In paragraph 18.4 (customer risk factor) on page 132 of the Guidelines, the EBA describes the following situation as an increased client risk factor: when a customer transfers funds from different payment accounts to the same payee, and that aggregated amounts to a large sum without these funds having a clear rationale. This situation implies that the AISP should conduct transaction monitoring on transactions to accounts that are not linked to the AISP platform, otherwise the AISP can never detect this increased risk factor. In our view this implies a monitoring requirement that results in a disproportional obligation for AISPs, especially considering the lower risks of the payment service involved.
DNB suggests a ‘lighter’ version of transaction monitoring for AISPs; monitoring is only obligated for (aggregated) transaction (amounts) between accounts that are linked to the AISP platform. We emphasize that as a result of this suggestion, transactions to third parties will not be monitored and thus the increased risk factor identified by EBA in 18.4 cannot be detected.
For these reasons, we recommend that paragraph 18.4 on page 132 limit itself to an obligation to PISP’s only.