You can find the PDF version of the position paper here.
The EFA and the ETPPA associations recommend the exclusion of PISPs from the scope of the AMLR.
- PISPs are “technical service providers” providing software tools by which payment orders
are transmitted by the Payment Service User (PSU) to his or her bank.
- PISPs are not carrying out (executing) payments, which is done exclusively by the banks and
are not touching any funds.
- PISPs are essentially just software providers filling in a credit transfer form (rather than
requesting the payer to do it manually online).
- Therefore, they cannot be considered “financial institutions” as they do not hold or handle
funds and do not conduct any “financial activity” – it is the Bank that carries out the
- PISPs cannot provide any additional information to the data already controlled by the credit
institutions they work with. Therefore, including TPPs as “obliged entities” would not be riskproportionate and would duplicate banks’ AML efforts.
- It should be noted that PISPs, as an unnecessary witness, are not adding, but reducing the risk
of AML. They have even less information than AISPs about users’ accounts and transactions.
The EFA and ETTPA welcome the exclusion of AISPs from AMLR and recommend also the exclusion of PISPs. Find below the suggested amendments to Article 2. This would exclude PISPs as well as AISPs.
If the exclusion of PISPs is not accepted:
The EFA and the ETPPA recommend strengthening the text of Recital 34, to make clear that PISPs
serving merchants under no circumstances have to perform CDD on payers. Otherwise, this would
kill the PISP business model altogether.
- The established practice in Europe is that the account-servicing payment service provider
(typically a bank) performs CDD on its customers, the account holders while merchant-facing
payment services providers perform CDD on their customers which are the merchants. This
makes sense since the payer is the customer of the bank and in all instances, the payment
comes directly from the payer’s bank account.
- The current AML legislation does not address the PIS case explicitly and leaves room for
interpretation with some national competent authorities taking the view that under current
legislation payers can become customers of PISPs.
- Such interpretation would make it very difficult for PISPs to carry out the mandate given to
them in PSD2 to compete with cards and other payment solutions. Why would any consumer
take the time and effort to scan and submit their passport copies and pay slips when paying
from their bank account using PIS, if they never have to think about this when paying with
debit or credit cards, or iDeal and similar solutions?
- The EBA Q&A 2021_6048 (published on 17 Mar-2023) brought payer-CDD into scope for
occasional transactions. This clarification is of utmost importance, otherwise, PISPs could not
compete with card payments, where neither Card Acquirers nor Card Processors (nor their
facilitators like ApplePay or GooglePay) have any obligation to CDD the payer, neither for the
establishment of a business relationship nor for occasional transactions.
- EFA and ETPPA call on to ensure in AMLR trialogues that Recital 34 of the AML Regulation
makes it 100% clear that merchant-facing PISPs should perform CDD on the payee only, both
in terms of the establishment of a customer relationship and for occasional transactions,
and no matter whether they touch payee (merchant) funds or not. This is required to put PIS
on a level playing field with cards, online banking payment solutions