* This document presents the European Fintech Association (EFA) and European Third-Party Providers Association (ETPPA) comments regarding the inclusion of PISPs on the AMLR scope.
Please see the PDF version of this paper here.
The EFA and ETPPA welcome the exclusion of Account Information Services (AIS) from AMLR and recommend also the exclusion of Payment Initiation Services (PIS).
If the exclusion of PIS is not accepted:
| The EFA and the ETPPA associations recommend to update the language in AMLR Recital 34 to better ensure that merchant-facing PISPs should perform CDD on the payee only. |
Rationale
The following updated amendment would be needed for Recital 34 in order to avoid unnecessary detriment to PISPs business models in Europe, with zero AML benefit.
- The established practice in Europe is that the account-servicing payment service provider (typically a bank) performs CDD on its customers, the account holders, while merchant-facing payment services providers perform CDD on their customers, which are the merchants. This makes sense since the payer is the customer of the bank and in all instances, the payment comes directly from the payer’s bank account.
- The EFA and ETPPA previously shared their position on the AMLR and reminded that Payment Initiation Service Providers (PISPs) function as “technical service providers,” offering software tools that facilitate the transmission of payment orders from the Payment Service User (PSU) to their respective banks.
- The current AML legislation does not address the PIS case explicitly and leaves room for interpretation with some national competent authorities taking the view that under current legislation payers can become customers of PISPs. Such interpretation would make it very difficult for PISPs to carry out the mandate given to them in PSD2 to compete with cards and other payment solutions. Why would any consumer take the time and effort to scan and submit their passport copies and pay slips when paying from their bank account using PIS, if they never have to think about this when paying with debit or credit cards, or iDeal and similar solutions?
- The EBA Q&A 2021_6048 (published on 17 Mar-2023) brought payer-CDD into scope for occasional transactions, which is why this clarification is of utmost importance, otherwise, PISPs could not compete with card payments, where neither Card Acquirers nor Card Processors (nor their facilitators like ApplePay or GooglePay) have any obligation to CDD the payer, neither for the establishment of a business relationship, nor for occasional transactions.
- Upon further consultation within the industry EFA and ETPPA would suggest a slight amendment to the Recital 34 in regards to the term “several transactions”, which was adopted by the European Parliament text. This term can be seen as somewhat limiting and could be read as “not too many”.
To ensure that payer-CDD is not requested even if a payer is using the same PISP-based payment option on a merchant checkout page frequently, we would like to suggest using just the term “transactions” (in plural) without any restricting adjectives before or after.
Suggested amendments to Recital 34*
* (EFA- ETPPA suggested changes in red)
| Row 44 4CT | ||
| Commission Text | EP Text | Council Text |
| (34) Some business models are based on the obliged entity having a business relationship with a merchant for offering payment initiation services through which the merchant gets paid for the provision of goods or services, and not with the merchant’s customer, who authorises the payment initiation service to initiate a single or one-off transaction to the merchant. In such a business model, the obliged entity’s customer for the purpose of AML/CFT rules is the merchant, and not the merchant’s customer. Therefore, customer due diligence obligations should be applied by the obliged entity vis-a-vis the merchant. | (34) Some business models are based on the obliged entity having a business relationship with a merchant for offering payment initiation services through which the merchant gets paid for the provision of goods or services, and not with the merchant’s customer, who authorises the payment initiation service to initiate a single or one-off transaction or several transactions to the merchant. In such a business model, the obliged entity’s customer for the purpose of AML/CFT rules is the merchant, and not the merchant’s customer. Therefore, customer due diligence obligations should be applied by the obliged entity only vis-a-vis the merchant. If the same obliged entity also provides payment services to the merchant, which brings it into the possession of funds, then the obliged entity’s customer is also the merchant as regards the combined offering of payment initiation services, account information services and payment services. | (34) Some business models are based on the obliged entity having a business relationship with a merchant for offering payment initiation services through which the merchant gets paid for the provision of goods or services, and not with the merchant’s customer, who authorises the payment initiation service to initiate a single or one-off transaction to the merchant. In such a business model, the obliged entity’s customer for the purpose of AML/CFT rules is the merchant, and not the merchant’s customer. Therefore, customer due diligence obligations should be applied by the obliged entity vis-a-vis the merchant. |
| EFA- ETPPA suggested changes | ||
| “Some business models are based on the obliged entity having a business relationship with a merchant for offering payment initiation services through which the merchant gets paid for the provision of goods or services, and not with the merchant’s customer, who authorises the payment initiation service to initiate | ||
Given Recital 34 of the AMLR starts by making reference to business relationships, we believe that it is of utmost importance that it is expanded to also address occasional transactions (Article 15.1) and occasional transactions that constitute a transfer of funds (Article 15.2), in particular as Article 15.2 speaks about financial institutions “initiating or executing”.
Furthermore, it must not depend on the number of transactions, which should therefore not be qualified by any adjectives like “single” or “several”.
Separately, we would like to point again at the subtle difference in the EP vs. Council suggestions regarding the de-scoping of AIS in AMLR Art.2 (6a), where we favour the EP text, because it would avoid the potential addition of another recital to clarify that for an otherwise obliged entity (PISP) also providing AIS, the provision of AIS per se is “out of scope”, so that both activities can be offered by a single legal entity”.