July 2017

EU Funds Transfer Regulation 2015 (FTR 2015) comes into effect on 26 June this year. As part of a global alignment of regulators’ efforts to combat money laundering and terrorist financing, the regulation will affect banks in Europe – and beyond – and will require uniformity in how payments are dealt with

Individual countries and their banks, or payment service providers (PSPs), will be responsible for policing information and the payment flows. Given the differences in local law, they may interpret the regulation differently. This could result in some deviation in implementation and expectations. Deutsche Bank is fully supportive of regulations that combat financial crime. A common understanding among financial institutions and regulators of the scope and requirements of FTR 2015 will be necessary – not only to help address industry concerns around anti-money laundering and counter-terrorist financing, but also to prevent unnecessary payment disruption post 26 June 2017.

flow looks at the key elements of the regulation and the latest guidelines from the European Supervisory Authorities.

An EU regulation within a global initiative

FTR 2015 is Europe’s application of recommendation 16 of the Financial Action Task Force (FATF) – an inter-governmental body whose mandate is to set standards and promote the effective implementation
of legal, regulatory and operational measures for combating money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction. FTR 2015 applies to transfer of funds, in any currency, sent or received by a PSP, or an intermediary PSP, established in the EU or EEA. The regulation has been developed in tandem with the fourth Anti-Money Laundering Directive (AMLD).

AMLD IV predominantly addresses KYC approaches. Its requirements must be transposed by the EU and EEA member states into national laws, regulations and administrative provisions by 26 June 2017. The FTR 2015, on the other hand, is a piece of regulation that is directly applicable as of 26 June 2017 in each EU and EEA member state without further transposition requirements (with the exception of member states being required to lay down rules on sanctions and requiring its competent authorities to monitor compliance with FTR 2015).

FATF’s recommendations are non-binding, so while they are taken under consideration by national legislators, some deviation in implementation does occur when transposing into local law. This is something financial institutions need to understand, as they must comply with the applicable local laws and regulation, even where local rules deviate from the FATF recommendations. For example, pursuant to the FATF recommendation 16 on wire transfers, intermediary PSPs may switch payment transactions into payment schemes that have technical limitations, although certain regulatory required information may be lost or not transmitted as a result. FTR 2015, however, does not allow for such optionality.

An impact on the entire payment chain

The regulation applies to the transfer of funds in any currency that are either sent or received by a PSP established in the EU or the three additional countries of the EEA. Falling into the scope of the regulation, these providers must adhere to three main complexes of the requirements: information transmission requirements; verification and detection requirements; and those for the handling of insufficient information.

PSPs should assess in which capacity they intervene in the payment chain because this will determine what information is required and what they have to do to comply with the regulation. They must comply with regulation in respect to all transfers of funds, unless they benefit from exemptions in which case they should have in place systems and controls to ensure the conditions for these
exemptions are met.

Despite being a regional regulation, all financial institutions – regardless of location – must be aware of its global repercussions. Transfers sent from outside the EEA to or via a PSP established in the EU or EEA will have to be checked by that PSP for transmission of certain information. Therefore, while PSPs established outside the EEA cannot breach FTR 2015 requirements when sending transfers, they should still consider when sending transfers to the EEA to send all information required pursuant to FTR 2015 with that transfer – however, of course only to the extent permissible by their respective local law, in particular, local data protection laws.

Draft regulatory guidelines

Ahead of FTR becoming effective, the European Supervisory Authorities (ESAs) issued draft guidelines to clarify the regulatory requirements for PSPs and the competent authorities responsible for supervising them for compliance with their obligations under the regulation. They set out the factors PSPs should consider when establishing and implementing procedures to detect and manage transfers of funds that lack required information on the payer and/or payee to ensure that these procedures are effective; and specify what PSPs should do to manage the risk of money laundering or terrorist financing where the required information
on the payer and/or the payee is missing or incomplete.

The draft guidelines are intended to promote the development of a common understanding to ensure a consistent application of EU law. Accordingly, the guidelines are intentionally not aiming to achieve maximum harmonisation of PSPs’ approaches to complying with FTR 2015. Instead they are prescriptive in relation to certain requirements only.

To this end, the draft guidelines have detailed, on a principles basis, the requirement to implement effective risk-based procedures to detect missing or incomplete information in a transfer of funds, as well as the actions that must be taken in case the regulatory required information is missing or incomplete.

In cases where another PSP repeatedly fails to provide the regulatory required information in a payment transaction the intermediary/beneficiary PSP is required to take successive steps (starting with the issuance of warnings, including the setting of deadlines) and it must report to the local competent authority.

Rather than clearly defining when another PSP must be considered as “repeatedly failing” to provide the regulatory required information, the guidelines suggest examples of potential quantitative and qualitative criteria as well as providing additional guidance on what content the report to the local competent authorities should contain.

Next steps

With the issuance of the draft guidelines, the ESAs have launched a public consultation phase. Deutsche Bank participated in the consultation that closed on 5 June 2017. Final guidelines will only be available thereafter close to the 26 June 2017 deadline.

While the approach taken by the ESAs provides PSPs some flexibility to accommodate for different risk scenarios, it also bears the risk of a fragmented regulatory landscape and disruptions in payment flows. An approach aiming for more or maximum harmonisation would reduce or eliminate this risk. In any case, further clarity, for example, on the processing of SEPA Direct Debits, or whether a Name-Number-Check will be required in certain scenarios would be desirable.

What should clients do next?

As a supporter of regulations that combat money laundering and terrorist financing, Deutsche Bank is analysing how to apply broad policy and system developments so that it can meet the requirements of the regulation. Clients should check in with their banks as to how they are addressing or interpreting FTR and what potential impacts they may see to their payment flows.

You might be interested in