2023_6723 Extent of real time transaction monitoring expected when executing and processing payments.

Question ID: 2023_6723
Legal act: Directive (EU) 2015/849 (AMLD)
Topic: Customer Due Diligence
Article: 13
Paragraph: (1)
Subparagraph: (d)
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations: Not applicable
Article/Paragraph: N/A
Name of institution / submitter: Financial Intelligence Analysis Unit
Country of incorporation / residence: Malta
Type of submitter: Competent authority
Subject matter: Extent of real time transaction monitoring expected when executing and processing payments.
Question: Article 13(1)(d) of Directive (EU) 2015/849 sets out the on-going monitoring obligation of obliged entities. This includes the 'scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the obliged entity's knowledge of the customer, the business and risk profile, including where necessary the source of funds'. However, the said Directive does not set out whether or the extent to which the scrutiny of transactions is to take place in real time or post the execution of transactions. This is of particular relevance within the ambit of payment service providers given that these same service providers are also subject to timelines for the execution and processing of payment transactions. To what extent, if at all, do Competent Authorities require payment service providers, including credit institutions that are providing payment services, to carry out real time transaction monitoring? If this is a requirement, do Competent Authorities also require real time transaction monitoring in case of transactions involving high amounts? If Competent Authorities do not require real time transaction monitoring, what is the justification for this position?
Background on the question: In addition to Article 13(1)(d), Article 18(2) of Directive (EU) 2015/849 also requires obliged entities 'to examine, as far as reasonably possible, the background and purpose of all complex and unusually large transactions, and all unusual patters of transactions, which ahve no apparent economic or lawful purpose. In particular, obliged entities shall increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear suspicious'. Moreover, Article 35(1) of the same Directive sets out an obligation on the part of obliged entities 'to refrain from carrying out transactions which they know or suspect to be related to proceeds of criminal activity or to terrorist financing until they have completed the necessary action in accordance with point (a) of the first subparagraph of Article 35(1) and have complied with any further specific instructions from the FIU or the competent authorities in accordance with the law of the relevant Member State'.
GL 4.74 of the EBA’s Risk Factor Guidelines sets out that ‘[f]irms should in any case determine which transactions they will monitor in real time, and which transactions they will monitor ex-post. As part of this, firms should determine: i. which high-risk factors, or combination of high-risk factors, will always trigger real-time monitoring; and ii. which transactions associated with higher ML/TF risk are monitored in real time, in particular those where the risk associated with the business relationship is already increased’.
Article 7(2) of Regulation (EU) 2015/847 requires recipients of payments ‘to implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring’ to detect payment transactions that are not accompanied with the information required in terms of the same Regulation. GL 28 of the Joint Guidelines under Article 25 of Regulation (EU) 2015/847 on the measures payment service providers should take to detect missing or incomplete information on the payer or the payee, and the procedures they should put in place to manage a transfer of funds lacking the required information sets out that ‘PSPs and IPSPs should determine which high-risk factors, or combination of high-risk factors, will always trigger real-time monitoring, and which will trigger a targeted ex-post review. In cases of specific concern, transfers of funds should always be monitored in real time’.
Submission date: 20/02/2023
Rejected publishing date: 12/01/2024
Rationale for rejection: This question has been rejected because the issue it deals with is already explained or addressed in paragraphs 4.74 and 4.75 of Guidelines amending Guidelines EBA/2021/02 on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (‘The ML/TF Risk Factors Guidelines’) under Articles 17 and 18(4) of Directive (EU) 2015/849 (EBA/GL/2023/03). For further information on the purpose of this tool and on how to submit questions, please see 'Additional background and guidance for asking questions'.
Status: Rejected question

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre