The Regulation has been introduced to help prevent money laundering and terrorist financing and applies to transfers of funds, in any currency, which are sent or received by a payment service provider established in the European Community (“EC”). The Regulation places a number of obligations on payment service providers, who are defined as being natural or legal persons whose business includes the transfer of funds services and therefore includes banks. The Regulation aims to ensure that any transfer of funds within the EC is accompanied by accurate information on the payer.
The Regulation applies to all transfers of funds except those of low monetary value which represent a small risk of money laundering and terrorist financing. If the Regulation applies, the payment service provider of the payer must obtain, verify and send information on the payer prior to transferring the funds to the payee(s). In turn, the payment service provider of the payee must check that the required information has been sent with the transfer of funds.
If a transfer of funds is found to have missing or incomplete information on the payer, the payment service provider of the payee can either request the missing information or simply reject the transfer of funds. It must also report any suspicious transactions or non-compliance with the Regulation to the relevant authorities as soon as it becomes aware of them.
For transfers of funds within the EC (namely domestic transfers or transfers between Member States), the payment service provider of the payer only needs to attach the account number (or a unique identifier number if the payer has no account) to the transfer so that the transaction can be traced back to the payer. Where a transfer of funds is made to a payee outside of the EC, the payment service provider of the payer must include complete information on the payer, which at most, is the payer’s name, address and account number.
All payment service providers must retain records of information for transfer of funds for five years and must also respond promptly to requests for information on the payer from authorities involved in combating money laundering and terrorist financing activities. The provisions of the Regulation are subject to the Data Protection Directive (95/46/EC).
The Regulation came into force on 1 January 2007 and is immediately effective across the EC. However, Member States have been given until 15 December 2007 to implement and impose penalties for breaches of the Regulation. This effectively gives payment service providers time to ensure their internal procedures and systems are ready to comply with the new Regulation.