Response to consultation on RTS on CCP to strengthen fight against financial crime
Go back
1. EUR 3 million distributed or redeemed in electronic money is not a large amount in today’s market and could certainly be considered small in the payment service provider market – we believe that a threshold of at least EUR 30 million may be more appropriate;
2. The gross margin on e-money distribution is relatively low which is why the costs of appointment of a CCP might exceed the gross profit quickly, which would make the CPP requirement a significant barrier to entry and an unreasonable obstacle to operating establishments other than a branch;
3. The issuer may only have a small number of employees.
We would also like to note that an e-money issuer can use as its agents and/or distributors in the host Member State territory entities that are subsidiary companies rather than unconnected third parties through formal arrangements. Furthermore, we believe that the number of establishments threshold is likely to be very problematic. The ‘distributor’ and/or ‘agent’ are interpreted broadly by some Member States, meaning that the number of ‘establishments’ engaged by the e-money issuer in any Member State is likely to be high. Also, e-money issuers’ business models often include multiple distribution points which may, in addition, whilst belonging to the same network, be incorporated as separate entities and thus be considered separate ‘establishments’. Whilst the amount of electronic money distributed through each such establishment may be low – and thus pose a very low level of ML/TF risk – the numerical threshold of 10 establishments and, in fact, any numerical threshold, is likely to mean that this criteria for CPP is satisfied by default. We believe this would be a disproportionate result. We therefore believe that it would be appropriate and proportionate to have only the criteria relating to an amount of e-money distributed/redeemed. Alternatively, both the amount criteria and the number of ‘establishments’ criteria should be cumulative, i.e. both limbs of the criteria should be satisfied in order for the requirement for the CPP to apply.
We would also like to see further criteria be added, namely that where a company distributes or redeems electronic money and/or provides payment services through a closely connected company, a CCP does not need to be appointed. For example, where an electronic money issuer that is regulated by the UK FCA passports into another Member State and distributes through a company in the same group of companies, we believe a CCP should not be a requirement. The ‘group’ function (whether that is for example compliance or legal) should be able to perform the function of a CCP. The host state regulator would still need to be notified of who the contact point is for information/communications. With electronic methods of communications, information can be sent to someone overseas as quickly as it can be sent to individuals in the same jurisdiction.
We are also concerned that the criteria could potentially be misinterpreted by a Member State if they decide that the business is “higher risk”. We believe there is also a significant risk that Member States will not sufficiently differentiate in their risk assessments between different categories of electronic issuers depending on the ML/TF risk associated with the issuers’ establishments, but will rather apply a blanket approach on all electronic money issuers.
We also believe that allowing a competent authority to insist on appointing a CCP even if the thresholds and other criteria are not met is not consistent and against the reasoning of level one legislation (AMLD4). Removing the objective criteria, whereby e-money issuer can assess in advance if it will have to appoint a CPP, would not allow the issuers to plan and budget for the extra resources and costs associated with such appointments. It would also remove any legal certainty. If the host Member State’s competent authority considers that operation of the particular e-money issuer’s establishments presents a high ML/TF risk (but where other objective criteria is not met), we do not believe this makes it any more difficult for the host competent authority to supervise compliance with the host Member State’s ML/TF legislation. It has to be noted that e-money issuers, as regulated entities, already have arrangements in place to supervise and ensure compliance of their ‘establishments’ with the host Member State ML/TF requirements, where applicable. If the host Member State has any concerns, it can exercise its supervision by contacting the electronic money issuer directly or by contacting the home Member State supervisory authorities.
There is no reference in the draft RTS to the use of company staff or using an in-country source to perform the functions. We also support the CPP not having to be resident in the Host Member State – a position we believe should be maintained in order to facilitate cross border activities in the Single Market.
Adding additional functions to the CPP’s role depending on the host Member State’s assessment of the ML/TF risks posed by the e-money issuer will make it impossible to anticipate the requirements and/or scope out the role of the CPP nor to plan or budget for it. This creates legal uncertainty and a potentially disproportionate hindrance to operating by way other than a branch. For example, if additional role requirements are added by the host Member State at some later stage than at the engagement of the CPP, this could require changing the employment contracts and/or engaging additional employees to perform such additional roles.
In terms of the roles set out in Article 6, we want to reiterate that the e-money issuers, as obliged entities who already have to oversee their distributors and agents, would perform and control such functions centrally. If CPPs were required to do that, they would have to rely heavily on the existing systems and controls of the electronic money issuer, which brings up the question on the need for the duplication of effort if the same role has to be undertaken by the e-money issuer and the CPP in each Member State which requires these additional functions. We therefore do not see any particular need to assign these functions to a CPP. We object to making it a role of a CPP to scrutinise transactions and to identify suspicious transactions. Depending on the size and complexity of their businesses and the ML and TF risk, e-money issuers would have invested heavily in transaction monitoring and systems and controls, including resources. If CPPs were required to do undertake their own transaction monitoring, this would only increase the costs of engaging the CPP to duplicate the function already undertaken by the e-money issuer.
We are concerned that to appoint someone with the level of skills and knowledge to perform the CPP role, which may not be seen as a full-time position, will incur potentially significant costs (salary, pensions etc.). Therefore, to justify the costs of the additional employee, the role could include other functions not related to compliance and thus could lead to potential Conflicts of Interest.
To conclude our response, we would suggest that if the objective of the RTS is consistency and proportionality, then having ‘catch-all’ criteria seems to be inherently contradictory. Whilst understanding the need for national regulators to be able to intervene when there is a risk of ML/TF activity, we believe an objective measure needs to be put in place so as not to create the inconsistency and even more of legal uncertainty than what we have today. A partial solution may be to place an obligation on the host Member State regulator to contact the Home Member State regulator and only be able to insist on a CPP if, in the opinion of the home Member State regulator, there is a need for additional local controls.
General Comments:
Lack of consistent interpretation of ‘establishments other than a branch’
Article 45(9) of the Fourth Anti-Money Laundering Directive (EU) 2015/849 (“AMLD4”) allows Member States to require the appointment of a central contact point (“CPP”) in their territory by electronic money issuers and payment service providers ‘established in their territory in forms other than a branch’. The Consultation Paper on the ESA Regulatory Technical Standards (“RTS”) set out that such establishments can include agents or payment service providers and persons distributing electronic money on the electronic money issuer’s behalf. To date, there is no harmonised view or guidance applicable across the EU on when engaging agents or distributors in another Member State amounts to an establishment. Different Member States have adopted varying interpretations on what activities amount to being considered a payment service provider’s agent or an electronic money distributor as well as whether an agent or a distributor engaged by a passporting-in payment institution or e-money institution amounts to an establishment. The mere engagement of an agent or a distributor in a host Member State does not necessarily amount to an establishment, such as where a payment institution or an electronic money institution is operating in the host Member State on the freedom of provision of services passport. We recognise that Article 45(10) of Directive (EU) 2015/849 does not authorise the ESAs to determine when agents or persons distributing electronic money on an electronic money issuer’s behalf are establishments. However, we find the lack of clarity on this point disappointing. Given that Article 45(9) and RTS requirements hinge on ‘establishment other than a branch’, we fear any efforts to comply with the local Member State implementation of the requirements will involve unnecessary legal costs to confirm the applicability of such requirements and likely variations on the applicability because of the differences in interpretation on this fundamental legal point. We believe this significantly undermines policy objectives of creating a coherent approach and greater legal certainty. We also feel that there is a danger in Member States overlooking the issue of whether an agent or a distributor amounts to an establishment and applying the requirements as a blanket approach whenever there is an agent or a distributor in their territory. We therefore believe that the RTS should:
1. explicitly acknowledge (for example, in the Recitals) that a payment institution’s or e-money institution’s physical presence in the form of an agent or distributor in the Member State territory does not always give rise to establishment in that Member State; and
2. explicitly set out as a first criteria the Member States must consider being whether the payment service provider or e-money issuer operates an establishment other than a branch.
Question 1: Do you agree with the criteria for a requirement to appoint a Central Contact Point (CCP)? In particular, • do you agree that it is proportionate to require the appointment of a CCP where - the number of establishments is equal to, or exceeds, ten; or - the amount of electronic money distributed and redeemed, or the value of the payment transactions executed by such establishments is expected to exceed EUR 3 million per financial year or has exceeded EUR 3 million in the previous financial year? If you do not agree, clearly set out your rationale and provide supporting evidence where available. Please also set out at what level these thresholds should be set instead, and why. • do you agree that Member States should be able to - require all institutions, or certain categories of institutions, to appoint a CCP where this is commensurate with the ML/TF risk associated with the operation of these institutions’ establishments on the Member State’s territory; and - empower competent authorities to require an institution to appoint a CCP where they have reasonable grounds to believe that the establishments of that institution present a high money laundering and terrorist financing risk, even if the criteria in Article 3 (1) and (2) of these draft RTS are not met. If you do not agree, clearly set out your rationale and provide supporting evidence where available.
We do not agree that the appointment of a CCP for electronic money issuers who may exceed the EUR 3 million criteria is proportionate because:1. EUR 3 million distributed or redeemed in electronic money is not a large amount in today’s market and could certainly be considered small in the payment service provider market – we believe that a threshold of at least EUR 30 million may be more appropriate;
2. The gross margin on e-money distribution is relatively low which is why the costs of appointment of a CCP might exceed the gross profit quickly, which would make the CPP requirement a significant barrier to entry and an unreasonable obstacle to operating establishments other than a branch;
3. The issuer may only have a small number of employees.
We would also like to note that an e-money issuer can use as its agents and/or distributors in the host Member State territory entities that are subsidiary companies rather than unconnected third parties through formal arrangements. Furthermore, we believe that the number of establishments threshold is likely to be very problematic. The ‘distributor’ and/or ‘agent’ are interpreted broadly by some Member States, meaning that the number of ‘establishments’ engaged by the e-money issuer in any Member State is likely to be high. Also, e-money issuers’ business models often include multiple distribution points which may, in addition, whilst belonging to the same network, be incorporated as separate entities and thus be considered separate ‘establishments’. Whilst the amount of electronic money distributed through each such establishment may be low – and thus pose a very low level of ML/TF risk – the numerical threshold of 10 establishments and, in fact, any numerical threshold, is likely to mean that this criteria for CPP is satisfied by default. We believe this would be a disproportionate result. We therefore believe that it would be appropriate and proportionate to have only the criteria relating to an amount of e-money distributed/redeemed. Alternatively, both the amount criteria and the number of ‘establishments’ criteria should be cumulative, i.e. both limbs of the criteria should be satisfied in order for the requirement for the CPP to apply.
We would also like to see further criteria be added, namely that where a company distributes or redeems electronic money and/or provides payment services through a closely connected company, a CCP does not need to be appointed. For example, where an electronic money issuer that is regulated by the UK FCA passports into another Member State and distributes through a company in the same group of companies, we believe a CCP should not be a requirement. The ‘group’ function (whether that is for example compliance or legal) should be able to perform the function of a CCP. The host state regulator would still need to be notified of who the contact point is for information/communications. With electronic methods of communications, information can be sent to someone overseas as quickly as it can be sent to individuals in the same jurisdiction.
We are also concerned that the criteria could potentially be misinterpreted by a Member State if they decide that the business is “higher risk”. We believe there is also a significant risk that Member States will not sufficiently differentiate in their risk assessments between different categories of electronic issuers depending on the ML/TF risk associated with the issuers’ establishments, but will rather apply a blanket approach on all electronic money issuers.
We also believe that allowing a competent authority to insist on appointing a CCP even if the thresholds and other criteria are not met is not consistent and against the reasoning of level one legislation (AMLD4). Removing the objective criteria, whereby e-money issuer can assess in advance if it will have to appoint a CPP, would not allow the issuers to plan and budget for the extra resources and costs associated with such appointments. It would also remove any legal certainty. If the host Member State’s competent authority considers that operation of the particular e-money issuer’s establishments presents a high ML/TF risk (but where other objective criteria is not met), we do not believe this makes it any more difficult for the host competent authority to supervise compliance with the host Member State’s ML/TF legislation. It has to be noted that e-money issuers, as regulated entities, already have arrangements in place to supervise and ensure compliance of their ‘establishments’ with the host Member State ML/TF requirements, where applicable. If the host Member State has any concerns, it can exercise its supervision by contacting the electronic money issuer directly or by contacting the home Member State supervisory authorities.
Question 2: Do you agree that the functions a CCP must always have are necessary to ensure that • the CCP can ensure, on the appointing institutions’ behalf, establishments’ compliance with the host Member State’s AML/CFT requirements? • Facilitate supervision by the host Member State’s competent authorities? If you do not agree, please explain which functions you think the CCP should have, and why.
We believe that a CPP, whether based in one country or covering a number of firms cross border, would have the functions indicated and have the responsibility to ensure compliance with the host Member State’s ML/TF rules. Therefore, we do not see the need to legislate for this and disagree with the inclusion of functions in the RTS that go beyond the ones set out in the AMLD4. The development and implementation of a group-wide compliance regime of an EEA-wide operating business normally takes place on group-wide level, which is why the obliged entity should be responsible for e.g. taking corrective action and not the CCP.There is no reference in the draft RTS to the use of company staff or using an in-country source to perform the functions. We also support the CPP not having to be resident in the Host Member State – a position we believe should be maintained in order to facilitate cross border activities in the Single Market.
Question 3: Do you agree that CCPs should be required to fulfil one or more of the additional functions in Article 6 of these draft RTS where this is commensurate to the ML/TF risk associated with the operation of establishments other than a branch on the host Member State’s territory? If you do not agree, clearly set out your rationale and provide supporting evidence where available. Please also set out whether you think that these additional functions should be core functions instead, and if so, why.
The RTS Article 6 ML/TF risk assessment refers to the ‘risk associated with the operation of those payment service providers and electronic money issuers’ rather than the risk of ‘operation of establishments’. We do not believe it is appropriate nor consistent with the level one (AMLD4) text to refer to risks linked to the operation of e-money issuers in general.Adding additional functions to the CPP’s role depending on the host Member State’s assessment of the ML/TF risks posed by the e-money issuer will make it impossible to anticipate the requirements and/or scope out the role of the CPP nor to plan or budget for it. This creates legal uncertainty and a potentially disproportionate hindrance to operating by way other than a branch. For example, if additional role requirements are added by the host Member State at some later stage than at the engagement of the CPP, this could require changing the employment contracts and/or engaging additional employees to perform such additional roles.
In terms of the roles set out in Article 6, we want to reiterate that the e-money issuers, as obliged entities who already have to oversee their distributors and agents, would perform and control such functions centrally. If CPPs were required to do that, they would have to rely heavily on the existing systems and controls of the electronic money issuer, which brings up the question on the need for the duplication of effort if the same role has to be undertaken by the e-money issuer and the CPP in each Member State which requires these additional functions. We therefore do not see any particular need to assign these functions to a CPP. We object to making it a role of a CPP to scrutinise transactions and to identify suspicious transactions. Depending on the size and complexity of their businesses and the ML and TF risk, e-money issuers would have invested heavily in transaction monitoring and systems and controls, including resources. If CPPs were required to do undertake their own transaction monitoring, this would only increase the costs of engaging the CPP to duplicate the function already undertaken by the e-money issuer.
We are concerned that to appoint someone with the level of skills and knowledge to perform the CPP role, which may not be seen as a full-time position, will incur potentially significant costs (salary, pensions etc.). Therefore, to justify the costs of the additional employee, the role could include other functions not related to compliance and thus could lead to potential Conflicts of Interest.
Question 4: What level of resource (financial and other) would be required to comply with these RTS? Please differentiate between one-off (set-up) costs and ongoing (running) costs. When providing your answer, please consider that the ESAs’ mandate in Article 45(10) of Directive (EU) 2015/849 does not extend to determining the form a CCP should take.
We believe that appointing a CPP will incur significant set-up and ongoing costs (e.g. salary, pensions, office space) and for some firms this could mean the difference between making a small profit to making no profit at all. These costs could also vary between Member States which could make the cost of doing business in one Member State compared to another much harder to justify.To conclude our response, we would suggest that if the objective of the RTS is consistency and proportionality, then having ‘catch-all’ criteria seems to be inherently contradictory. Whilst understanding the need for national regulators to be able to intervene when there is a risk of ML/TF activity, we believe an objective measure needs to be put in place so as not to create the inconsistency and even more of legal uncertainty than what we have today. A partial solution may be to place an obligation on the host Member State regulator to contact the Home Member State regulator and only be able to insist on a CPP if, in the opinion of the home Member State regulator, there is a need for additional local controls.
General Comments:
Lack of consistent interpretation of ‘establishments other than a branch’
Article 45(9) of the Fourth Anti-Money Laundering Directive (EU) 2015/849 (“AMLD4”) allows Member States to require the appointment of a central contact point (“CPP”) in their territory by electronic money issuers and payment service providers ‘established in their territory in forms other than a branch’. The Consultation Paper on the ESA Regulatory Technical Standards (“RTS”) set out that such establishments can include agents or payment service providers and persons distributing electronic money on the electronic money issuer’s behalf. To date, there is no harmonised view or guidance applicable across the EU on when engaging agents or distributors in another Member State amounts to an establishment. Different Member States have adopted varying interpretations on what activities amount to being considered a payment service provider’s agent or an electronic money distributor as well as whether an agent or a distributor engaged by a passporting-in payment institution or e-money institution amounts to an establishment. The mere engagement of an agent or a distributor in a host Member State does not necessarily amount to an establishment, such as where a payment institution or an electronic money institution is operating in the host Member State on the freedom of provision of services passport. We recognise that Article 45(10) of Directive (EU) 2015/849 does not authorise the ESAs to determine when agents or persons distributing electronic money on an electronic money issuer’s behalf are establishments. However, we find the lack of clarity on this point disappointing. Given that Article 45(9) and RTS requirements hinge on ‘establishment other than a branch’, we fear any efforts to comply with the local Member State implementation of the requirements will involve unnecessary legal costs to confirm the applicability of such requirements and likely variations on the applicability because of the differences in interpretation on this fundamental legal point. We believe this significantly undermines policy objectives of creating a coherent approach and greater legal certainty. We also feel that there is a danger in Member States overlooking the issue of whether an agent or a distributor amounts to an establishment and applying the requirements as a blanket approach whenever there is an agent or a distributor in their territory. We therefore believe that the RTS should:
1. explicitly acknowledge (for example, in the Recitals) that a payment institution’s or e-money institution’s physical presence in the form of an agent or distributor in the Member State territory does not always give rise to establishment in that Member State; and
2. explicitly set out as a first criteria the Member States must consider being whether the payment service provider or e-money issuer operates an establishment other than a branch.