THE KINGDOM OF BAHRAIN’S NATIONAL RISK ASSESSMENT 2025

33 Ancillary Service Providers and Payment Service Providers Introduction 135. The Kingdom of Bahrain has financial institutions categorized as Ancillary Service Providers (ASPs), with the sector being dominated by only a few major players. This represents only a small share of the financial sector in the Kingdom, with a relatively minimal amount of funds flowing through such institutions. 136. ASPs and Payment Service Providers (PSPs) both operate under the same ASP type issued by the CBB. However, they have distinct business activities. 137. ASPs are institutions that provide services complementary to the financial sector but are not directly involved in transferring funds. ASPs provide services such as third-party administration, compliance services, data-processing services, or a local service or management office. 138. Payment Service Providers are institutions that facilitate the transfer of funds between parties including customers, business, and banks. These institutions enable businesses to accept a wide range of payment methods including credit cards, debit cards, digital wallets and bank transfers. 139. PSPs provide financial services such as managing client money accounts for cash deposits, withdrawals and related operations. PSPs also integrate customer delivery channels (e.g. ATMs, POS, mobile) to facilitate transactions and interface with external networks (e.g. Benefit Company, VISA, Mastercard) for seamless transactions exchange. 140. Clients of PSPs are primarily corporates/organizations which include government agencies, licensed banks, and telecommunication companies. Some of the services provided by PSPs include, for example, payment processing for banks, bill-based businesses and government agencies. In this context, the KYC measures are conducted on customers for whom the PSPs collect payments on their behalf (i.e. telecommunication companies). 141. Overall, given the business nature, level of risk exposure, and robust measures in place, the payment service providers are identified as having a relatively lower risk of exploitation for money laundering than other financial sectors. Overall Risks 142. ASPs operating in Bahrain are required to implement CDD and EDD requirements as outlined in the FC Module of Volume 5 of the CBB Rulebook. In addition, Payment Service Providers must implement risk-based transaction monitoring systems to identify unusual or abnormal customer activity. 143. The CBB adopts a risk-based approach to supervision, prioritizing resources based on the risk profile of licensees and sector type. During the past four years, the CBB has conducted several risk- based examinations on ASPs. 144. Given the ML threats faced by the sector, its vulnerabilities and the strengths of its controls, the sector’s overall ML risk is classified as medium risk.