2021_6048 PISP obligations to conduct CDD | European Banking Authority

Question ID:

2021_6048

Legal Act:

Directive (EU) 2015/849 (AMLD)

Topic:

Customer Due Diligence

Article:

COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations:

EBA/GL/2021/02 - Guidelines on customer due diligence and the factors institutions should consider when assessing the ML /TF risk associated with individual business relationships and occasional transactions under Articles 17 and 18(4) of AMLD

Article/Paragraph:

Disclose name of institution / entity:

Yes

Name of institution / submitter:

Financial and Capital Market Commission

Country of incorporation / residence:

Latvia

Type of submitter:

Competent authority

Subject Matter:

PISP obligations to conduct CDD

Question:

In the case where the Payment Initiation Service Provider (PISP) has a business relationship as defined under Article 3(13) of Directive (EU) 2015/849 (AMLD) with the payee, and not with the payer, would it still be considered an occasional transaction for the payer, as the service is provided as a single transaction for the initiation of a payment order from the account that belongs to the payer?

Background on the question:

Member State A’s Competent Authority refers to the revised EBA Guidelines on risk factors and, in particular, on the PISP. We've had discussions with our banks regarding the obligations of PISPs and the definition of a PISP customer.

Namely, the amended definition on who the PISP customer is in the specific case where the PISP has a business relationship in the meaning of Article 3(13) of AMLD with the payee for offering payment initiation services, and not with the payer, and the payer uses the respective PISP to initiate a single or one-off transaction to the respective payee, the PISPs’ customer for the purpose of these JC/GL/2017/37 - Guidelines on risk factors and simplified and enhanced customer due diligence is the payee, and not the payer."

Additionally, Article 5 (Subject matter, scope and definitions) states that these guidelines set out factors firms should consider when assessing the money laundering and terrorist financing (ML/TF) risk associated with their business, and with a business relationship or an occasional transaction with any natural or legal person (‘the customer’).

Nevertheless, our understanding is that in the case where the PISP has a business relationship with the payee, and not with the payer, it would still be considered an occasional transaction for the payer, as the service is provided as a single transaction for the initiation of a payment order from the account that belongs to the payer; this is also justified by the second sentence of the supplemented definition, and namely - This is without prejudice to Article 11 of AMLD4 and Title I of these guidelines especially with regards to occasional transactions, and the PISP’s obligations under Directive 2015/2366/EU (PSD2) and other applicable EU legislation

As the definition "customer" covers both business relationship or an occasional transaction, by the amended definition of who the PISP's customer is (in those cases where the PISP has a business relationship with the payee, and not with the payer), several of our banks had concluded that "Bank is not providing service to payer in accordance to EBA and NO occasional transaction is performed".

Additionally, the European Third Party Provider Association (ETPPA), when submitting its proposal during consultation stage, had substantiated that “PISPs cannot be obliged to perform Customer due diligence (CDD)on both, their customers (the payees) as well as the account-owners (the payers), at the same time. For that reason, we believe that PISPs should only be obliged to perform CDD on their customers, which is the online-merchant (payee).

This approach has been proven to be effective and efficient in practice and it is in line with the wording and purpose of the AMLD (and PSD2). Contrarily, imposing on PISPs conducting CDD on account-owners would be impractical and pointless as well as against the AML rules.” In the opinion of our banks, the amended definition in the Guidelines shows that EBA has taken this argument into account.

Date of submission:

22/06/2021

Published as Final Q&A:

17/03/2023

Final Answer:

A payment initiation service provider (PISP) is a payment service provider that provides payment initiation services as defined in Article 4 (15) of Directive (EU) 2015/2366 (PSD2), namely services to initiate a payment order at the request of a payment service user with respect to a payment account held at another payment service provider.

In the case described by the submitter, the PISP has a business relationship in the meaning of Article 3(13) of Directive (EU) 2015/849 (the AMLD) with the payee only, and not with the payer, and the payer uses the respective PISP to initiate a single or one-off transaction to the respective payee. The guidelines also specify that this is without prejudice to Article 11 of the AMLD and Title I of the guidelines especially with regards to occasional transactions.

This means that the PISP should apply customer due diligence (CDD) measures to the payee but not to the payer unless the transaction meets one of the criteria mentioned in Article 11 of the AMLD, such as:

- The transaction exceeds one of the thresholds mentioned in Article 11(b) of the AMLD;

- There is a suspicion of money laundering or terrorist financing, regardless of any derogation, exemption or threshold (article 11(e) of the AMLD);

- There are doubts about the veracity or adequacy of previously obtained customer identification data (article 11(f) of the AMLD).

If one of these criteria is met, the PISP should also apply CDD measures to the payer, in accordance with Article 11 of the AMLD.

Consequently, PISPs should be able to identify any cases where any of these criteria apply.

Status:

Final Q&A

Answer prepared by:

Answer prepared by the EBA.