Legal provisions of COM(2021)422 - Information accompanying transfers of funds and certain crypto-assets (recast)

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2021)422 - Information accompanying transfers of funds and certain crypto-assets (recast).
document COM(2021)422 EN
date May 31, 2023


CHAPTER I

SUBJECT MATTER, SCOPE AND DEFINITIONS

Contents

Article 1 - Subject matter

This Regulation lays down rules on the information on payers and payees, accompanying transfers of funds, in any currency,  and the information on originators and beneficiaries, accompanying transfers of crypto-assets,  for the purposes of preventing, detecting and investigating money laundering and terrorist financing, where at least one of the payment  or crypto-asset  service providers involved in the transfer of funds  or crypto-assets  is established in the Union.

Article 2 - Scope

1. This Regulation shall apply to transfers of funds, in any currency,  or crypto-assets,   which are sent or received by a payment service provider  , a crypto-asset service provider,  or an intermediary payment service provider established in the Union.

2. This Regulation shall not apply to the services listed in points (a) to (m) and (o) of Article 3 of Directive (EU) 2015/23662007/64/EC.

3. This Regulation shall not apply to transfers of funds carried out using a payment card, an electronic money instrument or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics, where the following conditions are met:

(a)that card, instrument or device is used exclusively to pay for goods or services; and

(b)the number of that card, instrument or device accompanies all transfers flowing from the transaction.

However, this Regulation shall apply when a payment card, an electronic money instrument or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics, is used in order to effect a person-to-person transfer of funds  or crypto-assets  .

4. This Regulation shall not apply to persons that have no activity other than to convert paper documents into electronic data and that do so pursuant to a contract with a payment service provider, or to persons that have no activity other than to provide payment service providers with messaging or other support systems for transmitting funds or with clearing and settlement systems.

This Regulation shall not apply to transfers of funds  and crypto-assets     if any of the following conditions is fulfilled  :

(a)that   they  involve the payer withdrawing cash from the payer's own payment account;

(b)that transfer   they constitute transfers of  funds  or crypto-assets  to a public authority as payment for taxes, fines or other levies within a Member State;

(c)where both the payer and the payee are payment service providers  or both the originator and the beneficiary are crypto-asset service providers  acting on their own behalf;

(d)that   they  are carried out through cheque images exchanges, including truncated cheques.


 new

Electronic money tokens, as defined in Article 3(1), point 4 of Regulation [please insert reference – proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937-COM/2020/593 final] shall be treated as crypto-assets under this Regulation.

This Regulation shall not apply to person-to-person transfer of crypto-assets.


 2015/847

 new

5. A Member State may decide not to apply this Regulation to transfers of funds  or transfers of crypto-assets   within its territory to a payee's payment account  or a beneficiary’s account   permitting payment exclusively for the provision of goods or services where all of the following conditions are met:

(a)the payment service provider  or the crypto-asset service provider  of the payee  or the beneficiary  is subject to Directive (EU) 2015/849 [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849];

(b)the payment service provider of the payee  or the crypto-asset service provider of the beneficiary  is able to trace back, through the payee, by means of a unique transaction identifier, the transfer of funds  or, for transfers of crypto-assets, through the beneficiary, by means allowing to identify individually the transfers of crypto-assets on the distributed ledger,  from the person who has an agreement with the payee  or the beneficiary  for the provision of goods or services;

(c)the amount of the transfer of funds  or crypto-assets  does not exceed EUR 1000.

Article 3 - Definitions

For the purposes of this Regulation, the following definitions apply:

(1)‘terrorist financing’ means terrorist financing as defined in Article 2(2)1(5) of Directive (EU) 2015/849 [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849];

(2)‘money laundering’ means the money laundering activities referred to in Article 2(1)1(3) and (4) of Directive (EU) 2015/849 [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849];

(3)‘payer’ means a person that holds a payment account and allows a transfer of funds from that payment account, or, where there is no payment account, that gives a transfer of funds order;

(4)‘payee’ means a person that is the intended recipient of the transfer of funds;

(5)‘payment service provider’ means the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/23662007/64/EC, natural or legal persons benefiting from a waiver pursuant to Article 3226 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC of the European Parliament and of the Council 61 , providing transfer of funds services;

(6)‘intermediary payment service provider’ means a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider;

(7)‘payment account’ means a payment account as defined in point (1214) of Article 4, point (12), of Directive (EU) 2015/23662007/64/EC;

(8)‘funds’ means funds as defined in point (2515) of Article 4, point (25), of Directive (EU) 2015/23662007/64/EC;

(9)‘transfer of funds’ means any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:

(a)a credit transfer as defined in point (1) of Article 2, point (1), of Regulation (EU) No 260/2012;

(b)a direct debit as defined in point (2) of Article 2, point (2), of Regulation (EU) No 260/2012;

(c)a money remittance as defined in point (13) of Article 4, point (22), of Directive (EU) 2015/23662007/64/EC, whether national or cross border;

(d)a transfer carried out using a payment card, an electronic money instrument, or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics;


 new

(10) ‘transfer of crypto-assets’ means any transaction at least partially carried out by electronic means on behalf of an originator through a crypto-asset service provider, with a view to making crypto-assets available to a beneficiary through a crypto-asset service provider, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same.


 2015/847

 new

(1110)‘batch file transfer’ means a bundle of several individual transfers of funds  or crypto-assets  put together for transmission;

(1211)‘unique transaction identifier’ means a combination of letters, numbers or symbols determined by the payment service provider, in accordance with the protocols of the payment and settlement systems or messaging systems used for the transfer of funds, which permits the traceability of the transaction back to the payer and the payee;

(1312)‘person-to-person transfer of funds’ means a transaction between natural persons acting, as consumers, for purposes other than trade, business or profession;.


 new

(14) ‘person-to-person transfer of crypto-assets’ means a transaction between natural persons acting, as consumers, for purposes other than trade, business or profession, without the use or involvement of a crypto-asset service provider or other obliged entity;

(15) ‘crypto-asset’means a crypto-asset as defined in Article 3(1), point 2 of Regulation [please insert reference – proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937-COM/2020/593 final] except when falling under the categories listed in Article 2(2) of that Regulation or otherwise qualifying as funds.

(16) ‘crypto-asset service provider ’means a crypto-asset service provider as defined in Article 3(1), point (8) of [please insert reference – proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937-COM/2020/593 final] where performing one or more crypto-asset services as defined in Article 3(1) point (9) of [please insert reference – proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937-COM/2020/593 final];

(17) ‘wallet address’ means an account number which custody is ensured by a crypto-asset service provider or a an alphanumeric code for a wallet on a blockchain;

(18) ‘account number’ means the number of an account to hold crypto-assets which custody is ensured by a crypto-asset service provider;

(19) ‘originator’ means a person that holds an account with a crypto-asset service provider and allows a transfer of crypto-assets from that account, or, where there is no account, that gives a transfer of crypto-assets order;

(20) ‘beneficiary’ means a person that is the intended recipient of the transfer of crypto-assets;

(21) ‘legal entity identifier’ (LEI) means a unique alphanumeric reference code based on the ISO 17442 standard assigned to a legal entity.


 2015/847 (adapted)

CHAPTER II

OBLIGATIONS ON PAYMENT SERVICE PROVIDERS

SECTION 1

Obligations on the payment service provider of the payer

Article 4 - Information accompanying transfers of funds

1. The payment service provider of the payer shall ensure that transfers of funds are accompanied by the following information on the payer:

(a)the name of the payer;

(b)the payer's payment account number; and

(c)the payer's address, official personal document number, customer identification number or date and place of birth;.


 new

(d)subject to the existence of the necessary field in the relevant payments message format, and where provided by the payer to the payer’s Payment service provider, the current Legal Entity Identifier of the payer.


 2015/847 (adapted)

2. The payment service provider of the payer shall ensure that transfers of funds are accompanied by the following information on the payee:

(a)the name of the payee; and

(b)the payee's payment account number;.


 new

(c)subject to the existence of the necessary field in the relevant payments message format, and where provided by the payer to the payer’s Payment service provider, the current Legal Entity Identifier of the payee.


 2015/847 (adapted)

 new

3. By way of derogation from point (b) of paragraph 1 and point (b) of paragraph 2, in the case of a transfer not made from or to a payment account, the payment service provider of the payer shall ensure that the transfer of funds is accompanied by a unique transaction identifier rather than the payment account number(s).

4. Before transferring funds, the payment service provider of the payer shall verify the accuracy of the information referred to in paragraph 1  and, where applicable, in paragraph 3,  on the basis of documents, data or information obtained from a reliable and independent source.

5. Verification as referred to in paragraph 4 shall be deemed to have taken place where:

(a)a payer's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849   Articles 16, 37 and 18(3) of [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849]  and the information obtained pursuant to that verification has been stored in accordance with Article 5640 of that RegulationDirective; or

(b)Article 21(2) and (3)14(5) of Directive (EU) 2015/849 [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] applies to the payer.

6. Without prejudice to the derogations provided for in Articles 5 and 6, the payment service provider of the payer shall not execute any transfer of funds before ensuring full compliance with this Article.

Article 5 - Transfers of funds within the Union

1. By way of derogation from Article 4(1) and (2), where all payment service providers involved in the payment chain are established in the Union, transfers of funds shall be accompanied by at least the payment account number of both the payer and the payee or, where Article 4(3) applies, the unique transaction identifier, without prejudice to the information requirements laid down in Regulation (EU) No 260/2012, where applicable.

2. Notwithstanding paragraph 1, the payment service provider of the payer shall, within three working days of receiving a request for information from the payment service provider of the payee or from the intermediary payment service provider, make available the following:

(a)for transfers of funds exceeding EUR 1000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, the information on the payer or the payee in accordance with Article 4;

(b)for transfers of funds not exceeding EUR 1000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1000, at least:

(i)the names of the payer and of the payee; and

(ii)the payment account numbers of the payer and of the payee or, where Article 4(3) applies, the unique transaction identifier.

3. By way of derogation from Article 4(4), in the case of transfers of funds referred to in paragraph 2, point (b), of this Article, the payment service provider of the payer need not verify the information on the payer unless the payment service provider of the payer:

(a)has received the funds to be transferred in cash or in anonymous electronic money; or

(b)has reasonable grounds for suspecting money laundering or terrorist financing.

Article 6 - Transfers of funds to outside the Union

1. In the case of a batch file transfer from a single payer where the payment service providers of the payees are established outside the Union, Article 4(1) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in Article 4(1), (2) and (3), that that information has been verified in accordance with Article 4(4) and (5), and that the individual transfers carry the payment account number of the payer or, where Article 4(3) applies, the unique transaction identifier.

2. By way of derogation from Article 4(1), and, where applicable, without prejudice to the information required in accordance with Regulation (EU) No 260/2012, where the payment service provider of the payee is established outside the Union, transfers of funds not exceeding EUR 1000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1000, shall be accompanied by at least:

(a)the names of the payer and of the payee; and

(b)the payment account numbers of the payer and of the payee or, where Article 4(3) applies, the unique transaction identifier.

By way of derogation from Article 4(4), the payment service provider of the payer need not verify the information on the payer referred to in this paragraph unless the payment service provider of the payer:

(a)has received the funds to be transferred in cash or in anonymous electronic money; or

(b)has reasonable grounds for suspecting money laundering or terrorist financing.

SECTION 2

Obligations on the payment service provider of the payee

Article 7 - Detection of missing information on the payer or the payee

1. The payment service provider of the payee shall implement effective procedures to detect whether the fields relating to the information on the payer and the payee in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.

2. The payment service provider of the payee shall implement effective procedures, including, where appropriate,  ex-post monitoring after or real-time monitoring during the transfers  , in order to detect whether the following information on the payer or the payee is missing:

(a)for transfers of funds where the payment service provider of the payer is established in the Union, the information referred to in Article 5;

(b)for transfers of funds where the payment service provider of the payer is established outside the Union, the information referred to in Article 4(1), points (a), (b) and (c), and Article 4(2), points (a) and (b);

(c)for batch file transfers where the payment service provider of the payer is established outside the Union, the information referred to in Article 4(1), points (a), (b) and (c), and Article 4(2), points (a) and (b), in respect of that batch file transfer.

3. In the case of transfers of funds exceeding EUR 1000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before crediting the payee's payment account or making the funds available to the payee, the payment service provider of the payee shall verify the accuracy of the information on the payee referred to in paragraph 2 of this Article on the basis of documents, data or information obtained from a reliable and independent source, without prejudice to the requirements laid down in Articles 8369 and 8470 of Directive (EU) 2015/2366 2007/64/EC.

4. In the case of transfers of funds not exceeding EUR 1000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1000, the payment service provider of the payee need not verify the accuracy of the information on the payee, unless the payment service provider of the payee:

(a)effects the pay-out of the funds in cash or in anonymous electronic money; or

(b)has reasonable grounds for suspecting money laundering or terrorist financing.

5. Verification as referred to in paragraphs 3 and 4 shall be deemed to have taken place where:

(a)a payee's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849   Articles 16, 37 and 18(3) of [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849]  and the information obtained pursuant to that verification has been stored in accordance with Article 5640 of that RegulationDirective; or

(b)Article 21(2) and (3)14(5) of Directive (EU) 2015/849 [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] applies to the payee.

Article 8 - Transfers of funds with missing or incomplete information on the payer or the payee

1. The payment service provider of the payee shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis referred to in Article 1613 of Directive (EU) 2015/849 [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849], for determining whether to execute, reject or suspend a transfer of funds lacking the required complete payer and payee information and for taking the appropriate follow-up action.

Where the payment service provider of the payee becomes aware, when receiving transfers of funds, that the information referred to in Article 4(1), points (a), (b) and (c), or Article 4(2), points (a) and (b), Article 5(1) or Article 6 is missing or incomplete or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system as referred to in Article 7(1), the payment service provider of the payee shall reject the transfer or ask for the required information on the payer and the payee before or after crediting the payee's payment account or making the funds available to the payee, on a risk-sensitive basis.

2. Where a payment service provider repeatedly fails to provide the required information on the payer or the payee, the payment service provider of the payee shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.

The payment service provider of the payee shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

Article 9 - Assessment and reporting

The payment service provider of the payee shall take into account missing or incomplete information on the payer or the payee as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious and whether it is to be reported to the Financial Intelligence Unit (FIU) in accordance with Directive (EU) 2015/849 [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849].

SECTION 3

Obligations on intermediary payment service providers

Article 10 - Retention of information on the payer and the payee with the transfer

Intermediary payment service providers shall ensure that all the information received on the payer and the payee that accompanies a transfer of funds is retained with the transfer.

Article 11 - Detection of missing information on the payer or the payee

1. The intermediary payment service provider shall implement effective procedures to detect whether the fields relating to the information on the payer and the payee in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.

2. The intermediary payment service provider shall implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the following information on the payer or the payee is missing:

(a)for transfers of funds where the payment service providers of the payer and the payee are established in the Union, the information referred to in Article 5;

(b)for transfers of funds where the payment service provider of the payer or of the payee is established outside the Union, the information referred to in Article 4(1), points (a), (b) and (c), and Article 4(2), points (a) and (b);

(c)for batch file transfers where the payment service provider of the payer or of the payee is established outside the Union, the information referred to in Article 4(1) and (2) in respect of that batch file transfer.

Article 12 - Transfers of funds with missing information on the payer or the payee

1. The intermediary payment service provider shall establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds lacking the required payer and payee information and for taking the appropriate follow up action.

Where the intermediary payment service provider becomes aware, when receiving transfers of funds, that the information referred to in Article 4(1), points (a), (b) and (c), or Article 4, points (2)(a) and (b), Article 5(1) or Article 6 is missing or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system as referred to in Article 7(1) it shall reject the transfer or ask for the required information on the payer and the payee before or after the transmission of the transfer of funds, on a risk-sensitive basis.

2. Where a payment service provider repeatedly fails to provide the required information on the payer or the payee, the intermediary payment service provider shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.

The intermediary payment service provider shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

Article 13 - Assessment and reporting

The intermediary payment service provider shall take into account missing information on the payer or the payee as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious, and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849 [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849].


 new

CHAPTER III

Obligations on crypto-asset service providers

SECTION 1

Obligations on the crypto-asset service provider of the originator

Article 14 - Information accompanying transfers of crypto-assets

1. The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the following information on the originator:

(a) the name of the originator;

(b) the account number of the originator, where an account is used to process the transaction;

(c) the originator’s address, official personal document number, customer identification number or date and place of birth.

2. The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the following information on the beneficiary:

(a) the name of the beneficiary;

(b) the beneficiary’s account number, where such an account exists and is used to process the transaction.

3. By way of derogation from paragraph 1, point (b), and paragraph 2, point (b), in the case of a transfer not made from or to an account, the crypto-asset service provider of the originator shall ensure that the transfer of crypto-assets can be individually identified and record the originator and beneficiary address identifiers on the distributed ledger.

4. The information referred to in paragraphs 1 and 2 does not have to be attached directly to, or be included in, the transfer of crypto-assets.

5. Before transferring crypto-assets, the crypto-asset service provider of the originator shall verify the accuracy of the information referred to in paragraph 1 on the basis of documents, data or information obtained from a reliable and independent source.

6. Verification as referred to in paragraph 5 shall be deemed to have taken place where

(a) the identity of the originator has been verified in accordance with Article 16, 18(3) and 37 of Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] [and the information obtained pursuant to that verification has been stored in accordance with Article 56 of Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] or

(b) Article 21(2) and (3) of Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] applies to the originator.

7. Without prejudice to the derogation provided for in Article 15(2), the crypto-asset service provider of the originator shall not execute any transfer of crypto-assets before ensuring full compliance with this Article.

Article 15 - Transfers of crypto-assets

1. In the case of a batch file transfer from a single originator, Article 14(1) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in Article 14(1), (2) and (3), that that information has been verified in accordance with Article 14(5) and (6), and that the individual transfers carry the payment account number of the originator or, where Article 14(3) applies the individual identification of the transfer.

2. By way of derogation from Article 14(1), transfers of crypto-assets not exceeding EUR 1 000 that do not appear to be linked to other transfers of crypto-assets which, together with the transfer in question, exceed EUR 1 000, shall be accompanied by at least the following information:

(a) the names of the originator and of the beneficiary;

(b) the account number of the originator and of the beneficiary or, where Article 14(3) applies, the insurance that the crypto-asset transaction can be individually identified;

By way of derogation from Article 14(5), the crypto-assets service provider of the originator shall only verify the information on the originator referred to in this paragraph, first subparagraph, points (a) and (b), in the following cases:

(a) the crypto-assets service provider of the originator has received the crypto-assets to be transferred in exchange of cash or anonymous electronic money;

(b) the crypto-assets service provider of the originator has reasonable grounds for suspecting money laundering or terrorist financing.

SECTION 2

Obligations on the crypto-asset service provider of the beneficiary

Article 16 - Detection of missing information on the originator or the beneficiary

1. The crypto-asset service provider of the beneficiary shall implement effective procedures, including, where appropriate, monitoring after or during the transfers, in order to detect whether the information referred to in Article 14(1) and (2), on the originator or the beneficiary is included in, or follows, the transfer of crypto-assets or batch file transfer.

2. In the case of transfers of crypto-assets exceeding EUR 1 000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary referred to in paragraph 1 on the basis of documents, data or information obtained from a reliable and independent source, without prejudice to the requirements laid down in Articles 83 and 84 of Directive (EU) 2015/2366.

3. In the case of transfers of crypto-assets not exceeding EUR 1 000 that do not appear to be linked to other transfers of crypto-asset which, together with the transfer in question, exceed EUR 1 000, the crypto-asset service provider of the beneficiary shall only verify the accuracy of the information on the beneficiary in the following cases:

(a) where the crypto-asset service provider of the beneficiary effects the pay-out of the crypto-assets in cash or anonymous electronic money;

(b) where the crypto-asset service provider of the beneficiary has reasonable grounds for suspecting money laundering or terrorist financing.

4. Verification as referred to in paragraphs 2 and 3 shall be deemed to have taken place where one of the following applies:

(a) the identity of the crypto-assets transfer beneficiary has been verified in accordance with [replace with right reference in AMLR to replace Articles 16, 18(3) and 37 of Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] and the information obtained pursuant to that verification has been stored in accordance with Article 56 of Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849];

(b) Article 21(2) and (3) of Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] applies to the crypto-assets transfer beneficiary.

Article 17 - Transfers of crypto-assets with missing or incomplete information on the originator or the beneficiary

1. The crypto-asset service provider of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis referred to in Articles 16, 18(3) and 37 of Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849], for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information and for taking the appropriate follow-up action.

Where the crypto-asset service provider of the beneficiary becomes aware, when receiving transfers of crypto-assets, that the information referred to in Article 14(1) or (2) or Article 15 is missing or incomplete, the crypto-asset service provider shall reject the transfer or ask for the required information on the originator and the beneficiary before or after making the crypto-assets available to the beneficiary, on a risk-sensitive basis.

2. Where a crypto-asset service provider repeatedly fails to provide the required information on the originator or the beneficiary, the crypto-asset service provider of the beneficiary shall take steps, which may initially include the issuing of warnings and setting of deadlines, and return the transferred crypto-assets to the originator’s account or address. Alternatively, the crypto-asset service provider of the beneficiary may hold the transferred crypto-assets without making them available to the beneficiary, pending review by the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

The crypto-asset service provider of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

Article 18 - Assessment and reporting

The crypto-asset service provider of the beneficiary shall take into account missing or incomplete information on the originator or the beneficiary when assessing whether a transfer of crypto-assets, or any related transaction, is suspicious and whether it is to be reported to the FIU in accordance with Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849].


 2015/847

 new

CHAPTER IVIII

INFORMATION, DATA PROTECTION AND RECORD-RETENTION

Article 1914 - Provision of information

Payment service providers  and crypto-asset service providers  shall respond fully and without delay, including by means of a central contact point in accordance with Article 5(1) of Directive (EU) 2015/849 [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849], where such a contact point has been appointed, and in accordance with the procedural requirements laid down in the national law of the Member State in which they are established, to enquiries exclusively from the authorities responsible for preventing and combating money laundering or terrorist financing of that Member State concerning the information required under this Regulation.

Article 2015 - Data protection

 2019/2175 Art. 6.1

1. The processing of personal data under this Regulation is subject to Regulation (EU) 2016/679 of the European Parliament and of the Council 62 . Personal data that is processed pursuant to this Regulation by the Commission or EBA is subject to Regulation (EU) 2018/1725 of the European Parliament and of the Council 63 .


 2015/847 (adapted)

 new

2. Personal data shall be processed by payment service providers  and crypto-asset service providers  on the basis of this Regulation only for the purposes of the prevention of money laundering and terrorist financing and shall not be further processed in a way that is incompatible with those purposes. The processing of personal data on the basis of this Regulation for commercial purposes shall be prohibited.

3. Payment service providers  and crypto-asset service providers   shall provide new clients with the information required pursuant to Article 1310 of Regulation (EU) 2016/679 Directive 95/46/EC before establishing a business relationship or carrying out an occasional transaction. That information shall, in particular, include a general notice concerning the legal obligations of payment service providers  and crypto-asset service providers   under this Regulation when processing personal data for the purposes of the prevention of money laundering and terrorist financing.

4. Payment  and crypto-asset  service providers shall ensure that the confidentiality of the data processed is respected.

Article 2116 - Record retention

1. Information on the payer and the payee  , or, for transfers of crypto-assets, on the originator and beneficiary,   shall not be retained for longer than strictly necessary. Payment service providers of the payer and of the payee shall retain records of the information referred to in Articles 4 to 7  and crypto-asset service providers of the originator and beneficiary shall retain records of the information referred to in Articles 14 to 16,   for a period of five years.

2. Upon expiry of the retention period referred to in paragraph 1, payment service providers  and crypto-asset service providers   shall ensure that the personal data is deleted, unless otherwise provided for by national law, which shall determine under which circumstances payment service providers may or shall further retain the data. Member States may allow or require further retention only after they have carried out a thorough assessment of the necessity and proportionality of such further retention, and where they consider it to be justified as necessary for the prevention, detection or investigation of money laundering or terrorist financing. That further retention period shall not exceed five years.

3. Where, on 25 June 2015, legal proceedings concerned with the prevention, detection, investigation or prosecution of suspected money laundering or terrorist financing are pending in a Member State, and a payment service provider holds information or documents relating to those pending proceedings, the payment service provider may retain that information or those documents in accordance with national law for a period of five years from 25 June 2015. Member States may, without prejudice to national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings, allow or require the retention of such information or documents for a further period of five years where the necessity and proportionality of such further retention has been established for the prevention, detection, investigation or prosecution of suspected money laundering or terrorist financing.

CHAPTER IV

SANCTIONS AND MONITORING

Article 2217 - Administrative sanctions and measures

1. Without prejudice to the right to provide for and impose criminal sanctions, Member States shall lay down the rules on administrative sanctions and measures applicable to breaches of the provisions of this Regulation and shall take all measures necessary to ensure that they are implemented. The sanctions and measures provided for shall be effective, proportionate and dissuasive and shall be consistent with those laid down in accordance with Chapter IVVI, Section 4, of Directive (EU) 2015/849 [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849].

Member States may decide not to lay down rules on administrative sanctions or measures for breach of the provisions of this Regulation which are subject to criminal sanctions in their national law. In that case, Member States shall communicate to the Commission the relevant criminal law provisions.

2. Member States shall ensure that where obligations apply to payment services providers   and crypto-asset service providers  , in the event of a breach of provisions of this Regulation, sanctions or measures can, subject to national law, be applied to the members of the management body and to any other natural person who, under national law, is responsible for the breach.


 2019/2175 Art. 6.2

3. By 26 June 2017, Member States shall notify the rules referred to in paragraph 1 to the Commission and to the Joint Committee of the ESAs. Member States shall notify the Commission and EBA without undue delay of any subsequent amendments thereto.


 2015/847 (adapted)

 new

4. In accordance with Article 3958(4) of Directive (EU) 2015/849 [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849], competent authorities shall have all the supervisory and investigatory powers that are necessary for the exercise of their functions. In the exercise of their powers to impose administrative sanctions and measures, competent authorities shall cooperate closely to ensure that those administrative sanctions or measures produce the desired results and coordinate their action when dealing with cross-border cases.

5. Member States shall ensure that legal persons can be held liable for the breaches referred to in Article 2318 committed for their benefit by any person acting individually or as part of an organ of that legal person, and having a leading position within the legal person based on any of the following:

(a)power to represent the legal person;

(b)authority to take decisions on behalf of the legal person; or

(c)authority to exercise control within the legal person.

6. Member States shall also ensure that legal persons can be held liable where the lack of supervision or control by a person referred to in paragraph 5 of this Article has made it possible to commit one of the breaches referred to in Article 2318 for the benefit of that legal person by a person under its authority.

7. Competent authorities shall exercise their powers to impose administrative sanctions and measures in accordance with this Regulation in any of the following ways:

(a)directly;

(b)in collaboration with other authorities;

(c)under their responsibility by delegation to such other authorities;

(d)by application to the competent judicial authorities.

In the exercise of their powers to impose administrative sanctions and measures, competent authorities shall cooperate closely in order to ensure that those administrative sanctions or measures produce the desired results and coordinate their action when dealing with cross-border cases.

Article 2318 - Specific provisions

Member States shall ensure that their administrative sanctions and measures include at least those laid down by Articles 40(2), 40(3) and 41(1)59(2) and (3) of Directive (EU) 2015/849 [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] in the event of the following breaches of this Regulation:

(a)repeated or systematic failure by a payment service provider to include the required information on the payer or the payee, in breach of Article 4, 5 or 6  or by a crypto-asset service provider to include the required information on the originator and beneficiary, in breach of Articles 14 and 15  ;

(b)repeated, systematic or serious failure by a payment service provider  or crypto-asset service provider  to retain records, in breach of Article 2116;

(c)failure by a payment service provider to implement effective risk-based procedures, in breach of Articles 8 or 12  or by a crypto-asset service provider to implement effective risk-based procedures, in breach of Article 17  ;

(d)serious failure by an intermediary payment service provider to comply with Article 11 or 12.

Article 2419 - Publication of sanctions and measures

In accordance with Article 4260(1), (2) and (3) of Directive (EU) 2015/849 [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849], the competent authorities shall publish administrative sanctions and measures imposed in the cases referred to in Articles 2217 and 2318 of this Regulation without undue delay, including information on the type and nature of the breach and the identity of the persons responsible for it, if necessary and proportionate after a case-by-case evaluation.

Article 2520 - Application of sanctions and measures by the competent authorities

1. When determining the type of administrative sanctions or measures and the level of administrative pecuniary sanctions, the competent authorities shall take into account all relevant circumstances, including those listed in Article 39(5)60(4) of Directive (EU) 2015/849 […].

2. As regards administrative sanctions and measures imposed in accordance with this Regulation, Articles 6(6) and 44 [...]62 of [...]Directive (EU) 2015/849 [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] shall apply.

Article 2621 - Reporting of breaches

1. Member States shall establish effective mechanisms to encourage the reporting to competent authorities of breaches of this Regulation.

Those mechanisms shall include at least those referred to in Article 4361(2) of Directive (EU) 2015/849 [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849].

2. Payment service providers   and crypto-asset service providers  , in cooperation with the competent authorities, shall establish appropriate internal procedures for their employees, or persons in a comparable position, to report breaches internally through a secure, independent, specific and anonymous channel, proportionate to the nature and size of the payment service provider  or the crypto-asset service provider   concerned.

Article 2722 - Monitoring

1. Member States shall require competent authorities to monitor effectively and to take the measures necessary to ensure compliance with this Regulation and encourage, through effective mechanisms, the reporting of breaches of the provisions of this Regulation to competent authorities.


 2019/2175 Art. 6.3

 new

2.  Two years after the entry into force of this Regulation and every three years thereafter   Following a notification in accordance with Article 17(3), the Commission shall submit a report to the European Parliament and to the Council on the application of Chapter IV, with particular regard to cross-border cases.


 2015/847 (adapted)

CHAPTER VI

IMPLEMENTING POWERS

Article 2823 - Committee procedure

1. The Commission shall be assisted by the Committee on the Prevention of Money Laundering and Terrorist Financing (the ‘Committee’).The   That  Committee shall be a committee within the meaning of Regulation (EU) No 182/2011.

2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

CHAPTER VII

DEROGATIONS

Article 2924 - Agreements with countries and territories which do not form part of the territory of the Union

1. The Commission may authorise any Member State to conclude an agreement with a third country or with a territory outside the territorial scope of the TEU and the TFEU as referred to in Article 355 TFEU (the ‘country or territory concerned’), which contains derogations from this Regulation, in order to allow transfers of funds between that country or territory and the Member State concerned to be treated as transfers of funds within that Member State.

Such agreements may be authorised only where all of the following conditions are met:

(a)the country or territory concerned shares a monetary union with the Member State concerned, forms part of the currency area of that Member State or has signed a monetary convention with the Union represented by a Member State;

(b)payment service providers in the country or territory concerned participate directly or indirectly in payment and settlement systems in that Member State; and

(c)the country or territory concerned requires payment service providers under its jurisdiction to apply the same rules as those established under this Regulation.

2. A Member State wishing to conclude an agreement as referred to in paragraph 1 shall submit a request to the Commission and provide it with all the information necessary for the appraisal of the request.

3. Upon receipt by the Commission of such a request, transfers of funds between that Member State and the country or territory concerned shall be provisionally treated as transfers of funds within that Member State until a decision is reached in accordance with this Article.

4. If, within two months of receipt of the request, the Commission considers that it does not have all the information necessary for the appraisal of the request, it shall contact the Member State concerned and specify the additional information required.

5. Within one month of receipt of all the information that it considers to be necessary for the appraisal of the request, the Commission shall notify the requesting Member State accordingly and shall transmit copies of the request to the other Member States.

6. Within three months of the notification referred to in paragraph 5 of this Article, the Commission shall decide, in accordance with Article 23(2), whether to authorise the Member State concerned to conclude the agreement that is the subject of the request.  Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 28(2). 

The Commission shall, in any event, adopt a decision as referred to in the first subparagraph within 18 months of receipt of the request.

7. By 26 March 2017, Member States that have been authorised to conclude agreements with a country or territory concerned pursuant to Commission Implementing Decision 2012/43/EU 64 , Commission Decision 2010/259/EU 65 , Commission Decision 2009/853/EC 66 or Commission Decision 2008/982/EC 67 shall provide the Commission with updated information necessary for an appraisal under point (c) of the second subparagraph of paragraph 1.

Within three months of receipt of such information, the Commission shall examine the information provided to ensure that the country or territory concerned requires payment service providers under its jurisdiction to apply the same rules as those established under this Regulation. If, after such examination, the Commission considers that the condition laid down in point (c) of the second subparagraph of paragraph 1 is no longer met, it shall repeal the relevant Commission Decision or Commission Implementing Decision.


 2019/2175 Art. 6.4

Article 3025 - Guidelines

By 26 June 2017, Tthe ESAs shall issue guidelines addressed to the competent authorities and the payment service providers in accordance with Article 16 of Regulation (EU) No 1093/2010 on measures to be taken in accordance with this Regulation, in particular as regards the implementation of Articles 7, 8, 11 and 12 thereof. From 1 January 2020, EBA shall, where appropriate, issue such guidelines.


 2015/847 (adapted)

CHAPTER VIII

FINAL PROVISIONS

Article 3126 - Repeal of Regulation (EC) No 1781/2006

Regulation (EC) No 1781/2006   (EU) 2015/847  is repealed.

References to the repealed Regulation shall be construed as references to this Regulation and shall be read in accordance with the correlation table in the Annex II.

Article 3227 - Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from 26 June 2017.

This Regulation shall be binding in its entirety and directly applicable in all Member States.