The violations – described as severe by FI – include a failure to identify customers of the company as required under Sweden’s Anti-Money Laundering Act, because it did not classify end-users as customers.
These consumers were likely classified by Trustly as customers of its operator clients.
“A key issue for the supervisory case has been Trustly Europe’s updated interpretation of the regulatory framework that end users, i.e. consumers who pay with Trustly’s service, should not be treated as customers of the company, but as customers of the merchants to whom the company’s services are provided,” said Trustly in response to the ruling.
“The end users who pay with Trustly have already undergone the usual customer due diligence measures carried out by their respective banks.”
This meant the provider failed to include a large portion of its customers, as defined by the FI, in measures to prevent money laundering and terrorist financing.
Gambling is one industry associated with a high risk of money laundering and terrorist financing according to FI, which noted that more than half of Trustly’s total transaction volume was derived from the gambling sector during the investigation period.
“Trustly’s role in the payment chain between the gambling industry and a large number of banks makes it possible for the company to see flows that are not available to other market participants,” said FI director general Erik Thedéen.
“A company that has chosen fast and simple as its business concept in the gambling industry needs to be very thorough in its work to prevent money laundering. We have identified in our investigation that this has not been the case,” he added.
The regulator ruled there had been considerable risk of Trustly and the financial system being used for for money laundering and terrorist financing and therefore imposed an administrative fine of SEK130m and issued a warning, before instructing Trustly to address the deficiencies.FI suggested some of the breaches were enough to consider withdrawing Trustly’s authorisation in Sweden, but that its pledge to address the deficiencies and comply with the regulations in future meant that a warning and a fine were sufficient in this scenario.
Trustly said it has already started to adapt its services to meet the FI’s previous interpretation of who should be treated as a customer in Europe.
Johan Tjärnberg, CEO of Trustly, said it was good to finally have clarity over who the FI believes should be treated as a customer.
“Trustly will always strive to fully comply with both the applicable regulatory framework and our own high standards, and takes the FI’s decision very seriously,” he said. “In November 2021, we started to adapt our services based on the preliminary assessment from the FI regarding the end-user issue.
“We also deeply value our relationships with merchants, banks and other stakeholders and will continue to engage in an active dialogue with several of them to further explain our undertaken and planned actions in the fight against money laundering and terrorist financing, and how we ensure that Trustly remains the most trusted and secure platform for digital account-to-account transactions,” he added.
Trustly offers a frictionless payment technology solution to four main sectors, including iGaming, e-commerce, travel and financial services.
It was founded in 2008 and boasts more than 6,000 connected banks, 8,000 connected merchants and consumer reach in excess of 525 million.
Its iGaming-specific solutions include instant deposits, instant withdrawals, KYC verification and Pay N Play functionality, which is popular in the Nordics and lets consumers play instantly on their preferred brands by combining the deposit and registration process.
Trustly counts FanDuel, DraftKings, Kindred Group and LeoVegas among its gambling industry clients.
Last year, Trustly was forced to postpone a $9bn stock market listing after Swedish regulators raised concerns about its lack of due diligence on end customers.
Commenting on the FI enforcement action, Trustly said it has since strengthened the organisation in several ways to enhance the company’s procedures for risk management and compliance.
It has established a new function called AML Governance and has also appointed Josefin Lindstrand as a board member and chair of the group’s Global Risk Committee, as well as Rob Thacker as compliance and risk officer and Johanna Vikström as head of compliance for Europe.