In a remarkable move, the FCA has effectively shut down a payments firm after identifying what it described as serious weaknesses in its financial crime controls, safeguarding arrangements, and governance.
On 4 June, the regulator ordered Euro Exchange Securities UK Limited (EES) to stop carrying out any regulated electronic money or payment services. At the same time, the FCA successfully applied to the court for the appointment of interim managers to take control of the firm’s affairs while legal proceedings continue.
For businesses operating in the payments and e-money sector, the case serves as a reminder that regulators increasingly expect firms to demonstrate that their compliance frameworks remain effective and operational on an ongoing basis, not just during the licensing process.
What happened?
According to the FCA, its intervention was driven by concerns that the way EES operated created significant financial crime risks.
The regulator pointed to “systemic weaknesses” in the firm’s financial crime framework, alongside deficiencies in safeguarding arrangements and concerns relating to ownership and governance. The FCA warned that these issues could have affected both consumers and the integrity of the wider financial system.
As a result, the court appointed interim managers to oversee the business while the matter is considered further. The FCA has also reportedly sought recognition of the proceedings in the US, reflecting the international nature of the business and the regulator’s concerns about activities extending beyond the UK.
Why was the FCA so concerned?
For the FCA, the high-risk nature of some of EES’s customers suggested there may have been widespread breaches of AML requirements. Filings in a US federal court also referenced concerns that entities within the company’s network, as well as some clients, may have been linked to money laundering or failures to prevent it.
Significantly, the FCA has not accused the firm itself of laundering money. Instead, its intervention appears to stem from concerns that EES’s control environment may have been insufficient to identify, assess and manage the risks associated with its customer base and business activities.
Financial crime enforcement is increasingly focused not only on whether criminal activity occurred, but also on whether firms had adequate systems and controls in place to prevent it.
A payments business under scrutiny
The case is noteworthy because EES is not a new company. It was founded in 2007 and obtained FCA authorisation as an Electronic Money Institution in 2018. It later joined the European Payments Council, became a principal member of Mastercard, and reportedly hit a turnover of $1 billion in 2022.
This is an established payments business with significant international operations and industry credentials. The FCA’s intervention demonstrates that size, growth and commercial success offer little protection when regulators believe financial crime controls are inadequate.
The real compliance lesson?
For firms in the payments and e-money sector, the most significant aspect of this case is the nature of the failings that prompted it. The FCA highlighted weaknesses across three interconnected areas: financial crime controls, safeguarding arrangements, and governance.
Financial crime frameworks are expected to identify high-risk customers, monitor transactions effectively, conduct ongoing due diligence and escalate concerns where needed. Weaknesses in any of these areas can expose firms to money laundering, sanctions breaches, fraud and other criminal activity.
Safeguarding arrangements are critical in the e-money sector because they are designed to protect customer funds if a firm encounters financial difficulties. Failures in safeguarding can quickly become consumer protection issues.
Governance failures often sit behind both problems. Boards and senior management are expected to understand the risks their businesses face, allocate resources appropriately and ensure that compliance functions are effective. When governance breaks down, control failures usually follow.
A regulatory trend?
The action against EES is not occurring in isolation. Over the past year, the FCA has repeatedly demonstrated its willingness to take real action where it believes firms have failed to manage financial crime risks adequately. Recent enforcement activity has included significant penalties against major financial institutions for control failures and action targeting suspected money laundering activity in the cryptocurrency sector.
Firms can not just rely on compliance policies. They must be able to show that those policies are working effectively.
The big takeaway
The EES case highlights a reality that many regulated firms sometimes underestimate. FCA authorisation is not a one-time achievement that guarantees ongoing regulatory confidence.
Authorisation creates a continuing obligation to maintain effective systems and controls, robust governance and strong financial crime defences. As firms grow, enter new markets, onboard higher-risk customers or expand their services, their compliance frameworks must evolve at the same pace.
The FCA’s intervention against EES demonstrates just how quickly regulatory concerns can escalate when a firm is perceived to have fallen short of those expectations.
