Response to consultation on Guidelines to prevent transfers of funds can be abused for ML and TF
Go back
It is stipulated that the PSP of the payer has to check whether all involved PSPs in the payment chain are established within the EU/EEA in order to benefit from the derogation as stipulated in Article 5 of the FTR. However, on the overview provided on page 23 it is illustrated that the crucial element in order to benefit from the aforementioned derogation is the fact where the PSP of the payee is located – irrespective of the location of the intermediary PSP. This should be clarified accordingly in order to avoid inconsistencies between the EBA guidelines and the FTR.
It is set out in Point 10 that PSPs should be able to determine whether a PSP in the chain is based in a third country, outside the EU/EEA, in order to benefit from the derogation in Article 5 of the Regulation.
However, according to Article 7 (2) and Article 11 (1) it is our understanding that the derogation stipulated in Article 5 (provision of payment account number or unique transaction identifier is sufficent) is already applicable if only the PSP of the payer and or the payee is established within the EU/EEA – this assumption is also based on the overview provided on page 24 and 25 of the draft guidelines. This should therefore be adjusted accordingly (as point 10 might lead to the interpretation that the intermediary PSP and the PSP of the payee are obliged to check whether all PSPs in the payment chain are established within the EU/EEA).
In point 13 the term ‘linked transactions’ is defined as those transactions that are being sent from the same payments account or the same payer to the same payee within a short time-frame, for example within six months. If a payer sends payments to the same payee - also within the stipulated timeframe of 6 months – such transfers shall not be considered as linked only by means of the fact that the transfer contains the same payer and payee. Additionally, the timeframe of 6 months should be shortened.
Furthermore, the detection of linked transactions as stipulated would only be possible after release of transfers – which means that a PSP would be required to request additional information on the payer or the payee after execution/release of a payment. This leads – consequently – to the result that the stipulated derogations in the FTR related to transfers of funds below 1000 Euro would be obsolete.
The common principles that apply to the PSP of the payee as well as to the intermediary PSP shall be – according to our understanding – the obligation to ensure the onward transmission/receiving and crediting of payments containing full information on the payer and the payee (as set forth in the FTR) as well as the obligation to review payments that do not contain the required information and to decide on further steps to be taken related to such a transfer lacking legally mandatory information (e.g. decision on rejecting the transfer or submitting and related steps to be taken).
There is no clarification that Sepa Direct Debit (SDD) is not the subject of the FTR, or how the regulations on SDD are to be applied meaningfully in order to create legal certainty.
A clarification regarding the whole SEPA area, such as the EEA (in particular, Switzerland is an issue), would also be helpful in order to facilitate practical arrangements (Article 5).
In point 23 it is stipulated that PSPs should treat obviously meaningless information as though it was missing information. Point 7 defines the term ‘meaningless information’. The FTR itself does not contain such a definition – contrarily the FTR only refers to ‘missing information’. Especially, the exemplary list of ‘meaningless information’ as provided in the draft guidelines is not expedient – as there are innumerable possibilities of ‘meaningless information’ that cannot – by no means – be enumerated conclusively. Furthermore, also a consolidated list throughout the whole EU would bear the risk of never-ending false positives (e.g. company names with only 3 characters). Therefore, it is – in our view – an urgent need to receive detailed guidelines on the practicability of checking ‘meaningless information’ in the most effective way from European side.
The draft guidelines also define the term ‘incomplete information’ as information on the payer or the payee that is only partially provided, for example an initial rather than a first name, or a country without the postal address. In view of the limited data fields that are available for payment transactions and the widespread behavior of customers to abbreviate pre-names, this requirement would lead to a huge increase of hits and would – consequently – result in the deceleration of the payment system and would have a disruptive effect on the straight-through processing of all payments.
Therefore, also a revision of this definition is crucial for a smooth functionality of the entire payment chain.
Regarding the other points, it is our current assessment that the steps foreseen in the regulation for the intermediary PSP and the PSP of the payee are viable and reasonable to combat money laundering and terrorist financing.
With regard to point 25 we would like to clarify that only the transfers made to certain high risk countries can be registered, since the classification (risk based approach according to 4th AML Directive) is conducted by each respective institute. The approach might be different for each institute due to diverse business segments and risk assessments.
Moreover, the Consultation Paper contains, among other things, an ex-ante verification requirement for certain (high) value" and "high ML / TF risk" country transfers. The FTR explicitly defines the verification for integrity as "subsequent screening or ... real-time screening". Real-time screening is thus not due for these two cases.
Such a general duty to realtime examination cannot be derived from the 4th AMLD either. Although Article 18 (1) prescribes the application of increased due diligence obligations "to natural or legal persons established in high-risk countries identified by the Commission", it does not specify specific measures, in particular no realtime screening.
A "certain (high) value" cannot be found as a reason for increased due diligence or "real time screening".
In addition, such real-time screening would produce unnecessary hits, false positives, and stop transactions that would have to be corrected manually. This would mean an enormous, unjustifiable effort.
Realtime screening for the aforementioned cases in RZ 25 (Chapter II: Obligations on intermediary PSPs and PSPs of the payee) shall therefore be deleted, not least because the expenditure incurred is not in any reasonable relation to the results."
In certain payment schemes, this is not feasible – i.e. as certain global payment schemes are technically limited and do not provide for transmission of certain information.
Furthermore, it is stated in point 60 that PSPs should only use payment or messaging systems that permit the onward transfer of all information on the payer or the payee, irrespective of whether this information is required by Regulation (EU) 2015/847. This requirement exceeds the provisions as stipulated in the FTR and is – regarding certain payment applications – not viable. The respective provision should therefore be adjusted
Especially the provision as stipulated in Article 7 (3) – the check of accuracy of the information on the payee before crediting the payee’s payment account or making the funds available to the payee – as well as the associated derogation as stipulated in Article 7 (5) is misleading. In this context, the question arises how the PSP of the payee can determine when the derogation can be applied? Is the derogation applicable when the provided account number matches an existing account number (irrespective of the provided name – in case of non EU/EEA transfers) [number-number check], or is it necessary to check whether the provided name in the transfer matches the name of the customer (name-name/number check)?
Clarification on this provision is essential.
Moreover, we would like to refer to our answers for Q1 concerning the potentially linked money transfers which exceed the EUR 1.000,-- limit and the possible contradiction concerning Article 2 para 5 Reg 2015/847.
Question 1: Do you agree with the general considerations in Chapter 1? In particular, do you agree that these are necessary to ensure an effective, risk-based and proportionate approach to complying with Regulation (EU) 2015/847? If you do not agree, clearly set out your rationale and provide supporting evidence where available. Please also set out what you consider to be the common principles that apply to both, the PSP of the payee and the intermediary PSP, and why.
Overall, the general considerations as set forth in Chapter 1 are reasonable. However, certain provisions are misleading respectively unconvertible:It is stipulated that the PSP of the payer has to check whether all involved PSPs in the payment chain are established within the EU/EEA in order to benefit from the derogation as stipulated in Article 5 of the FTR. However, on the overview provided on page 23 it is illustrated that the crucial element in order to benefit from the aforementioned derogation is the fact where the PSP of the payee is located – irrespective of the location of the intermediary PSP. This should be clarified accordingly in order to avoid inconsistencies between the EBA guidelines and the FTR.
It is set out in Point 10 that PSPs should be able to determine whether a PSP in the chain is based in a third country, outside the EU/EEA, in order to benefit from the derogation in Article 5 of the Regulation.
However, according to Article 7 (2) and Article 11 (1) it is our understanding that the derogation stipulated in Article 5 (provision of payment account number or unique transaction identifier is sufficent) is already applicable if only the PSP of the payer and or the payee is established within the EU/EEA – this assumption is also based on the overview provided on page 24 and 25 of the draft guidelines. This should therefore be adjusted accordingly (as point 10 might lead to the interpretation that the intermediary PSP and the PSP of the payee are obliged to check whether all PSPs in the payment chain are established within the EU/EEA).
In point 13 the term ‘linked transactions’ is defined as those transactions that are being sent from the same payments account or the same payer to the same payee within a short time-frame, for example within six months. If a payer sends payments to the same payee - also within the stipulated timeframe of 6 months – such transfers shall not be considered as linked only by means of the fact that the transfer contains the same payer and payee. Additionally, the timeframe of 6 months should be shortened.
Furthermore, the detection of linked transactions as stipulated would only be possible after release of transfers – which means that a PSP would be required to request additional information on the payer or the payee after execution/release of a payment. This leads – consequently – to the result that the stipulated derogations in the FTR related to transfers of funds below 1000 Euro would be obsolete.
The common principles that apply to the PSP of the payee as well as to the intermediary PSP shall be – according to our understanding – the obligation to ensure the onward transmission/receiving and crediting of payments containing full information on the payer and the payee (as set forth in the FTR) as well as the obligation to review payments that do not contain the required information and to decide on further steps to be taken related to such a transfer lacking legally mandatory information (e.g. decision on rejecting the transfer or submitting and related steps to be taken).
There is no clarification that Sepa Direct Debit (SDD) is not the subject of the FTR, or how the regulations on SDD are to be applied meaningfully in order to create legal certainty.
A clarification regarding the whole SEPA area, such as the EEA (in particular, Switzerland is an issue), would also be helpful in order to facilitate practical arrangements (Article 5).
Question 2: Do you agree that the expectations on intermediary PSPs and PSPs of the payee in Chapter II are proportionate and necessary to both comply with Regulation (EU) 2015/847 and ensure a level playing field? In particular, do you agree with: • The steps PSPs should take to detect and manage transfers of funds with missing information of inadmissible characters or inputs? • The steps PSPs should take to detect and manage PSPs that are repeatedly failing to provide the required information? If you do not agree, clearly set out your rationale and provide supporting evidence where available. Please also set out at what you believe PSPs should do instead, and why.
We do not agree on all provisions. Certain requirements are exuberant and are not necessary in view of combating money laundering and terrorist financing.In point 23 it is stipulated that PSPs should treat obviously meaningless information as though it was missing information. Point 7 defines the term ‘meaningless information’. The FTR itself does not contain such a definition – contrarily the FTR only refers to ‘missing information’. Especially, the exemplary list of ‘meaningless information’ as provided in the draft guidelines is not expedient – as there are innumerable possibilities of ‘meaningless information’ that cannot – by no means – be enumerated conclusively. Furthermore, also a consolidated list throughout the whole EU would bear the risk of never-ending false positives (e.g. company names with only 3 characters). Therefore, it is – in our view – an urgent need to receive detailed guidelines on the practicability of checking ‘meaningless information’ in the most effective way from European side.
The draft guidelines also define the term ‘incomplete information’ as information on the payer or the payee that is only partially provided, for example an initial rather than a first name, or a country without the postal address. In view of the limited data fields that are available for payment transactions and the widespread behavior of customers to abbreviate pre-names, this requirement would lead to a huge increase of hits and would – consequently – result in the deceleration of the payment system and would have a disruptive effect on the straight-through processing of all payments.
Therefore, also a revision of this definition is crucial for a smooth functionality of the entire payment chain.
Regarding the other points, it is our current assessment that the steps foreseen in the regulation for the intermediary PSP and the PSP of the payee are viable and reasonable to combat money laundering and terrorist financing.
With regard to point 25 we would like to clarify that only the transfers made to certain high risk countries can be registered, since the classification (risk based approach according to 4th AML Directive) is conducted by each respective institute. The approach might be different for each institute due to diverse business segments and risk assessments.
Moreover, the Consultation Paper contains, among other things, an ex-ante verification requirement for certain (high) value" and "high ML / TF risk" country transfers. The FTR explicitly defines the verification for integrity as "subsequent screening or ... real-time screening". Real-time screening is thus not due for these two cases.
Such a general duty to realtime examination cannot be derived from the 4th AMLD either. Although Article 18 (1) prescribes the application of increased due diligence obligations "to natural or legal persons established in high-risk countries identified by the Commission", it does not specify specific measures, in particular no realtime screening.
A "certain (high) value" cannot be found as a reason for increased due diligence or "real time screening".
In addition, such real-time screening would produce unnecessary hits, false positives, and stop transactions that would have to be corrected manually. This would mean an enormous, unjustifiable effort.
Realtime screening for the aforementioned cases in RZ 25 (Chapter II: Obligations on intermediary PSPs and PSPs of the payee) shall therefore be deleted, not least because the expenditure incurred is not in any reasonable relation to the results."
Question 3: Do you agree with the provisions for intermediary PSPs in Chapter III? If you do not agree, clearly set out your rationale and provide supporting evidence where available. Please also set out how you think intermediary PSPs can meet their obligations in Article 10 of Regulation (EU) 2015/847 instead.
Point 59 of the draft guidelines stipulates that Intermediary PSPs should satisfy themselves that their systems and controls enable them to comply with their duty to ensure that all information on the payer and the payee that accompanies a transfer of funds is retained with that transfer. As part of this, PSPs should satisfy themselves of their system’s ability to convert information into a different format without error or omission.In certain payment schemes, this is not feasible – i.e. as certain global payment schemes are technically limited and do not provide for transmission of certain information.
Furthermore, it is stated in point 60 that PSPs should only use payment or messaging systems that permit the onward transfer of all information on the payer or the payee, irrespective of whether this information is required by Regulation (EU) 2015/847. This requirement exceeds the provisions as stipulated in the FTR and is – regarding certain payment applications – not viable. The respective provision should therefore be adjusted
Question 4: Do you agree with the provisions for PSPs of the payee in Chapter IV? If you do not agree, clearly set out your rationale and provide supporting evidence where available. Please also set out how you think PSPs of the payee can meet their obligations instead.
Point 62 – 65 of the guidelines:Especially the provision as stipulated in Article 7 (3) – the check of accuracy of the information on the payee before crediting the payee’s payment account or making the funds available to the payee – as well as the associated derogation as stipulated in Article 7 (5) is misleading. In this context, the question arises how the PSP of the payee can determine when the derogation can be applied? Is the derogation applicable when the provided account number matches an existing account number (irrespective of the provided name – in case of non EU/EEA transfers) [number-number check], or is it necessary to check whether the provided name in the transfer matches the name of the customer (name-name/number check)?
Clarification on this provision is essential.
Moreover, we would like to refer to our answers for Q1 concerning the potentially linked money transfers which exceed the EUR 1.000,-- limit and the possible contradiction concerning Article 2 para 5 Reg 2015/847.