You can find the PDF version of the position paper here.
The EFA and the ETPPA associations recommend the exclusion of PISPs from the scope of the AMLR.
Rationale
- PISPs are “technical service providers” providing software tools by which payment orders are transmitted by the Payment Service User (PSU) to his or her bank.
- PISPs are not carrying out (executing) payments, which is done exclusively by the banks and are not touching any funds.
- PISPs are essentially just software providers filling in a credit transfer form (rather than requesting the payer to do it manually online).
- Therefore, they cannot be considered “financial institutions” as they do not hold or handle funds and do not conduct any “financial activity” – it is the Bank that carries out the transaction.
- PISPs cannot provide any additional information to the data already controlled by the credit institutions they work with. Therefore, including TPPs as “obliged entities” would not be riskproportionate and would duplicate banks’ AML efforts.
- It should be noted that PISPs, as an unnecessary witness, are not adding, but reducing the risk of AML. They have even less information than AISPs about users’ accounts and transactions.
- The EFA and ETTPA welcome the exclusion of AISPs from AMLR and recommend also the exclusion of PISPs. Find below the suggested amendments to Article 2. This would exclude PISPs as well as AISPs. If the exclusion of PISPs is not accepted:
The EFA and the ETPPA recommend strengthening the text of Recital 34, to make clear that PISPs serving merchants under no circumstances have to perform CDD on payers. Otherwise, this would kill the PISP business model altogether.
Rationale - The established practice in Europe is that the account-servicing payment service provider (typically a bank) performs CDD on its customers, the account holders while merchant-facing payment services providers perform CDD on their customers which are the merchants. This makes sense since the payer is the customer of the bank and in all instances, the payment comes directly from the payer’s bank account.
- The current AML legislation does not address the PIS case explicitly and leaves room for interpretation with some national competent authorities taking the view that under current legislation payers can become customers of PISPs.
- Such interpretation would make it very difficult for PISPs to carry out the mandate given to them in PSD2 to compete with cards and other payment solutions. Why would any consumer take the time and effort to scan and submit their passport copies and pay slips when paying from their bank account using PIS, if they never have to think about this when paying with
debit or credit cards, or iDeal and similar solutions? - The EBA Q&A 2021_6048 (published on 17 Mar-2023) brought payer-CDD into scope for occasional transactions. This clarification is of utmost importance, otherwise, PISPs could not compete with card payments, where neither Card Acquirers nor Card Processors (nor their facilitators like ApplePay or GooglePay) have any obligation to CDD the payer, neither for the
establishment of a business relationship nor for occasional transactions. - EFA and ETPPA call on to ensure in AMLR trialogues that Recital 34 of the AML Regulation makes it 100% clear that merchant-facing PISPs should perform CDD on the payee only, both in terms of the establishment of a customer relationship and for occasional transactions, and no matter whether they touch payee (merchant) funds or not. This is required to put PIS on a level playing field with cards, online banking payment solutions.