EXPLANATORY MEMORANDUM
1.CONTEXT OF THE DELEGATED ACT
Payment service providers and electronic money issuers with a head office in a Member State can operate establishments in other, host, Member States. Such establishments have to comply with the anti-money laundering and countering the financing of terrorism (AML/CFT) regime of the Member State in which they are based, even if they are not obliged entities themselves.
To facilitate the AML/CFT supervision of such establishments, several Member States require payment service providers and electronic money issuers to appoint a ‘Central Contact Point’ (CCP). A CCP acts as a point of contact between the payment service provider or electronic money issuer and the host Member State’s competent authority. However, in the absence of a common European approach to CCPs, there is a risk of regulatory arbitrage, which threatens to undermine the robustness of Europe’s AML/CFT defences. There is also a risk that legal uncertainty creates unreasonable obstacles for payment service providers and electronic money issuers wishing to provide services on a cross-border basis.
Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing aims, inter alia, to bring Union legislation in line with international standards on combating money laundering and the financing of terrorism and proliferation.
Article 45(10) of Directive (EU) 2015/849 requires the European Supervisory Authorities (ESAs) to draft a regulatory technical standard on the criteria that Member States should use when deciding whether or not foreign institutions that operate establishments other than a branch in the Member State’s territory should appoint a CCP and what the functions of that CCP point should be. The ESAs were required to submit the draft regulatory technical standards to the Commission by 26 June 2017 with a view for the Commission to adopt them – as a delegated act – in accordance with the procedure set out in accordance in Regulation (EU) No 1093/2010, Regulation (EU) No 1094/2010 and Regulation (EU) No 1095/2010 respectively.
In accordance with Article 10(1) of Regulation (EU) No 1095/2010, the Commission is required to decide within three months of receipt of the draft standards whether to endorse the drafts submitted. The Commission decided to endorse the draft regulatory technical standard submitted, and adopt it in the form of a delegated regulation.
This delegated Regulation:
•
creates legal certainty about the criteria that Member States will use to determine whether or not a CCP must be appointed; and
•
clearly sets out the functions a CCP must have to fulfil its duties.
2.CONSULTATIONS PRIOR TO THE ADOPTION OF THE ACT
The ESAs conducted a public consultation on the draft regulatory technical standard between February and May 2017.
The overview of questions for the public consultation, the replies and feedback from the public consultation, the summary to the key points and other comments received during the public consultation, the ESAs’ response and the action taken to address these comments have been made publically available on the website of the European Banking Authority, at
https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-e-money/rts-on-ccp-to-strengthen-fight-against-financial-crime
In addition, the EBA’s Banking Stakeholder Group (BSG) was directly consulted in view of drafting the regulatory technical standard.
Before drafting the regulatory technical standard, an impact assessment was conducted. It considered the advantages and disadvantages of different policy options and assessed the impacts that the preferred options will have on payment service providers, electronic money issuers and competent authorities. Its results are made available publically at
https://www.eba.europa.eu/-/esas-publish-central-contact-point-standards-in-fight-against-financial-crime
3.LEGAL ELEMENTS OF THE DELEGATED ACT
This delegated regulation sets out the criteria that need to be taken into account when deciding to appoint a CCP and the functions that may be entrusted to the CCP.
In respect of criteria, a two-pronged approach is laid down as to deciding whether or not the appointment of a CCP is appropriate.
Host Member States can require institutions that are headquartered in another Member State to appoint a CCP if certain quantitative criteria are met, namely:
a)
the number of establishments other than a branch that the institution operates in the host Member State’s territory is, or exceeds, 10; or
b)
the amount of the electronic money distributed and redeemed, or the value of the payment transactions executed by such establishments is expected to exceed EUR 3 million per financial year or has exceeded EUR 3 million in the previous financial year; or
c)
the information necessary to assess whether or not criterion (a) or (b) is met is not made available to the host Member State’s competent authority upon request and in a timely manner.
Host Member States can also require institutions that are headquartered in another Member State to appoint a CCP if the money laundering or terrorist financing risk associated with the operation of these institutions’ establishments other than a branch is such that the appointment of a CCP is proportionate even if the criteria in (a), (b) or (c) are not met.
The intention is to create legal certainty and a consistent interpretation of the CCP provisions across the EU, while at the same time allowing Member States to require CCPs where this is necessary in the light of, and commensurate with, the money laundering and terrorist financing risk associated with the operation of foreign institutions’ establishments in their territory.
In respect of functions that a CCP may be entrusted with, Article 45(9) of Directive (EU) 2015/849 already clearly sets out that a CCP has two main functions:
a)
to ensure, on the appointing institution’s behalf, compliance with the host Member State’s AML/CFT requirements; and
b)
to facilitate supervision by the host Member State’s competent authorities. This includes providing the host Member State’s competent authorities with documents and information upon request.
Therefore, CCPs will need to, at a minimum, inform the appointing institution of applicable AML/CFT rules and how these might affect the institution’s AML/CFT policies and processes; and oversee the compliance by establishments other than a branch with applicable AML/CFT rules and take corrective action where necessary.
As part of this, CCPs also need to, at a minimum, be able to access information held by establishments other than a branch; represent the appointing institution in communications with the Member State’s competent authorities and the Financial Intelligence Unit (FIU); and facilitate on-site inspections of establishments if necessary. While not explicitly required, this implies that the CCP should have adequate technical knowledge of applicable AML/CFT requirements as well as sufficient human and financial resources to carry out its functions.
Member States may also determine, based on their assessment of money laundering and terrorist financing risk, that, as part of their duty to ensure compliance with local AML/CFT obligations, the CCPs are required to perform certain additional functions. In particular, it may be appropriate for Member States to require the CCP to submit suspicious transaction reports to the host FIU.
In addition, Article 48(4) of Directive (EU) 2015/849 makes it clear that competent authorities of the host Member State must supervise foreign payment service providers and electronic money issuers who operate establishments other than a branch in their territory to ensure compliance with their AML/CFT obligations. This may include taking temporary measures to address serious failings by those establishments, provided that the nature of the failing means that taking immediate corrective action is necessary.
The power of host competent authorities to sanction breaches of institutions’ establishments in their territory is outside the scope of the mandate in Article 45(10) of Directive (EU) 2015/849.
COMMISSION DELEGATED REGULATION (EU) …/...
of 7.5.2018
supplementing Directive (EU) 2015/849 of the European Parliament and of the Council with regulatory technical standards on the criteria for the appointment of central contact points for electronic money issuers and payment service providers and with rules on their functions
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, and in particular Article 45(11) thereof,
Whereas:
(1)Electronic money issuers and payment service providers may appoint central contact points to ensure, on behalf of the appointing institutions, compliance with anti-money laundering and counter-terrorist financing rules and to facilitate supervision by competent authorities. Member States may require the appointment of a central contact point where payment service providers and electronic money issuers provide services in their territory through establishments in forms other than a branch, but not where they provide services without an establishment.
(2)The appointment of a central contact point to ensure compliance with anti-money laundering and counter-terrorist financing rules appears to be justified where the size and scale of the activities carried out by payment service providers and electronic money issuers through establishments in forms other than a branch meets or exceeds certain thresholds. Those thresholds should be set at a level that is proportionate to the aim of Directive (EU) 2015/849 to facilitate supervision by competent authorities of such establishments’ compliance, on behalf of their appointing institution, with local anti-money laundering and countering the financing of terrorism (AML/CFT) obligations, while at the same time not creating undue regulatory burden on payment service providers and electronic money issuers.
(3) The requirement to appoint a central contact point appears also to be justified where a Member State considers that the risk of money laundering and terrorist financing associated with the operation of such establishments is increased, as demonstrated, for instance, on the basis of an assessment of the money laundering and terrorist financing risk associated with certain categories of payment service providers or electronic money issuers. Member States should not be required to perform a risk assessment of individual institutions for that purpose.
(4)However, in exceptional cases, where Member States have reasonable grounds to believe that the money laundering and terrorist financing risk associated with a particular payment service provider or electronic money issuer that operates establishments in their territory is high, they should be able to require that issuer or provide to appoint a central contact point, even if it does not meet the thresholds laid down in this Regulation or does not belong to a category of institutions that is required to appoint a central contact point based on the Member State’s assessment of money laundering and terrorist financing risk.
(5)Where a central contact point is appointed, it should ensure, on behalf of the appointing electronic money issuer or payment services provider, the compliance by its establishments with the applicable AML/CFT rules. To that end, the central contact point should have a sound understanding of applicable AML/CFT requirements and facilitate the development and implementation of AML/CFT policies and procedures.
(6)The central contact point should, among others, have a central coordinating role between the appointing electronic money issuer or payment services provider and its establishments, and between the electronic money issuer or payment services provider and the competent authorities of the Member State where the establishments operate, to facilitate their supervision.
(7)Member States should be entitled to determine, based on their overall assessment of money laundering and terrorist financing risks associated with the activity of payment service providers and electronic money issuers that are established in their territory in forms other than a branch, that central contact points are required to perform certain additional functions as part of their duty to ensure compliance with local AML/CFT obligations. In particular, it could be appropriate for Member States to require central contact points to submit, on behalf of the appointing electronic money issuer or payment services provider, suspicious transaction reports to the Financial Intelligence Unit (FIU) of the host Member State in whose territory the obliged entity is established.
(8)It is for each Member State to determine whether or not central contact points should take a particular form. Where the form is prescribed, Member States should ensure that the requirements are proportionate and do not go beyond what is necessary to achieve the aim of compliance with AML/CFT rules and facilitate supervision.
(9)This Regulation is based on the draft regulatory technical standards by the European Supervisory Authorities (the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority) to the Commission.
(10)The European Supervisory Authorities have conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Banking Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council, Regulation (EU) No 1094/2010 of the European Parliament and of the Council and Regulation (EU) No 1095/2010 of the European Parliament and of the Council respectively,
HAS ADOPTED THIS REGULATION:
Article 1
Subject matter and scope
This Regulation lays down:
(a)criteria for determining the circumstances in which the appointment of a central contact point pursuant to Article 45(9) of Directive (EU) 2015/849 is appropriate;
(b)rules concerning the functions of central contact points.
Article 2
Definitions
For the purposes of this Regulation, the following definitions apply:
(1)‘competent authority’ means the authority of a Member State competent for ensuring compliance of electronic money issuers and payment service providers that are established in their territory in forms other than a branch and whose head office is situated in another Member State with the requirements of Directive (EU) 2015/849 as transposed by national legislation;
(2)‘host Member State’ means the Member State in whose territory electronic money issuers and payment service providers whose head office is situated in another Member State are established in forms other than a branch;
(3)‘electronic money issuers and payment services providers’ means electronic money issuers as defined in point (3) of Article 2 of Directive 2009/110/EC of the European Parliament and of the Council and payment services providers as defined in point (9) of Article 4 of Directive 2007/64/EC of the European Parliament and of the Council.
Article 3
Criteria for the appointment of a central contact point
1.Host Member States may require electronic money issuers and payment services providers that have establishments in their territory in forms other than a branch, and whose head office is situated in another Member State, to appoint a central contact point where any of the following criteria is met:
(a)the number of such establishments is 10 or more;
(b)the cumulative amount of the electronic money distributed and redeemed, or the cumulative value of the payment transactions executed by the establishments is expected to exceed EUR 3 million per financial year or has exceeded EUR 3 million in the previous financial year;
(c)the information necessary to assess whether or not the criterion in point (a) or (b) is met is not made available to the host Member State’s competent authority upon request and in a timely manner.
2.Without prejudice to the criteria set out in paragraph 1, host Member States may require categories of electronic money issuers and payment services providers that have establishments in their territory in forms other than a branch, and whose head office is situated in another Member State, to appoint a central contact point where this requirement is commensurate to the level of money laundering or terrorist financing risk associated with the operation of those establishments.
3.Host Member States shall base their assessment of the level of money laundering or terrorist financing risk associated with the operation of those establishments on the findings of risk assessments carried out in accordance with Article 6(1) and Article 7(1) of Directive (EU) 2015/849 and other credible and reliable sources available to them. As part of this assessment, host Member States shall take into account at least the following criteria:
(a) the money laundering and terrorist financing risk associated with the types of products and services offered and the distribution channels used;
(b)the money laundering and terrorist financing risk associated with the types of customers;
(c)the money laundering and terrorist financing risk associated with the prevalence of occasional transactions over business relationships;
(d)the money laundering and terrorist financing risk associated with the countries and geographic areas serviced.
3.Without prejudice to the criteria set out in paragraphs 1 and 2, a host Member State may, in exceptional cases, empower the host Member State’s competent authority require an electronic money issuer or payment services provider that has establishments in its territory in forms other than a branch, and whose head office is situated in another Member State, to appoint a central contract point providing that the host Member State has reasonable grounds to believe that the operation of establishments of that electronic money issuer or payment services provider presents a high risk of money laundering and terrorist financing.
Article 4
Ensuring compliance with AML/CFT rules
The central contact point shall ensure that establishments specified in Article 45(9) of Directive (EU) 2015/849 comply with AML/CFT rules of the host Member State. To this end, the central contact point shall:
(a)facilitate the development and implementation of AML/CFT policies and procedures pursuant to Article 8(3) and (4) of Directive EC 2015/849 by informing the appointing electronic money issuer or payment services provider of AML/CFT requirements applicable in the host Member State;
(b)oversee, on behalf of the appointing electronic money issuer or payment services provider, the effective compliance by those establishments with AML/CFT requirements applicable in the host Member State and the appointing electronic money issuer's or payment services provider's policies, controls and procedures adopted pursuant to Article 8(3) and (4) of Directive (EU) 2015/849;
(c)inform the head office of the appointing electronic money issuer or payment services provider of any breaches or compliance issues encountered in those establishments, including any information that may affect the establishment’s ability to comply effectively with the appointing electronic money issuer's or payment services provider’s AML/CFT policies and procedures or that may otherwise affect the appointing electronic money issuer or payment services provider's risk assessment;
(d)ensure, on behalf of the appointing electronic money issuer or payment services provider, that corrective action is taken in cases where those establishments do not comply, or are at risk of not complying, with applicable AML/CFT rules;
(e)ensure, on behalf of the appointing electronic money issuer or payment services provider, that those establishments and their staff participate in training programs referred to in Article 46(1) of Directive (EU) 2015/849;
(f)represent the appointing electronic money issuer or payment services provider in its communications with the competent authorities and the FIU of the host Member State.
Article 5
Facilitation of supervision by competent authorities of the host Member State
The central contact point shall facilitate the supervision by competent authorities of the host Member State of establishments specified in Article 45(9) of Directive (EU) 2015/849. To this end, the central contact point shall, on behalf of the appointing electronic money issuer or payment services provider:
(a)represent the appointing electronic money issuer or payment services provider in its communications with competent authorities;
(b)access information held by those establishments;
(c)respond to any request made by competent authorities related to the activity of those establishments, provide relevant information held by the appointing electronic money issuer or payment services provider and those establishments to competent authorities and report on a regular basis where appropriate;
(d)facilitate on-site inspections of those establishments where required by the competent authorities.
Article 6
Additional functions of a central contact point
1.In addition to the functions specified in Articles 4 and 5, host Member States may require central contact points to perform, on behalf of the appointing electronic money issuer or payment services provider, one or more of the following functions:
(a)file reports pursuant to Article 33(1) of Directive (EU) 2015/849 as transposed in national law of the host Member State;
(b)respond to any request of the FIU related to the activity of establishments specified in Article 45(9) of Directive (EU) 2015/849, and providing relevant information related to such establishments to the FIU;
(c)scrutinise transactions to identify suspicious transactions where appropriate, in light of the size and complexity of the electronic money issuer's or payment services provider’s operations in the host Member State.
2.Host Member States may require central contact points to perform one or more of the additional functions specified in paragraph 1 where those additional functions are commensurate to the overall level of money laundering and terrorist financing risk associated with the operation of those payment service providers and electronic money issuers that have establishments in their territory in forms other than a branch.
3.Host Member States shall base their assessment of the level of money laundering or terrorist financing risk associated with the operation of such establishments on the findings of risk assessments carried out in accordance with Article 6(1) and Article 7(1) of Directive (EU) 2015/849, Article 3(2) of this Regulation where applicable, and other credible and reliable sources available to them.
Article 7
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 7.5.2018
For the Commission
The President
Jean-Claude JUNCKER
