P7_TC1-COD(2013)0024

Position of the European Parliament adopted at first reading on 11 March 2014 with a view to the adoption of Regulation (EU) No …/2014 of the European Parliament and of the Council on information accompanying transfers of funds

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Central Bank (1),

Having regard to the opinion of the European Economic and Social Committee (2),

Acting in accordance with the ordinary legislative procedure (3),

Whereas:

(1)

Flows of dirty illicit money through transfers of funds can damage the structure, stability and reputation of the financial sector and threaten the internal market as well as international development, and directly or indirectly undermine the confidence of citizens in the rule of law . The funding of terrorism and organised crime remains a significant problem which should be addressed at Union level . Terrorism shakes and organised crime damage the democratic institutions and shake the very foundations of our society. Crucial facilitators of illicit money flows are secretive corporate structures operating in and through secrecy jurisdiction, often also referred to as tax havens. The soundness, integrity and stability of the system of transfers of funds and confidence in the financial system as a whole could be is being seriously jeopardised by the efforts of criminals and their associates either to disguise the origin of criminal proceeds or to transfer funds for criminal activities or terrorist purposes. [Am. 1]

(2)

In order to facilitate their criminal activities, money launderers and terrorist financers could try to take are taking advantage of the freedom of capital movements entailed by the integrated financial area, unless certain coordinating measures are adopted at Union and international level. International cooperation within the framework of the Financial Action Task Force (FATF) and the global implementation of its recommendations aim to prevent regulatory arbitrage and the distortion of competition. By its scale, Union action should ensure that FATF Recommendation 16 on wire transfers of the Financial Action Task Force (FATF), adopted in February 2012 is transposed uniformly throughout the Union, and, in particular, that there is no discrimination or discrepancy between national payments within a Member State and cross-border payments between Member States. Uncoordinated action by Member States alone in the field of cross border transfers of funds could have a significant impact on the smooth functioning of payment systems at Union level and therefore damage the internal market in the field of financial services. [Am. 2]

(2a)

The implementation and enforcement of this Regulation, including FATF Recommendation 16, should not result in unjustified or disproportionate costs for payment service providers or citizens who use their services, and the free movement of legal capital should be fully guaranteed throughout the Union. [Am. 3]

(3)

It has been pointed out in the Union’s revised Strategy on Terrorist Financing of 17 July 2008 that efforts have to be maintained to prevent terrorist financing and the use by suspected terrorists of their own financial resources. It is recognised that FATF is constantly seeking to improve its Recommendations and working towards a common understanding of how these should be implemented. It is noted in the Union's revised Strategy that implementation of those Recommendations by all FATF members and members of FATF-style regional bodies is assessed on a regular basis and that from this point of view a common approach to implementation by Member States is important.

(4)

In order to prevent terrorist funding, measures aimed at the freezing of funds and economic resources of certain persons, groups and entities have been taken, including Regulation (EC) No 2580/2001 (4), and Council Regulation (EC) No 881/2002 (5). To that same end, measures aimed at protecting the financial system against the channelling of funds and economic resources for terrorist purposes have been taken. Directive …/…/EU of the European Parliament and of the Council (6)  (*1) contains a number of such measures. Those measures do not, however, fully prevent terrorists and other criminals from having access to payment systems for moving their funds.

(5)

In order to foster a coherent approach in the international context in the field of combating and increase the efficiency of the fight against money laundering and terrorist financing, further Union action should take account of developments at that level, namely the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation adopted in 2012 by FATF, and in particular Recommendation 16 and the revised interpretative note for its implementation. [Am. 4]

(5a)

Particular attention should be paid to the Union obligations set out in Article 208 TFEU in order to stem the increasing trend of money-laundering activities being moved from developed countries with stringent anti-money-laundering rules to developing countries where rules may be less stringent. [Am. 5]

(6)

The full traceability of transfers of funds can be a particularly important and valuable tool in the prevention, investigation and detection of money laundering or terrorist financing. It is therefore appropriate, in order to ensure the transmission of information throughout the payment chain, to provide for a system imposing the obligation on payment service providers to have transfers of funds accompanied by information on the payer and the payee which should be accurate and up to date . In that regard, it is essential for financial institutions to report adequate, accurate and up-to-date information with respect to transfers of funds carried out for their clients to enable the competent authorities to prevent money laundering and terrorist financing more effectively . [Am. 6]

(7)

The provisions of this Regulation apply without prejudice to national legislation transposing Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data  (7). For example, personal data collected for the purpose of complying with this Regulation should not be further processed in a way inconsistent with Directive 95/46/EC. In particular, further processing for commercial purposes should be strictly prohibited. The fight against money laundering and terrorist financing is recognised as an important public interest ground by all Member States. Hence, in the application of this Regulation, the transfer of personal data to a third country which does not ensure an adequate level of protection in the meaning of Article 25 of Directive 95/46/EC should be permitted in accordance with Article 26(d) of that Directive. It is important that payment service providers operating in multiple jurisdictions with branches or subsidiaries located outside the Union are not unreasonably prevented from sharing information about suspicious transactions within the same organisation. This is without prejudice to international agreements between the Union and third countries which aim to combat money laundering including appropriate safeguards for citizens ensuring an equivalent or adequate level of protection. [Am. 7]

(8)

Persons who merely convert paper documents into electronic data and are acting under a contract with a payment service provider do not fall within the scope of this Regulation; the same applies to any natural or legal person who provides payment service providers solely with messaging or other support systems for transmitting funds or with clearing and settlement systems.

(9)

It is appropriate to exclude from the scope of this Regulation transfers of funds that represent a low risk of money laundering or terrorist financing. Such exclusions should cover credit or debit cards, mobile telephones or other digital or information technology (IT) devices, automated teller machine withdrawals, payments of taxes, fines or other levies, and transfers of funds where both the payer and the payee are payment service providers acting on their own behalf. In addition, in order to reflect the special characteristics of national payment systems, Member States may exempt electronic giro payments, provided that it is always possible to trace the transfer of funds back to the payer , as well as transfers of funds carried out through cheque image exchanges or bills of exchange . However, there must be no exemption when a debit or credit card, a mobile telephone or other digital or IT prepaid or postpaid device is used in order to effect a person-to-person transfer. Taking into account the dynamically evolving technological progress, consideration should be given to extend the scope of the Regulation to e-money and other new payment methods. [Am. 8]

(10)

Payment service providers should ensure that the information on the payer and the payee is not missing or incomplete. In order not to impair the efficiency of payment systems, the verification requirements for transfers of funds made from an account should be separate from those for transfers of funds not made from an account. In order to balance the risk of driving transactions underground by imposing overly strict identification requirements against the potential terrorist threat posed by small transfers of funds, the obligation to check whether the information on the payer is accurate should, in the case of transfers of funds not made from an account, be imposed only in respect of restricted to the name of the payer for individual transfers of funds that exceed of up to EUR 1 000. For transfers of funds made from an account, payment service providers should not be required to verify information on the payer accompanying each transfer of funds where the obligations under Directive …/…/EU (*2) have been met. [Am. 9]

(11)

Against the background of the Union payment legislative acts — Regulation (EC) No 924/2009 of the European Parliament and of the Council (8), Regulation (EU) No 260/2012 of the European Parliament and of the Council (9) and Directive 2007/64/EC of the European Parliament and of the Council (10) — it is sufficient to provide for simplified information on the payer to accompany transfers of funds within the Union.

(12)

In order to allow the authorities responsible for combating money laundering or terrorist financing in third countries to trace the source of funds used for those purposes, transfers of funds from the Union to outside the Union should carry complete information on the payer and the payee. Those authorities should be granted access to complete information on the payer only for the purposes of preventing, investigating and detecting money laundering or terrorist financing.

(12a)

The authorities responsible for combating money laundering and terrorist financing, and relevant judicial and law enforcement agencies in the Member States, should intensify cooperation with each other and with relevant third-country authorities, including those in developing countries, in order further to strengthen transparency, the sharing of information and best practices. The Union should support capacity-building programmes in developing countries to facilitate such cooperation. Systems for collecting evidence and making available data and information relevant to the investigation of offences should be improved without in any way infringing the principles of subsidiarity or proportionality, or fundamental rights, in the Union. [Am. 10]

(12b)

The payment service providers of the payer, the payee and the intermediary service providers should have in place appropriate technical and organisational measures to protect personal data against accidental loss, alteration, unauthorised disclosure or access. [Am. 11]

(13)

For transfers of funds from a single payer to several payees to be sent in an inexpensive way in batch files containing individual transfers from the Union to outside the Union, provision should be made for such individual transfers to carry only the account number of the payer or the payer’s unique transaction identifier provided that complete information on the payer and the payee is contained in the batch file.

(14)

In order to check whether the required information on the payer and the payee accompanies transfers of funds, and to help to identify suspicious transactions, the payment service provider of the payee and the intermediary payment service provider should have effective procedures in place in order to detect whether information on the payer and the payee is missing or incomplete, in particular if numerous payment services are involved to improve the traceability of transfers of funds. Effective checks that the information is available and complete, in particular where several payment service providers are involved, can help make investigation procedures less time consuming and more effective, which, in turn, improves the traceability of transfers of funds. Competent authorities in the Member States should thus ensure that payment service providers include the required transaction information with the wire transfer or related message throughout the payment chain . [Am. 12]

(15)

Owing to the potential terrorist financing threat posed by anonymous transfers, it is appropriate to require payment service providers to request information on the payer and the payee. In line with the risk-based approach developed by FATF, it is appropriate to identify areas of higher and lower risk with a view to better targeting money laundering and terrorist financing risks. Accordingly, the payment service provider of the payee and the intermediary service provider should establish effective risk-based procedures and assess and weigh risks so that resources can be explicitly steered towards high-risk areas of money laundering. Such effective risk-based procedures for cases where a transfer of funds lacks the required payer and payee information, in order to will help payment service providers to decide more effectively whether to execute, reject or suspend that transfer and what appropriate follow-up action to take. Where the payment service provider of the payer is established outside the territory of the Union, enhanced customer due diligence should be applied, in accordance with Directive …/…/EU (*3), in respect of cross-border correspondent banking relationships with that payment service provider. [Am. 13]

(16)

The payment service provider of the payee and the intermediary payment service provider should exercise special vigilance, assessing the risks, when it becomes aware that information on the payer and the payee is missing or incomplete and should report suspicious transactions to the competent authorities, in accordance with the reporting obligations set out in Directive …/…/EU (*4) and national transposition measures.

(17)

The provisions on transfers of funds where information on the payer or the payee is missing or incomplete apply without prejudice to any obligations on payment service providers and the intermediary payment service providers to suspend or reject transfers of funds which violate provisions of civil, administrative or criminal law. The need for identity information on payer or the payee of individuals, legal persons, trusts, foundations, mutual societies, holdings and similar existing or future legal arrangements is a key factor in tracing criminals who might otherwise hide their identity behind corporate structure. [Am. 14]

(18)

Until technical limitations that may prevent intermediary payment service providers from satisfying the obligation to transmit all the information they receive on the payer are removed, those intermediary payment service providers should keep records of that information. Such technical limitations should be removed as soon as payment systems are upgraded. In order to overcome technical limitations, the use of the SEPA credit transfer scheme could be encouraged in interbank transfers between Member States and third countries. [Am. 15]

(19)

Since in criminal investigations it may not be possible to identify the data required or the individuals involved until many months, or even years, after the original transfer of funds and in order to be able to have access to essential evidence in the context of investigations, it is appropriate to require payment service providers to keep records of information on the payer and the payee for the purposes of preventing, investigating and detecting money laundering or terrorist financing. This period should be limited to five years, after which all personal data should be deleted, unless national law provides otherwise. Further retention should be permitted only if necessary for the prevention, detection or investigation of money laundering and terrorist financing and should not exceed ten years. Payment service providers should ensure that data retained under this Regulation is used only for the purposes described herein . [Am. 16]

(20)	To enable prompt action to be taken in the fight against terrorism, payment service providers should respond promptly to requests for information on the payer from the authorities responsible for combating money laundering or terrorist financing in the Member State where they are established.

(21)	The number of working days in the Member State of the payment service provider of the payer determines the number of days to respond to requests for information on the payer.

(22)

In order to improve compliance with the requirements of this Regulation and in accordance with the Commission Communication of 9 December 2010 entitled ‘Reinforcing sanctioning regimes in the financial services sector’, the power to adopt supervisory measures and the sanctioning powers of competent authorities should be enhanced. Administrative sanctions should be provided for and, given the importance of the fight against money laundering and terrorist financing, Member States should lay down sanctions that are effective, proportionate and dissuasive. Member States should notify the Commission thereof, as well as the European Supervisory Authority (European Banking Authority) (‘EBA’), established by Regulation (EU) No 1093/2010 of the European Parliament and of the Council (11), the European Supervisory Authority (European Insurance and Occupational Pensions Authority) (‘EIOPA’), established by Regulation (EU) No 1094/2010 of the European Parliament and of the Council (12), and the European Supervisory Authority (European Securities and Markets Authority) (‘ESMA’), established by Regulation (EU) No 1095/2010 of the European Parliament and of the Council (13).

(23)

In order to ensure uniform conditions for the implementation of Articles XXX Chapter V of this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers  (14). [Am. 17]

(24)

A number of countries and territories which do not form part of the territory of the Union share a monetary union with a Member State, form part of the currency area of a Member State or have signed a monetary convention with the Union represented by a Member State, and have payment service providers that participate directly or indirectly in the payment and settlement systems of that Member State. In order to avoid the application of this Regulation to transfers of funds between the Member States concerned and those countries or territories having a significant negative effect on the economies of those countries or territories, it is appropriate to provide for the possibility for such transfers of funds to be treated as transfers of funds within the Member States concerned.

(25)	In view of the amendments that would need to be made to Regulation (EC) No 1781/2006 of the European Parliament and of the Council of 15 November 2006 on information on the payer accompanying transfers of funds (15), that regulation should be repealed for reasons of clarity.

(26)

Since the objectives of this Regulation cannot be sufficiently achieved by Member States and can therefore, by reason of the scale or effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.

(27)

This Regulation respects the fundamental rights and observes the principles recognized by the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life (Article 7), the right to the protection of personal data (Article 8) and the right to an effective remedy and to a fair trial (Article 47) and the principle of ne bis in idem.

(28)	In order to ensure a smooth introduction of the new anti-money laundering and terrorist financing framework, it is appropriate to coincide the application date of this Regulation with the transposition deadline for Directive …/…/EU (*5).

(28a)

The European Data Protection Supervisor delivered an opinion on 4 July 2013 (16),

HAVE ADOPTED THIS REGULATION:

CHAPTER I

SUBJECT MATTER, DEFINITIONS AND SCOPE

Article 1

Subject matter

This Regulation lays down rules on the information on the payer and the payee accompanying transfers of funds for the purposes of prevention, detection and investigation of money laundering and terrorist financing, when transferring funds.

Article 2

Definitions

For the purposes of this Regulation, the following definitions apply:

(1)	‘terrorist financing’ means terrorist financing as defined in Article 1(4) of Directive …/…/EU (*6);

(2)	‘money laundering’ means the money laundering activities referred to in Article 1(2) or (3) of Directive …/…/EU (*6);

(3)	‘payer’ means a natural or legal person who either carries out a transfer of funds from his or her own account or who places an order for a transfer of funds payer as defined in Article 4(7) of Directive 2007/64/EC ;[Am. 18]

(4)	‘payee’ means a natural or legal person who is the intended recipient of transferred funds payee as defined in Article 4(8) of Directive 2007/64/EC ; [Am. 19]

(5)	‘payment service provider’ means a natural or legal person who provides the payment service of transferring funds in his or her professional capacity provider as defined in Article 4(9) of Directive 2007/64/EC ; [Am. 20]

(6)	‘intermediary payment service provider’ means a payment service provider, neither of the payer nor of the payee, who receives and transmits a fund transfer on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider;

(7)

‘transfer of funds’ means any transaction carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, in particular ‘money remittance services’ and ‘direct debit’ within the meaning of Directive 2007/64/EC, irrespective of whether the payer and the payee are the same person; [Am. 21]

(8)	‘batch file transfer’ means a bundle of several individual transfers of funds put together for transmission;

(9)

‘unique transaction identifier’ means a combination of letters or symbols determined by the payment service provider, in accordance with the protocols of the payment and settlement systems or messaging systems used for the fund transfer, which permits traceability of the transaction back to the payer and the payee;

(10)	‘person-to-person’ transfer of funds means a transaction between two natural persons , who, as consumers, act for purposes other than their trade, business or profession . [Am. 22]

Article 3

Scope

1.   This Regulation shall apply to transfers of funds, in any currency, which are sent or received by a payment service provider established in the Union.

2.   This Regulation shall not apply to transfers of funds carried out using a credit, or debit card debit or prepaid card or voucher , or a mobile telephone, e-money, or any other digital or information technology (IT) device defined in Directive 2014/…/EU [PSD] , where the following conditions are fulfilled: [Am. 23]

(a)	the card or device is used to pay goods and services to a company within professional trade or business ; [Am. 24]

(b)	the number of the card or device accompanies all transfers flowing from the transaction.

However, this Regulation shall apply when a credit, or debit or prepaid card, or a mobile telephone, e-money or any other digital or ITdevice is used in order to effect a person-to-person transfer of funds. [Am. 25]

3.    This Regulation shall not apply to natural or legal persons that have no activity other than to convert paper documents into electronic data and who act under a contract with a payment service provider or to those who have no activity other than to provide payment service providers with messaging or other support systems for transmitting funds or with clearing and settlement systems. [Am. 26]

This Regulation shall not apply to transfers of funds:

(a)	where the transfer of funds entails the payer withdrawing cash from his or her own account;

(b)	where funds are transferred to public authorities as payment for taxes, fines or other levies within a Member State;

(c)	where both the payer and the payee are payment service providers acting on their own behalf.

CHAPTER II

OBLIGATIONS ON PAYMENT SERVICE PROVIDERS

SECTION 1

OBLIGATIONS ON THE PAYMENT SERVICE PROVIDER OF THE PAYER

Article 4

Information accompanying transfers of funds

1.   The payment service provider of the payer shall ensure that the transfer of funds is accompanied by the following information on the payer:

(a)	the name of the payer;

(b)	the payer's account number, where such an account is used to process the transfer of funds, or a unique transaction identifier where no such account is used for that purpose;

(c)	the payer’s address, national identity number, or customer identification number, or date and place of birth. [Am. 27]

2.   The payment service provider of the payer shall ensure that transfers of funds are accompanied by the following information on the payee:

(a)	the name of the payee; and

(b)	the payee's account number, where such an account is used to process the transaction, or a unique transaction identifier where no such account is used for that purpose.

3.   Before transferring the funds, the payment service provider of the payer shall apply customer due diligence measures in accordance with Directive …/…/EU  (*7) and shall verify the accuracy and completeness of the information referred to in paragraph 1 on the basis of documents, data or information obtained from a reliable and independent source. [Am. 28]

4.   Where funds are transferred from the payer's account, the verification referred to in paragraph 3 shall be deemed to have taken place in the following cases:

(a)	where a payer’s identity has been verified in connection with the opening of the account in accordance with Article 11 of Directive …/…/EU (*8) and the information obtained by that verification has been stored in accordance with Article 39 of that Directive; or

(b)	where Article 12(5) of Directive …/…/EU (*8) applies to the payer.

5.   However, by way of derogation from paragraph 3, in the case of transfers of funds not made from an account, the payment service provider of the payer shall shall not verify the information referred to in paragraph 1 if the amount does not exceed at least the name of the payer for transfers of funds of up to EUR 1 000and it does not appear to be linked to other transfers of funds which, together with the transfer in question, and the complete information relating to the payer and the payee referred to in paragraph 1 where the transaction is carried out in several operations that appear to be linked or where they exceed EUR 1 000. [Am. 29]

Article 5

Transfers of funds within the Union

1.   By way of derogation from Article 4(1) and (2), where the payment service provider(s) of both the payer and the payee are established in the Union, only the full name and the account number of the payer and the payee or his the unique transaction identifier shall be provided at the time of the transfer of funds , without prejudice to the information requirements laid down in Article 5(2)(b) and (3)(b) of Regulation (EU) No 260/2012 . [Am. 30]

2.   Notwithstanding paragraph 1, the payment service provider of the payer shall, in the case of an identified higher risk as referred to in the Article 16(2) or (3) of, or in Annex III to, Directive …/…/EU  (*9) , require the complete information relating to the payer and to the payee or, upon request from the payment service provider of the payee or the intermediary payment service provider, make available the information on the payer or the payee in accordance with Article 4, within three working days of receiving that request. [Am. 31]

Article 6

Transfers of funds to outside the Union

1.   In the case of batch file transfers from a single payer where the payment service providers of the payees are established outside the Union, Article 4(1) and (2) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in that Article and that the individual transfers carry the account number of the payer or his unique transaction identifier.

2.   By way of derogation from Article 4(1) and (2), where the payment service provider of the payee is established outside the Union, transfers of funds amounting to EUR 1 000 or less shall be accompanied only by: [Am. 32]

(a)	the name of the payer;

(b)	the name of the payee;

(c)	the account number of both the payer and the payee or the unique transaction identifier.

This information need not be verified for accuracy, unless there is a suspicion of money laundering or terrorist financing.

SECTION 2

OBLIGATIONS ON THE PAYMENT SERVICE PROVIDER OF THE PAYEE

Article 7

Detection of missing information on the payer and the payee

1.   The payment service provider of the payee shall detect whether the fields relating to the information on the payer and the payee in the messaging system or the payment and settlement system used to effect the transfer of funds, have been filled in using the characters or inputs admissible to the internal risk-based established anti-abuse procedures within the conventions of that messaging or payment and settlement system. [Am. 33]

2.   The payment service provider of the payee shall have effective procedures in place in order to detect whether the following information on the payer and the payee is missing:

(a)	for transfers of funds where the payment service provider of the payer is established in the Union, the information required under Article 5;

(b)	for transfers of funds where the payment service provider of the payer is established outside the Union, the information on the payer and the payee referred to in Article 4(1) and (2) and, where applicable, the information required under Article 14; and

(c)	for batch file transfers where the payment service provider of the payer is established outside the Union the information referred to in Article 4(1) and (2) in respect of the batch file transfer.

3.   For transfers of funds amounting to more than EUR 1 000, where the payment service provider of the payer is established outside the Union, the payment service provider of the payee shall verify the identity of the payee if his or her identity has not already been verified.

4.   For transfers amounting to EUR 1 000 or less, where the payment service provider of the payer is established outside the Union, the payment service provider of the payee need not verify the information pertaining to the payee, unless there is a suspicion of money laundering or terrorist financing.

Member States may reduce or waive the threshold where the national risk assessment has advised that checks of transfers of funds not made from an account be intensified. Member States making use of this derogation shall inform the Commission thereof. [Am. 34]

4a.     Where the payment service provider of the payer is established in a third country which presents an increased level of risk, enhanced customer due diligence shall be applied, in accordance with Directive …/…/EU  (*10) , in respect of cross-border correspondent banking relationships with that payment service provider. [Am. 35]

Article 8

Transfers of funds with missing or incomplete information on the payer and the payee

1.   The payment service provider of the payee shall establish effective risk-based procedures , based on the identified risks in Article 16(2) of, and Annex III to, Directive …/…/EU  (*11), for determining when to execute, reject or suspend a transfer of funds lacking the required complete payer and payee information and the appropriate follow-up action. [Am. 36]

In any event, the payment service provider of the payer and the payment service provider of the payee shall comply with any applicable law or administrative provisions relating to money laundering and terrorist financing, in particular Regulation (EC) No 2580/2001, Regulation (EC) No 881/2002 and Directive …/…/EU  (*11). [Am. 37]

If the payment service provider of the payee becomes aware, when receiving transfers of funds, that information on the payer and the payee required under Article 4(1) and (2), Article 5(1) and Article 6 is missing or incomplete or has not been completed using the characters or inputs admissible within the conventions of the messaging or payment and settlement system , it shall either reject the transfer or suspend it and ask for complete information on the payer and the payee before executing the payment transaction . [Am. 38]

2.   Where a payment service provider regularly fails to supply the required complete information on the payer, the payment service provider of the payee shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider or deciding whether or not to restrict or terminate its business relationship with that payment service provider. [Am. 39]

The payment service provider of the payee shall report that fact to the authorities responsible for combating money laundering or terrorist financing.

Article 9

Assessment and Reporting

The payment service provider of the payee shall , in accordance with the payment service provider’s risk-based procedures, consider missing or incomplete information on the payer and the payee to be a factor one of the factors in assessing whether the transfer of funds, or any related transaction, is suspicious, and whether it must be reported to the Financial Intelligence Unit. The payment service provider shall, in its effective risk-based procedures, also focus on, and take appropriate measures regarding, other risk factors as identified in Article 16(3) of, and Annex III to, Directive …/…/EU  (*12) . [Am. 40]

SECTION 3

OBLIGATIONS ON INTERMEDIARY PAYMENT SERVICE PROVIDERS

Article 10

Keeping information on the payer and the payee with the transfer

Intermediary payment service providers shall ensure that all the information received on the payer and the payee that accompanies a transfer of funds is kept with the transfer.

Article 11

Detection of missing information on the payer and the payee

1.   The intermediary payment service provider shall detect whether the fields relating to the information on the payer and the payee in the messaging system or the payment and settlement system used to effect the transfer of funds, have been filled in using the characters or inputs admissible within the conventions of that system.

2.   The intermediary payment service provider shall have effective procedures in place in order to detect whether the following information on the payer and the payee is missing or incomplete : [Am. 41]

(a)	for transfers of funds where the payment service provider of the payer is established in the Union, the information required under Article 5;

(b)	for transfers of funds where the payment service provider of the payer is established outside the Union, the information on the payer and the payee referred to in Article 4(1) and (2) or, where applicable, the information required under Article 14; and

(c)	for batch file transfers, where the payment service provider of the payer is established outside the Union, the information referred to in Article 4(1) and (2) in respect of the batch file transfer.

Article 12

Transfers of funds with missing or incomplete information on the payer and the payee

1.   The intermediary payment service provider shall establish effective risk-based procedures for determining when to execute, reject or suspend a transfer of funds lacking the required payer and payee information and the whether the information received on the payer and the payee is missing or incomplete and shall undertake appropriate follow up action. [Am. 42]

If the intermediary payment service provider becomes aware, when receiving transfers of funds, that information on the payer and the payee required under Article 4(1) and (2), Article 5(1) and Article 6 is missing or incomplete or has not been completed using the characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system , it shall either reject or suspend the transfer or and ask for complete information on the payer and the payee before executing the payment transaction . [Am. 43]

2.   Where a payment service provider regularly fails to supply the required information on the payer, the intermediary payment service provider shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider or deciding whether or not to restrict or terminate its business relationship with that payment service provider.

The intermediary payment service provider shall report that fact to the authorities responsible for combating money laundering or terrorist financing.

Article 13

Assessment and Reporting

The intermediary payment service provider shall consider missing or incomplete information on the payer and the payee to be a factor in assessing whether the transfer of funds, or any related transaction, is suspicious, and whether it must be reported to the Financial Intelligence Unit.

Article 14

Technical limitations

1.   This Article shall apply where the payment service provider of the payer is established outside the Union and the intermediary payment service provider is situated within the Union.

2.   Unless the intermediary payment service provider becomes aware, when receiving a transfer of funds, that information on the payer required under this Regulation is missing or incomplete, it may use a payment system with technical limitations which prevents information on the payer from accompanying the transfer of funds to send transfers of funds to the payment service provider of the payee.

3.   Where the intermediary payment service provider becomes aware, when receiving a transfer of funds, that information on the payer required under this Regulation is missing or incomplete, it shall only use a payment system with technical limitations if it is able to inform the payment service provider of the payee thereof, either within a messaging or payment system that provides for communication of this fact or through another procedure, provided that the manner of communication is accepted by, or agreed between, both payment service providers.

4.   Where the intermediary payment service provider uses a payment system with technical limitations, the intermediary payment service provider shall, upon request from the payment service provider of the payee, make available to that payment service provider all the information on the payer which it has received, irrespective of whether it is complete or not, within three working days of receiving that request.

CHAPTER III

COOPERATION AND RECORD KEEPING

Article 15

Cooperation obligations and equivalence [Am. 44]

1.    Payment service providers and intermediary payment service providers shall respond fully and without delay, in accordance with the procedural requirements established in the national law of the Member State in which they are established, to enquiries exclusively from the authorities responsible for combating money laundering or terrorist financing of that Member State concerning the information required under this Regulation. Specific safeguards shall be put in place in order to ensure that such exchanges of information comply with data protection requirements. No other external authorities or parties shall have access to the data stored by the payment service providers. [Am. 45]

1a.     Because a great proportion of illicit financial flows ends up in tax havens, the Union should increase its pressure on those countries to cooperate in order to combat such illicit financial flows and improve transparency. [Am. 46]

1b.     Payment service providers established in the Union shall apply this Regulation with regard to their subsidiaries and branches operating in third countries that are not deemed to be equivalent.

The Commission shall be empowered to adopt delegated acts in accordance with Article 22a concerning the recognition of the legal and supervisory framework of jurisdictions outside the Union as equivalent to the requirements of this Regulation. [Am. 47]

Article 15a

Data Protection

1.     With regard to the processing of personal data within the framework of this Regulation, payment service providers shall carry out their tasks for the purposes of this Regulation in accordance with national law transposing Directive 95/46/EC.

2.     Payment service providers shall ensure that data retained under this Regulation is used only for the purposes described herein and that it is in no case used for commercial purposes.

3.     Data protection authorities shall have powers, including the indirect access powers, to investigate, either on an ex-officio basis or on the basis of a complaint, any claims as regards problems with personal data processing. This should include, in particular, access to the data file at the payment service provider and competent national authorities. [Am. 48]

Article 15b

Transfer of personal data to third countries or international organisations

The transfer of personal data to a third country or to an international organisation which does not ensure an adequate level of protection within the meaning of Article 25 of Directive 95/46/EC, may take place only if:

(a)	appropriate data protection measures and safeguards are put in place; and

(b)	the supervisory authority has, after assessing those measure and safeguards, given prior authorisation for the transfer. [Am. 49]

Article 16

Record keeping

Information on the payer and the payee shall not be kept any longer than strictly necessary. The payment service provider of the payer and the payment service provider of the payee shall keep records of the information referred to in Articles 4, 5, 6 and 7 for a maximum of five years. In the cases referred to in Article 14(2) and (3), the intermediary payment service provider shall keep records of all information received for five years. Upon expiry of that period, personal data shall be deleted, unless otherwise provided for by national law, which shall determine under which circumstances payment service providers may or shall. Member States may allow or require further retention for a longer retain data. period only in exceptional circumstances, where justified and where reasons have been given, and only if necessary for the prevention, detection or investigation of money laundering and terrorist financing. The maximum retention period following carrying-out of the transfer of funds shall not exceed ten years and the storage of personal data shall comply with national law transposing Directive 95/46/EC . [Am. 50]

The payment service providers of the payer, the payee and the intermediary service providers, shall have in place appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. [Am. 51]

The information collected on the payer or the payee by the payment service providers of the payer, the payee and the intermediary payment service providers shall be deleted following expiry of the retention period. [Am. 52]

Article 16a

Access to information and confidentiality

1.     Payment service providers shall ensure that the information collected for the purposes of this Regulation is accessible only to designated persons or limited to persons strictly necessary for the completion of the undertaken risk.

2.     Payment service providers shall ensure that the confidentiality of the data processed is respected.

3.     Individuals who have access to and who are dealing with personal data of the payer or the payee, shall respect the confidentiality of the data processes as well as the data protection requirements.

4.     Competent authorities shall ensure that specific data protection training is provided to persons who regularly collect or process personal data. [Am. 53]

CHAPTER IV

SANCTIONS AND MONITORING

Article 17

Sanctions

1.   Member States shall lay down the rules on administrative measures and sanctions applicable to breaches of the provisions of this Regulation and shall take all measures necessary to ensure that they are implemented. The sanctions provided for must be effective, proportionate and dissuasive.

2.   Member States shall ensure that where obligations apply to payment services providers, in the case of a breach sanctions may be applied to the members of the management body and to any other individuals who under national law are responsible for the breach.

3.   By … (*13) Member States shall notify the rules referred to in paragraph 1 to the Commission and to the Joint Committee of EBA, EIOPA and ESMA. They shall notify the Commission and the Joint Committee of the EBA, EIOPA and ESMA without delay of any subsequent amendment thereto.

4.   Competent authorities shall have all investigatory powers that are necessary for the exercise of their functions. In the exercise of their sanctioning powers, competent authorities shall cooperate closely to ensure that sanctions or measures produce the desired results and coordinate their action when dealing with cross border cases.

Article 18

Specific provisions

1.   This Article shall apply to the following breaches:

(a)	repeated non-inclusion of required information on the payer and payee by a payment service provider , in breach of Articles 4, 5 and 6; [Am. 54]

(b)	serious failure of payment service providers to ensure record keeping in conformity with Article 16;

(c)	failure of the payment service provider to put in place effective risk-based policies and procedures required under Articles 8 and 12.

(ca)	serious failure by intermediary payment service providers to comply with Articles 11 and 12. [Am. 55]

2.   In the cases referred to in paragraph 1, administrative measures and sanctions that can be applied include at least the following:

(a)	a public statement which indicates the natural or legal person and the nature of the breach;

(b)	an order requiring the natural or legal person to cease the conduct and to desist from a repetition of that conduct;

(c)	in the case of a payment service provider, withdrawal of the authorisation of the provider;

(d)	a temporary ban against any member of the payment service provider's management body or any other natural person, who is held responsible, to exercise functions with the payment service provider;

(e)

in the case of a legal person, administrative pecuniary sanctions of up to 10 % of the total annual turnover of that legal person in the preceding business year; where the legal person is a subsidiary of a parent undertaking, the relevant total annual turnover shall be the total annual turnover resulting from the consolidated account of the ultimate parent undertaking in the preceding business year;

(f)	in the case of a natural person, administrative pecuniary sanctions of up to EUR 5 000 000, or in the Member States whose currency is not the euro, the corresponding value in the national currency on … (*14);

(g)	administrative pecuniary sanctions of up to twice the amount of the profits gained or losses avoided because of the breach where those can be determined.

Article 19

Publication of sanctions

The competent authorities shall publish administrative sanctions and measures imposed in the cases referred to in Article 17 and Article 18(1) shall be published without undue delay including information on the type and nature of the breach and the identity of persons responsible for it, unless such publication would seriously jeopardise the stability of financial markets if necessary and proportionate after a case-by-case evaluation . [Am. 56]

Where publication would cause a disproportionate damage to the parties involved, competent authorities shall publish the sanctions on an anonymous basis.

Where the competent authority of a Member State imposes or applies an administrative penalty or other measure in accordance with Articles 17 and 18, it shall notify EBA of that penalty or measure and of the circumstances under which it was imposed or applied. EBA shall include such notification in the central database of administrative penalties established in accordance with Article 69 of Directive 2013/36/EU of the European Parliament and of the Council  (17) and shall apply to it the same procedures as for all other published penalties. [Am. 57]

Article 20

Application of sanctions by the competent authorities

When determining the type of administrative sanctions or measures and the level of administrative pecuniary sanctions, the competent authorities shall take into account all relevant circumstances, including:

(a)	the gravity and the duration of the breach;

(b)	the degree of responsibility of the responsible natural or legal person;

(c)	the financial strength of the responsible natural or legal person, as indicated by the total turnover of the responsible legal person or the annual income of the responsible natural person;

(d)	the importance of profits gained or losses avoided by the responsible natural or legal person, insofar as they can be determined;

(e)	the losses for third parties caused by the breach, insofar as they can be determined;

(f)	the level of cooperation of the responsible natural or legal person with the competent authority;

(g)	previous breaches by the natural or legal person responsible.

Article 21

Reporting of breaches

1.   Member States shall establish effective mechanisms to encourage reporting of breaches of the provisions of this Regulation to competent authorities. Appropriate technical and organisational measures shall be implemented to protect data against accidental or unlawful destruction, accidental loss, alteration, or unlawful disclosure. [Am. 58]

2.   The mechanisms referred to in paragraph 1 shall include at least:

(a)	specific procedures for the receipt of reports on breaches and their follow-up;

(b)	appropriate protection for whistleblowers and persons who report potential or actual breaches; [Am. 59]

(c)	protection of personal data concerning both the person who reports the breaches and the natural person who is allegedly responsible for a breach, in compliance with the principles laid down in Directive 95/46/EC.

3.   The payment service providers in cooperation with the competent authorities shall establish internal appropriate procedures for their employees to report breaches internally through a specific secure, independent and anonymous channel. [Am. 60]

Article 22

Monitoring

1.    Member States shall require competent authorities to effectively monitor, and take necessary measures with a view to ensuring, compliance with the requirements of this Regulation. EBA may issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, on the processes for implementing this Regulation, taking into account the best practices of Member States. [Am. 61]

1a.     The Commission shall coordinate and carefully monitor the application of this Regulation with regard to payment service providers outside the Union and shall strengthen cooperation, where appropriate, with third-country authorities responsible for investigating and penalising breaches under Article 18. [Am. 62]

1b.     By 1 January 2017, the Commission shall submit a report to the European Parliament and to the Council on the application of Chapter IV, with particular regard to cross-border cases, third-country payment service providers and their national competent authorities’ execution of investigatory and penalising powers. Should there be a risk of a breach relating to the storage of data, the Commission shall take appropriate and effective action, including submitting a proposal to amend this Regulation. [Am. 63]

Article 22a

Exercise of the delegation

1.     The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.     The power to adopt delegated acts referred to in Article 15(1a) shall be conferred on the Commission for an indeterminate period of time from … (*15).

3.     The delegation of power referred to in Article 15(1a) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of that decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.     As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

5.     A delegated act adopted pursuant to Article 15(1a) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or the Council. [Am. 64]

CHAPTER V

IMPLEMENTING POWERS

Article 23

Committee procedure

1.   The Commission shall be assisted by the Committee on the Prevention of Money Laundering and Terrorist Financing (‘the Committee’). The Committee shall be a committee within the meaning of Regulation (EU) No 182/2011.

2.   Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply , provided that implementing provisions adopted under the procedure set out therein do not alter the basic provisions of this Regulation . [Am. 65]

CHAPTER VI

DEROGATIONS

Article 24

Agreements with territories or countries not referred to in Article 355 of the Treaty[Am. 66]

1.    Without prejudice to Article 15(1a), the Commission may , in cases in which equivalence has been substantiated, authorise any Member State to conclude agreements with a country or territory which does not form part of the territory of the Union referred to in Article 355 of the Treaty, which contain derogations from this Regulation, in order to allow for transfers of funds between that country or territory and the Member State concerned to be treated as transfers of funds within that Member State. [Am. 67]

Such agreements may be authorised only if all of the following conditions are met:

(a)	the country or territory concerned shares a monetary union with the Member State concerned, forms part of the currency area of that Member State or has signed a Monetary Convention with the Union represented by a Member State;

(b)	payment service providers in the country or territory concerned participate directly or indirectly in payment and settlement systems in that Member State; and

(c)	the country or territory concerned requires payment service providers under its jurisdiction to apply the same rules as those established under this Regulation.

2.   Any Member State wishing to conclude an agreement as referred to in paragraph 1 shall send an application to the Commission and provide it with all the necessary information.

Upon receipt by the Commission of an application from a Member State, transfers of funds between that Member State and the country or territory concerned shall be provisionally treated as transfers of funds within that Member State, until a decision is reached in accordance with the procedure set out in this Article.

If the Commission considers that it does not have all the necessary information, it shall contact the Member State concerned within two months of receipt of the application and specify the additional information required.

Once the Commission has all the information it considers to be necessary for appraisal of the request, it shall notify the requesting Member State accordingly within one month and shall transmit the request to the other Member States.

3.   Within three months of the notification referred to in the fourth subparagraph of paragraph 2, the Commission shall decide, in accordance with the procedure referred to in Article 23(2) whether to authorise the Member State concerned to conclude the agreement referred to in paragraph 1 of this Article.

In any event, a decision as referred to in the first subparagraph shall be adopted within 18 months of receipt of the application by the Commission.

3a.     For authorised decisions relating to dependent or associated territories already in place, uninterrupted continuation shall be ensured, namely Commission Implementing Decision 2012/43/EU  (18) , Commission Decision 2010/259/EU  (19) , and Commission Decision 2008/982/EC  (20) . [Am. 68]

CHAPTER VII

FINAL PROVISIONS

Article 25

Repeal

Regulation (EC) No 1781/2006 is repealed.

References to the repealed Regulation shall be construed as references to this Regulation and shall be read in accordance with the correlation table in the Annex.

Article 26

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from … (*16).

---

(1)  OJ C 166, 12.6.2013, p. 2.

(2)  OJ C 271, 19.9.2013, p. 31.

(3)  Position of the European Parliament of 11 March 2014.

(4)  Council Regulation (EC) No 2580/2001 of 27 December 2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism (OJ L 344, 28.12.2001, p. 70).

(5)  Council Regulation (EC) No 881/2002 of 27 May 2002 imposing certain specific restrictive measures directed against certain persons and entities associated with the Al-Qaida network (OJ L 139, 29.5.2002, p. 9).

(6)  Directive …/…/EU of the European Parliament and of the Council of… on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (OJ L , , p.).

(*1)  Number, date and OJ reference of the directive adopted on the basis of COD 2013/0025.

(7)   Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ( OJ L 281, 23.11.1995, p. 31).

(*2)  Number of the directive adopted on the basis of COD 2013/0025.

(8)  Regulation (EC) No 924/2009 of the European Parliament and of the Council of 16 September 2009 on cross-border payments in the Community and repealing Regulation (EC) No 2560/2001(OJ L 266, 9.10.2009, p. 11).

(9)  Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 (OJ L 94, 30.3.2012, p. 22).

(10)  Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC (OJ L 319, 5.12.2007, p. 1).

(*3)  Number of the directive adopted on the basis of COD 2013/0025.

(*4)  Number of the directive adopted on the basis of COD 2013/0025.

(11)  Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12).

(12)  Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC (OJ L 331, 15.12.2010, p. 48).

(13)  Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

(14)   Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers ( OJ L 55, 28.2.2011, p. 13).

(15)  OJ L 345, 8.12.2006, p. 1.

(*5)  Number of the directive adopted on the basis of COD 2013/0025.

(16)   OJ C 32, 4.2.2014, p. 9.

(*6)  Number of the directive adopted on the basis of COD 2013/0025.

(*7)   Number of the directive adopted on the basis of COD 2013/0025.

(*8)  Number of the directive adopted on the basis of COD 2013/0025.

(*9)  Number of the directive adopted on the basis of COD 2013/0025.

(*10)  Number of the directive adopted on the basis of COD 2013/0025.

(*11)  Number of the directive adopted on the basis of COD 2013/0025.

(*12)  Number of the directive adopted on the basis of COD 2013/0025.

(*13)  Two years after the entry into force of this Regulation.

(*14)  The date of the entry into force of this Regulation.

(17)   Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).

(*15)  Two years after the entry into force of this Regulation.

(18)   Commission Implementing Decision 2012/43/EU of 25 January 2012 authorising the Kingdom of Denmark to conclude agreements with Greenland and the Faeroe Islands for transfers of funds between Denmark and each of these territories to be treated as transfers of funds within Denmark, pursuant to Regulation (EC) No 1781/2006 of the European Parliament and of the Council (OJ L 24, 27.1.2012, p. 12).

(19)   Commission Decision 2010/259/EU of 4 May 2010 authorising the French Republic to conclude an agreement with the Principality of Monaco for transfers of funds between the French Republic and the Principality of Monaco to be treated as transfers of funds within the French Republic, pursuant to Regulation (EC) No 1781/2006 of the European Parliament and of the Council (OJ L 112, 5.5.2010, p. 23).

(20)   Commission Decision 2008/982/EC of 8 December 2008 authorising the United Kingdom to conclude an agreement with the Bailwick of Jersey, the Bailiwick of Guernsey and the Isle of Man for transfers of funds between the United Kingdom, pursuant to Regulation (EC) No 1781/2006 of the European Parliament and of the Council (OJ L 352, 31.12.2008, p. 34).

(*16)  The date of transposition of the directive adopted on the basis of COD 2013/0025.