Background

"The full traceability of transfers of funds can be a particularly important and valuable tool in the prevention, detection and investigation of money laundering and terrorist financing, as well as in the implementation of restrictive measures … It is therefore appropriate, in order to ensure the transmission of information throughout the payment chain, to provide for a system imposing the obligation on payment service providers [(PSPs)] to accompany transfers of funds with information on the payer and the payee"—recital (9) to the second Information Accompanying Transfers of Funds Regulation (IATF2).

"By reason of the scale of the action to be undertaken, the Union should [also] ensure that the International Standards on Combatting Money Laundering and the Financing of Terrorism and Proliferation adopted by [the Financial Action Task Force (FATF)] on 16 February 2012 … and, in particular, FATF Recommendation 16 on wire transfers … are implemented uniformly throughout the Union and that … there is no discrimination or discrepancy between … payments within a Member State and … cross-border payments between Member States"—recital (3) to IATF2.

However, "… the … approach should be targeted and proportionate and … in full compliance with the free movement of capital, which is guaranteed throughout the Union"—recital (6) to IATF2.

IATF2 was adopted by the European Parliament (EP) on 20 May 2015 and the final act was signed on the same date. IATF2 is now pending publication in the Official Journal and will come into force 20 days after publication. For the purposes of this client alert, we have assumed that when IATF2 enters into force, it will be in materially the same form as the text adopted by the Council of the European Union (Council) on 20 April 2015, which is available here.

Scope1

IATF2 will apply to "transfers of funds, in any currency, which are sent or received by a [Payment Services Provider (PSP)], or an intermediary [PSP], established in the [EU]".

However:

  • A Member State may choose not to apply IATF2 to transfers of funds within its territory, where the payment is solely for the provision of goods or services and the following conditions are met:
    • The payee's PSP is subject to the fourth Anti-Money Laundering Directive (AMLD4);
    • The payee's PSP is "able to trace back through the payee, by means of a unique transaction identifier, the transfer of funds from the person who has an agreement with the payee for the provision of goods or services"; and
    • The transfer does not exceed €1000.
  • IATF2 does not apply in almost all of the circumstances where the Payment Services Directive does not apply either.
  • IATF2 does not apply to transfers of funds:
    • Where the payer withdraws money from his own payment account;
    • To a public authority within a Member State, where the transfer is to pay taxes, fines or other levies; or
    • Where both the payer and payee are PSPs acting on their own behalf.
  • IATF2 does not apply to transfers of funds carried out using a payment card, an electronic money instrument or mobile phone, or any other digital or IT prepaid or post-paid device with similar characteristics (Device), if:
    • The Device is used exclusively to pay for goods or services; and
    • The number of the Device accompanies all transfers flowing from the transaction.

However, it will apply if the Device is used to effect a person to person transfer of funds.

  • IATF2 does not apply to those who have no activity other than:
    • To convert paper documents into electronic data, if they do this under a contract with a PSP; or
    • To provide PSPs with messaging or other support systems for transmitting funds, or with clearing and settlement systems.

Definitions2

For the purposes of IATF2:

Click here to view table.

The payer's PSP must3:Obligations of PSPs

  • Ensure transfers of funds are accompanied by the following information about the payer: name, payment account number, and "the payer's address, official personal document number, customer identification number or date and place of birth";
  • Verify the information on the payer, using "documents, data or information obtained from a reliable and independent source", and
  • Ensure that transfers of funds are also accompanied by the name of the payee and the payee's account number;

Unless:

  • The transfer is not being made from or to a payment account—in which case, the transfer must be accompanied by a unique transaction identifier instead of the payment account number(s);
  • The funds are being transferred within the EU and:
    • All of the PSPs are established in the EU—in which case, it may be enough to include the payment account numbers of the payer (as verified) and payee, or the unique transaction identifier, instead; and/or
    • The funds being transferred do not exceed €10004—in which case, there is no need to verify the information on the payer, unless his PSP "has received the funds … in cash, or in anonymous electronic money", or has reasonable grounds for suspecting money laundering or terrorist financing; or
  • The funds are being transferred to outside the EU:
    • By "batch file transfer from a single payer where the [PSPs] of the payees are established outside the [EU]"—in which case, there's no need to include the payer information in the individual transfers that have been bundled together, if:
      • The batch file includes the information about the payer; the payee and a unique transaction identifier;
      • That information has been verified; and
      • The individual transfers carry the payment account number of the payer or, if the transfer is not made from or to a payment account, unique transaction identifier; and/or
    • The funds being transferred do not exceed €1000—in which case:
      • Including the payer and payee's names and payment account numbers (or unique transaction identifier where applicable) will suffice; and
      • There is no need to verify the information on the payer, unless his PSP "has received the funds … in cash, or in anonymous electronic money", or has reasonable grounds for suspecting money laundering or terrorist financing.

The payee's PSP must5:

  • Have effective procedures to detect whether:
    • The payer and payee information fields in the messaging or settlement system used to effect the transfer of funds have been competed using characters that are admissible under the conventions of that system; and/or
    • Particular payer and payee information is missing.
  • Verify the name of the payee, his payment account number and the unique transaction identifier, using documents, data or information obtained from a reliable and independent source, where transfers of funds exceed €1000, before the PSP credits the payee's account or makes the funds available to the payee. Verification of this information is not required in other cases, unless the payee's PSP:
    • Effects the pay-out of the funds in cash, or in anonymous electronic money; or
    • Has reasonable grounds for suspecting money laundering or terrorist financing.
  • Reject a transfer of funds, or ask for the required information on the payer or payee before or after crediting the payee's payment account or making funds available to the payee, on a risk sensitive basis, when it becomes aware that certain payer or payee information is missing or incomplete, or has not been filled in using characters or inputs that are admissible under the conventions of the relevant messaging or payment and settlement system.
  • Issue warnings, set deadlines, reject transfers, or restrict or terminate its relationship with a PSP that repeatedly fails to provide the required payer and payee information, and report that failure and the steps it has taken to the relevant authorities.

An intermediary PSP must6:

  • Ensure that all of the information received on the payer and payee that accompanies a transfer of funds is retained with the transfer.
  • Have procedures in place to detect whether particular information is missing, or has been completed using characters that do not meet the conventions of the relevant messaging or payment and settlement system.
  • reject transfers or ask for required information on the payer and payee on a risk-sensitive basis before or after the transmission of the funds, where it becomes aware that information is missing or has been completed using inadmissible characters.
  • Issue warnings, set deadlines, reject transfers, or restrict or terminate its relationship with a PSP that repeatedly fails to provide the required payer and payee information, and report that failure and the steps it has taken to the relevant authorities.

Other obligations

Records retention7

The PSPs of the payer and payee shall keep records of information on the payer and payee for five years. PSPs are required to delete this information "upon expiry of the retention period". However, Member States may choose to extend the retention period by a further five years after carrying out "a thorough assessment of the necessity…of such further retention…for the prevention, detection or investigation of money laundering or terrorist financing".

Sanctions and monitoring8

IATF2 requires member states to "lay down rules on administrative sanctions" for breaches of IATF2, to "ensure that they are implemented" and to notify the EC and the Joint Committee of ESAs of these rules. Member states are required to:

  • Ensure that sanctions can be taken against:
    • Natural legal persons such as members of a PSP's management body; and
    • Legal persons where breaches are "committed for their benefit" by individuals in a leading position within the legal person or caused by a "lack of supervision or control" by such individuals.
  • Ensure that sanctions for breaches of Arts. 4, 5, 6, 8, 11, 12 and 16 of IATF2 include those specified in Art. 59(2) and (3) of AMLD4.

IATF2 requires "competent authorities [to] have all the supervisory and investigatory powers…necessary for the exercise of their functions" and requires competent authorities to:

  • "Cooperate…to ensure that…administrative sanctions…produce the desired results and coordinate their action when dealing with cross-border cases";
  • Publish details of sanctions imposed "including information on the type and nature of the breach and the identity of the person responsible, if necessary and proportionate after a case by case evaluation" in accordance with Art. 60 AMLD4; and
  • Exercise their powers directly, in collaboration with other authorities, by delegation to other authorities, and by application to competent judicial authorities.

IATF2 also requires member states to encourage PSPs to report breaches to the competent authorities and to cooperate with the competent authorities to "establish appropriate internal procedures for their employees…to report breaches internally".

Key changes

IATF2 will replace and repeal the Information on the Payer Accompanying Transfers of Funds Regulation (IATF), which was first introduced as part of an EU Plan of Action to tackle money-laundering and terrorist financing. This section compares IATF2 with the current IATF regime, and summarises the key changes that will be introduced by IATF2 after it comes into force.

Clcik here to view table.

Final thoughts

IATF2 is expected to be published in the Official Journal in June or July this year and will come into force 20 days after publication12. It is expected that IATF2's application date will be delayed to match the date of transposition into national law of AMLD4 (expected in mid-2017). This is not surprising given that IATF2 was announced as part of a package that includes AMLD4, and that several provisions of IATF2 are stated to be carried out in accordance with provisions in AMLD4.