Information session about fit and proper assessments DNB
On Tuesday 28th May from 3:00-4:45 PM CET DNB will organize an online information session about fit and proper assessments.
Read more Information session about fit and proper assessments DNBYou are using an outdated browser. DNB.nl works best with:
Do account information service providers (AISPs) have to perform transaction monitoring?
Published: 24 November 2022
On 1 March 2021, the European Banking Authority (EBA) published the final revised Guidelines on money laundering and terrorist financing (ML/TF) risk factors. The EBA has included new ML/TF risk factors. We have amended these Q&As on the basis of the revised Guidelines.
Pursuant to Section 3(2) of the Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft), AISPs must monitor transactions conducted by their customers1 to prevent their services from being used for money laundering or terrorist financing.
The Financial Supervision Act (Wet op het financieel toezicht - Wft) defines an account information service as:
“an online service for providing consolidated information on one or more payment accounts held by a payment service user with one or more other payment service providers”.
These service providers fall under the Wwft pursuant to Section 1a(1) of that act. We qualify the risks of money laundering and terrorist financing inherent in this specific type of service provider as low. This is because an AISP does not conduct any transaction itself or hold any funds for a payment service user. Nevertheless, AISPs have aggregated data from multiple sources at their disposal, providing opportunities for monitoring transactions that are related to money laundering or terrorist financing. Even when the data received is limited on an aggregated level, it provides additional possibilities for identifying specific patterns that can be used to detect unusual transactions. Accordingly, the low risk inherent in this type of payment institution means that it has to take less far-reaching measures in terms of customer due diligence and transaction monitoring than institutions with an elevated risk.
Under PSD2, banks are not required to share all available data with an AISP. The requirement relates to information that the bank shares with the account holder. The exact data depends on the bank's policy. As a result, the information the account information service provider receives is of a varied and dynamic nature. Information from bank A may be different to that from bank B. The data used by the AISP for transaction monitoring can therefore differ from one bank to another. We require AISPs to take appropriate measures to identify and assess the risk of money laundering and terrorist financing related to their services, taking into account all data available for with payment service users have given their explicit consent.
Using the information from the payment service provider offering the account, it will be possible for the AISP to monitor transactions between linked accounts and transactions to third parties, taking at least the following risk factors into account:
Further risk factors that can be considered:
Connected payment accounts held in a country in the European Economic Area (EEA) could contribute to a lower risk.
Pursuant to Section 3(2) under d of the Wwft, AISPs must monitor transactions conducted between accounts connected by the customer in the account overview for unusual features. They must also monitor transactions to and from third parties for unusual features. These are mostly subjective indicators, such as deviating amounts, unusual frequency of payments, multiple payment accounts to and from which funds are sent and received, and the absence of logic or economic rationale underlying transactions. Transaction monitoring processes must always be risk-based. The foregoing warrants the conclusion that monitoring must be of a higher intensity as more risk factors apply. Conversely, the fewer risk factors apply, the lower the intensity of transaction monitoring can be.
[1]Section 1(1) of the Wwft defines a customer as the natural or legal person with which a business relationship is entered into or on whose behalf a transaction is conducted.
On Tuesday 28th May from 3:00-4:45 PM CET DNB will organize an online information session about fit and proper assessments.
Read more Information session about fit and proper assessments DNBThe rapid development of artificial intelligence (AI) poses challenges for the supervisory work of the AFM and DNB. The supervisory authorities have published a report with criteria and areas of attention for shaping the supervision of AI.
Read more AFM and DNB publish report on the impact of AI on the financial sector and supervisionHow does one bring the professional oath to life in daily practice? Representatives from the financial sector and the supervisory authorities tackled this question at the DNB seminar on the professional oath in late 2022.
Read more The professional oath in daily practiceIn view of our continued support for a deeper and more integrated European Capital Markets Union (CMU), De Nederlandsche Bank (DNB) and the Dutch Authority for the Financial Markets (AFM) present next steps to shape the right policies and create a competitive European capital market.
Read more DNB and AFM: recommendations for a strong European Capital Markets UnionWe use cookies to optimise the user-friendliness of our website.
Read more about the cookies we use and the data they collect in our cookie notice.