Statement on inspection in MobilePay A / S (money laundering area)
On 28 and 29 October 2021, the Danish Financial Supervisory Authority inspected MobilePay A / S. The inspection was an investigation of the money laundering area.
The Danish FSA focused in particular on the company’s technical solutions, how transactions made by customers are processed in the company’s IT system and the interaction with the customers’ bank. The Danish FSA focused, based on a risk-based approach, in addition on the connection between the company’s relationship with the customer and the underlying customer relationship in the customer’s bank, the company’s risk assessment, money laundering policies and procedures, customer due diligence, customer monitoring and reporting. the company’s internal controls.
Risk assessment and summary
MobilePay is a Danish provider of payment services, which primarily runs a business through a mobile application that is available on several platforms. MobilePay has more than 6 million customers, of which approx. 4 million customers in Denmark, primarily private customers. The company also has a number of business customers, who are mainly small self-employed traders, who use the company’s products to receive payments.
The Danish Financial Supervisory Authority assesses that the company’s inherent risk of being used for money laundering or terrorist financing is normal to high. The Danish FSA’s assessment is i.a. based on the fact that the company has a very high number of customers and transactions, and that the company’s product (quick and easy execution of payments) can be used to transfer money for illegitimate purposes, including illegal collections.
Based on the inspection, there are a number of areas that give rise to supervisory reactions.
The Danish Financial Supervisory Authority has ordered the company to check its customers’ identity information on the basis of documents, data or information obtained from a reliable and independent source, which means that in future the company may not onboard customers solely by identifying the customer via their CPR number.
The Danish FSA has also ordered the company to obtain information on all real owners of association customers, where the company has assessed that there is an increased risk of money laundering or terrorist financing in the customer relationship.
The Danish Financial Supervisory Authority has reprimanded that for a period in 2021 the company did not immediately notify the Money Laundering Secretariat, even though the company was aware of, suspected or had reasonable grounds to believe that a transaction, funds or activity was related to money laundering or terrorist financing. .
Finally, the Danish Financial Supervisory Authority has ordered the company to ensure that it has sufficient internal controls to ensure that the company complies with the notification obligation in the Money Laundering Act.