Transaction monitoring requirements for payment initiation services (service 7)

On 1 March 2021, the European Banking Authority (EBA) published the final revised Guidelines on money laundering and terrorist financing (ML/TF) risk factors. The EBA has included new ML/TF risk factors. We have amended these Q&As on the basis of the revised Guidelines.

Answer:

Pursuant to Section 3(2) of the Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft), PISPs must monitor transactions conducted by their customers¹ to prevent their services from being used for money laundering or terrorist financing. It is important that they monitor transactions adequately, even if payment service providers (such as banks) have the same obligation.

The Financial Supervision Act (Wet op het financieel toezicht - Wft) defines a payment initiation service as:

“a service for initiating a payment order at the request of a payment service user with respect to a payment account held with another payment service provider."

These service providers fall under the Wwft pursuant to Section 1a(1) of that act. We qualify the risks of money laundering and terrorist financing inherent in this specific type of service provider as low. This is because a PISP does not conduct any transactions itself or hold any funds for a payment service user. This type of payment institution must take less far-reaching measures in terms of customer due diligence and transaction monitoring than institutions with a higher risk.

It also means that a PISP is allowed to perform its transaction monitoring in a risk-based manner. As a minimum, a PISP must carry out periodic post-event checks on the initiated payment orders, taking at least the following risk factors into account:

• The customer transfers funds from different payment accounts to the same payee that, together, amount to a large sum without a clear economic rationale.
• The customer transfers funds from different payment accounts to the same payee that give the PISP reasonable grounds to suspect that the customer is trying to evade specific monitoring thresholds.
• The customer initiates a payment to a jurisdiction associated with higher ML/TF risk or a high-risk third country or someone with known links to those jurisdictions.

Other risk factors that may also be relevant include amounts that differ from a transaction pattern, the frequency and volume of initiated payment orders and insufficient economic rationale for a specific transaction.

Why PISPs must monitor transactions

Like a bank, a payment institution fulfils a gatekeeper role and is responsible for monitoring its transactions. Furthermore, a bank only has insight into transactions that involve the accounts of individual payment service providers. A PISP, by contrast, in some cases has insight into sets of transactions performed, for example, through multiple account servicing payment service providers (ASPSPs), which provides it with an overall view of those ASPSPs. As a result, a PISP may be better placed than a single ASPSP to assess whether specific transactions are unusual in terms of money laundering or terrorist financing. When a PISP detects an unusual transaction of this nature, it must report it to FIU-NL without undue delay.

Risk mitigating factors

As stated above, a risk-based approach can be taken to transaction monitoring. For example, a PISP may use peer groups of similar customers to compare individual customers' transaction behaviour with that of their peer group. In addition, for low-risk customers or groups of customers, it may decide to lower the frequency or decrease the scope of its transaction monitoring. A further risk mitigating factor is the fact that a customer initiates a payment order to a country in the European Economic Area (EEA) or a third country whose requirements for anti-money laundering and the financing of terrorism (AML/CFT) are at least as robust as in the Netherlands. For more information about transaction monitoring, please refer to our guidance document on post-event transaction monitoring for payment service providers (available in Dutch).

Foreign payment initiation service providers

Foreign PISPs that provide direct cross-border services in the Netherlands, and not via a branch office or agency are subject to the anti-money laundering rules of their Member State of origin. They do not fall under the Wwft.

Conclusion

Pursuant to Section 3(2) under d of the Wwft, PISPs must monitor initiated payment orders for unusual features. Transaction monitoring processes must always be risk-based. On this basis, the conclusion is that the more risk factors apply, the more intensive the monitoring should be. Conversely, the fewer risk factors apply, the less intensive the transaction monitoring can be.

[1]Section 1(1) of the Wwft defines a customer as the natural or legal person with which a business relationship is entered into or on whose behalf a transaction is conducted.