There is no uniform global approach to regulation of the Payment Sector and participants may be classified as different types of entities in different regulatory regimes. Some types of participants may be regulated as financial institutions in some jurisdictions but not in others. Operating within a global financial center, LFIs in the UAE may be exposed not just to participants licensed by the CBUAE, but also to those operating globally. This exposure can be direct (i.e., providing financial services directly to a participant), or indirect (e.g., when a customer initiates a withdrawal from his checking account using a foreign smartphone-based app that he has linked to that account).

The Payment Sector is becoming increasingly diverse, and payment processes more complex. The Payment Sector is no longer solely dominated by traditional financial institutions like banks and exchange houses, which also offer new and innovative methods using the internet or mobile phone technology. A variety of new types of Payment Sector participants, such as companies that offer internet-or smartphone-based payment applications and providers of prepaid cards and devices, are involved in a growing percentage of all payment transactions. These entities allow almost anyone to accept and originate payments using a wide variety of techniques and payment routes. Whenever a customer makes a purchase or pays a bill online, these new participants are likely to be involved. These entities may also be used outside commercial contexts, such as by crowdfunding platforms or charitable organizations.

Furthermore, as innovative technologies emerge and commerce and economic activity increasingly grows online, merchants and consumers are relying on a diverse array of New Payment Products and Services (NPPS). The FATF defines NPPS as “new and innovative payment products and services that offer an alternative to traditional financial services.” Examples of NPPS include prepaid cards, mobile payments, and internet-based payment services; these are neither exhaustive, nor exclusive as a provider of mobile money, for instance, may utilize prepaid cards or provide internet-based payment services. In contrast, payment methods such as credit cards and cheques, and bulk funds transfer systems such as national payment systems, would generally not qualify as NPPS. Because NPPS are so diverse, they do not share a single risk profile and pose money laundering and financing of terrorism (ML/FT) risks for financial institutions when they do not understand the operation or the vulnerabilities in the NPSS operational models. The provision of these NPPS is frequently implemented or facilitated by a group or network of different companies, some of them invisible to the consumer or even all the participants in the network, given the presence of multiple participants in the chain with whom not all participants will have a contractual relationship.

The vast majority of payment transactions carried out each year across the globe are legitimate. But the Payment Sector—and NPPS in particular—has characteristics that make it both attractive and vulnerable to illicit actors. As LFIs are increasingly exposed to new participants in this sector, they must remain alert to and understand the risks this exposure creates.

Section 2.1 below discusses the ML/FT risks of the Payment Sector with a focus on risks related to NPPS. It applies to financial institutions that are directly involved in the provision of such products and services, which includes both traditional LFIs and those that are solely engaged in providing payments. Section 2.2 discusses risks specific to LFIs that provide services to other Payment Sector participants.