Response to consultation on Guidelines to prevent transfers of funds can be abused for ML and TF
Go back
• Real-time monitoring of high-risk transfers: We support the intention to closely monitor high-risk transfers. However, as mentioned above, for smaller institutions it might take very much of an effort to monitor transfers in real time, especially in a combination with ex post monitoring. This concept as mentioned in paragraph 25 indicates that a technical support tool which is in general capable of real-time monitoring has to be installed not considering the amount of transfers executed. In our view this requirement leaves no room for a proportionate implementation. Therefore, to support a proportionate implementation by institutions, they should be allowed to option for an ex-post monitoring only.
• Actions to be taken in the event of missing information, inadmissible characters or inputs: In paragraph 25 it should be made clear that in case an institution comes to a risk-based conclusion not to work with real-time monitoring the decision whether to execute the transfer or not is not a question to be decided. A sub-headline would simplify the understanding of the text, e. g. “a) Actions in real-time monitoring and b) actions in ex-post monitoring”.
• PSP suspends the transfer: We support a reasonable timeframe within the sending PSP should answer a request. However, the envisaged timeframe of 3 working days is not precise enough especially for cross-border cases within the EEA (paragraph 32). For instance, in a cross-border transfer case within the EEA a national bank holiday in the country of the sending PSP could reduce its time to answer the request and make it uncertain for the requesting PSP if a reminder (paragraph 33) is already appropriate. In light of the sanctions for failing answering in a timely manner, guidance is needed if a reminder (paragraph 33) is already appropriate within these 3 working days or the first reminder is appropriate the day following the 3 working days. We would suggest that a first reminder is appropriate after the first 3 working days in a cross-border case.
In the event that a request is going back via an intermediary PSP in a cross-border case to a non-EEA country it is already often a greater challenge to receive information since the intermediary itself has to circle back the request for information to the PSP of the payer which might not be possible within the proposed time frame of 5 working days. Therefore, we suggest that if an intermediary is involved in a non-EEA cross-border case a reminder by the PSP of the payee is appropriate after 5 working days, as well.
In a solely national case a reminder might be appropriate before the ending of the third working day.
• PSP executes the transfer: As mentioned above, the issues on how long the answering period is and when it is appropriate to send a reminder are the same as discussed above (paragraphs 38, 39). Therefore, we would welcome if our suggestions are considered here, as well.
• Steps to be taken: In general, we agree that reasonable steps need to be taken on a risk-based approach if a PSP repeatedly fails to provide required information. However, we suggest that in paragraph 56 it should be made clear that where appropriate, intensified monitoring is sufficient instead of real-time monitoring for institutions which, in general, rely only on real-time monitoring or only on ex-post monitoring and not on a combination of both. Additionally, the suggested wording should not exclude the risk-based choices of the institutions to include real-time monitoring.
In paragraph 57 it is unclear how a business relationship should be restricted. Should the restriction lead to a limitation of the amount of transfers to be executed within the business relationship? We would welcome more guidance on this unspecified requirement.
Question 1: Do you agree with the general considerations in Chapter 1? In particular, do you agree that these are necessary to ensure an effective, risk-based and proportionate approach to complying with Regulation (EU) 2015/847? If you do not agree, clearly set out your rationale and provide supporting evidence where available. Please also set out what you consider to be the common principles that apply to both, the PSP of the payee and the intermediary PSP, and why.
In paragraph 11 the last word “apply” should be erased since it is unnecessary.Question 2: Do you agree that the expectations on intermediary PSPs and PSPs of the payee in Chapter II are proportionate and necessary to both comply with Regulation (EU) 2015/847 and ensure a level playing field? In particular, do you agree with: • The steps PSPs should take to detect and manage transfers of funds with missing information of inadmissible characters or inputs? • The steps PSPs should take to detect and manage PSPs that are repeatedly failing to provide the required information? If you do not agree, clearly set out your rationale and provide supporting evidence where available. Please also set out at what you believe PSPs should do instead, and why.
• Combination of ex-post and real-time monitoring, Art. 7 (2) and 11 (2) of Regulation (EU) 2015/847: Such a combination setup (paragraph 24) necessarily requires electronic tools for both ex-post and real-time systems. Institutions which do not exceed a certain amount of transactions would have to invest in real-time monitoring systems even though such an investment does not correlate with the amount of business generated by providing payment services to their customers. As a result, institutions might overthink their business model and even quit their engagement in providing correspondent banking services to their customers. This would also add to the current momentum of the declining numbers of institutions offering correspondent banking. As seen in the surveys done by CPMI and the FSB such decline is also true for the German market. Therefore, we suggest that according to their risk profile (customer, nature of products and services, jurisdictions, volume and size of transactions etc.) institutions are allowed to come to the conclusion that a combination of real-time and ex-post monitoring is not sufficient to effectively complying with Regulation (EU) 2015/847. According to the proportionality principle, it should be possible to decide for only one monitoring concept (real-time or ex-post or a combination of both), as well.• Real-time monitoring of high-risk transfers: We support the intention to closely monitor high-risk transfers. However, as mentioned above, for smaller institutions it might take very much of an effort to monitor transfers in real time, especially in a combination with ex post monitoring. This concept as mentioned in paragraph 25 indicates that a technical support tool which is in general capable of real-time monitoring has to be installed not considering the amount of transfers executed. In our view this requirement leaves no room for a proportionate implementation. Therefore, to support a proportionate implementation by institutions, they should be allowed to option for an ex-post monitoring only.
• Actions to be taken in the event of missing information, inadmissible characters or inputs: In paragraph 25 it should be made clear that in case an institution comes to a risk-based conclusion not to work with real-time monitoring the decision whether to execute the transfer or not is not a question to be decided. A sub-headline would simplify the understanding of the text, e. g. “a) Actions in real-time monitoring and b) actions in ex-post monitoring”.
• PSP suspends the transfer: We support a reasonable timeframe within the sending PSP should answer a request. However, the envisaged timeframe of 3 working days is not precise enough especially for cross-border cases within the EEA (paragraph 32). For instance, in a cross-border transfer case within the EEA a national bank holiday in the country of the sending PSP could reduce its time to answer the request and make it uncertain for the requesting PSP if a reminder (paragraph 33) is already appropriate. In light of the sanctions for failing answering in a timely manner, guidance is needed if a reminder (paragraph 33) is already appropriate within these 3 working days or the first reminder is appropriate the day following the 3 working days. We would suggest that a first reminder is appropriate after the first 3 working days in a cross-border case.
In the event that a request is going back via an intermediary PSP in a cross-border case to a non-EEA country it is already often a greater challenge to receive information since the intermediary itself has to circle back the request for information to the PSP of the payer which might not be possible within the proposed time frame of 5 working days. Therefore, we suggest that if an intermediary is involved in a non-EEA cross-border case a reminder by the PSP of the payee is appropriate after 5 working days, as well.
In a solely national case a reminder might be appropriate before the ending of the third working day.
• PSP executes the transfer: As mentioned above, the issues on how long the answering period is and when it is appropriate to send a reminder are the same as discussed above (paragraphs 38, 39). Therefore, we would welcome if our suggestions are considered here, as well.
• Steps to be taken: In general, we agree that reasonable steps need to be taken on a risk-based approach if a PSP repeatedly fails to provide required information. However, we suggest that in paragraph 56 it should be made clear that where appropriate, intensified monitoring is sufficient instead of real-time monitoring for institutions which, in general, rely only on real-time monitoring or only on ex-post monitoring and not on a combination of both. Additionally, the suggested wording should not exclude the risk-based choices of the institutions to include real-time monitoring.
In paragraph 57 it is unclear how a business relationship should be restricted. Should the restriction lead to a limitation of the amount of transfers to be executed within the business relationship? We would welcome more guidance on this unspecified requirement.