Worldline - 2020 Universal Registration Document

D

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Ensuring business ethics within our value chain

As such, it takes into account the international AML/CTF related standards, the European legislative framework with, as core reference, the 4 th EU AML Directive (AMLD4 1 ) and subsequent amending 2 or supplementing rules as well as national AML/CTF laws and regulations. Effective AML/CFT regimes are essential for the protection and the integrity of markets and of the global financial framework. These regulations help mitigate the factors that facilitate financial abuse. Proper KYC/CDD (know your customer/customer due diligence) procedures are vital parts of every financial institution to be compliant with the regulatory framework and to reduce fraud and criminal activities within the payment sector. Worldline regulated entities subject to AML/KYC laws and regulation have a compliance function including an AMLO responsible for implementing regulatory requirements in terms of anti-money laundering. Likewise, AMLOs report directly to the member of the Board of Directors designated as senior responsible for ensuring compliance with the anti-money laundering law. Analysis of atypical operations and declaration of suspicions: Analysis of atypical operations: Atypical operations are the ● subject of internal reports also called SAR / STR; Declaration of suspicion: Internal reports determine ● whether to report transactions to the appropriate authorities; Disclosure prohibited: Internal procedures provide for ● non-disclosure of statements to data subjects. The PSD2 3 is an EU directive for the regulation of payment services and payment service providers, whose goals are to increase the security of payment transactions, to strengthen consumer protection, promote innovation and to increase competition in the market. Fund transfers. Worldline complies with the requirements of Regulation 2015/847 of May 20, 2015 on the information accompanying fund transfers. Sanctions and export control. Worldline strives not to process or engage in activity for a sanctioned individual, entity, organisation, country targeted and blocked by international and national sanctions. Worldline respects the legislation in this area and relies on specialised partners to ensure an adequate screening of customers and their transactions with regard to

international and national lists. The procedures foresee the reporting of information to the competent authorities if necessary. More and more social and ethical aspects have been implemented into the basic requirements of companies in the financial industry. Worldline strives to meet the highest standards in duty of vigilance regulation, Sapin II (anti-bribery and anti-corruption regulation) and modern slavery act where applicable. Worldline complies with these principles in all of its regulated countries and with the regulatory oversight regimes applicable in Belgium, Netherlands, Luxembourg and Latvia. Along with supervision by regulators in some countries, there is also an increase in requirements imposed on the suppliers of financial institutions, especially in the payments market. Worldline is fully compliant with all these additional requirements. For example, in Germany the BAFIN has released in October 2017 an update of the Main Risk requirements with more strict controls/requirements for outsourcing. Worldline’s Cyber-Security Strategy is based on the “Guidance on cyber-resilience for financial market infrastructures” (Bank for International Settlements, BIS-International Organisation of Security Commissions, IOSCO) and the “Framework for Improving Critical Infrastructure Cyber-Security” of the National Institute of Standards and Technology (NIST). Utilising these frameworks assures Worldline is continuously improving its resilience against cyber-attacks. As a Financial Market infrastructure, Worldline further ensures compliance with applicable laws, rules and regulations and customer expectations through key standardised certifications, such as ISO 27001 (Information Security), ISO 22301 (business continuity), ISO 9001 (Quality), PCI-DSS (Payment Card Processing) which support the Company’s ambition and, together with the ISAE 3402, provide this high level of assurance. Moreover, Worldline is working closely with the European Commission and the entire payment ecosystem to define and improve the payment value chain to reduce risks, facilitate competition and transparency while encouraging innovation and standardisation for the benefit of the consumer and the merchant. Eventually, regarding the total amount of monetary loses as a result of legal proceedings associated with anti-competitive behaviour regulations: Worldline did not disclose this information as being too sensitive.

1 Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (Text with EEA relevance) is also covered 2 .AMLD4 is amended (not repealed) by AMLD5: Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/ECan d 2013/36/EU (Text with EEA relevance). AMLD6: Directive (EU) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating money laundering by criminal law, brings a new definition of the underliying offenses leading to money laundering and reinforce the sanctions. 3 The content of PSD2 Directive is implemented inside the processes. In the Book of intern control (Blue Book), controls have been setup to cover it. Self-assessments and tests are executed annually to assess the risk. The results of the self-assessment and tests generate action plan to improve the processes.

176

Universal Registration Document 2020

Made with FlippingBook Ebook Creator