FCC ESSENTIALS

Explore our latest FCC (Financial Crime Compliance) Essential article as Christopher Stringham, Global Account Manager at Neterium, dives into his strong dedication to Financial Crime Compliance (FCC).

In the sixth edition, Christopher revisits Tuesday's announcement regarding a groundbreaking regulation passed by the European Council. This regulation aims to enhance security in instant payments, while also promoting greater efficiency and innovation in financial services. The new measures promise to facilitate faster cash flow mobility by allowing intra-EU transfers to be completed within 10 seconds. This significant development reflects the EU's commitment to staying ahead in financial technology and ensuring seamless transactions within its borders.

====

The EU Council has agreed to the proposed Instant Payments Regulation. This regulation is designed to increase the usage of instant payments within the EU and has implications for financial crime and sanctions compliance.

To foster greater trust between parties involved, the new regulation will require PSPs to offer their users the ability to verify the account number and name of the payee. This is a simple step for helping avoid invoice fraud. Today it is all too easy to write an invoice that looks like it comes from a well-known company. With account verification, users will be able to see that the account belongs to the person that they intend to transfer money to. Importantly, the regulation requires the ability to use unambiguous identifiers such as fiscal numbers or legal entity identifiers where the payee is a legal person. This will help reduce the need to conduct name matching. The regulation also includes a provision requiring that PSPs maintain processes for ensuring that the information of their users is correct and up to date. In fact, these provisions offer a great advantage for financial institutions about sanctions and AML compliance as they can be more confident of the information used in their risk detection processes and will be able to gain more reliable data relating to the payees of their clients' transactions.

This regulation also has explicit provisions regarding the way FIs should conduct sanctions screening; specifically, the PSPs should not screen individual transactions for sanctions risk. Rather, PSPs offering ICTs must "verify whether users are subject to targeted financial restrictive measures." This verification must happen immediately after the entry into force of any new measures or when amendments are made or at least once every calendar day. In other words, PSPs should conduct daily sanctions screening of all their users. It is remarkably interesting to see how this passage developed during the legislative process. If we consider an earlier draft from 2022, an important paragraph was removed from the final draft.

The removed paragraph stated that a PSP would be liable to the other PSP for any fines or penalties if it fails to verify its users and an instant credit transfer is executed in violation of restrictive measures. This provision could have played a significant role in increasing trust between PSPs and to help avoid a situation in which two different institutions conduct redundant work by each checking both parties to a transaction. The reason for its removal is hinted by the inclusion of another passage in the final draft that was not in the earlier proposal.

The final draft has a clarification that this provision does not apply to compliance with restrictive measures issued by authorities other than the EU. This means that PSPs may/must continue to screen payments to identify risks regarding restrictive measures issued by member states or other jurisdictions such as the United States. In practice, this puts PSPs in a potentially tricky situation. It is important to note that this regulation has strict time requirements regarding the execution of payment orders. The payer's PSP must 'immediately' process orders and send the payments to the PSP, though the relevant passage also states that the payer's PSP must 'immediately' verify if the conditions for processing, such as sufficient funds, are fulfilled. Theoretically, this 'verification' could also include sanctions check. On the side of the payee's PSP, there is a ten second period in which the payment must be posted to the payee's account.

From a sanction's compliance perspective, the initial proposal would have reduced redundant screening, helped improve processing times and clearly established liability. The final draft does none of these. PSPs will implement increasingly sophisticated systems to identify when screening should occur, to apply highly configured rules for specific situations, and to conduct the screening in a much more expedient manner.

(#1) Final Document: https://data.consilium.europa.eu/doc/document/PE-76-2023-INIT/en/pdf (#2) Draft from 2022: https://ec.europa.eu/finance/docs/law/221026-proposal-instant-payments_en.pdf