EBIC believes some provisions are disproportionate and go beyond what is required in the regulation. EBIC also sees the need for some clarifications under this Chapter:
Paragraph 8 and 9
The terms used correspond neither to the EU Payment Services Directive nor to industry practice. Instead, it should be specified that “PSPs have to determine for each payment whether they act as the PSP of the payer, the PSP of the payee or as an intermediary PSP in order to meet the requirements of the FTR.
Paragraph 11 and 13
Checking related payments has been common practice since the entry into force of the first FTR. However, it is not clear why it seems now necessary to identify such payments over a period of six months. To illustrate this it means that approximately 100 billion yearly transactions that would have to be coordinated just in Europe. Also, EBIC would like to stress that it is extremely difficult to identify ‘linked transactions’ as generally transactions are monitored separately. It is important to stress that the FTR states that “for transfers of funds exceeding EUR 1 000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked” checking obligations apply. Defining a time frame seems to imply that to correctly perform an analysis of the linked transactions – all money transfers (irrespectively of the transferred sums) would have to be checked on potential links with other transactions over a longer period of time than under the first FTR. For a bank this would mean that all clients need to be identified (before each transfer and irrespectively of the transferred sum), in order to allow for a conclusive ex-post analysis of possibly linked transactions to take place and the data to be submitted. Such an obligation would be disproportionate and would seem to contradict Art. 2 paragraph 5 of the FTR. PSPs should continue to check for linked transactions as already required by the first FTR. We propose deleting a concrete time frame as we do not have any indication that the current practice is not effective and as the provision creates uncertainties.
Moreover, Article 2 of the Regulation sets out that the PSPs cannot benefit from exemptions from the Regulation when a payment card, an electronic money instrument or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics is used in order to make a person-to-person transfer of funds. In this respect EBIC would welcome more clarity on what kind of transactions should be considered as “person-to-person” transfers of funds."
EBIC agrees with the steps that intermediary PSPs and PSPs of the payee should take to detect transfers of funds with inadmissible characters or inputs. The Guidelines set out that these PSPs should ensure that its system:
• contains all the fields necessary to obtain the information required by Regulation 2015/847. (For SEPA and intra-Union transactions, this includes the account number or IBAN of the payer and the payee or a unique transaction identifier);
• automatically prevents the sending or receiving of payments should inadmissible characters or inputs be detected”.
Regarding the detection of missing information, EBIC would like to raise the point that meaningless or even obviously" meaningless information is not mentioned in Article 8 of Regulation 2015/847/EU. In addition, we consider that it is difficult to detect such kind of information because it is not technically possible to identify whether the information (letters, numbers, etc.) is meaningless or real – neither automatically nor manually.
Paragraphs 25 and 27
The risk assessment should focus solely on the existence and completeness of information. It is not appropriate to take account of the amount limits, as well as States or payment service providers with high "ML / TF risk". Furthermore, EBIC does not share the interpretation that high-risk transfers of funds should be monitored in real time in particular on the criterion of a certain (high) value and where the payer or the payee are based in a country associated with high ML/TF risk. In both situations, the possibility offered by the Regulation 2015/847/EU to choose between ex-post and real time monitoring should be maintained. Indeed, the assessment of whether or not the amount of a specific transaction is high depends on the business activity rather than on a general threshold applicable in all circumstances. Having in place such systems would imply triggering a substantial amount of real-time alerts which will be difficult or even impossible to process in real-time. In the end, such a system would be ineffective.
EBIC would welcome clear cut definitions of “random” and “targeted” sampling because of the serious impact on checking procedures.
EBIC considers that a deadline of three or five working days is too short, as several payment service providers can be involved in the payment chain. This is especially important in the light of increased requirements on intermediate PSPs and the administrative burden connected with requests for information on complex transactions. It should be at least seven days for Intra-Union or more for payment from outside the Union as defined in the CEBS/CEIOPS/CESR Common Understanding of October 2008 (paragraphs 23 and 24).
Reporting on a monthly basis appears to be excessive as it increases the amount of information on payments that needs to be collected, analyzed and reported. A three-month-period as applied today in many Member States deems sufficient. It should also be clarified that reporting can be done on aggregated basis and not for each single transaction.
Reporting in such as detailed fashion appears excessive. It should not be required to report each period of time for which breaches that were identified and the reasons a PSP may have given to justify repeated failures.
Finally, we would like to highlight that, according to the table provided in annex 1, not all the information on the payer listed by the Regulation is required to accompany a transfer of funds. The information laid down in the Regulation 2015/847/EU - the payer's address, official personal document number, customer identification number or date and place of birth - seems to be required unlike under the previous Regulation. We would therefore like to have a confirmation of this interpretation because Regulation 2015/847/EU is not clear on this. Indeed, a different interpretation, which implies that all the information concerning the payer listed by the Regulation has to accompany the transfer, would cause a huge increase in compliance risks and costs."
We would like to again draw your attention to the apparent contradiction between the guidelines on linked payments with the Member State option in Article 2 Paragraph 5 of the of the FTR to exclude certain payments within a Member State’s territory from the FTR.