Considerations on COM(2021)422 - Information accompanying transfers of funds and certain crypto-assets (recast) - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2021)422 - Information accompanying transfers of funds and certain crypto-assets (recast). |
|---|---|
| document | COM(2021)422  |
| date | May 31, 2023 |
(1) Regulation (EU) 2015/847 of the European Parliament and of the Council 37 has been substantially amended 38 . Since further amendments are to be made, that Regulation should be recast in the interests of clarity.
(2) Regulation (EU) 2015/847 was adopted to ensure that the Financial Action Task Force (FATF) requirements on wire transfers services providers, and in particular the obligation on payment service providers to accompany transfers of funds with information on the payer and the payee, were applied uniformly throughout the Union. The latest changes introduced in June 2019 in the FATF standards on new technologies, aiming at regulating so called virtual assets and virtual asset service providers, have provided new and similar obligations for virtual asset service providers, with the purpose to facilitate the traceability of transfers of virtual assets. Thus, under those new requirements, virtual asset transfer service providers must accompany transfers of virtual assets with information on their originators and beneficiaries, that they must obtain, hold, share with counterpart at the other hand of the virtual assets transfer and make available on request to appropriate authorities.
(3) Given that Regulation (EU) 2015/847 currently only applies to transfer of funds, in the meaning of banknotes and coins, scriptural money and electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC, it is appropriate to extend the scope in order to also cover transfer of virtual assets.
2015/847 recital 1 (adapted)
new
(4) Flows of illicit money through transfers of funds and crypto-assets can damage the integrity, stability and reputation of the financial sector, and threaten the internal market of the Union as well as international development. Money laundering, terrorist financing and organised crime remain significant problems which should be addressed at Union level. The soundness, integrity and stability of the system of transfers of funds and crypto-assets as well as and confidence in the financial system as a whole , could be seriously jeopardised by the efforts of criminals and their associates to disguise the origin of criminal proceeds or to transfer funds or crypto-assets for criminal activities or terrorist purposes.
2015/847 recital 2 (adapted)
new
(5) In order to facilitate their criminal activities, money launderers and financers of terrorism are likely to take advantage of the freedom of capital movements within the Union's integrated financial area unless certain coordinating measures are adopted at Union level. International cooperation within the framework of the Financial Action Task Force (FATF) and the global implementation of its recommendations aim to prevent money laundering and terrorist financing while transferring funds or crypto-assets .
2015/847 recital 3 (adapted)
new
(6) By reason of the scale of the action to be undertaken, the Union should ensure that the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation adopted by FATF on 16 February 2012 and then on 21 June 2019 (the ‘revised FATF Recommendations’), and, in particular, FATF Recommendation 15 on new technologies (FATF Recommendation 15), FATF Recommendation 16 on wire transfers (the ‘FATF Recommendation 16’) and the revised interpretative notes on those Recommendations note for its implementation, are implemented applied uniformly throughout the Union and that, in particular, there is no discrimination or discrepancy between, on the one hand, national payments or transfers of crypto-assets within a Member State and, on the other, cross-border payments or transfers of crypto-assets between Member States. Uncoordinated action by Member States acting alone in the field of cross-border transfers of funds and crypto-assets could have a significant impact on the smooth functioning of payment systems and crypto-asset transfer services at Union level and could therefore damage the internal market in the field of financial services.
2015/847 recital 4 (adapted)
(7) In order to foster a coherent approach in the international context and to increase the effectiveness of the fight against money laundering and terrorist financing, further Union action should take account of developments at international level, namely in particular the revised FATF Recommendations.
new
(8) Directive (EU) 2018/843 of the European Parliament and of the Council 39 introduced a definition of virtual currencies and recognised providers engaged in exchange services between virtual currencies and fiat currencies as well as custodian wallet providers among the entities submitted to anti-money laundering and countering terrorism financing requirements in the Union legal framework. The latest international developments, notably within the FATF, now implies the need to regulate additional categories of virtual asset service providers not yet covered as well as to broaden the current definition of virtual currency.
(9) It is to be noted that the definition of crypto-assets in Regulation 40 [please insert reference – proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937-COM/2020/593 final] corresponds to the definition of virtual assets set out in the recommendations of FATF, and the list of crypto-asset services and crypto-asset service providers covered in that Regulation also encompass the virtual asset services providers identified as such by FATF and considered as likely to raise money-laundering concerns. In order to ensure the coherency of the Union legal framework, this proposal should refer to those definitions of crypto-assets and crypto-asset service providers.
2015/847 recital 5 (adapted)
(10) The implementation and enforcement of this Regulation, including FATF Recommendation 16, represent relevant and effective means of preventing and combating money-laundering and terrorist financing.
2015/847 recital 6
new
(11) This Regulation is not intended to impose unnecessary burdens or costs on payment service providers , crypto-asset service providers or on persons who use their services. In this regard, the preventive approach should be targeted and proportionate and should be in full compliance with the free movement of capital, which is guaranteed throughout the Union.
2015/847 recital 7
(12) In the Union's Revised Strategy on Terrorist Financing of 17 July 2008 (the ‘Revised Strategy’), it was pointed out that efforts must be maintained to prevent terrorist financing and to control the use by suspected terrorists of their own financial resources. It is recognised that FATF is constantly seeking to improve its Recommendations and is working towards a common understanding of how they should be implemented. It is noted in the Revised Strategy that implementation of the revised FATF Recommendations by all FATF members and members of FATF-style regional bodies is assessed on a regular basis and that a common approach to implementation by Member States is therefore important.
new
(13) In addition, the Commission Action Plan of 7 May 2020 for a comprehensive Union policy on preventing money laundering and terrorism financing 41 identified six priority areas for urgent action to improve the Union’s anti-money laundering and countering financing of terrorism regime, including the establishment of a coherent regulatory framework for that regime in the Union to obtain more detailed and harmonised rules, notably to address the implications of technological innovation and developments in international standards and avoid diverging implementation of existing rules. Work at international level suggests a need to expand the scope of sectors or entities covered by the anti-money laundering and countering financing of terrorism rules and to assess how they should apply to virtual assets service providers not covered so far.
2015/847 recital 8 (adapted)
new
(14) In order to prevent terrorist financing, measures with the purpose of freezing the funds and the economic resources of certain persons, groups and entities have been taken, including Council Regulations (EC) No 2580/2001 42 , (EC) No 881/2002 43 and (EU) No 356/2010 44 . To the same end, measures with the purpose of protecting the financial system against the channelling of funds and economic resources for terrorist purposes have also been taken. Directive (EU) 2015/849 of the European Parliament and of the Council 45 [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] and Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] contains a number of such measures. Those measures do not, however, fully prevent terrorists or other criminals from accessing payment systems for transferring their funds.
2015/847 recital 9 (adapted)
new
(15) The full traceability of transfers of funds and crypto-assets can be a particularly important and valuable tool in the prevention, detection and investigation of money laundering and terrorist financing, as well as in the implementation of restrictive measures, in particular those imposed by Regulations (EC) No 2580/2001, (EC) No 881/2002 and (EU) No 356/2010, in full compliance with Union regulations implementing such measures. It is therefore appropriate, in order to ensure the transmission of information throughout the payment or transfers of crypto-assets chain, to provide for a system imposing the obligation on payment service providers and crypto-asset service providers to accompany transfers of funds and crypto-assets with information on the payer and the payee , and, for transfers of crypto-assets, on the originator and the beneficiary .
2015/847 recital 10
(16) This Regulation should apply without prejudice to the restrictive measures imposed by regulations based on Article 215 of the Treaty on the Functioning of the European Union (TFEU), such as Regulations (EC) No 2580/2001, (EC) No 881/2002 and (EU) No 356/2010, which may require that payment service providers of payers and of payees, as well as intermediary payment service providers, take appropriate action to freeze certain funds or that they comply with specific restrictions concerning certain transfers of funds.
2015/847 recital 11 (adapted)
new
(17) This Regulation should also apply without prejudice to Regulation (EU) 2016/679 of the European Parliament and of the Council 46 national legislation transposing Directive 95/46/EC of the European Parliament and of the Council 47 . For example, personal data collected for the purpose of complying with this Regulation should not be further processed in a way that is incompatible with Directive 95/46/EC. In particular, Ffurther processing of personal data for commercial purposes should be strictly prohibited. The fight against money laundering and terrorist financing is recognised as an important public interest ground by all Member States. Therefore, Iin applying this Regulation, the transfer of personal data to a third country which does not ensure an adequate level of protection must be carried out in accordance with Article 25 of Directive 95/46/EC Chapter V of Regulation (EU) 2016/679 should be permitted in accordance with Article 26 thereof. It is important that payment service providers and crypto-asset service providers operating in multiple jurisdictions with branches or subsidiaries located outside the Union should not be prevented from transferring data about suspicious transactions within the same organisation, provided that they apply adequate safeguards. In addition, the crypto-asset service providers of the originator and the beneficiary, the payment service providers of the payer and of the payee and the intermediary payment service providers should have in place appropriate technical and organisational measures to protect personal data against accidental loss, alteration, or unauthorised disclosure or access.
2015/847 recital 12 (adapted)
(18) Persons that merely convert paper documents into electronic data and are acting under a contract with a payment service provider and persons that provide payment service providers solely with messaging or other support systems for transmitting funds or with clearing and settlement systems do should not fall within the scope of this Regulation.
2015/847 recital 13
(19) Transfers of funds corresponding to services referred to in points (a) to (m) and (o) of Article 3 of Directive (EU) 2015/23662007/64/EC of the European Parliament and of the Council 48 49 do not fall within the scope of this Regulation. It is also appropriate to exclude from the scope of this Regulation transfers of funds that represent a low risk of money laundering or terrorist financing. Such exclusions should cover payment cards, electronic money instruments, mobile phones or other digital or information technology (IT) prepaid or postpaid devices with similar characteristics, where they are used exclusively for the purchase of goods or services and the number of the card, instrument or device accompanies all transfers. However, the use of a payment card, an electronic money instrument, a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics in order to effect a person-to-person transfer of funds, falls within the scope of this Regulation. In addition, Automated Teller Machine withdrawals, payments of taxes, fines or other levies, transfers of funds carried out through cheque images exchanges, including truncated cheques, or bills of exchange, and transfers of funds where both the payer and the payee are payment service providers acting on their own behalf should be excluded from the scope of this Regulation.
2015/847 recital 14
new
(20) In order to reflect the special characteristics of national payment and crypto-asset transfer systems, and provided that it is always possible to trace the transfer of funds back to the payer or the transfer of crypto-assets back to the beneficiary , Member States should be able to exempt from the scope of this Regulation certain domestic low-value transfers of funds, including electronic giro payments, or low-value transfers of crypto-assets, used for the purchase of goods or services.
2015/847 recital 15
new
(21) Payment service providers and crypto-asset service providers should ensure that the information on the payer and the payee or the originator and the beneficiary is not missing or incomplete.
2015/847 recital 16
new
(22) In order not to impair the efficiency of payment systems and crypto-asset transfer services , and in order to balance the risk of driving transactions underground as a result of overly strict identification requirements against the potential terrorist threat posed by small transfers of funds or crypto-assets , the obligation to check whether information on the payer or the payee , or, for transfers of crypto-assets, the originator and the beneficiary, is accurate should, in the case of transfers of funds where verification has not yet taken place, be imposed only in respect of individual transfers of funds or crypto-assets that exceed EUR 1000, unless the transfer appears to be linked to other transfers of funds or transfers of crypto-assets which together would exceed EUR 1000, the funds or crypto-assets have been received or paid out in cash or in anonymous electronic money, or where there are reasonable grounds for suspecting money laundering or terrorist financing.
2015/847 recital 17
new
(23) For transfers of funds or for transfers of crypto-assets where verification is deemed to have taken place, payment service providers and crypto-asset service providers should not be required to verify information on the payer or the payee accompanying each transfer of funds, or on the originator and the beneficiary accompanying each transfer of crypto-assets, provided that the obligations laid down in Directive (EU) 2015/849 [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] and Regulation [please insert reference – proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] are met.
2015/847 recital 18
new
(24) In view of the Union legislative acts in respect of payment services, namely Regulation (EC) No 924/2009 of the European Parliament and of the Council 50 , Regulation (EU) No 260/2012 of the European Parliament and of the Council 51 and Directive (EU) 2015/23662007/64/EC, it should be sufficient to provide that only simplified information accompany transfers of funds within the Union, such as the payment account number(s) or a unique transaction identifier , or for transfers of crypto-assets, in the case of a transfer not made from or to an account, other means ensuring that the transfer of crypto-assets can be individually identified and that the originator and beneficiary address identifiers are recorded on the distributed ledger .
2015/847 recital 19 (adapted)
new
(25) In order to allow the authorities responsible for combating money laundering or terrorist financing in third countries to trace the source of funds or crypto-assets used for those purposes, transfers of funds or transfer of crypto-assets from the Union to outside the Union should carry complete information on the payer and the payee. Complete information on the payer and the payee should include the Legal Entity Identifier (LEI) when this information is provided by the payer to the payer’s service provider, since that would allow for better identification of the parties involved in a transfer of funds and could easily be included in existing payment message formats such as the one developed by the International Organisation for Standardisation for electronic data interchange between financial institutions. Those The authorities responsible for combating money laundering or terrorist financing in third countries should be granted access to complete information on the payer and the payee only for the purposes of preventing, detecting and investigating money laundering and terrorist financing.
2015/847 recital 20 (adapted)
(26) The Member State authorities responsible for combating money laundering and terrorist financing, and relevant judicial and law enforcement agencies authorities in the Member States and at Union level , should intensify cooperation with each other and with relevant third country authorities, including those in developing countries, in order further to strengthen transparency and the sharing of information and best practices.
new
(27) Regarding transfers of crypto-assets, the requirements of this Regulation should apply to crypto-asset service providers whenever their transactions, whether in fiat currency or a crypto-asset, involve a traditional wire transfer or a transfer of crypto-assets involving a crypto-asset service provider.
(28) Due to the cross-border nature and the risks associated with crypto-asset activities and crypto-asset service providers operations, all transfers of crypto-assets should be treated as cross-border wire transfers, with no simplified domestic wire transfers regime.
(29) The crypto-asset service provider of the originator should ensure that transfers of crypto-assets are accompanied by the name of the originator, the originator’s account number, where such an account exists and is used to process the transaction, and the originator’s address, official personal document number, customer identification number or date and place of birth. The crypto-asset service provider of the originator should also ensure that transfers of crypto-assets are accompanied by the name of the beneficiary and the beneficiary’s account number, where such an account exists and is used to process the transaction.
2015/847 recital 21
(30) As regards transfers of funds from a single payer to several payees that are to be sent in batch files containing individual transfers from the Union to outside the Union, provision should be made for such individual transfers to carry only the payment account number of the payer or the unique transaction identifier, as well as complete information on the payee, provided that the batch file contains complete information on the payer that is verified for accuracy and complete information on the payee that is fully traceable.
new
(31) As regards transfers of crypto-assets, the submission of originator and beneficiary information in batches should be accepted, as long as submission occurs immediately and securely. It should not be permitted to submit the required information after the transfer, as submission must occur before or at the moment the transaction is completed, and crypto-asset service providers or other obliged entities should submit the required information simultaneously with the batch crypto-assets transfer itself.
2015/847 recital 22 (adapted)
new
(32) In order to check whether the required information on the payer and the payee accompanies transfers of funds, and to help identify suspicious transactions, the payment service provider of the payee and the intermediary payment service provider should have effective procedures in place in order to detect whether information on the payer and the payee is missing or incomplete. Those procedures should include ex-post monitoring or real-time monitoring after or during the transfers where appropriate. Competent authorities should ensure that payment service providers include the required transaction information with the wire transfer or related message throughout the payment chain.
new
(33) As regards transfers of crypto-assets, the crypto-asset service provider of the beneficiary should implement effective procedures to detect whether the information on the originator is missing or incomplete. These procedures should include, where appropriate, monitoring after or during the transfers, in order to detect whether the required information on the originator or the beneficiary is missing. It should not be required that the information is attached directly to the transfer of crypto-assets itself, as long as it is submitted immediately and securely, and available upon request to appropriate authorities.
2015/847 recital 23
new
(34) Given the potential threat of money laundering and terrorist financing presented by anonymous transfers, it is appropriate to require payment service providers to request information on the payer and the payee. In line with the risk-based approach developed by FATF, it is appropriate to identify areas of higher and lower risk, with a view to better targeting the risk of money laundering and terrorist financing. Accordingly, the crypto-asset service provider of the beneficiary, the payment service provider of the payee and the intermediary payment service provider should have effective risk-based procedures that apply where a transfer of funds lacks the required information on the payer or the payee, or where a transfer of crypto-assets lacks the required information on the originator or the beneficiary, in order to allow them to decide whether to execute, reject or suspend that transfer and to determine the appropriate follow-up action to take.
2015/847 recital 24 (adapted)
new
(35) TThe payment service provider of the payee, and the intermediary payment service provider and the crypto-asset service provider of the beneficiary should exercise special vigilance, assessing the risks, when either becomes aware that information on the payer or the payee , or the originator or the beneficiary is missing or incomplete, and should report suspicious transactions to the competent authorities in accordance with the reporting obligations set out in RegulationDirective (EU) [...]2015/849 and with national measures transposing that Directive.
2015/847 recital 25 (adapted)
new
(36) The provisions on transfers of funds and transfers of crypto-assets in relation to which information on the payer or the payee or the originator or the beneficiary is missing or incomplete apply without prejudice to any obligations on payment service providers, and intermediary payment service providers and crypto-asset service providers, to suspend and/or reject transfers of funds which breach a provision of civil, administrative or criminal law.
2015/847 recital 26 (adapted)
(37) With the aim of assisting payment service providers to put effective procedures in place to detect cases in which they receive transfers of funds with missing or incomplete payer or payee information and to take follow-up actions, the European Supervisory Authority (European Banking Authority) (EBA), established by Regulation (EU) No 1093/2010 of the European Parliament and of the Council 52 , the European Supervisory Authority (European Insurance and Occupational Pensions Authority) (EIOPA), established by Regulation (EU) No 1094/2010 of the European Parliament and of the Council 53 , and the European Supervisory Authority (European Securities and Markets Authority) (ESMA), established by Regulation (EU) No 1095/2010 of the European Parliament and of the Council 54 , should issue guidelines.
2015/847 recital 27
new
(38) To enable prompt action to be taken in the fight against money laundering and terrorist financing, payment service providers and crypto-asset service providers should respond promptly to requests for information on the payer and the payee or on the originator and the beneficiary from the authorities responsible for combating money laundering or terrorist financing in the Member State where those payment service providers and crypto-asset service provider are established.
2015/847 recital 28
new
(39) The number of working days in the Member State of the payment service provider of the payer or crypto-asset service provider of the beneficiary determines the number of days to respond to requests for information on the payer or the originator .
2015/847 recital 29
new
(40) As it may not be possible in criminal investigations to identify the data required or the individuals involved in a transaction until many months, or even years, after the original transfer of funds or transfer of crypto-assets , and in order to be able to have access to essential evidence in the context of investigations, it is appropriate to require payment service providers or crypto-asset service providers to keep records of information on the payer and the payee or the originator and the beneficiary for a period of time for the purposes of preventing, detecting and investigating money laundering and terrorist financing. That period should be limited to five years, after which all personal data should be deleted unless national law provides otherwise. If necessary for the purposes of preventing, detecting or investigating money laundering or terrorist financing, and after carrying out an assessment of the necessity and proportionality of the measure, Member States should be able to allow or require retention of records for a further period of no more than five years, without prejudice to national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings.
2015/847 recital 30
(41) In order to improve compliance with this Regulation, and in accordance with the Commission Communication of 9 December 2010 entitled ‘Reinforcing sanctioning regimes in the financial services sector’, the power to adopt supervisory measures and the sanctioning powers of competent authorities should be enhanced. Administrative sanctions and measures should be provided for and, given the importance of the fight against money laundering and terrorist financing, Member States should lay down sanctions and measures that are effective, proportionate and dissuasive. Member States should notify the Commission and the Joint Committee of EBA, EIOPA and ESMA (the ‘ESAs’) thereof.
2015/847 recital 31
(42) In order to ensure uniform conditions for the implementation of Chapter VI of this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council 55 .
2015/847 recital 32
(43) A number of countries and territories which do not form part of the territory of the Union share a monetary union with a Member State, form part of the currency area of a Member State or have signed a monetary convention with the Union represented by a Member State, and have payment service providers that participate directly or indirectly in the payment and settlement systems of that Member State. In order to avoid the application of this Regulation to transfers of funds between the Member States concerned and those countries or territories having a significant negative effect on the economies of those countries or territories, it is appropriate to provide for the possibility for such transfers of funds to be treated as transfers of funds within the Member States concerned.
2015/847 recital 33 (adapted)
Given the number of amendments that would need to be made to Regulation (EC) No 1781/2006 of the European Parliament and of the Council 56 pursuant to this Regulation, that Regulation should be repealed for reasons of clarity.
2015/847 recital 34
new
(44) Since the objectives of this Regulation , namely to fight money laundering and the financing of terrorism, including by implementing International Standards, by ensuring the availability of basic information on payers and payees of transfer of funds, and on originators and beneficiaries of transfers of crypto-assets, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale or effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.
2015/847 recital 35
new
(45) This Regulation is subject to Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 of the European Parliament and of the Council 57 . It respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life (Article 7), the right to the protection of personal data (Article 8), the right to an effective remedy and to a fair trial (Article 47) and the principle of ne bis in idem.
2015/847 recital 36 (adapted)
In order to ensure the smooth introduction of the anti-money laundering and terrorist financing framework, it is appropriate that the date of application of this Regulation be the same as the deadline for transposition of Directive (EU) 2015/849.
2015/847 recital 37 (adapted)
(46) The European Data Protection Supervisor was consulted in accordance with Article 42(1)28(2) of Regulation (EU) 2018/1725(EC) No 45/2001 of the European Parliament and of the Council 58 and delivered an opinion on […] 59 4 July 2013 60 ,
2015/847 (adapted)
new