REPORT on the proposal for a regulation of the European Parliament and of the Council on information accompanying transfers of funds and certain crypto-assets (recast)
6.4.2022 - (COM(2021)0422 – C9‑0341/2021 – 2021/0241(COD)) - ***I
Committee on Economic and Monetary Affairs
Committee on Civil Liberties, Justice and Home Affairs
Rapporteurs: Ernest Urtasun, Assita Kanko
Joint committee procedure – Rule 58 of the Rules of Procedure
(Recast – Rule 110 of the Rules of Procedure)
PR_COD_1recastingam
- DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION
- EXPLANATORY STATEMENT
- MINORITY POSITION
- ANNEX: LETTER FROM THE COMMITTEE ON LEGAL AFFAIRS
- ANNEX: OPINION OF THE CONSULTATIVE WORKING PARTY OF THE LEGAL SERVICES OF THE EUROPEAN PARLIAMENT, THE COUNCIL AND THE COMMISSION
- PROCEDURE – COMMITTEE RESPONSIBLE
- FINAL VOTE BY ROLL CALL IN COMMITTEE RESPONSIBLE
DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION
on the proposal for a regulation of the European Parliament and of the Council on information accompanying transfers of funds and certain crypto-assets (recast)
(COM(2021)0422 – C9‑0341/2021 – 2021/0241(COD))
(Ordinary legislative procedure – recast)
The European Parliament,
– having regard to the Commission proposal to Parliament and the Council (COM(2021)0422))
– having regard to Article 294(2) and Article 114 of the Treaty on the Functioning of the European Union, pursuant to which the Commission submitted the proposal to Parliament (C9-0341/2021)
– having regard to Article 294(3) of the Treaty on the Functioning of the European Union,
– having regard to the opinion of the European Central Bank of 30 November 2021[1],
– having regard to the opinion of the European Economic and Social Committee of 8 December 2021[2],
– having regard to the Interinstitutional Agreement of 28 November 2001 on a more structured use of the recasting technique for legal acts[3],
– having regard to the letter of 2 March 2022 sent by the Committee on Legal Affairs to the Committee on Economic and Monetary Affairs and the Committee on Civil Liberties, Justice and Home Affairs in accordance with Rule 110(3) of its Rules of Procedure,
– having regard to the provisional agreement approved by the committees responsible under Rule 74(4) of its Rules of Procedure and the undertaking given by the Council representative by letter of [...............] to approve Parliament’s position, in accordance with Article 294(4) of the Treaty on the Functioning of the European Union,
– having regard to Rules 110 and 59 of its Rules of Procedure,
– having regard to the joint deliberations of the Committee on Economic and Monetary Affairs and the Committee on Civil Liberties, Justice and Home Affairs under Rule 58 of the Rules of Procedure,
– having regard to the report of the Committee on Economic and Monetary Affairs and the Committee on Civil Liberties, Justice and Home Affairs (A9-0081/2022),
A. whereas, according to the Consultative Working Party of the legal services of the European Parliament, the Council and the Commission, the Commission proposal does not include any substantive amendments other than those identified as such in the proposal and whereas, as regards the codification of the unchanged provisions of the earlier acts together with those amendments, the proposal contains a straightforward codification of the existing texts, without any change in their substance;
1. Adopts its position at first reading hereinafter set out, taking into account the recommendations of the Consultative Working Party of the legal services of the European Parliament, the Council and the Commission;
2. Calls on the Commission to refer the matter to Parliament again if it replaces, substantially amends or intends to substantially amend its proposal;
3. Instructs its President to forward its position to the Council, the Commission and the national parliaments.
Amendment 1
AMENDMENTS BY THE EUROPEAN PARLIAMENT[4]
to the Commission proposal
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
on information accompanying transfers of funds and certain crypto-assets (recast)
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Central Bank[5],
Having regard to the opinion of the European Economic and Social Committee[6],
Acting in accordance with the ordinary legislative procedure,
Whereas:
(1) Regulation (EU) 2015/847 of the European Parliament and of the Council[7] has been substantially amended[8]. Since further amendments are to be made, that Regulation should be recast in the interests of clarity.
(2) Regulation (EU) 2015/847 was adopted to ensure that the Financial Action Task Force (FATF) requirements on wire transfers services providers, and in particular the obligation on payment service providers to accompany transfers of funds with information on the payer and the payee, were applied uniformly throughout the Union. The latest changes introduced in June 2019 in the FATF standards on new technologies, aiming at regulating so called virtual assets and virtual asset service providers, have provided new and similar obligations for virtual asset service providers, with the purpose to facilitate the traceability of transfers of virtual assets. Thus, under those new requirements, virtual asset transfer service providers must accompany transfers of virtual assets with information on their originators and beneficiaries, that they must obtain, hold, share with counterpart at the other hand of the virtual assets transfer and make available on request to competent authorities.
(3) Given that Regulation (EU) 2015/847 currently only applies to transfer of funds, in the meaning of banknotes and coins, scriptural money and electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC, it is appropriate to extend the scope in order to also cover transfer of virtual assets.
(4) Flows of illicit money through transfers of funds and crypto-assets can damage the integrity, stability and reputation of the financial sector, and threaten the internal market of the Union as well as international development. Money laundering, terrorist financing and organised crime remain significant problems which should be addressed at Union level. The soundness, integrity and stability of the system of transfers of funds and crypto-assets as well as and confidence in the financial system as a whole, could be seriously jeopardised by the efforts of criminals and their associates to disguise the origin of criminal proceeds or to transfer funds or crypto-assets for criminal activities or terrorist purposes.
(5) In order to facilitate their criminal activities, money launderers and financers of terrorism are likely to take advantage of the freedom of capital movements within the Union's integrated financial area unless certain coordinating measures are adopted at Union level. International cooperation within the framework of FATF and the global implementation of its recommendations aim to prevent money laundering and terrorist financing while transferring funds or crypto-assets.
(6) By reason of the scale of the action to be undertaken, the Union should ensure that the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation adopted by FATF on 16 February 2012 and then on 21 June 2019 (revised FATF Recommendations), and, in particular, FATF Recommendation 15 on new technologies (FATF Recommendation 15), FATF Recommendation 16 on wire transfers (‘FATF Recommendation 16’) and the revised interpretative notes on those Recommendations are applied uniformly throughout the Union and that, in particular, there is no discrimination or discrepancy between, on the one hand, national payments or transfers of crypto-assets within a Member State and, on the other, cross-border payments or transfers of crypto-assets between Member States. Uncoordinated action by Member States acting alone in the field of cross-border transfers of funds and crypto-assets could have a significant impact on the smooth functioning of payment systems and crypto-asset transfer services at Union level and could therefore damage the internal market in the field of financial services.
(7) In order to foster a coherent approach in the international context and to increase the effectiveness of the fight against money laundering and terrorist financing, further Union action should take account of developments at international level, in particular the revised FATF Recommendations.
(7a) The global reach, the speed at which transactions can be carried out and the possible anonymity offered by their transfer, make crypto-assets particularly attractive for criminals seeking to carry out illicit transfers across jurisdictions and to operate beyond national borders. In order to effectively address the risks posed by the misuse of crypto-assets for money laundering and terrorist financing purposes, the Union should aim to advance the implementation at global level of the standards established under this Regulation and also to develop the international and cross-jurisdictional dimension of the regulation and supervision of transfers of crypto-assets in relation to money laundering and terrorist financing.
(8) Directive (EU) 2018/843 of the European Parliament and of the Council[9] introduced a definition of virtual currencies and recognised providers engaged in exchange services between virtual currencies and fiat currencies as well as custodian wallet providers among the entities submitted to anti-money laundering and countering terrorism financing requirements in the Union legal framework. The latest international developments, notably within the FATF, now implies the need to regulate additional categories of virtual asset service providers not yet covered as well as to broaden the current definition of virtual currency.
(9) It is to be noted that the definition of crypto-assets in Regulation[10] [please insert reference – proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937-COM/2020/593 final] corresponds to the definition of virtual assets set out in the recommendations of FATF, and the list of crypto-asset services and crypto-asset service providers covered in that Regulation also encompass the virtual asset services providers identified as such by FATF and considered as likely to raise money-laundering concerns. In order to ensure the coherency of the Union legal framework, this proposal should refer to those definitions of crypto-assets and crypto-asset service providers.
(10) The implementation and enforcement of this Regulation represent relevant and effective means of preventing and combating money-laundering and terrorist financing.
(11) This Regulation is not intended to impose unnecessary burdens or costs on payment service providers, crypto-asset service providers or on persons who use their services. In this regard, the preventive approach should be targeted and proportionate and should be in full compliance with the free movement of capital, which is guaranteed throughout the Union.
(12) In the Union's Revised Strategy on Terrorist Financing of 17 July 2008 (the ‘Revised Strategy’), it was pointed out that efforts must be maintained to prevent terrorist financing and to control the use by suspected terrorists of their own financial resources. It is recognised that FATF is constantly seeking to improve its Recommendations and is working towards a common understanding of how they should be implemented. It is noted in the Revised Strategy that implementation of the revised FATF Recommendations by all FATF members and members of FATF-style regional bodies is assessed on a regular basis and that a common approach to implementation by Member States is therefore important.
(13) In addition, the Commission Action Plan of 7 May 2020 for a comprehensive Union policy on preventing money laundering and terrorism financing[11] identified six priority areas for urgent action to improve the Union’s anti-money laundering and countering financing of terrorism regime, including the establishment of a coherent regulatory framework for that regime in the Union to obtain more detailed and harmonised rules, notably to address the implications of technological innovation and developments in international standards and avoid diverging implementation of existing rules. Work at international level suggests a need to expand the scope of sectors or entities covered by the anti-money laundering and countering financing of terrorism rules and to assess how they should apply to providers of crypto-asset transfers not covered so far.
(14) In order to prevent terrorist financing, measures with the purpose of freezing the funds and the economic resources of certain persons, groups and entities have been taken, including Council Regulations (EC) No 2580/2001[12], (EC) No 881/2002[13] and (EU) No 356/2010[14]. To the same end, measures with the purpose of protecting the financial system against the channelling of funds and economic resources for terrorist purposes have also been taken. Directive (EU) 2015/849] of the European Parliament and of the Council[15] contains a number of such measures. Those measures do not, however, fully prevent terrorists or other criminals from accessing payment systems for transferring their funds.
(15) The traceability of transfers of funds and crypto-assets can be a particularly important and valuable tool in the prevention, detection and investigation of money laundering and terrorist financing, as well as in the implementation of restrictive measures, in particular those imposed by Regulations (EC) No 2580/2001, (EC) No 881/2002 and (EU) No 356/2010, in compliance with Union regulations implementing such measures. It is therefore appropriate, in order to ensure the transmission of information throughout the payment or transfers of crypto-assets chain, to provide for a system imposing the obligation on payment service providers and crypto-asset service providers to accompany transfers of funds and crypto-assets with information on the payer and the payee , and, for transfers of crypto-assets, on the originator and the beneficiary.
(16) This Regulation should apply without prejudice to the restrictive measures imposed by regulations based on Article 215 of the Treaty on the Functioning of the European Union (TFEU), such as Regulations (EC) No 2580/2001, (EC) No 881/2002 and (EU) No 356/2010, which may require that payment service providers of payers and of payees, as well as intermediary payment service providers, take appropriate action to freeze certain funds or that they comply with specific restrictions concerning certain transfers of funds.
(17) Processing of personal data under this Regulation should take place in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council[16]. Further processing of personal data for commercial purposes should be strictly prohibited. The fight against money laundering and terrorist financing is recognised as an important public interest ground by all Member States. In applying this Regulation, the transfer of personal data to a third country must be carried out in accordance with Chapter V of Regulation (EU) 2016/679. It is important that payment service providers and providers of crypto-asset transfers operating in multiple jurisdictions with branches or subsidiaries located outside the Union should not be prevented from transferring data about suspicious transactions within the same organisation, provided that they apply adequate safeguards. In addition, the providers of crypto-asset transfers of the originator and the beneficiary, the payment service providers of the payer and of the payee and the intermediary payment service providers should have in place appropriate technical and organisational measures to protect personal data against accidental loss, alteration, or unauthorised disclosure or access, as well as a procedure for the notification of personal data breaches.
(18) Persons that merely convert paper documents into electronic data and are acting under a contract with a payment service provider and persons that provide payment service providers solely with messaging or other support systems for transmitting funds or with clearing and settlement systems should not fall within the scope of this Regulation.
(18a) Persons that merely provide ancillary infrastructure that enables another entity to provide services for the transfer of crypto-assets, such as persons that only provide internet services and cloud services, or software developers, should not fall within the scope of this Regulation unless they provide services for the transfer of crypto-assets on behalf of another person.
(18b) This Regulation should not apply to person-to-person transfers of crypto-assets conducted without the use or involvement of a provider of crypto-asset transfers or other obliged entity, or when both the originator and the beneficiary are providers of crypto-asset transfers acting on their own behalf.
(19) Transfers of funds corresponding to services referred to in points (a) to (m) and (o) of Article 3 of Directive (EU) 2015/2366[17] do not fall within the scope of this Regulation. It is also appropriate to exclude from the scope of this Regulation transfers of funds that represent a low risk of money laundering or terrorist financing. Such exclusions should cover payment cards, electronic money instruments, mobile phones or other digital or information technology (IT) prepaid or postpaid devices with similar characteristics, where they are used exclusively for the purchase of goods or services and the number of the card, instrument or device accompanies all transfers. However, the use of a payment card, an electronic money instrument, a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics in order to effect a person-to-person transfer of funds, falls within the scope of this Regulation. In addition, Automated Teller Machine withdrawals, payments of taxes, fines or other levies, transfers of funds carried out through cheque images exchanges, including truncated cheques, or bills of exchange, and transfers of funds where both the payer and the payee are payment service providers acting on their own behalf should be excluded from the scope of this Regulation.
(19a) Providers of kiosks connected to a distributed ledger network, also known as crypto-asset automated teller machines (‘crypto-ATMs’), enable users to perform transfers of crypto-assets to a crypto-asset address by depositing cash, often without any form of customer identification and verification. Crypto-ATMs are particularly exposed to money laundering risks because the anonymity they provide and the possibility of operating with cash of unknown origin make them an ideal vehicle for illicit activities. Given their role in providing or actively facilitating transfers of crypto-assets, transfers of crypto-assets linked to crypto-ATMs should fall under the scope of this Regulation.
(20) In order to reflect the special characteristics of national payment ▌systems, and provided that it is always possible to trace the transfer of funds back to the payer▌, Member States should be able to exempt from the scope of this Regulation certain domestic low-value transfers of funds, including electronic giro payments, used for the purchase of goods or services. Due to the inherent borderless nature and global reach of transfers of crypto-assets and of the provision of services in crypto-assets, it is difficult to distinguish between purely national transfers and cross-border transfers. Furthermore, the speed at which transactions are carried out, and the virtual nature and technological characteristics of crypto-assets, facilitate the use of techniques aimed at evading the scope of any rules based on thresholds. In order to reflect those specific features of crypto-assets, an exemption from the scope of this Regulation for low-value transfers is therefore not appropriate for transfers of crypto-assets.
(21) Payment service providers and crypto-asset service providers should ensure that the information on the payer and the payee or the originator and the beneficiary is not missing or incomplete.
(22) In order not to impair the efficiency of payment systems ▌and in order to balance the risk of driving transactions underground as a result of overly strict identification requirements against the potential terrorist threat posed by small transfers of funds ▌, the obligation to check whether information on the payer or the payee ▌is accurate should, in the case of transfers of funds ▌where verification has not yet taken place, be imposed only in respect of individual transfers of funds that exceed EUR 1000, unless the transfer appears to be linked to other transfers of funds ▌which together would exceed EUR 1000, the funds ▌have been received or paid out in cash or in anonymous electronic money, or where there are reasonable grounds for suspecting money laundering or terrorist financing.
(22a) Transfers of crypto-assets differ from conventional transfers of funds in a number of ways. The combination of their inherent borderless nature, global reach and technological characteristics, enable users to transfer crypto-assets through thousands of wallets across multiple jurisdictions at a far larger scale and at greater speed than conventional wire transfers. Criminals are able to carry out illicit transfers and avoid detection by structuring a large transaction into smaller amounts, using multiple seemingly unrelated wallet addresses, including one-time use wallet addresses. Associating those wallet addresses to the real identity of a natural or legal person, or detecting linked transfers for the purpose of applying a de minimis threshold, is more challenging as compared to conventional transfers of funds. Most crypto-assets are also highly volatile and their value can fluctuate significantly within a very short time-frame. Such volatility could complicate the implementation and enforcement of a de minimis threshold by providers of crypto-asset transfers and authorities respectively. Therefore, in order to facilitate the detection of linked transfers and prevent the misuse of crypto-assets to facilitate, fund and hide criminal activities and to launder proceeds, a de minimis threshold should not be set for transfers of crypto-asset.
(23) For transfers of funds or for transfers of crypto-assets where verification is deemed to have taken place, payment service providers and providers of crypto-asset transfers should not be required to verify information on the payer or the payee accompanying each transfer of funds, or on the originator and the beneficiary accompanying each transfer of crypto-assets, provided that the obligations laid down in [please insert reference – proposal for a directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849] ▌are met.
(24) In view of the Union legislative acts in respect of payment services, namely Regulation (EC) No 924/2009 of the European Parliament and of the Council[18], Regulation (EU) No 260/2012 of the European Parliament and of the Council[19] and Directive (EU) 2015/2366, it should be sufficient to provide that only simplified information accompany transfers of funds within the Union, such as the payment account number(s) or a unique transaction identifier , or for transfers of crypto-assets, in the case of a transfer not made from or to an account, other means ensuring that the transfer of crypto-assets can be individually identified and that the originator and beneficiary address identifiers are recorded on the distributed ledger.
(25) In order to allow the authorities responsible for combating money laundering or terrorist financing in third countries to trace the source of funds or crypto-assets used for those purposes, transfers of funds or transfer of crypto-assets from the Union to outside the Union should carry complete information on the payer and the payee. Complete information on the payer and the payee should include the Legal Entity Identifier (LEI) when this information is provided by the payer to the payer’s service provider, or, in its absence, any available equivalent official identifier, since that would allow for better identification of the parties involved in a transfer of funds and could easily be included in existing payment message formats such as the one developed by the International Organisation for Standardisation for electronic data interchange between financial institutions. The authorities responsible for combating money laundering or terrorist financing in third countries should be granted access to complete information on the payer and the payee as well as on the originator and the beneficiary only for the purposes of preventing, detecting and investigating money laundering and terrorist financing.
(25a) Crypto-assets exist in a borderless virtual reality and can be transferred to any provider of crypto-asset transfers, whether or not it is registered in a jurisdiction. Many non-Union jurisdictions have in place rules relating to data protection and enforcement that differ from those in the Union. When transferring crypto-assets on behalf of a customer to a provider of crypto-asset transfers that is not registered in the Union, the provider of crypto-asset transfers of the originator should, in addition to the customer due diligence measures laid down in Article 13 of Directive (EU) 2015/849, assess the ability of the provider of crypto-asset transfers of the beneficiary to receive and retain the information required under this Regulation and to protect the confidentiality of the originator's personal data. Where that information cannot be transmitted with the transfer, a record of the information on the originator and beneficiary should nevertheless be retained and made available to competent authorities upon request.
(26) The Member State authorities responsible for combating money laundering and terrorist financing, and relevant judicial and law enforcement authorities in the Member States and at Union level, should intensify cooperation with each other and with relevant third country authorities, including those in developing countries, in order further to strengthen transparency and the sharing of information and best practices.
(27) The requirements of this Regulation should apply to providers of crypto-asset transfers whenever their transactions, whether in fiat currency or a crypto-asset, involve a traditional wire transfer or a transfer of crypto-assets as long as there is a provider of crypto-asset transfers or another obliged entity involved.
(28) Due to the borderless nature and the risks associated with crypto-asset activities and providers of crypto-asset transfers, all transfers of crypto-assets should be treated as cross-border wire transfers, with no simplified domestic wire transfers regime.
(29) The provider of crypto-asset transfers of the originator should ensure that transfers of crypto-assets are accompanied by the name of the originator, the originator’s account number, where such an account exists and is used to process the transaction, the originator’s wallet address, the originator’s crypto-asset account, where a transfer of crypto-assets is not registered on a network using distributed ledger technology or similar technology, and the originator’s address, country, official personal document number, customer identification number or date and place of birth and the current LEI of the originator, where provided by the originator to its provider of crypto-asset transfers. The provider of crypto-asset transfers of the originator should also ensure that transfers of crypto-assets are accompanied by the name of the beneficiary, the beneficiary’s wallet address, the beneficiary’s account number where a transfer of crypto-assets is not registered on a network using distributed ledger technology, and the current LEI of the beneficiary. The information should be submitted in a secure manner and in advance of, or simultaneously or concurrently with, the transfer of crypto-assets when the provider of crypto-asset transfers of the beneficiary is a regulated entity established within the Union, or is established in a third country and is able to receive and retain the information with adequate safeguards for ensuring data protection. Where the provider of crypto-asset transfers of the originator knows, suspects or has reasonable grounds to suspect, that the provider of crypto-asset transfers of the beneficiary does not apply adequate safeguards for ensuring data protection, the provider of crypto-asset transfers of the originator should proceed with the execution of the transfer without transmitting the information. The information should however be retained and made available to competent authorities upon request.
(29a) In cases of a transfer of crypto-assets made from or to an unhosted wallet, the provider of crypto-asset transfers should collect information from its customer both on the originator and the beneficiary. The provider of crypto-asset transfers should verify the accuracy of information with respect to the originator or beneficiary behind the unhosted wallet, and ensure that the transfer of crypto-assets can be individually identified. For transfers to unhosted wallets which are already verified and have a known beneficiary, providers of crypto-asset transfers should not be required to verify information of the originator accompanying each transfer of crypto-assets. Such information should be made available to competent authorities upon request in accordance with Article 33 of Directive (EU) 2015/849. In order not to impair the efficiency of transfers of crypto-assets from providers of crypto-asset transfers to unhosted wallets, providers of crypto-asset transfers should implement effective measures to ensure that the intended transfers are not unduly delayed by verification of the ownership information in relation to unhosted wallets and by reporting procedures.
(30) As regards transfers of funds from a single payer to several payees that are to be sent in batch files containing individual transfers from the Union to outside the Union, provision should be made for such individual transfers to carry only the payment account number of the payer or the unique transaction identifier, as well as complete information on the payee, provided that the batch file contains complete information on the payer that is verified for accuracy and complete information on the payee that is fully traceable.
(31) As regards transfers of crypto-assets, the submission of originator and beneficiary information in batches should be accepted, as long as submission occurs immediately and securely. It should not be permitted to submit the required information after the transfer, as submission must occur before or at the moment the transaction is completed, and crypto-asset service providers or other obliged entities should submit the required information simultaneously with the batch crypto-assets transfer itself.
(32) In order to check whether the required information on the payer and the payee accompanies transfers of funds, and to help identify suspicious transactions, the payment service provider of the payee and the intermediary payment service provider should have effective procedures in place to detect whether information on the payer and the payee is missing or incomplete. Those procedures should include monitoring after or during the transfers where appropriate. Competent authorities should ensure that payment service providers include the required transaction information with the wire transfer or related message throughout the payment chain.
(33) As regards transfers of crypto-assets, the provider of crypto-asset transfers of the beneficiary should implement effective procedures to detect whether the information on the originator or the beneficiary is missing or incomplete or whether the transfer is suspicious. These procedures should include, where appropriate, monitoring after or during the transfers, in order to detect whether the required information on the originator or the beneficiary is missing or incomplete or whether the transfer is suspicious. Before making the crypto-assets available to the beneficiary, the provider of crypto-asset transfers of the beneficiary should verify that the originator of the transfer is not an individual, entity or group subject to targeted restrictive measures and should determine whether there are any other money laundering or terrorism financing risks. Providers of crypto-asset transfers should rely on suitable tools, including innovative technological solutions, to ensure that the transfer of crypto-assets can be individually identified. Providers of crypto-asset transfers should establish and maintain alternative procedures in that respect, including the possibility of not sending personally identifiable information.
(33a) In the case of a transfer of crypto-assets from an unhosted wallet, the provider of crypto-asset transfers of the beneficiary should collect the information required under this Regulation and inform the competent authorities where any of its customers received an amount exceeding EUR 1 000 from unhosted wallets.
(34) Given the potential threat of money laundering and terrorist financing presented by anonymous transfers, it is appropriate to require payment service providers to request information on the payer and the payee. In line with the risk-based approach developed by FATF, it is appropriate to identify areas of higher and lower risk, with a view to better targeting the risk of money laundering and terrorist financing. Accordingly, the crypto-asset service provider of the beneficiary, the payment service provider of the payee and the intermediary payment service provider should have effective risk-based procedures that apply where a transfer of funds lacks the required information on the payer or the payee, or where a transfer of crypto-assets lacks the required information on the originator or the beneficiary, in order to allow them to decide whether to execute, reject or suspend that transfer and to determine the appropriate follow-up action to take.
(34a) Providers of crypto-asset transfers should not facilitate any transfer of crypto-assets to or from crypto-asset service providers that are not established, or that do not have any central contact point or substantive management presence, in any jurisdiction and are unaffiliated with a regulated entity. Such providers should be deemed to be non-compliant providers of crypto-asset transfers. Once the [Regulation on Market in Crypto-assets] applies, notwithstanding any applicable transitional provisions, crypto-asset service providers should not interact with any provider of crypto-asset transfers that operates in the Union without valid authorisation.
(34b) Providers of crypto-asset transfers should also refrain from executing or facilitating transfers associated with a high risk of money-laundering, terrorist financing and other criminal activities. In order to detect situations of high risk, providers of crypto-asset transfers should apply ongoing enhanced due diligence measures with respect to counterparty providers, crypto-asset services and wallet addresses, taking into account a series of specific indicators of potential high risk as well as any information provided by the competent authorities.
(34c) In order to help providers of crypto-asset transfers to comply with such obligations, the European Supervisory Authority (European Banking Authority) established by Regulation (EU) No 1093/2010 of the European Parliament and of the Council[20] (EBA) should maintain a public register of entities, crypto-asset services and wallet addresses that are associated with a high risk of money-laundering, terrorist financing and other criminal activities. Such register should include a non-exhaustive list of non-compliant providers of crypto-asset transfers and other providers associated with high risk as well as a non-exhaustive list of high-risk crypto-asset services and wallet addresses. The inclusion of a specific entity, crypto-asset service or address in the public register should not replace the obligation on the provider of crypto-asset transfers to take adequate and effective measures to comply with the prohibition on interacting with those entities, crypto-asset services and wallets addresses. The public register should enable centralised access to information on high-risk entities, crypto-asset services and wallets addresses provided by competent authorities after evaluation. The EBA should also be able, on its own initiative, to identify high-risk entities, crypto-asset services or wallet addresses to be included in the register.
(34d) The use of mixing and tumbling services should only be allowed in circumstances where it can be shown that the use of such services is necessary to overcome legitimate concerns, such as for privacy reasons. The receiver of crypto-assets that have been used in mixing and tumbling services should demonstrate, where necessary, the legitimacy of the practice for which the crypto-asset is used. Where the legitimacy of its use cannot be proven, a transfer of crypto-assets is to be considered high-risk.
(34e) This Regulation should be reviewed and streamlined in the context of the adoption of the [AMLR] in order to ensure full consistency with the relevant provisions and avoid in particular the duplication of due diligence requirements and legal uncertainty.
(35) The payment service provider of the payee, the intermediary payment service provider and the provider of crypto-asset transfers of the beneficiary should exercise special vigilance, assessing the risks, when either becomes aware that information on the payer or the payee, or the originator or the beneficiary is missing or incomplete, or where a transfer of crypto-assets is required to be considered suspicious based on the origin or destination of the crypto-assets concerned and should report suspicious transactions to the competent authorities in accordance with the reporting obligations set out in this Regulation (EU) [...].
(35a) Similar to transfers of funds between payment service providers, transfers of crypto-assets involving intermediary providers of crypto-asset transfers might facilitate transfers as an intermediate element in a chain of transfers of crypto-assets. In line with international standards, such intermediary providers should also be subject to the requirements set out in this Regulation, in the same way as existing obligations on intermediary payment service providers. The EBA should issue guidelines to clarify how the relevant obligations imposed on providers of crypto-asset transfers apply to intermediary providers of crypto-asset transfers, in order to ensure that all the required information is transmitted along the chain of a transfer of crypto-asset and the information is made available to the competent authorities upon request.
(36) The provisions on transfers of funds and transfers of crypto-assets in relation to which information on the payer or the payee or the originator or the beneficiary is missing or incomplete and in relation to which transfers of crypto-assets are required to be considered suspicious based on the origin or destination of the crypto-assets concerned, apply without prejudice to any obligations on payment service providers, intermediary payment service providers and providers of crypto-asset transfers, to suspend and/or reject transfers of funds which breach a provision of civil, administrative or criminal law.
(37) With the aim of assisting payment service providers and providers of crypto-asset transfers to put effective procedures in place to detect cases in which they receive transfers of funds with missing or incomplete payer or payee information or transfers of crypto-assets with missing or incomplete originator or beneficiary information or that are suspicious in nature, and to take effective follow-up actions, the European Supervisory Authority (European Insurance and Occupational Pensions Authority), established by Regulation (EU) No 1094/2010 of the European Parliament and of the Council[21] (EIOPA), and the European Supervisory Authority (European Securities and Markets Authority), established by Regulation (EU) No 1095/2010 of the European Parliament and of the Council[22] (ESMA), should issue guidelines. The EBA should also issue guidelines specifying technical aspects of the application of this Regulation to direct debits as well as the measures to be taken by payment initiation service providers under this Regulation.
(38) To enable prompt action to be taken in the fight against money laundering and terrorist financing, payment service providers and crypto-asset service providers should respond promptly to requests for information on the payer and the payee or on the originator and the beneficiary from the authorities responsible for combating money laundering or terrorist financing in the Member State where those payment service providers and crypto-asset service provider are established.
(39) The number of working days in the Member State of the payment service provider of the payer or provider of crypto-asset transfers of the originator determines the number of days to respond to requests for information on the payer or the originator.
(40) As it may not be possible in criminal investigations to identify the data required or the individuals involved in a transaction until many months, or even years, after the original transfer of funds or transfer of crypto-assets , and in order to be able to have access to essential evidence in the context of investigations, it is appropriate to require payment service providers or providers of crypto-asset transfers to keep records of information on the payer and the payee or the originator and the beneficiary for a period of time for the purposes of preventing, detecting and investigating money laundering and terrorist financing. That period should be limited to five years, after which all personal data should be permanently deleted. Where legal proceedings concerned with the prevention, detection, investigation or prosecution of suspected money laundering or terrorist financing are pending in a Member State, and a payment service provider holds information or documents relating to those pending proceedings, the payment service provider should be allowed to retain that information or those documents in accordance with national law for an additional period of five years. The storing of personal data beyond the first five years should be consistent with the Directive (EU) 2016/680 of the European Parliament and of the Council[23].
(41) In order to improve compliance with this Regulation, and in accordance with the Commission Communication of 9 December 2010 entitled ‘Reinforcing sanctioning regimes in the financial services sector’, the power to adopt supervisory measures and the sanctioning powers of competent authorities should be enhanced. Administrative sanctions and measures should be provided for and, given the importance of the fight against money laundering and terrorist financing, Member States should lay down sanctions and measures that are effective, proportionate and dissuasive. Member States should notify the Commission and the Joint Committee of EBA, EIOPA and ESMA (the ‘ESAs’) thereof.
(42) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council[24].
(43) A number of countries and territories which do not form part of the territory of the Union share a monetary union with a Member State, form part of the currency area of a Member State or have signed a monetary convention with the Union represented by a Member State, and have payment service providers that participate directly or indirectly in the payment and settlement systems of that Member State. In order to avoid the application of this Regulation to transfers of funds between the Member States concerned and those countries or territories having a significant negative effect on the economies of those countries or territories, it is appropriate to provide for the possibility for such transfers of funds to be treated as transfers of funds within the Member States concerned.
(44) Since the objectives of this Regulation, namely to fight money laundering and the financing of terrorism, including by implementing International Standards, by ensuring the availability of basic information on payers and payees of transfer of funds, and on originators and beneficiaries of transfers of crypto-assets, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale or effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.
(44a) Given the potential high risks associated with, and the technological and regulatory complexity posed by, unhosted wallets , including in relation to the verification of the ownership information, by ... [12 months after the date of application of this Regulation], the Commission should assess the need for additional specific measures to mitigate the risks posed by transfers from and to unhosted wallets, including the introduction of possible restrictions, and assess the effectiveness and proportionality of the mechanisms used to verify the accuracy of the information concerning the ownership of unhosted wallets.
(44b) By ... [three years from the date of entry into force of this Regulation], the Commission should submit to the European Parliament and to the Council a report on the application and enforcement of this Regulation accompanied, if appropriate, by a legislative proposal. That report should include an assessment of, inter alia, the effectiveness of the measures provided for in this Regulation and of the compliance with this Regulation by payment service providers and providers of crypto-asset transfers, the development of technological solutions, the effectiveness and suitability of the de minimis thresholds, the costs and benefits of introducing de minimis thresholds, the effectiveness of international cooperation and information exchange between competent authorities and Financial Intelligence Units (FIUs), the impact of the measures provided for in this Regulation on data protection and fundamental rights, the application of sanctions, in particular whether they are effective, proportionate and dissuasive, the trends in the use of unhosted wallets and the systematic coherence of this Regulation with the Union legislative acts on anti-money laundering and countering terrorist financing.
(44d) At present, Directive (EU) 2015/849 only applies to two categories of providers of crypto-asset transfers, namely, custodial wallets and crypto-to-fiat exchanges. In order to close the existing loophole in the anti-money laundering and terrorist financing framework, Directive (EU) 2015/849 should be amended to update the list of obliged entities to include all categories of crypto-asset service providers as defined in [Regulation on Markets in Crypto-assets], which contemplates a broader scope of providers of crypto-asset transfers.
(45) This Regulation is subject to Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 of the European Parliament and of the Council[25]. It respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life (Article 7), the right to the protection of personal data (Article 8), the right to an effective remedy and to a fair trial (Article 47) and the principle of ne bis in idem.
(46) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered an opinion on […] [26],
---------------------------------------------------------
HAVE ADOPTED THIS REGULATION:
CHAPTER I
SUBJECT MATTER, SCOPE AND DEFINITIONS
Article 1
Subject matter
This Regulation lays down rules on the information on payers and payees, accompanying transfers of funds, in any currency, and the information on originators and beneficiaries, accompanying transfers of crypto-assets, for the purposes of preventing, detecting and investigating money laundering and terrorist financing, and facilitating compliance with restrictive measures, where at least one of the payment or crypto-asset service providers involved in the transfer of funds or crypto-assets is established in the Union.
Article 2
Scope
1. This Regulation shall apply to transfers of funds, in any currency, or crypto-assets, which are sent or received by a payment service provider, a provider of crypto-asset transfers, or an intermediary payment service provider established in the Union.
2. This Regulation shall not apply to the services listed in ▌Article 3, points (a) to (m) and point (o), of Directive (EU) 2015/2366.
2a. This Regulation shall also apply to transfers of crypto-assets executed by means of kiosks connected to a distributed ledger network known as crypto-asset automated teller machines (‘crypto-ATMs’).
3. This Regulation shall not apply to transfers of funds or transfers of crypto-assets carried out by actors regulated under Directive (EU) 2015/2366 using a payment card, an electronic money instrument or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics, where the following conditions are met:
(a) that card, instrument or device is used exclusively to pay for goods or services; and
(b) the number of that card, instrument or device accompanies all transfers flowing from the transaction.
However, this Regulation shall apply when a payment card, an electronic money instrument or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics, is used in order to effect a person-to-person transfer of funds or crypto-assets.
4. This Regulation shall not apply to persons that have no activity other than to convert paper documents into electronic data and that do so pursuant to a contract with a payment service provider, or to persons that have no activity other than to provide payment service providers with messaging or other support systems for transmitting funds or with clearing and settlement systems.
This Regulation shall not apply to providers of ancillary infrastructure that enables another entity to provide services related to the transfer of crypto-assets.
This Regulation shall not apply to transfers of funds if any of the following conditions is fulfilled:
(a) they involve the payer withdrawing cash from the payer's own payment account;
(b) they constitute transfers of funds to a public authority as payment for taxes, fines or other levies within a Member State;
(c) both the payer and the payee are payment service providers acting on their own behalf;
(d) they are carried out through cheque images exchanges, including truncated cheques.
This Regulation shall not apply to transfers of crypto-assets that fulfil any of the following conditions:
(a) both the originator and the beneficiary are providers of crypto-asset transfers acting on their own behalf;
(b) the transfers constitute person-to-person transfers of crypto-assets carried out without the involvement of a provider of crypto-asset transfers or obliged entity as listed in Article 2(1) of Directive (EU) 2015/849.
Electronic money tokens, as defined in Article 3(1), point 4 of Regulation [Regulation on Markets in Crypto-assets] shall be treated as crypto-assets under this Regulation.
5. A Member State may decide not to apply this Regulation to transfers of funds within its territory to a payee's payment account permitting payment exclusively for the provision of goods or services where all of the following conditions are met:
(a) the payment service provider ▌ of the payee is subject to Directive (EU) 2015/849 (b) the payment service provider of the payee ▌ is able to trace back, through the payee, by means of a unique transaction identifier, the transfer of funds from the person who has an agreement with the payee for the provision of goods or services;
(c) the amount of the transfer of funds does not exceed EUR 1000
Article 3
Definitions
For the purposes of this Regulation, the following definitions apply:
(1) ‘terrorist financing’ means terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849
(2) ‘money laundering’ means the money laundering activities referred to in Article 1(3) and (4) of [ Directive (EU) 2015/849];
(3) ‘payer’ means a person that holds a payment account and allows a transfer of funds from that payment account, or, where there is no payment account, that gives a transfer of funds order;
(4) ‘payee’ means a person that is the intended recipient of the transfer of funds;
(5) ‘payment service provider’ means the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC of the European Parliament and of the Council[27], providing transfer of funds services;
(6) ‘intermediary payment service provider’ means a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider;
(7) ‘payment account’ means a payment account as defined in Article 4, point (12), of Directive (EU) 2015/2366;
(8) ‘funds’ means funds as defined in Article 4, point (25), of Directive (EU) 2015/2366;
(9) ‘transfer of funds’ means any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:
(a) a credit transfer as defined in Article 2, point (1), of Regulation (EU) No 260/2012;
(b) a direct debit as defined in Article 2, point (2), of Regulation (EU) No 260/2012;
(c) a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross border;
(d) a transfer carried out using a payment card, an electronic money instrument, or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics;
(10) ‘transfer of crypto-assets’ means any transaction moving, by electronic means, crypto-assets from one wallet address or crypto-asset account to another wallet address or crypto-asset account, carried out or received on behalf of a natural or legal person by at least a provider of crypto-asset transfers or other obliged entity as listed in Article 2(1) of Directive (EU) 2015/849, acting on behalf of either the originator or the beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the provider of crypto-asset transfers of the originator and that of the beneficiary are one and the same,
(11) ‘batch file transfer’ means a bundle of several individual transfers of funds or crypto-assets put together for transmission;
(12) ‘unique transaction identifier’ means a combination of letters, numbers or symbols determined by the payment service provider, in accordance with the protocols of the payment and settlement systems or messaging systems used for the transfer of funds, or determined by a provider of crypto-asset transfers, which permits the traceability of the transaction back to the payer and the payee or the traceability of transfer of crypto-assets back to the originator and the beneficiary;
(13) ‘person-to-person transfer of funds’ means a transaction between natural persons acting, as consumers, for purposes other than trade, business or profession;.
(14) ‘person-to-person transfer of crypto-assets’ means a transaction between natural persons acting, as consumers, for purposes other than trade, business or profession, without the use or involvement of a provider of crypto-asset transfers or other obliged entity;
(15) ‘crypto-asset’means a digital representation of a value or a right that uses cryptography for security purposes and is in the form of a coin or a token, or any other digital medium, which is able to be transferred and stored electronically, using distributed ledger technology or similar technology except when falling under the categories listed in Article 2(2) of [Regulation on Markets in Crypto-assets] or otherwise qualifying as funds.
(16) ‘provider of crypto-asset transfers’ means any natural or legal person whose occupation or business includes the provision of services relating to the transfer of crypto-assets on behalf of another natural or legal person .
(16 a) ‘intermediary provider of crypto-asset transfers’ means a provider of crypto-asset transfers or other obliged entity as listed in Article 2(1) of Directive (EU) 2015/849 that is not the provider of crypto-asset transfers of the originator or of the beneficiary and that receives and transmits a transfer of crypto-assets on behalf of the provider of crypto-asset transfers of the originator or of the beneficiary, or of another intermediary provider of crypto-asset transfers; (17) ‘wallet address’ means ▌ an alphanumeric code that identifies an address that holds crypto-assets on a distributed ledger or on similar technology ;
(18) ‘crypto-asset account’ means an account held with or managed by a provider of crypto-asset transfers for crypto-assets and which is used for the execution of transfers of crypto-assets;
(18 a) ‘unhosted wallet‘ means a wallet address that is not held or managed by a provider of crypto-asset transfers;
(19) ‘originator’ means a person that holds an account with a provider of crypto-asset transfers and allows a transfer of crypto-assets from that account, or, where there is no account, that gives a transfer of crypto-assets order;
(20) ‘beneficiary’ means a person that is the intended recipient of the transfer of crypto-assets;
(21) ‘legal entity identifier’ (LEI) means a unique alphanumeric reference code based on the ISO 17442 standard assigned to a legal entity.
CHAPTER II
OBLIGATIONS ON PAYMENT SERVICE PROVIDERS
SECTION 1
Obligations on the payment service provider of the payer
Article 4
Information accompanying transfers of funds
1. The payment service provider of the payer shall ensure that transfers of funds are accompanied by the following information on the payer:
(a) the name of the payer;
(b) the payer's payment account number;
(c) the payer's address, country, official personal document number, customer identification number or date and place of birth;
(d) subject to the existence of the necessary field in the relevant payments message format, and where provided by the payer to the payer’s Payment service provider, the current Legal Entity Identifier of the payer or, in its absence, any available equivalent official identifier.
2. The payment service provider of the payer shall ensure that transfers of funds are accompanied by the following information on the payee:
(a) the name of the payee;
(b) the payee's payment account number;
(c) subject to the existence of the necessary field in the relevant payments message format, and where provided by the payer to the payer’s Payment service provider, the current Legal Entity Identifier of the payee or, in its absence, any available equivalent official identifier.
3. By way of derogation from point (b) of paragraph 1 and point (b) of paragraph 2, in the case of a transfer not made from or to a payment account, the payment service provider of the payer shall ensure that the transfer of funds is accompanied by a unique transaction identifier rather than the payment account number(s).
4. Before transferring funds, the payment service provider of the payer shall verify the accuracy of the information referred to in paragraph 1 and, where applicable, in paragraph 3, on the basis of documents, data or information obtained from a reliable and independent source.
5. Verification as referred to in paragraph 4 shall be deemed to have taken place where:
(a) a payer's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive; or
(b) Article 14(5) of Directive (EU) 2015/849 applies to the payer.
6. Without prejudice to the derogations provided for in Articles 5 and 6, the payment service provider of the payer shall not execute any transfer of funds before ensuring full compliance with this Article.
Article 5
Transfers of funds within the Union
1. By way of derogation from Article 4(1) and (2), where all payment service providers involved in the payment chain are established in the Union, transfers of funds shall be accompanied by at least the payment account number of both the payer and the payee or, where Article 4(3) applies, the unique transaction identifier, without prejudice to the information requirements laid down in Regulation (EU) No 260/2012, where applicable.
2. Notwithstanding paragraph 1, the payment service provider of the payer shall, within three working days of receiving a request for information from the payment service provider of the payee or from the intermediary payment service provider, make available the following:
(a) for transfers of funds exceeding EUR 1000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, the information on the payer or the payee in accordance with Article 4;
(b) for transfers of funds not exceeding EUR 1000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1000, at least:
(i) the names of the payer and of the payee; and
(ii) the payment account numbers of the payer and of the payee or, where Article 4(3) applies, the unique transaction identifier.
3. By way of derogation from Article 4(4), in the case of transfers of funds referred to in paragraph 2, point (b), of this Article, the payment service provider of the payer need not verify the information on the payer unless the payment service provider of the payer:
(a) has received the funds to be transferred in cash or in anonymous electronic money; or
(b) has reasonable grounds for suspecting money laundering or terrorist financing.
Article 6
Transfers of funds to outside the Union
1. In the case of a batch file transfer from a single payer where the payment service providers of the payees are established outside the Union, Article 4(1) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in Article 4(1), (2) and (3), that that information has been verified in accordance with Article 4(4) and (5), and that the individual transfers carry the payment account number of the payer or, where Article 4(3) applies, the unique transaction identifier.
2. By way of derogation from Article 4(1), and, where applicable, without prejudice to the information required in accordance with Regulation (EU) No 260/2012, where the payment service provider of the payee is established outside the Union, transfers of funds not exceeding EUR 1000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1000, shall be accompanied by at least:
(a) the names of the payer and of the payee; and
(b) the payment account numbers of the payer and of the payee or, where Article 4(3) applies, the unique transaction identifier.
By way of derogation from Article 4(4), the payment service provider of the payer need not verify the information on the payer referred to in this paragraph unless the payment service provider of the payer:
(a) has received the funds to be transferred in cash or in anonymous electronic money; or
(b) has reasonable grounds for suspecting money laundering or terrorist financing.
SECTION 2
Obligations on the payment service provider of the payee
Article 7
Detection of missing information on the payer or the payee
1. The payment service provider of the payee shall implement effective procedures to detect whether the fields relating to the information on the payer and the payee in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.
2. The payment service provider of the payee shall implement effective procedures, including, where appropriate, monitoring after or during the transfers, in order to detect whether the following information on the payer or the payee is missing:
(a) for transfers of funds where the payment service provider of the payer is established in the Union, the information referred to in Article 5;
(b) for transfers of funds where the payment service provider of the payer is established outside the Union, the information referred to in Article 4(1), points (a), (b) and (c), and Article 4(2), points (a) and (b);
(c) for batch file transfers where the payment service provider of the payer is established outside the Union, the information referred to in Article 4(1), points (a), (b) and (c), and Article 4(2), points (a) and (b), in respect of that batch file transfer.
3. In the case of transfers of funds exceeding EUR 1000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before crediting the payee's payment account or making the funds available to the payee, the payment service provider of the payee shall verify the accuracy of the information on the payee referred to in paragraph 2 of this Article on the basis of documents, data or information obtained from a reliable and independent source, without prejudice to the requirements laid down in Articles 83 and 84 of Directive (EU) 2015/2366.
4. In the case of transfers of funds not exceeding EUR 1000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1000, the payment service provider of the payee need not verify the accuracy of the information on the payee, unless the payment service provider of the payee:
(a) effects the pay-out of the funds in cash or in anonymous electronic money; or
(b) has reasonable grounds for suspecting money laundering or terrorist financing.
5. Verification as referred to in paragraphs 3 and 4 shall be deemed to have taken place where:
(a) a payee's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive; or
(b) Article 14(5) of Directive (EU) 2015/849 applies to the payee.
Article 8
Transfers of funds with missing or incomplete information on the payer or the payee
1. The payment service provider of the payee shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis referred to in Article 13 of Directive (EU) 2015/849 for determining whether to execute, reject or suspend a transfer of funds lacking the required complete payer and payee information and for taking the appropriate follow-up action.
Where the payment service provider of the payee becomes aware, when receiving transfers of funds, that the information referred to in Article 4(1), points (a), (b) and (c), Article 4(2), points (a) and (b), Article 5(1) or Article 6 is missing or incomplete or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system as referred to in Article 7(1), the payment service provider of the payee shall reject the transfer or ask for the required information on the payer and the payee before or after crediting the payee's payment account or making the funds available to the payee, on a risk-sensitive basis.
2. Where a payment service provider repeatedly fails to provide the required information on the payer or the payee, the payment service provider of the payee shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.
The payment service provider of the payee shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.
Article 9
Assessment and reporting
The payment service provider of the payee shall take into account missing or incomplete information on the payer or the payee as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious and whether it is to be reported to the Financial Intelligence Unit (FIU) in accordance with Directive (EU) 2015/849
SECTION 3
Obligations on intermediary payment service providers
Article 10
Retention of information on the payer and the payee with the transfer
Intermediary payment service providers shall ensure that all the information received on the payer and the payee that accompanies a transfer of funds is retained with the transfer.
Article 11
Detection of missing information on the payer or the payee
1. The intermediary payment service provider shall implement effective procedures to detect whether the fields relating to the information on the payer and the payee in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.
2. The intermediary payment service provider shall implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the following information on the payer or the payee is missing:
(a) for transfers of funds where the payment service providers of the payer and the payee are established in the Union, the information referred to in Article 5;
(b) for transfers of funds where the payment service provider of the payer or of the payee is established outside the Union, the information referred to in Article 4(1), points (a), (b) and (c), and Article 4(2), points (a) and (b);
(c) for batch file transfers where the payment service provider of the payer or of the payee is established outside the Union, the information referred to in Article 4(1) and (2) in respect of that batch file transfer.
Article 12
Transfers of funds with missing information on the payer or the payee
1. The intermediary payment service provider shall establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds lacking the required payer and payee information and for taking the appropriate follow up action.
Where the intermediary payment service provider becomes aware, when receiving transfers of funds, that the information referred to in Article 4(1), points (a), (b) and (c), Article 4, points (2)(a) and (b), Article 5(1) or Article 6 is missing or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system as referred to in Article 7(1) it shall reject the transfer or ask for the required information on the payer and the payee before or after the transmission of the transfer of funds, on a risk-sensitive basis.
2. Where a payment service provider repeatedly fails to provide the required information on the payer or the payee, the intermediary payment service provider shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.
The intermediary payment service provider shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.
Article 13
Assessment and reporting
The intermediary payment service provider shall take into account missing information on the payer or the payee as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious, and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849.
CHAPTER III
Obligations on providers of crypto-asset transfers
SECTION 1
Obligations on the provider of crypto-asset transfers of the originator
Article 14
Information accompanying transfers of crypto-assets
1. The provider of crypto-asset transfers of the originator shall ensure that transfers of crypto-assets are accompanied by the following information on the originator:
(a) the name of the originator;
(b) the originator’s wallet address, where a transfer of crypto-assets is registered on a network using distributed ledger technology or similar technology, and the crypto-asset account of the originator, where an account is used to process the transaction;
(b a) the originator’s crypto-asset account, where a transfer of crypto-assets is not registered on a network using distributed ledger technology or similar technology;
(c) the originator’s address, country, official personal document number, customer identification number or date and place of birth.
(c a) subject to the existence of the necessary field in the relevant message format, and where provided by the originator to its provider of crypto-asset transfers, the current LEI of the originator or any other available equivalent official identifier.
2. The provider of crypto-asset transfers of the originator shall ensure that transfers of crypto-assets are accompanied by the following information on the beneficiary:
(a) the name of the beneficiary;
(b) the beneficiary’s wallet address, where a transfer of crypto-assets is registered on a network using distributed ledger technology or similar technology, and the beneficiary’s crypto-asset account, where such an account exists and is used to process the transaction;
(b a) the beneficiary’s crypto-asset account, where a transfer of crypto-assets is not registered on a network using distributed ledger technology or similar technology;
(bb) subject to the existence of the necessary field in the relevant message format, and where provided by the beneficiary to its crypto- asset service provider, the current LEI of the beneficiary or any other available equivalent official identifier.
3. By way of derogation from paragraph 1, point (b), and paragraph 2, point (b), in the case of a transfer not made from or to an account, the provider of crypto-asset transfers of the originator shall ensure that the transfer of crypto-assets is accompanied by a unique transaction identifier and record the originator and beneficiary address identifiers on the distributed ledger. To that end, providers of crypto-asset transfers shall rely on suitable tools, including innovative technological solutions, to ensure that the transfer of crypto-assets can be individually identified.
4. The information referred to in paragraphs 1 and 2 shall be submitted in advance of, or simultaneously or concurrently with, the transfer of crypto-assets and in a secure manner and in line with the provisions and obligations of Regulation (EU) 2016/679.
The information referred to in paragraph 1, points (a) and (c), and paragraph 2, point (a), shall not be attached directly to, or be included in, the transfer of crypto-assets.
4a. Where the provider of crypto-asset transfers of the originator knows, suspects or has reasonable grounds to suspect, that the provider of crypto-asset transfers of the beneficiary does not apply appropriate measures in line with Regulation (EU) 2016/679 to protect personal data , the provider of crypto-asset transfers of the originator shall proceed with the execution of the transfer without transmitting the information referred to in paragraph 1, points (a) and (c), and paragraph 2, point (a).
The information referred to in the first subparagraph shall however be retained pursuant to Article 21 of this Regulation and made available to competent authorities upon request.
Providers of crypto-asset transfers shall establish and maintain alternative procedures consistent with the objectives of this Regulation, including the possibility of not sending personally identifiable information. Those procedures shall be subject to appropriate review by competent authorities.
4b. EBA shall issue guidelines in accordance with Article 30 to specify the criteria for assessing whether the provider of crypto-asset transfers of the originator is able to protect personally identifiable information, and the conditions for establishing alternative procedures to ensure the traceability of transfers in cases where the submission of information to the provider of crypto-asset transfers of the beneficiary is to be avoided.
5. Before transferring crypto-assets, the provider of crypto-asset transfers of the originator shall verify the accuracy of the information referred to in paragraph 1 on the basis of documents, data or information obtained from a reliable and independent source.
5a. Before transferring crypto-assets, the provider of crypto-asset transfers of the originator shall screen the information referred to paragraphs 1 and 2 to verify that the originator or the beneficiary of the transfer is not a designated individual, entity or group subject to targeted restrictive measures and to determine whether there are any other money laundering or terrorism financing risks.
5b. In the case of a transfer of crypto-assets made to an unhosted wallet, the provider of crypto-asset transfers of the originator shall collect and retain the information referred to paragraphs 1 and 2, including from its customer, verify the accuracy of that information in accordance with paragraph 5 of this Article and Article 16(2), make such information available to competent authorities upon request, and ensure that the transfer of crypto-assets can be individually identified. For transfers to unhosted wallets which are already verified and have a known beneficiary, providers of crypto-asset transfers shall not be required to verify the information of the originator accompanying each transfer of crypto-assets. Such information shall be made available to competent authorities upon request in accordance with Article 33 of Directive (EU) 2015/849.
Providers of crypto-asset transfers shall adopt effective measures to ensure that the verification of the ownership information in relation to unhosted wallets does not cause undue delay to the execution of the intended transfers.
6. Verification as referred to in paragraph 5 shall be deemed to have taken place where
(a) the identity of the originator has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive or
(b) Article 14(5) of Directive (EU) 2015/849 applies to the originator.
6 a. A provider of crypto-asset transfers may rely on other providers of crypto-asset transfers, whether situated in a Member State or in a third country, to screen the information referred to in paragraphs 1 and 2 on the originator or beneficiary of a transfer to ensure compliance with this Regulation and any restrictive measures, provided that the provider of crypto-asset transfers ensures compliance with the applicable conditions laid down in Chapter II, Section IV of Directive (EU) 2015/849 .
7. The provider of crypto-asset transfers of the originator shall not execute any transfer of crypto-assets before ensuring full compliance with this Article.
Article 15
Transfers of crypto-assets
1. In the case of a batch file transfer from a single originator, Article 14(1) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in Article 14(1), (2) and (3), that that information has been verified in accordance with Article 14(5) and (6), and that the individual transfers are accompanied by the wallet address and the crypto-asset account of the originator, where an account is used to process the transaction, or, where Article 14(3) applies the individual identification of the transfer.
▌
SECTION 2
Obligations on the provider of crypto-asset transfers of the beneficiary
Article 16
Detection of missing information on the originator or the beneficiary
1. The provider of crypto-asset transfers of the beneficiary shall implement effective procedures, including, where appropriate, monitoring after or during the transfers, in order to detect whether the information referred to in Article 14(1) and (2), on the originator or the beneficiary is included in, or follows, the transfer of crypto-assets or batch file transfer.
2. Before making the crypto-assets available to the beneficiary, the provider of crypto-asset transfers of the beneficiary shall verify the accuracy of the information on the beneficiary referred to in paragraph 1 on the basis of documents, data or information obtained from a reliable and independent source, without prejudice to the requirements laid down in Articles 83 and 84 of Directive (EU) 2015/2366.
2a. Before making the crypto-assets available to the beneficiary, the provider of crypto-asset transfers of the beneficiary shall screen the information referred to in Article 14(1) and (2) to verify that the originator or the beneficiary of the transfer is not an individual, entity or group subject to targeted restrictive measures and to determine if there are any other money laundering or terrorism financing risks.
▌
4. Verification as referred to in paragraphs 2 and 3 shall be deemed to have taken place where one of the following applies:
(a) the identity of the crypto-assets transfer beneficiary has been verified in accordance with Article 13 of Directive (EU) 2015/849and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive;
(b) Article 14(5) of Directive (EU) 2015/849 applies to the crypto-assets transfer beneficiary.
4 a. Where there is a transfer of crypto-assets from an unhosted wallet, the provider of crypto-asset transfers of the beneficiary shall collect and retain the information referred to in Article 14(1) and (2) from its customer, verify the accuracy of that information in accordance with paragraph 2 of this Article and Article 14(5), make such information available to competent authorities upon request, and ensure that the transfer of crypto-assets can be individually identified. For transfers of crypto-assets from unhosted wallets which are already verified and have a known originator, providers of crypto-asset transfers shall not be required to verify the information of the originator accompanying each transfer of crypto-assets.
The provider of crypto-asset transfers shall maintain a record of all transfers of crypto-assets from unhosted wallets and notify the competent authority of any customer having received an amount of EUR 1 000 or more from unhosted wallets.
Providers of crypto-asset transfers shall adopt effective measures to ensure that the intended transfers are not unduly delayed by verification of the ownership information in relation to unhosted wallets and by reporting procedures.
Article 17
Transfers of crypto-assets with missing or incomplete information on the originator or the beneficiary
1. The provider of crypto-asset transfers of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis referred to in Article 13 of Directive (EU) 2015/849, including procedures to detect the origin or destination of the transferred crypto-assets, for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information or a transfer that is detected as suspicious and for taking the appropriate follow-up action.
Where the provider of crypto-asset transfers of the beneficiary becomes aware, before making the transfers of crypto-assets available to the beneficiary, that the information referred to in Article 14(1) or (2) or Article 15 is missing or incomplete, or a transfer that is suspicious, the provider of crypto-asset transfers shall on a risk-sensitive basis:
a) immediately reject the transfer or return the transferred crypto-assets to the originator’s crypto-asset account or wallet address; or
b) ask for the required information on the originator and the beneficiary as soon as possible before making the crypto-assets available to the beneficiary;
c) report to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions and hold the transferred crypto-assets without making them available to the beneficiary, pending review by the competent authority, which shall provide specific instructions as soon as possible.
2. Where a provider of crypto-asset transfers repeatedly fails to provide the required information on the originator or the beneficiary, the provider of crypto-asset transfers of the beneficiary shall take steps, which may initially include the issuing of warnings and setting of deadlines, and return the transferred crypto-assets to the originator’s account or address.▌
The provider of crypto-asset transfers of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.
The provider of crypto-asset transfers of the beneficiary shall also determine on a risk sensitive basis whether to reject any future transfers of crypto-assets from or to, or restrict or terminate its business relationship with, a provider of crypto-asset transfers that fails to provide the required information.
Article 18
Assessment and reporting
The provider of crypto-asset transfers of the beneficiary shall take into account missing or incomplete information on the originator or the beneficiary when assessing whether a transfer of crypto-assets, or any related transaction, is suspicious and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849
Article 18a
By ... [12 months after the entry into force of this Regulation], the EBA shall issue guidelines to specify how the relevant obligations imposed on providers of crypto-asset transfers also apply to intermediary providers of crypto-asset transfers, taking into account international standards.
CHAPTER IIIa
MITIGATION MEASURES FOR TRANSFERS OF CRYPTO-ASSETS
Article 18aa
Prohibition of transfers to or from non-compliant providers
1. Providers of crypto-asset transfers and intermediary providers of crypto-asset transfers shall not facilitate any transfer of crypto-assets to or from non-compliant providers of crypto-asset transfers.
The following shall be deemed to be non-compliant providers of crypto-asset transfers:
a) providers of crypto-asset transfers that are not established, or do not have any central contact point or substantive management presence, in any jurisdiction and that are unaffiliated with a regulated entity;
b) providers of crypto-asset transfers operating in the Union without authorisation under Regulation [Regulation on Markets in Crypto-assets].
The condition referred to in point (b) shall apply from ... [date of application of the Regulation on Markets in Crypto-assets], without prejudice to any transitional measures set out in that Regulation.
Article 18ab
Specific enhanced due diligence measures for counterparty providers
With respect to counterparty relationships involving the execution of transfers with a non-Union counterparty provider of crypto-asset transfers, and without prejudice to the customer due diligence measures laid down in Directive (EU) 2015/849, providers of crypto-asset transfers shall be required, when entering into a relationship with such counterparty provider, to do all of the following:
(a) gather sufficient information about the counterparty to understand fully the nature of the counterparty’s business and to determine from publicly available information the reputation of the counterparty and the quality of supervision;
(b) assess the counterparty’s anti-money laundering and countering terrorist financing (AML/CTF) controls;
(c) assess the ability of the counterparty to apply secure measures and adequate safeguards for protecting the confidentiality of personal data;
(d) obtain approval from senior management before establishing a new relationship with a counterparty provider of crypto-asset transfers.
Article 18ac
Specific high-risk factors in relation to transfers of crypto-assets
1. Providers of crypto-asset transfers shall refrain from executing or facilitating transfers associated with a high risk of money-laundering, terrorist financing and other criminal activities.
2. Without prejudice to Article 18ad and the cases of higher risk referred to in Directive (EU) 2015/849, providers of crypto-asset transfers shall implement effective measures to detect whether a transfer of crypto-assets is to be considered high risk, taking into account at least the following factors:
(1) geographical risk factors:
a) provider of crypto-asset transfers registered or domiciled in a country included in the Union AML/CTF list of high-risk third countries or in a third country subject to restrictive measures , or in Annex I or Annex II of the Union list of non-cooperative jurisdictions for tax purposes,
(2) counterparty risk factors:
a) provider of crypto-asset transfers identified as not applying adequate customer identification and verification procedures;
b) provider of crypto-asset transfers identified as not applying secure measures and adequate safeguards for protecting the confidentiality of personal data;
c) provider of crypto-asset transfers identified as having links to money laundering, terrorist financing and other illegal activities;
(3) wallet, services risk factors:
a) privacy wallets, mixers or tumblers, or other anonymising services for transfers of crypto-assets;
b) crypto-asset wallet addresses, including unhosted wallets, identified as being linked to money laundering, terrorist financing.
3. The provider of crypto-asset transfers shall also determine on a risk sensitive basis whether to reject any future transfers of crypto-assets from or to, or restrict or terminate its business relationship with, a provider of crypto-asset transfers associated with a high risk of money-laundering, terrorist financing and other criminal activities.
4. Notwithstanding paragraph 1, with respect to privacy wallets, mixers or tumblers, or other anonymising services for transfers of crypto-assets, the provider of the crypto-asset transfer shall obtain additional information on the purpose of the intended transfer and a justification for legitimate use, before deciding whether to reject or suspend a transfer, and shall report its decision to the competent authority.
Article 18ad
Public register of non-compliant or high-risk providers of crypto-asset transfers and high-risk wallet addresses
1. In order to facilitate compliance with Article 18aa and Article 18ab, the EBA shall set up and maintain a non-exhaustive public register to enable centralised access to all of the following information:
a) non-compliant providers of crypto-asset transfers operating within and outside the Union as referred to in Article 18aa; and
b) high-risk providers of crypto-asset transfers;
c) high-risk crypto-asset services and wallet addresses.
2. The EBA shall regularly review the public register taking into account any changes of circumstances concerning the providers, services and wallet addresses included in the register or any information that is brought to its attention.
3. The information contained in the EBA public register shall be available in machine-readable format and allow the extraction of data by provider of crypto-asset transfers.
4. Where a provider of crypto-asset transfers becomes aware that a counterparty provider or another provider of crypto-asset transfers operating within or outside the Union might be a non-compliant provider of crypto-asset transfers pursuant to Article 18 aa or that provider or wallet address might be deemed high risk pursuant to Article 18ab, it shall promptly report that information to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.
5. Where a competent authority following an evaluation, concludes that a provider of crypto-asset transfers operating within or outside the Union is to be considered a non-compliant provider of crypto-asset transfers in accordance with Article 18aa or that a crypto-asset service or wallet address is to be considered high risk in accordance with Article 18ab, it shall promptly inform EBA and EBA shall include that information in the register.
The EBA may also, on its own initiative, carry out an analysis for the purposes of identifying non-compliant providers of crypto-asset transfers or high-risk crypto-asset service or high-risk wallet address to be included in the register.
6. Providers of crypto-asset transfers shall not rely exclusively on the central register to fulfil their enhanced due diligence requirements in accordance with this Chapter.
CHAPTER IV
INFORMATION, DATA PROTECTION AND RECORD RETENTION
Article 19
Provision of information
Payment service providers and providers of crypto-asset transfers shall respond fully and without delay, including by means of a central contact point in accordance with Article 45(9) of Directive (EU) 2015/849 , where such a contact point has been appointed, and in accordance with the procedural requirements laid down in the national law of the Member State in which they are established, to enquiries exclusively from the authorities responsible for preventing and combating money laundering or terrorist financing of that Member State concerning the information required under this Regulation.
Article 20
Data protection
1. The processing of personal data under this Regulation is subject to Regulation (EU) 2016/679. Personal data that is processed pursuant to this Regulation by the Commission or EBA is subject to Regulation (EU) 2018/1725.
2. Personal data shall be processed by payment service providers and providers of crypto-asset transfers on the basis of this Regulation only for the purposes of the prevention of money laundering and terrorist financing and shall not be further processed in a way that is incompatible with those purposes. The processing of personal data on the basis of this Regulation for commercial purposes shall be prohibited.
3. Payment service providers and providers of crypto-asset transfers shall provide new clients with the information required pursuant to Article 13 of Regulation (EU) 2016/679 before establishing a business relationship or carrying out an occasional transaction. That information shall be accessible, clear and transparent including in particular, a general notice concerning the legal obligations of payment service providers and provider of crypto-asset transfers under this Regulation when processing personal data for the purposes of the prevention of money laundering and terrorist financing.
4. Payment service providers and providers of crypto-asset transfers shall ensure that the confidentiality of the data processed is respected.
Article 21
Record retention
1. Information on the payer and the payee, or, for transfers of crypto-assets, on the originator and beneficiary, shall not be retained for longer than strictly necessary. Payment service providers of the payer and of the payee shall retain records of the information referred to in Articles 4 to 7 and providers of crypto-asset transfers of the originator and beneficiary shall retain records of the information referred to in Articles 14 to 16, for a period of five years.
2. Upon expiry of the retention period referred to in paragraph 1, payment service providers and providers of crypto-asset transfers shall ensure that the personal data is permanently deleted.
3. Where legal proceedings concerned with the prevention, detection, investigation or prosecution of suspected money laundering or terrorist financing are pending in a Member State, and a payment service provider or a provider of crypto-asset transfers, holds information or documents relating to those pending proceedings, the payment service provider or the provider of crypto-asset transfers may retain that information or those documents in accordance with national law for an additional period of five years.
Article 21a
Cooperation among competent authorities
The exchange of information among national competent authorities and with relevant third-country authorities under this Regulation shall be subject to the provisions laid down in Directive (EU) 2015/849.
CHAPTER V
SANCTIONS AND MONITORING
Article 22
Administrative sanctions and measures
1. Without prejudice to the right to provide for and impose criminal sanctions, Member States shall lay down the rules on administrative sanctions and measures applicable to breaches of the provisions of this Regulation and shall take all measures necessary to ensure that they are implemented. The sanctions and measures provided for shall be effective, proportionate and dissuasive and shall be consistent with those laid down in accordance with Chapter IV, Section 4, of Directive (EU) 2015/849
Member States may decide not to lay down rules on administrative sanctions or measures for breach of the provisions of this Regulation which are subject to criminal sanctions in their national law. In that case, Member States shall communicate to the Commission the relevant criminal law provisions.
2. Member States shall ensure that where obligations apply to payment services providers and providers of crypto-asset transfers, in the event of a breach of provisions of this Regulation, sanctions or measures can, subject to national law, be applied to the members of the management body and to any other natural person who, under national law, is responsible for the breach.
3. Member States shall notify the rules referred to in paragraph 1 to the Commission and to the Joint Committee of the ESAs. Member States shall notify the Commission and EBA without undue delay of any subsequent amendments thereto.
4. In accordance with Article 58(4) of Directive (EU) 2015/849 competent authorities shall have appropriate resources and all the supervisory and investigatory powers that are necessary for the exercise of their functions. In the exercise of their powers to impose administrative sanctions and measures, competent authorities shall cooperate closely to ensure that those administrative sanctions or measures produce the desired results and coordinate their action when dealing with cross-border cases.
5. Member States shall ensure that legal persons can be held liable for the breaches referred to in Article 23 committed for their benefit by any person acting individually or as part of an organ of that legal person, and having a leading position within the legal person based on any of the following:
(a) power to represent the legal person;
(b) authority to take decisions on behalf of the legal person; or
(c) authority to exercise control within the legal person.
6. Member States shall also ensure that legal persons can be held liable where the lack of supervision or control by a person referred to in paragraph 5 has made it possible to commit one of the breaches referred to in Article 23 for the benefit of that legal person by a person under its authority.
7. Competent authorities shall exercise their powers to impose administrative sanctions and measures in accordance with this Regulation in any of the following ways:
(a) directly;
(b) in collaboration with other authorities;
(c) under their responsibility by delegation to such other authorities;
(d) by application to the competent judicial authorities.
In the exercise of their powers to impose administrative sanctions and measures, competent authorities shall cooperate closely in order to ensure that those administrative sanctions or measures produce the desired results and coordinate their action when dealing with cross-border cases.
Article 23
Specific provisions
Member States shall ensure that their administrative sanctions and measures include at least those laid down in Article 59(2) and (3) of Directive (EU) 2015/849 of in the event of the following breaches of this Regulation:
(a) repeated or systematic failure by a payment service provider to include the required information on the payer or the payee, in breach of Article 4, 5 or 6 or by a provider of crypto-asset transfers to include the required information on the originator and beneficiary, in breach of Articles 14 and 15;
(b) repeated, systematic or serious failure by a payment service provider or provider of crypto-asset transfers to retain records, in breach of Article 21;
(c) failure by a payment service provider to implement effective risk-based procedures, in breach of Article 8 or 12 or by a provider of crypto-asset transfers to implement effective risk-based procedures, in breach of Article 17 or 18ab;
(d) serious failure by an intermediary payment service provider to comply with Article 11 or 12;
(da) failure to comply with the prohibition on facilitating transfers to non-compliant providers of crypto-asset transfers in breach of Article 18aa, or to comply with the prohibition referred to in Article 18ac.
Article 24
Publication of sanctions and measures
In accordance with Article 60(1), (2) and (3) of Directive (EU) 2015/849 the competent authorities shall publish administrative sanctions and measures imposed in the cases referred to in Articles 22 and 23 of this Regulation without undue delay, including information on the type and nature of the breach and the identity of the persons responsible for it, if necessary and proportionate after a case-by-case evaluation.
Article 25
Application of sanctions and measures by the competent authorities
1. When determining the type of administrative sanctions or measures and the level of administrative pecuniary sanctions, the competent authorities shall take into account all relevant circumstances, including those listed in Article 60(4) of Directive (EU) 2015/849.
2. As regards administrative sanctions and measures imposed in accordance with this
Regulation, Article 62 of Directive (EU) 2015/849 shall apply.
Article 26
Reporting of breaches
1. Member States shall establish effective and proportionate mechanisms to encourage the reporting to competent authorities of breaches of this Regulation.
Those mechanisms shall include at least those referred to in Article 61(2) of Directive (EU) 2015/849 2. Payment service providers and providers of crypto-asset transfers, in cooperation with the competent authorities, shall establish appropriate internal procedures for their employees, or persons in a comparable position, to report breaches internally through a secure, independent, specific and anonymous channel, proportionate to the nature and size of the payment service provider or the provider of crypto-asset transfers concerned.
Article 27
Monitoring
1. Member States shall require competent authorities to monitor effectively and to take the measures necessary to ensure compliance with this Regulation and encourage, through effective and proportionate mechanisms, the reporting of breaches of the provisions of this Regulation to competent authorities.
2. Two years after the entry into force of this Regulation and every three years thereafter the Commission shall submit a report to the European Parliament and to the Council on the application of Chapter IV, with particular regard to cross-border cases.
CHAPTER VI
IMPLEMENTING POWERS
Article 28
Committee procedure
1. The Commission shall be assisted by the Committee on the Prevention of Money Laundering and Terrorist Financing. That Committee shall be a committee within the meaning of Regulation (EU) No 182/2011.
2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.
CHAPTER VII
DEROGATIONS
Article 29
Agreements with countries and territories which do not form part of the territory of the Union
1. The Commission may authorise any Member State to conclude an agreement with a third country or with a territory outside the territorial scope of the TEU and the TFEU as referred to in Article 355 TFEU (the ‘country or territory concerned’), which contains derogations from this Regulation, in order to allow transfers of funds between that country or territory and the Member State concerned to be treated as transfers of funds within that Member State.
Such agreements may be authorised only where all of the following conditions are met:
(a) the country or territory concerned shares a monetary union with the Member State concerned, forms part of the currency area of that Member State or has signed a monetary convention with the Union represented by a Member State;
(b) payment service providers in the country or territory concerned participate directly or indirectly in payment and settlement systems in that Member State;
(c) the country or territory concerned requires payment service providers under its jurisdiction to apply the same rules as those established under this Regulation.
2. A Member State wishing to conclude an agreement as referred to in paragraph 1 shall submit a request to the Commission and provide it with all the information necessary for the appraisal of the request.
3. Upon receipt by the Commission of such a request, transfers of funds between that Member State and the country or territory concerned shall be provisionally treated as transfers of funds within that Member State until a decision is reached in accordance with this Article. Such decisions shall be made without undue delay.
4. If, within two months of receipt of the request, the Commission considers that it does not have all the information necessary for the appraisal of the request, it shall contact the Member State concerned and specify the additional information required.
5. Within one month of receipt of all the information that it considers to be necessary for the appraisal of the request, the Commission shall notify the requesting Member State accordingly and shall transmit copies of the request to the other Member States.
6. Within three months of the notification referred to in paragraph 5 of this Article, the Commission shall decide, without undue delay, whether to authorise the Member State concerned to conclude the agreement that is the subject of the request. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 28(2).
The Commission shall, in any event, adopt a decision as referred to in the first subparagraph within 18 months of receipt of the request.
Article 30
Guidelines
The ESAs shall issue guidelines addressed to the competent authorities, payment service providers and providers of crypto-asset transfers in accordance with Article 16 of Regulation (EU) No 1093/2010 on measures to be taken in accordance with this Regulation, in particular as regards the implementation of Articles 7, 8, 11, 12, 14, 16 and 17 thereof. From 1 January 2020, EBA shall, where appropriate, issue such guidelines
The EBA shall issue guidelines specifying technical aspects of the application of this Regulation to direct debits as well as the measures to be taken by payment initiation service providers under this Regulation, taking into account their limited role in payment transactions.
Article 30a
Review clause
1. By 12 months after the entry into force of Regulation [Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849], the Commission shall review this Regulation and shall, if appropriate, propose amendments in order to ensure a consistent approach and alignment with [Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849].
2. By ... [12 months after the date of application of this Regulation], the Commission shall assess the need for specific measures to mitigate the risks posed by transfers from or to unhosted wallets, including an analysis of the effectiveness and proportionality of mechanisms to obtain and verify the accuracy of the information concerning the ownership of unhosted wallets and the need to apply restrictions on transfers from or to unhosted wallets and propose, if appropriate, amendments to this Regulation.
3. By ... [three years from the date of entry into force of this Regulation], the Commission shall submit to the European Parliament and to the Council a report on the application and enforcement of this Regulation accompanied, if appropriate, by a legislative proposal.
That report shall include the following elements:
(a) an assessment of the effectiveness of the measures provided for in this Regulation and the compliance with this Regulation by payment service providers and providers of crypto-asset transfers;
(aa) an assessment of the development of technological solutions for complying with the obligations imposed on providers of crypto-asset transfers under this Regulation, including the latest developments in crypto-asset industry-led standard settings initiatives that mirror existing messaging and reporting data standards and the use of blockchain analysis for identifying the origin and destination of transfers in crypto-assets and know your transaction (KYT) assessment;
ab) an assessment of the effectiveness and suitability of the de minimis thresholds related to transfers of funds, in particular with respect to the scope of application and the set of information accompanying transfers, and an assessment of the need of lowering or removing such threshold related to transfer of funds;
ac) assessment of the costs and benefits of introducing de minimis thresholds related to the set of information accompanying transfers of crypto-assets, including an assessment of the related money laundering and terrorist financing risks;
(b) an assessment of the effectiveness of international cooperation and information exchange between competent authorities and FIUs;
(c) the impact of the measures provided for in this Regulation on data protection and fundamental rights;
(d) an assessment as regards to the application of sanctions, in particular whether they are effective, proportionate and dissuasive, and the need to further harmonise the administrative sanctions laid down in Chapter V for infringements of the requirements established in this Regulation;
(e) an analysis of the trends in the use of unhosted wallets to perform transfers without the involvement of a third party, together with an assessment of the related money laundering and terrorist financing risks and an evaluation of the need, effectiveness and enforceability of additional mitigation measures, including specific obligations on providers of hardware and software wallets and limitations, control or prohibition of transfers involving unhosted wallets;
(f) an assessment on the systematic coherence of this Regulation with the Union legislative acts on AML/CFT.
The Report shall take into account the developments as well as relevant evaluations, assessments and reports drawn up by international organisations and standard setters in the field of preventing money laundering and combating terrorist financing, law enforcement authorities and intelligence agencies and any information provided by crypto-asset service providers or reliable sources.
CHAPTER VIII
FINAL PROVISIONS
Article 30b
Amendments to Directive (EU) 2015/849
Directive (EU) 2015/849 is amended as follows:
(1) Article 2(1), point 3, is amended as follows:
(a) point (g) is replaced by the following:
‘(g) crypto-asset service providers;’;
(b) point (h) is deleted;
(2) Article 3 is amended as follows:
(a) point 18 is replaced by the following:
‘(18) ‘crypto-asset’ means a crypto-asset as defined in Article 3(1), point (2), of [Regulation on Markets in Crypto-assets] except when falling under the categories listed in Article 2(2) and (2a) of that Regulation or otherwise qualifying as funds;’;
(b) point 19 is replaced by the following:
‘(19) ‘crypto-asset service providers ’ means a crypto-asset service provider as defined in Article 3(1), point (8), of Regulation [Regulation on Markets in Crypto-assets] where performing one or more crypto-asset services as defined in Article 3(1), point (9), of that Regulation, with the exception of providing advice on crypto-assets as defined in point (9)(h) of that Article.’;
(3) in Article 67, the following paragraph is added:
‘2a. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with the previous paragraph by... [date of application of Regulation on Markets in Crypto-assets]. They shall immediately communicate the text of those provisions to the Commission.’
Article 30c
Transitional arrangements
1. Member States shall ensure that payment service providers, providers of crypto-asset transfers, and intermediary payment service providers as well as intermediary providers of crypto-asset transfers are licensed or registered, subject to adequate supervision in accordance with Article 47 of Directive 2015/849.
2. Member States shall require competent authorities to ensure that the persons who hold a management function in the entities referred to in paragraph 1, or are the beneficial owners of such entities, are fit and proper persons.
3. The EBA shall provide guidance and assist the relevant supervisors until the date on which the Anti-Money Laundering Authority established by [AMLA Regulation] (AMLA) becomes operational pursuant to that Regulation.
4. For the purposes of paragraph 2, and in order to facilitate and promote effective cooperation, and in particular the exchange of information, the EBA shall issue guidelines, addressed to competent authorities, on the characteristics of a risk-based approach to supervision and the steps to be taken when conducting supervision on a risk-based basis.
By ...[3 months after the entry into force of this Regulation], the EBA shall issue such guidelines, taking into account relevant information on the risks associated with customers, products and services offered by providers of crypto-asset transfers, as well as geographical risk factors.
By ... [date of application of AMLA Regulation] the responsibilities attributed to the EBA under this Regulation shall be deemed to be taken over by the AMLA, without prejudice to any additional competences attributed to the AMLA under that Regulation.
Article 30d
Alignment with Regulation [Regulation on Markets in Crypto-assets]
The Commission is empowered to adopt delegated acts within three months after the entry into force of [Regulation on Markets in Crypto-assets] in order to amend this Regulation by updating and aligning the definitions contained in article 3, paragraph 1, points 10, 13, 14, and 15 of this Regulation with the relevant definitions contained in that Regulation, where necessary.
Article 31
Repeal
Regulation (EU) 2015/847 is repealed. References to the repealed Regulation shall be construed as references to this Regulation and shall be read in accordance with the correlation table in Annex II.
Article 32
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
By ... [9 months after entry into force of this Regulation], providers of services relating to transfers of crypto-assets that are obliged entities as listed in Article 2(1) of Directive (EU) 2015/849 shall adopt a rollout plan to carry out the phase-in application of this Regulation in accordance with guidelines issued by the EBA, in order to ensure full compliance with the obligations of this Regulation by ... [18 months after entry into force of this Regulation].
By ... [three months after the entry into force of this Regulation] EBA shall adopt guidelines to specify the conditions to facilitate the phased-in application of this Regulation.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels,
For the European Parliament For the Council The President The President
ANNEX I
Repealed Regulation with the amendment thereto
Regulation (EU) 2015/847 |
|
|||
Regulation (EU) 2019/2175 |
(Only Article 6) |
|||
_____________
ANNEX II
Correlation Table
Regulation (EU) 2015/847 |
This Regulation |
Article 1 |
Article 1 |
Article 2(1), (2) and (3) |
Article 2(1), (2) and (3) |
Article 2(4), first and second subparagraphs |
Article 2(4), first and second subparagraphs |
- |
Article 2(4), third and fourth subparagraphs |
Article 2(5) |
Article 2(5) |
Article 3, introductory wording |
Article 3, introductory wording |
Article 3, points 1 to 9 |
Article 3, points 1 to 9 |
- |
Article 3, point 10 |
Article 3, point 10 |
Article 3, point 11 |
Article 3, point 11 |
Article 3, point 12 |
Article 3, point 12 |
Article 3, point 13 |
- |
Article 3, points 14 to 21 |
Article 4(1), introductory wording |
Article 4(1), introductory wording |
Article 4(1), points (a), (b) and (c) |
Article 4(1), points (a), (b) and (c) |
- |
Article 4(1), point (d) |
Article 4(2), introductory wording |
Article 4(2), introductory wording |
Article 4(2), points (a) and (b) |
Article 4(2), points (a) and (b) |
- |
Article 4(2), point (c) |
Article 4(3) to (6) |
Article 4(3) to (6) |
Articles 5 to 13 |
Articles 5 to 13 |
- |
Articles 14 to 18 |
Article 14 |
Article 19 |
Article 15 |
Article 20 |
Article 16 |
Article 21 |
Article 17 |
Article 22 |
Article 18 |
Article 23 |
Article 19 |
Article 24 |
Article 20 |
Article 25 |
Article 21 |
Article 26 |
Article 22 |
Article 27 |
Article 23 |
Article 28 |
Article 24(1) to (6) |
Article 29(1) to (6) |
Article 24(7) |
- |
Article 25 |
Article 30 |
Article 26 |
Article 31 |
Article 27 |
Article 32 |
Annex |
- |
- |
Annex I |
- |
Annex II |
___________
EXPLANATORY STATEMENT
The Transfer of Funds Regulation (EU) 2015/847 was adopted to enhance the traceability of transfers of funds by requiring payment service providers to ensure the transmission of information on the payer and the payee throughout the payment chain (the so called ‘travel rule’), with the view to prevent, detect and investigate possible misuse of funds for money laundering and terrorist financing. Until today, crypto-assets have remained outside the scope of this Regulation, which only applies to conventional funds, defined as “banknotes and coins, scriptural money and electronic money”, but not to transfers of crypto assets.
This loophole enables the use of crypto-assets to facilitate, fund and hide criminal activities and launder proceeds, since illicit flows can move easily, anonymously, with less friction, higher speed and without any geographical limitations across jurisdictions, with a better chance of remaining unhindered and undetected.
This results in a serious security threat to European citizens, damages the integrity of our financial system and undermines the reputation of the legitimate crypto-asset ecosystem as a whole, exposing both users and providers of services of crypto-assets to significant money laundering and terrorist financing risks.
In October 2018 the Financial Action Task Force (FATF) revised its 2012 recommendations to ensure that they apply to virtual assets and crypto-asset service providers (CASPs). The amended FATF Recommendation 15 on new technologies requires that CASPs should be regulated for anti-money laundering and countering the financing of terrorism (AML/CFT), licensed or registered and subject to supervision.
In June 2019, FATF adopted an Interpretive Note to Recommendation 15 (INR. 15) to further clarify how its requirements should apply in relation to crypto-assets. INR 15 makes it clear that the preventive measures set out in Recommendations 10 to 21 apply to CASPs. INR 15 also provides a qualification for the application of Recommendation 16 (the ‘travel rule’) for the transfers of crypto-assets. In particular, obliged entities should obtain and hold required originator and beneficiary information on crypto-asset transfers, verify such information in relation to their own customer, transmit it to the counterparty, while making it available on request to competent authorities.
In July 2021, the European Commission presented a package of proposals to further improve the Union’s AML/CFT rules.
The Co-Rapporteurs welcome the Commission proposal to recast the Funds Transfer Regulation as part of the package. The proposal intends to close an important loophole in the fight against money laundering and terrorist financing by extending the current regime applied to wire transfers to transfers of crypto-assets. Nevertheless, the co-rapporteurs believe that the proposal can be further strengthened and should better reflect the specific characteristics of crypto-assets. The co-rapporteurs are convinced that a strengthened Transfer of Funds Regulation will help protect EU citizens from crime and terrorism.
The draft report puts forward the following key proposals.
1. No exemptions based on the value of the transfer
With respect to wire transfers, the Transfer of Funds Regulation requires a payment service provider to ensure that transfers of funds are accompanied by complete information on the originator and the beneficiary and to verify the information on their customer only if the transfers of funds exceeds EUR 1000, individually or as part of small linked transfers which together would exceed EUR 1000, except where the funds to be transferred are received in cash or anonymous electronic money or there are reasonable grounds for suspecting money laundering or terrorist financing.
Due to the specific characteristics and risk profile of crypto-assets, the information obligation should apply to crypto-assets transfers, regardless of the value of the transfer. There are clear indications that crypto-asset activities associated with criminal activities and terrorism financing are often transfers of small value. Furthermore, crypto-assets and related technologies enable criminals to split high value transfers into small amounts across multiple wallet addresses in order to avoid detection of AML/CFT monitoring systems and to carry out illicit activities via structured transactions to a scale and global reach not available to wire transfers. In the view of the co-rapporteurs, the removal of a de minimis threshold for crypto-asset transfers would facilitate, rather than complicate, compliance and risk management by crypto-asset service providers. This is particularly relevant in light of the difficulty to identify linked transfers executed via multiple apparently unrelated wallet addresses as well as the high volatility of the valuation of most crypto-assets.
2. Transfers from/to un-hosted wallets
Secondly, it should be clarified that this Regulation applies also to transfers from or to crypto-asset wallets based on a software or hardware not hosted by a third party, known as ‘unhosted wallets’, provided that a crypto-asset service provider or another obliged entity is involved. In such circumstances, however, there should be no transmission of information to the unhosted wallet. Information should be obtained by the crypto-asset service provider directly from its customer and should be held and made available to competent authorities.
3. Know your transaction
In addition to obtaining accurate information on the originator and the beneficiary, crypto-asset service providers should also be expected to obtain information on the source and destination of crypto-assets involved in a transfer. In particular crypto-asset service providers should establish effective procedures to detect suspicious crypto-assets, in particular any link with illegal activities, including fraud, extortion, ransomware or darknet marketplaces, or whether the crypto-asset has passed through mixers or tumblers or other anonymizing services. This is especially important when dealing with transfers involving unhosted wallets or non-EU crypto-asset service providers not complying with the same travel rule obligations.
4. Counterparty due diligence and protection of personal information
Crypto-asset service providers are expected to transmit required information also to crypto-asset service providers established outside the Union. However, before transmitting such information, crypto-asset service providers should identify their counterparty and assess whether they can reasonably be expected to comply with the travel rule and protect the confidentiality of personal information. Crypto-asset service providers should avoid interacting with illicit or untrustworthy actors.
5. Public register of noncompliant crypto-asset service providers
In order to facilitate the identification of illicit actors that pose a great risk from a AML/CFT perspective, the European Banking Authority (EBA) should maintain a public register of noncompliant crypto-asset service providers, consisting of entities which cannot be linked to any recognised jurisdictions, do not apply any identification measures on their customer and offer anonymising services, given their role in undermining the effectiveness of AML/CFT systems and controls.
6. Fast track
Finally, in order to speed up its adoption and ensure that crypto-asset service providers and other obliged entities put in place effective mechanisms to comply with the travel rule for combatting money laundering and terrorism financing, the current recast proposal should be decoupled from the rest of the new AML package and should be linked to the existing AMLD framework until the entry into force of the new regime, while preserving the alignment with the upcoming Regulation on Markets in Crypto-assets [MiCA].
The co-rapporteurs are convinced that an effective and strengthened framework to prevent the misuse of crypto-assets for money laundering and terrorist financing purposes is necessary to protect EU citizens from terrorism and organised crime, while contributing to the development of a safe, lawful and well-functioning space for users of crypto assets and crypto asset service providers across the Union. The co-rapporteurs call on Member States and EU competent authorities to ensure proper implementation and enforcement also in a view of avoiding unfair and unregulated competition, including from non-EU players.
MINORITY POSITION
MEP Gunnar BECK
Minority Position under Rule 55.4 Rules of Procedure
Proposal for a regulation of the European Parliament and of the Council
on information accompanying transfers of funds and certain crypto-assets
Although I fully support the intention of the proposal to increase awareness and concrete action to tackle money laundering in Europe, I oppose the report as it deletes the de minimis threshold recommended by FATF, imposes unrealistic burdensome reporting, as well as unfair liability to compliant CASPs especially in relation to unhosted wallets.
By going beyond the FATF rules, crypto users with private, self-controlled wallets will be discriminated against and treated differently than people with cash. Every single transaction is potentially “travel rule eligible” and would have to be reported. This is a blatant violation of data protection law and is reminiscent of the behaviour of totalitarian surveillance states.
ANNEX: LETTER FROM THE COMMITTEE ON LEGAL AFFAIRS
European Parliament 2019-2024 |
Committee on Legal Affairs
The Chair
2.3.2022
Ms Irene Tinagli
Chair
Committee on Economic and Monetary Affairs
BRUSSELS
Mr Juan Fernando LÓPEZ AGUILAR
Chair
Committee on Civil Liberties, Justice and Home Affairs
BRUSSELS
Subject: Opinion on Proposal for a regulation of the European Parliament and of the Council on information accompanying transfers of funds and certain crypto-assets (recast) (COM(2021)422 – C9 0341/2021 – 2021/0241(COD))
Dear Chair,
The Committee on Legal Affairs has examined the proposal referred to above pursuant to Rule 110 on Recasting of Parliament's Rules of Procedure.
Paragraph 3 of that Rule reads as follows:
“If the committee responsible for legal affairs considers that the proposal does not entail any substantive changes other than those identified as such in the proposal, it shall inform the committee responsible for the subject matter thereof.
In such a case, over and above the conditions laid down in Rules 180 and 181, amendments shall be admissible within the committee responsible for the subject-matter only if they concern those parts of the proposal which contain changes.
However, amendments to parts of the proposal which remain unchanged may, by way of exception and on a case-by-case basis, be accepted by the Chair of the committee responsible for the subject matter if he or she considers that this is necessary for pressing reasons relating to the internal logic of the text or because the amendments are inextricably linked to other admissible amendments. Such reasons must be stated in a written justification to the amendments.”
Following the opinion of the Consultative Working Party of the Legal Services of the Parliament, the Council and the Commission, which has examined the recast proposal, and in keeping with the recommendations of the rapporteur, the Committee on Legal Affairs considers that the proposal in question does not include any substantive changes other than those identified as such and that, as regards the codification of the unchanged provisions of the earlier act with those substantive amendments, the proposal contains a straightforward codification of the existing text, without any change in its substance.
In conclusion, at its meeting of 28 February 2022, the Committee on Legal Affairs, with 20 votes in favour, no votes against and 3 abstentions[28], decided to recommend that the Committee on Economic and Monetary Affairs and the Committee on Civil Liberties, Justice and Home Affairs, as the committees responsible, can proceed to examine the above proposal in accordance with Rule 110.
Yours sincerely,
Adrián VÁZQUEZ LÁZARA
ANNEX: OPINION OF THE CONSULTATIVE WORKING PARTY OF THE LEGAL SERVICES OF THE EUROPEAN PARLIAMENT, THE COUNCIL AND THE COMMISSION
GROUPE CONSULTATIF DES SERVICES JURIDIQUES |
Brussels, 4 FEV. 2022
OPINION
FOR THE ATTENTION OF THE EUROPEAN PARLIAMENT
THE COUNCIL
THE COMMISSION
Proposal for a regulation of the European Parliament and of the Council on information accompanying transfers of funds and certain crypto-assets (recast)
COM(2021) 422 of 20.7.2021 – 2021/0241(COD)
Having regard to the Inter-institutional Agreement of 28 November 2001 on a more structured use of the recasting technique for legal acts, and in particular to point 9 thereof, the Consultative Working Party consisting of the respective legal services of the European Parliament, the Council and the Commission met on 22 and 27 September 2021 for the purpose of examining, among others, the aforementioned proposal submitted by the Commission.
At those meetings[29], an examination of the proposal for a Regulation of the European Parliament and of the Council recasting Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds resulted in the Consultative Working Party's establishing, by common accord, that the following should have been marked with the grey-shaded type generally used for identifying substantive amendments:
- in recital 6, the replacement of the words 'note for its implementation' with the words 'notes on those Recommendations';
- in recital 7, the replacement of the word 'namely’ with the words 'in particular’;
- in recital 26, the adding of the words 'and at Union level’;
- in Article 7(2), introductory wording, the replacement of the words 'ex-post monitoring or real-time monitoring' with the words 'monitoring after or during the transfers’.
In consequence, examination of the proposal has enabled the Consultative Working Party to conclude, without dissent, that the proposal does not comprise any substantive amendments other than those identified as such. The Working Party also concluded, as regards the codification of the unchanged provisions of the earlier act with those substantive amendments, that the proposal contains a straightforward codification of the existing legal text, without any change in its substance.
F. DREXLER T. BLANCHET D. CALLEJA CRESPO
Jurisconsult Jurisconsult Director-General
PROCEDURE – COMMITTEE RESPONSIBLE
Title |
Information accompanying transfers of funds and certain crypto-assets (recast) |
|||
References |
COM(2021)0422 – C9-0341/2021 – 2021/0241(COD) |
|||
Date submitted to Parliament |
22.7.2021 |
|
|
|
Committees responsible Date announced in plenary |
ECON 4.10.2021 |
LIBE 4.10.2021 |
|
|
Rapporteurs Date appointed |
Ernest Urtasun 25.11.2021 |
Assita Kanko 25.11.2021 |
|
|
Rule 58 – Joint committee procedure Date announced in plenary |
16.12.2021 |
|||
Discussed in committee |
14.3.2022 |
|
|
|
Date adopted |
31.3.2022 |
|
|
|
Result of final vote |
+: –: 0: |
93 14 14 |
||
Members present for the final vote |
Magdalena Adamowicz, Abir Al-Sahlani, Malik Azmani, Katarina Barley, Pietro Bartolo, Gunnar Beck, Marek Belka, Isabel Benjumea Benjumea, Stefan Berger, Vladimír Bilčík, Vasile Blaga, Gilles Boyer, Karolin Braunsberger-Reinhold, Patrick Breyer, Saskia Bricmont, Joachim Stanisław Brudziński, Jorge Buxadé Villalba, Carlo Calenda, Damien Carême, Caterina Chinnici, Clare Daly, Marcel de Graaff, Anna Júlia Donáth, Lucia Ďuriš Nicholsonová, Cornelia Ernst, Engin Eroglu, Jonás Fernández, Laura Ferrara, Nicolaus Fest, Frances Fitzgerald, José Manuel García-Margallo y Marfil, Luis Garicano, Jean-Paul Garraud, Valentino Grant, Maria Grapini, Enikő Győri, Eero Heinäluoma, Michiel Hoogeveen, Danuta Maria Hübner, Evin Incir, Sophia in ‘t Veld, Stasys Jakeliūnas, Patryk Jaki, France Jamet, Marina Kaljurand, Assita Kanko, Othmar Karas, Billy Kelleher, Fabienne Keller, Peter Kofod, Łukasz Kohut, Moritz Körner, Ondřej Kovařík, Alice Kuhnke, Georgios Kyrtsos, Aurore Lalucq, Philippe Lamberts, Jeroen Lenaers, Juan Fernando López Aguilar, Aušra Maldeikienė, Lukas Mandl, Pedro Marques, Costas Mavrides, Csaba Molnár, Nadine Morano, Javier Moreno Sánchez, Siegfried Mureşan, Caroline Nagtegaal, Luděk Niedermayer, Lefteris Nikolaou-Alavanos, Maite Pagazaurtundúa, Dimitrios Papadimoulis, Piernicola Pedicini, Lídia Pereira, Kira Marie Peter-Hansen, Dragoş Pîslaru, Emil Radev, Paulo Rangel, Evelyn Regner, Terry Reintke, Karlo Ressler, Diana Riba i Giner, Antonio Maria Rinaldi, Dorien Rookmaker, Alfred Sant, Martin Schirdewan, Ralf Seekatz, Pedro Silva Pereira, Sara Skyttedal, Vincenzo Sofo, Martin Sonneborn, Tineke Strik, Ramona Strugariu, Paul Tang, Annalisa Tardino, Irene Tinagli, Tomas Tobé, Yana Toom, Milan Uhrík, Ernest Urtasun, Inese Vaidere, Tom Vandendriessche, Bettina Vollath, Jadwiga Wiśniewska, Stéphanie Yon-Courtin, Marco Zanni, Roberts Zīle |
|||
Substitutes present for the final vote |
Bartosz Arłukowicz, Nathalie Colin-Oesterlé, Christian Doleschal, Roman Haider, Andżelika Anna Możdżanowska, Ville Niinistö, Anne-Sophie Pelletier, Thijs Reuten, Domènec Ruiz Devesa, Sven Simon, Jessica Stegrud, Miguel Urbán Crespo, Nils Ušakovs, Mick Wallace |
|||
Date tabled |
6.4.2022 |
FINAL VOTE BY ROLL CALL IN COMMITTEE RESPONSIBLE
93 |
+ |
ECR |
Assita Kanko |
ID |
Jean-Paul Garraud, France Jamet |
NI |
Laura Ferrara, Enikő Győri |
PPE |
Magdalena Adamowicz, Bartosz Arłukowicz, Isabel Benjumea Benjumea, Vladimír Bilčík, Vasile Blaga, Karolin Braunsberger-Reinhold, Nathalie Colin-Oesterlé, Christian Doleschal, Frances Fitzgerald, José Manuel García-Margallo y Marfil, Danuta Maria Hübner, Othmar Karas, Georgios Kyrtsos, Jeroen Lenaers, Aušra Maldeikienė, Lukas Mandl, Nadine Morano, Siegfried Mureşan, Luděk Niedermayer, Lídia Pereira, Emil Radev, Paulo Rangel, Karlo Ressler, Ralf Seekatz, Sven Simon, Sara Skyttedal, Tomas Tobé, Inese Vaidere |
Renew |
Abir Al-Sahlani, Malik Azmani, Gilles Boyer, Carlo Calenda, Lucia Ďuriš Nicholsonová, Engin Eroglu, Luis Garicano, Sophia in 't Veld, Fabienne Keller, Ondřej Kovařík, Caroline Nagtegaal, Maite Pagazaurtundúa, Dragoş Pîslaru, Ramona Strugariu, Yana Toom, Stéphanie Yon-Courtin |
S&D |
Katarina Barley, Pietro Bartolo, Marek Belka, Caterina Chinnici, Jonás Fernández, Maria Grapini, Eero Heinäluoma, Evin Incir, Marina Kaljurand, Łukasz Kohut, Aurore Lalucq, Juan Fernando López Aguilar, Pedro Marques, Costas Mavrides, Csaba Molnár, Javier Moreno Sánchez, Evelyn Regner, Thijs Reuten, Domènec Ruiz Devesa, Alfred Sant, Pedro Silva Pereira, Paul Tang, Irene Tinagli, Nils Ušakovs, Bettina Vollath |
The Left |
Clare Daly, Cornelia Ernst, Dimitrios Papadimoulis, Anne-Sophie Pelletier, Martin Schirdewan, Miguel Urbán Crespo, Mick Wallace |
Verts/ALE |
Saskia Bricmont, Damien Carême, Stasys Jakeliūnas, Alice Kuhnke, Philippe Lamberts, Ville Niinistö, Piernicola Pedicini, Kira Marie Peter-Hansen, Terry Reintke, Diana Riba i Giner, Tineke Strik, Ernest Urtasun |
14 |
- |
ECR |
Michiel Hoogeveen, Dorien Rookmaker, Jessica Stegrud |
ID |
Gunnar Beck, Nicolaus Fest, Marcel de Graaff, Roman Haider |
NI |
Lefteris Nikolaou-Alavanos, Martin Sonneborn, Milan Uhrík |
PPE |
Stefan Berger |
Renew |
Billy Kelleher, Moritz Körner |
Verts/ALE |
Patrick Breyer |
14 |
0 |
ECR |
Joachim Stanisław Brudziński, Jorge Buxadé Villalba, Patryk Jaki, Andżelika Anna Możdżanowska, Vincenzo Sofo, Jadwiga Wiśniewska, Roberts Zīle |
ID |
Valentino Grant, Peter Kofod, Antonio Maria Rinaldi, Annalisa Tardino, Tom Vandendriessche, Marco Zanni |
Renew |
Anna Júlia Donáth |
Key to symbols:
+ : in favour
- : against
0 : abstention
- [1] OJ C 0, 0.0.0000, p. 0. / Not yet published in the Official Journal.
- [2] OJ C 0, 0.0.0000, p. 0. / Not yet published in the Official Journal.
-
[3] OJ C 77, 28.3.2002, p. 1.
-
[4]Amendments: new or amended text is highlighted in bold italics; deletions are indicated by the symbol ▌.
- [5] OJ C […], […], p. […].
- [6] OJ C […], […], p. […].
- [7] Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141, 5.6.2015, p. 1).
- [8] See Annex I.
- [9] Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (OJ L 156, 19.6.2018, p. 43).
- [10] References to MiCA to be added once the text adopted
- [11] Communication from the Commission on an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing (C(2020) 2800 final).
- [12] Council Regulation (EC) No 2580/2001 of 27 December 2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism (OJ L 344, 28.12.2001, p. 70).
- [13] Council Regulation (EC) No 881/2002 of 27 May 2002 imposing certain specific restrictive measures directed against certain persons and entities associated with the ISIL (Da'esh) and Al-Qaida organisations (OJ L 139, 29.5.2002, p. 9).
- [14] Council Regulation (EU) No 356/2010 of 26 April 2010 imposing certain specific restrictive measures directed against certain natural or legal persons, entities or bodies, in view of the situation in Somalia (OJ L 105, 27.4.2010, p. 1).
- [15] Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).
- [16] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
- [17] Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35).
- [18] Regulation (EC) No 924/2009 of the European Parliament and of the Council of 16 September 2009 on cross-border payments in the Community and repealing Regulation (EC) No 2560/2001 (OJ L 266, 9.10.2009, p. 11).
- [19] Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 (OJ L 94, 30.3.2012, p. 22).
- [20] Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12).
- [21] Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC (OJ L 331, 15.12.2010, p. 48).
- [22] Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).
- [23] Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).
- [24] Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
- [25] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
- [26] [OJ reference of that opinion]
- [27] Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7).
- [28] The following were present for the final vote: Adrián Vázquez Lázara (Chair), Sergey Lagodinsky (Vice-Chair), Marion Walsman (Vice-Chair), Lara Wolters (Vice-Chair), Raffaele Stancanelli (Vice-Chair), Pascal Arimont, Manon Aubry, Gunnar Beck, Daniel Buda, Pascal Durand, Ibán García del Blanco, Jean-Paul Garraud, Heidi Hautala, Gilles Lebreton, Maria-Manuel Leitão-Marques, Antonius Manders, Sabrina Pignedoli, Jiří Pospíšil, Luisa Regimenti, René Repasi, Franco Roberti, Yana Toom, Marie Toussaint, Axel Voss, Tiemo Wölken, Francisco Javier Zarzalejos Nieto.
- [29] The Consultative Working Party worked on the basis of the English language version of the proposal, being the master-copy language version of the text under discussion.