EU Funds Transfer Regulation 2015: more than meets the eye
Not only updating but also extending the requirements of its predecessor, the EU Funds Transfer Regulation 2015 (FTR 2015) brings significant changes and challenges for payment service providers, regardless of their location, says Stefan Fruschki, Head of Regulatory Management, Institutional Cash Management at Deutsche Bank…
It’s no coincidence that the effective date of FTR 2015, 26 June 2017, was also the implementation deadline for the EU’s fourth Anti Money Laundering Directive (AMLD IV). While the two initiatives are not interdependent, they are part of a wider effort by the EU to crack down on global illicit financial flows.
FTR 2015 aims to ensure traceability of payment transactions and looks to give effect to updated international anti money laundering (AML) and counter terrorist financing (CTF) standards set by the Financial Action Task Force (FATF), namely Recommendation 16 on wire transfers. The new regulation applies to a transfer of funds, in any currency, sent or received by a payment service provider (PSP), or an intermediary PSP, established in the European Economic Area (EEA).
Despite being a regional regulation, all PSPs must be aware of its global repercussions. FTR 2015 not only applies to transfers sent within the EEA, but also those sent into the EEA from elsewhere. Only one PSP in the transaction chain needs to be EEA-based in order for FTR 2015 to apply, therefore. PSPs also need to be aware of the challenges to implementation – of which there are a number.
While FTR 2015 does not change the principles of FTR 2006 as such, it updates and extends the requirements of its predecessor. For instance, under the new regulation, there are additional requirements on intermediary PSPs to implement effective procedures to detect whether regulatory required information is transmitted with a transfer of funds. The payer’s PSP, meanwhile, is required under FTR 2015 to transmit additional information on the payee. In principle (notwithstanding some exceptions in certain scenarios), the following information must be transmitted: payer’s name, account number and address; and the payee’s name and account number.
Moreover, FTR 2015 specifies that both the intermediary PSPs and the payee’s PSP must implement procedures to detect whether this information has been transmitted in a specific way. In particular, they must detect whether the regulatory required information is provided in the designated data fields of the payment message scheme used. If this information is not provided by the sending PSP in those designated data fields, it will be deemed as insufficient for the purposes of FTR 2015.
Elsewhere, the new regulation imposes higher qualitative standards on all PSPs in the transaction chain to implement effective procedures to detect missing/insufficient information. There is also an obligation for PSPs to decide – using effective risk-based procedures – whether to execute, suspend or reject a transfer of funds if information is missing. Where the transfer is not rejected, the PSP is responsible for requesting any missing information from the counterparty.
In instances where other PSPs repeatedly fail to provide complete information, the receiving PSP must also: inform competent authorities of this breach; issue warnings, including setting deadlines; and, in severe cases, reject all future payment transactions from that PSP, potentially even terminating the entire business relationship. In addition, missing or incomplete information must be considered as a factor for Suspicious Activities Reporting.
In themselves, these additional requirements require significant work from PSPs, but in many ways, they are not the largest implementation hurdle. Arguably, a lack of regulatory clarity is.
The regulation itself does not clearly outline what PSPs must do to comply with FTR 2015. Although the European Supervisory Authorities (ESAs) issued draft guidelines in April 2017, these are limited in their scope, not least around the detection requirements of FTR 2015 and handling of transfers with missing information.
For instance, the guidelines do not define what constitutes a ‘repeated failure’ by the payer’s PSP when sending regulatory required information to the payee’s PSP. The guidance simply states that PSPs may decide to treat other PSPs as repeatedly failing for different reasons, which may include a combination of quantitative and qualitative criteria.
Given the potentially significant consequences attached to repeated failures, not only for PSPs but also for senior managers, it is vital that a consistent understanding of a ‘repeated failure’ is reached between PSPs and the respective competent authorities – sooner rather than later.
Other grey areas in the regulation and draft guidelines include the requirement for a name-number check pursuant to FTR 2015, and a very broad definition of linked transactions which extends out to a rather impractical timeframe of six months for monitoring transactions.
Beyond the implementation hurdles caused by this lack of regulatory clarity, the concern is that since the ESA’s draft guidelines fail to achieve maximum harmonisation of PSPs’ approaches to complying with FTR 2015, this could result in a fragmented regulatory landscape and cause unnecessary disruption to global payment flows.
While the aim of FTR 2015 is not in doubt, further detailed guidance is required to ensure a common interpretation of the regulation, both by national authorities and market participants. Only once this is achieved will FTR 2015’s potential to help combat money laundering and terrorist financing be realised. With this in mind, the industry must continue to collaborate.