Applicable from 26 June 2017, the EU Funds Transfer Regulation 2015 (FTR 2015) brings with it many unexpected implementation hurdles for payment service providers (PSPs). Christian Westerhaus, head of product & strategy, Institutional Cash Management, Deutsche Bank, explains why there is more to FTR 2015 than meets the eye.
No-one can deny that the theory behind FTR 2015 is admirable. It sets out to ensure the traceability of payments transactions, which is a powerful tool in the prevention, detection, and investigation of money laundering and terrorist financing. Yet, in practice, FTR 2015 is not without its challenges
As such, greater clarity is needed if banks are to avoid unintentional breaches of the rules and unnecessary payment disruption. The industry, as a whole, must act quickly.
Three hurdles ahead
The key challenges posed by FTR 2015 can be summarised as:
1. Significant additional requirements. First and foremost, it is all too easy to underestimate the impact that FTR 2015 will have. The result of repealing and updating FTR 2006, the updated regulation significantly extends the currently applicable requirements. The incoming changes therefore represent an evolution of existing anti-money laundering (AML) and counter terrorist financing (CTF) measures, which should not be taken lightly
In brief, FTR 2015 imposes additional requirements on intermediary PSPs to implement effective procedures to detect whether regulatory required information is transmitted with a transfer of funds. It also requires transmission of payee information and sets higher (qualitative) standards on PSPs to implement effective procedures to detect missing/insufficient information.
This can mean significant additional workload for PSPs, not just a few tweaks to existing practices. With the effective date fast approaching, therefore, financial institutions can no longer afford to downplay the impact of FTR 2015.
2. A regional regulation with a global impact. FTR 2015 applies to a transfer of funds, in any currency, sent or received by a payment services provider (PSP), or an intermediary PSP, established in the EU or any of the three additional countries of the EEA, namely Iceland, Liechtenstein, and Norway. But its impact transcends EEA borders
Under the new regulation, transfers sent from outside the EEA to an EEA-based PSP must be accompanied by certain information. While a PSP established outside the EEA cannot breach FTR 2015 requirements when sending transfers, it should still consider transmitting all the information required under FTR 2015 when sending a transfer to the EEA (to the extent permissible by the PSP’s respective local law, in particular, local data protection laws).
3. Regulatory grey areas. Arguably the most significant concern surrounding FTR 2015 is the regulation’s unclear requirements. And it is feared these ambiguities – if unresolved – could harm FTR 2015’s regulatory effectiveness
The worry is that this could ultimately disrupt payment flows or cause unintended regulatory breaches, as well as fragment the regulatory landscape. And these impacts are not only confined to individual banks. There are potential repercussions for senior managers who are personally liable for their organisation’s controls.
In April, the European Supervisory Authorities (ESAs) issued draft guidelines to coincide with a public consultation period, which ran until 5th June 2017. While these guidelines have provided some clarity, they remain limited in scope as they do not aim to achieve maximum harmonisation. As a result, regulatory grey areas remain that confuse what PSPs must do to fully comply with FTR 2015.
Greater clarity needed
One important regulatory grey area is that surrounding the definition of a repeated failure. Under FTR 2015, when another PSP repeatedly fails to supply the required information, the receiving PSP must react and take (successive) so-called “additional steps” in relation to the PSP and inform competent authorities on the repeated failure and the additional steps taken.
The catch is that FTR 2015 provides no guidance to defining when a failure becomes “repeated”. What’s more, pursuant to the ESAs’ draft guidelines, PSPs may decide to treat other PSPs as repeatedly failing for different reasons, which may include a combination of quantitative and qualitative criteria. As the potential consequences attached to repeated failures are significant, and since the respective regulatory reporting is mandatory, a consistent understanding of the “trigger” is therefore required both by PSPs and the respective competent authorities.
In addition, question marks surround the requirement for a name-number check under FTR 2015, as well as the regulation’s application to SEPA Direct Debits. The definition of linked transactions is also loose. And although the ESAs’ draft guidelines do provide some clarity over the latter, monitoring payments over a six-month timeframe to determine whether they are linked is likely to be extremely difficult.
The road ahead
Despite the many practical challenges, FTR 2015’s ambitions and objectives should be welcomed by the industry. This is a necessary progression towards enhanced AML and CTF financing practices.
Nevertheless, a common understanding among financial institutions and regulators of the scope and requirements of FTR 2015 will be necessary to help address industry concerns around AML and CTF and to prevent unnecessary payment disruption. It is important, therefore, that PSPs collaborate with each other and the regulators in order to create this common understanding – sooner rather than later.