How to comply with EU Payments Regulation
Rules that Payment Service Providers must follow to prevent money laundering and terrorist financing.
You’re a ‘Payment Service Provider’ if your business provides transfer of funds services within the EU. That means you are covered by the EU Payments Regulation and the Transfer of Funds Regulations.
The EU Payments Regulation sets out rules about the information on the payer that must be sent with transfers of funds. The aim of these rules is to prevent, detect and investigate money laundering and terrorist financing.
You must comply with the Money Laundering Regulations if your business is a Money Service Business. By complying with these regulations you’ll already be meeting some of the requirements of the EU Payments Regulation.
This guide tells you about the EU Payments Regulation, who it applies to and what you need to do to comply with it. It also tells you about the penalties for not complying with it.
The EU Payments Regulation
The EU Payments Regulation sets out rules for the information about the payer - the person transferring the funds - that has to be sent with a ‘transfer of funds’. A transfer of funds is any transfer that the payer makes through a Payment Service Provider to make funds available for collection at a Payment Service Provider, if at any stage in the process the money is moved electronically, for example by fax or email.
The payer can transfer funds from one bank account to another, or they can give the funds they want to transfer to the Payment Service Provider in cash, by cheque or by credit card. The funds can then be transferred electronically using SWIFT (Society for Worldwide Interbank Financial Telecommunications) or transmitted in another way.
When a Payment Service Provider transfers funds they must normally send ‘Complete Information on the Payer’ with the transfer. This allows the authorities to trace payments if necessary.
If the Payment Service Providers used by the payer and the person receiving the funds are both within the EU then, unless full details are requested, the sender need only give the account number of the payer or another unique identifier selected by the Payment Service Provider.
Who the EU Payments Regulation apply to
You must comply with the EU Payments Regulation rules when you transfer funds if you’re a Money Service Business operating as a Payment Service Provider in the EU. The rules apply to all transfers of funds in any currency that you send or receive.
What to do with the Complete Information on the Payer
You must have Complete Information on the Payer (the payer is the person transferring the funds) when you make or receive any transfer of funds.
This means you’ll need:
- the name of the payer
- the payer’s address - or their date and place of birth
- either their customer identification number, which is provided by the payment service provider, or a national identity number (which is usually their passport number)
- the payer’s account number or a unique identifier which allows the transaction to be traced back to them
You may also need to verify this information in some cases. You verify the information using documents, data or information from a reliable and independent source such as:
- a passport
- a photocard driving licence
- documents issued by a government department
One-off transfers of under €1,000
You do not need to verify the information the payer gives you if the transfer is a one-off payment and you think it’s unlikely to become regular business.
You’ll still need to verify the Complete Information on the Payer if the amount of the funds to be transferred is less than €1,000 and:
- there are several transactions which appear to be linked
- the linked transactions, when added together, exceed €1,000 or the equivalent in another currency
One-off transfers of €1,000 or more
You must verify the Complete Information on the Payer for one-off transfers of €1,000 or more. You must do this before you make the transfer.
Regular transfers - business relationship
You’ll need to verify the Complete Information on the Payer if you’ll be handling transfers for a payer on a regular basis and you develop a ‘business relationship’.
When you have verified the information once you don’t have to do so for every transaction. Instead you’ll need to verify it at regular intervals. How frequently you do it is up to you as it will depend on your assessment of the risk.
Ensure that Complete Information on the Payer is sent with the transfer
You must send the Complete Information on the Payer to the Payment Service Provider acting for the person receiving the funds - the payee - if you’re acting as Payment Service Provider for the payer and you’re transferring funds outside the EU.
You’ll only need to send either the account number or a unique identifier, which allows the transfer to be traced back to the payer, if the payee’s Payment Service Provider is within the EU.
You must make sure you receive the Complete Information on the Payer from the payer’s Payment Service Provider if you’re acting as Payment Service Provider for the payee. You should ask for it or consider rejecting the transfer if you don’t receive it.
If you deal regularly with a Payment Service Provider who fails to send the Complete Information on the Payer, you could consider warning them or setting deadlines to make sure you receive it. If they still fail to send the Complete Information on the Payer, you might decide to restrict or end your business relationship with them.
Missing or incomplete Complete Information on the Payer might be an indication that the transfer of funds is suspicious and should be reported to the National Crime Agency.
You must keep all your Complete Information on the Payer records for 5 years.
You must make sure you keep with the transfer all the information you received with it if you’re an Intermediary Payment Service Provider. This means you’re involved in the transfer of funds but you’re neither the payer’s nor the payee’s Payment Service Provider.
How the EU Payments Regulation links in with Money Laundering Regulations
Some people have to apply for what’s known as a ‘fit and proper’ test before their business can be registered under the Money Laundering Regulations.
HM Revenue and Customs (HMRC) may cancel your registration if you keep failing to comply with the EU Payments Regulation, as you may no longer be accepted as a fit and proper person.
You can read the full text of the EU Payments Regulation on the Europa website.
Third party payments
Third party payments are money transmissions where the receivers of the money remittance order(s) are based in one country, but where settlement for the order(s) is made by the payment of an invoice to a beneficiary (often in another country). This is sometimes described as ‘third party pooling’ or ‘cover payments’. This type of remittance and settlement involves 2 separate transactions, each of which requires the appropriate customer due diligence or enhanced due diligence.
Under the Money Laundering Regulations the settlement of a debt by means of an offset payment is a separate transaction. Your customer is the overseas recipient (for example, a Money Service Business or similar local payment service provider) which pays out the money remittance orders to the individual receiver(s) and which then requests settlement of an invoice to be made to the beneficiary (the ‘third party’).
These transactions are high risk. You should make sure your risk assessment includes indicators of risk and seriously consider if you should apply enhanced due diligence on the overseas recipient. You should think about asking for and verifying additional documents, data or information to satisfy yourself about the identity of the overseas recipient of the payment. You should also keep records of settlement accounts.
Where the payment is to be made against an invoice you should check that the document is genuine. This could include checking if the:
- name and address of the purchasing business are correct
- supplier exists
- description of the goods is credible
- value of the goods is realistic
You should seek further evidence if you have any level of doubt about the invoice, and check that it is genuine by getting supporting documentation such as movement certificates, shipping orders, packing lists and/or bills of loading.
Third party payments exclude circumstances where payment is made to a beneficiary in the UK or elsewhere on the instructions of an overseas customer which does not involve offset of a payment. In this situation the Money Service Business in the UK needs to do the appropriate level of customer due diligence on the overseas customer.
Money transmissions from overseas into the UK - inward remittances
These occur when a customer outside the UK wishes to carry out a transfer of funds to a beneficiary in the UK.
The location of the customer does not affect your need to perform customer due diligence. You must apply customer due diligence and where appropriate, ongoing monitoring if an overseas customer deals directly with you in the UK.
Where the transfer of funds is sent to you from an overseas Money Service Business you must treat them as your customer. Where you are receiving a bulk transfer (where the transfer represents a collection of underlying transactions) the situation is high risk. You should consider if you need to carry out enhanced due diligence.
At the very least you must obtain the number of underlying transactions of each bulk transfer made to you by your customer. This information will allow you to monitor that the number and average value of transactions is consistent with the anticipated level of activity when you began your business relationship. It will also give you an indication of risk, particularly where the number of transactions or the average transaction value is significantly above what you expected.
You should make a note of their explanation where you are not satisfied with the reasons provided by your customer, record why they say the average transaction value has increased and check that they have carried out appropriate customer due diligence. You will need to decide if it is necessary to make any further checks before you decide whether to accept the transaction.
Where the transfer of funds is included in any sort of ‘offset arrangement’ (where you pay the beneficiary from your own funds and the debt owed to you by the overseas Money Service Business is satisfied by a payment from them to a third party at your instruction) this is a separate, potentially high risk transaction. You must perform customer due diligence and if appropriate enhanced due diligence checks on the overseas Money Service Business. Based on your assessment of the risk this should include checking some specific transactions where you have instructed the overseas Money Service Business to make a payment to a third party.
You must also check if complete information on the payer is present and in the case of missing or incomplete information, reject the transfer or ask for the missing information.
Penalties for not complying with the EU Payments Regulation
The Transfer of Funds Regulations give HMRC the power to charge a penalty if a business fails to comply with the EU Payments Regulation.
When HMRC visits your business to check that you’re complying with the Money Laundering Regulations it will also check that you’re complying with the EU Payments Regulation.
If you need more information on the EU Payments Regulation, or you have any queries about how to comply with it, you can contact HMRC.