the Prevention of Money Laundering Act requires payment institutions to perform KYC (Know Your Customer) for each customer they contract. These legal obligations consist of measures for the verification of the identity of customers and the collection and verification of the necessary information, both personal and concerning their economic activity, to detect possible risks and thus ensure that funds are not being used for illicit activities.

Another risk is the lack of monitoring and early warning or suspicious activity reporting systems. Payment institutions should have systems in place to detect suspicious transactions and report them to the relevant authorities (in the case of Spain, SEPBLAC). These systems must be able to detect unusual patterns of transactions, such as large and repeated money transfers to countries with more lax money laundering vigilance, etc. The Law foresees this situation and establishes the obligation to update customer information on a regular basis. Proper monitoring of both customers and transactions entails the implementation of appropriate policies and procedures to identify, assess and manage the risk of all the factors surrounding the payment company and which may be potential threats. These policies and procedures should fit within internal control.

In this regard, it is important that payment institutions, like all other legally obliged parties, keep the documentation corresponding to the transactions they carry out with their customers and the information obtained from them for a period of ten years, facilitating, as mentioned above, their access to the competent authorities in the event of any investigation.

Lack of training and awareness among employees of payment institutions can also be a risk, as they need to be aware of anti-money laundering rules, as well as of the main indicators of suspicious transactions. Adequate and regular training helps employees to be aware of such risks in their daily work and to take the necessary measures to prevent these illicit activities. This is why the Law obliges institutions to conduct internal and continuous training for both their employees and their managers.

PaynoPain and Law 10/2010

PaynoPain, being a payment institution that deals with financial technology (FinTech), the risk increases, as the use of such cutting-edge payment methods entails per se a relative lack of regulation that can lead to greater threats.

This is why at PaynoPain, risk management controls and appropriate procedures that are adapted in each case to the needs of the client and the product, are taken to the extreme, in order to offer the most advanced technologies from a secure approach. PaynoPain has a Compliance team committed to the Money Laundering Prevention Act, which channels the possible risks by making use of all the aforementioned regulations, to turn the company into a safe space.