WIRE TRANSFER TRANSACTIONS
The FATF first issued international standards dealing with electronic funds transfers as Special Recommendation VII ("SR VII") on Wire Transfers in October 2001. The FATF reissued its Recommendations and Interpretive Notes following an extensive revision process on 16 February 2012 with the document "International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation". This can be found at http://www.fatf-gafi.org/document/50/0,3746,en_32250379_32236920_49653426_1_1_1_1,00.html. This document merged the 9 Special Recommendations on Terrorist Financing with the 40 Recommendations on Money Laundering, at which point, the standards in SR VII became Recommendation 16.
Recommendation 16 (formerly SR VII), has the objective of enhancing the transparency of electronic payment transfers ("wire transfers") of all types, domestic and cross border, thereby making it easier for law enforcement to track funds transferred electronically by terrorists and criminals.
On 26 July 2005 the European Commission issued a proposal for a Regulation ("the Regulation") to implement Special Recommendation VII ( Recommendation 16 as from 16 February 2012) within the EU with effect from 1 January 2007. In its final form the Regulation was approved by the European Parliament on 6 July 2006 and by the ECOFIN Council on 7 November 2006. It was published in the Official Journal of the European Union (OJ L 345) on 8 December 2006 (EU Regulation 1781/2006). It is available at http://eur-lex.europa.eu/LexUriServ/site/en/oj/2006/l_345/l_34520061208en00010009.pdf
Whilst the implementation date was set at 1 January 2007, sanctions for non-compliance were not enforced until 15 December 2007, coincident with the deadline for implementation of the Third EU Money Laundering Directive.
The Regulation provides for EU Member States to establish agreements with territories outside the EU with whom they share a monetary union and payment and clearing systems for them to be treated as if they were part of the Member State concerned, so that the reduced information requirement can apply to payments passing between that Member State and its associated territory (but not between any other Member State and that territory). In the case of the UK, such arrangements will include the Isle of Man and the Channel Islands.
The Regulation requires the ordering financial institution to ensure that all wire transfers carry specified information about the originator (Payer) who gives the instruction for the payment to be made. The core requirement is that this information consists of name, address and account number; however, there are a number of permitted variations and concessions and those relevant to the Handbook are set out in 5.3.4 below.
To implement SR VII (now Recommendation16) in the Isle of Man, the EU Regulation was applied (with appropriate modifications) as part of the law by the European Communities (Wire Transfers Regulation) (Application) Order 20071 as amended by the European Communities (Wire Transfers Regulation) (Application) (Amendment) Order 2007 (Appendicies H(a) and H(b). The EC Wire Transfers Regulation (Enforcement) Regulations 2007 (Appendix I) were made to implement the Order. These Isle of Man Regulations contain enforcement provisions and sanctions for non-compliance and came into force on 15 December 2007 coincident with the introduction of sanctions throughout the European Union as described above.
References to the UK Payment Area in this Section are to an area that comprises the United Kingdom, the Bailiwick of Guernsey, the Bailiwick of Jersey and the Isle of Man.
To ensure that the data protection position is beyond any doubt, it may be advisable for a payer Payment Service Provider ("PSP") to ensure that terms and conditions of business include reference to the information that will be provided.
5.3.2 Scope of the Regulation
The Regulation is widely drawn and intended to cover all types of funds transfer falling within its definition as made "by electronic means" other than those specifically exempted wholly or partially by the Regulation. For UK Payment Area based PSPs it therefore includes, but is not necessarily limited to, international payment transfers made via SWIFT, including various Euro payment systems, and domestic transfers via CHAPS and BACS.
The Regulation specifically exempts transfers where both Payer and Payee are PSPs acting on their own behalf, i.e. this will apply to MT 200 series payments via SWIFT. This exemption will include MT 400 and MT 700 series messages when they are used to settle trade finance obligations between banks.
The UK credit clearing system is out of scope of the Regulation as it is paper based and hence transfers are not carried out "by electronic means". Cash and cheque deposits over the counter via bank giro credits are not therefore affected by the Regulation.
5.3.3 Pre-conditions for making payments
Licenceholders must ensure that the Payer information conveyed in the payment relating to account holding customers is accurate and has been verified. The verification requirement is deemed to be met for account holding customers of the licenceholder whose identity has been verified to comply with AML/CFT requirements, i.e. in the Isle of Man in accordance with the Codes and the Handbook. No further verification of such account holders is required, although licenceholders may wish to exercise discretion to do so in individual cases. (See Section 5.3.4 below under Information Requirements where the named Payer is not holder of the account to be debited.)
Before undertaking one-off payments in excess of Euros 1000 on the instructions of non-account holding customers, a licenceholder must verify identity and either date of birth or address in accordance with Article 5.2 of the Regulation. Evidence of verification must be retained with the customer information in accordance with Record Keeping Requirements (see Section 5.3.6 below). For non-account based transfers of Euros 1000 and under, licenceholders are not required by the Regulation to verify the Payer's identity (e.g. by passport), except when several transactions are carried out which appear to be linked (see Article 5.2 of the Regulation) and exceed Euros 1000. NB, even in cases where the Regulation does not require verification, the customer information has to be obtained and it may be advisable for the licenceholder to verify the identity of the Payer in all cases.
5.3.4 Information Requirements
18.104.22.168 Complete payer information:
Except as permitted below, complete Payer information must accompany all wire transfers. Effectively, the complete requirement applies where the destination PSP is located in a jurisdiction outside the UK Payment Area. Complete Payer information consists of: name, address and account number.
(a) Address ONLY may be substituted with the Payer's date and place of birth, or national identity number or customer identification number. In the event a Payee PSP demands the Payer's address, where one of the alternatives had initially been provided, the response to the enquiry should point that out. Only with the Payer's consent or under judicial compulsion should the address be additionally provided.
(b) Where the payment is not debited to a bank account, the requirement for an account number must be substituted by a unique identifier which permits the payment to be traced back to the Payer. The Regulation defines a unique identifier as "a combination of letters, numbers or symbols, determined by the payment service provider, in accordance with the protocols of the payment and settlement system or messaging system used to effect the transfer of funds."
(c) The extent of the information supplied in each field will be subject to the conventions of the messaging system in question and is not prescribed in detail in the Regulation.
(d) The account number could be, but is not required to be, expressed as the IBAN (International Bank Account Number).
(e) Where a bank is itself the Payer, as will sometimes be the case even for SWIFT MT 102 and 103 messages, this Guidance considers that supplying the Bank Identifier Code (BIC) constitutes complete Payer information for the purposes of the Regulation, although it is also preferable for the account number to be included where available. The same applies to Business Entity Identifiers (BEIs), although in that case the account number should always be included. As the use of BICs and BEIs is not specified in the Regulation, there may be requests from Payee PSPs for address information.
(f) Where payment instructions are received manually, e.g. over the counter, the Payer name and address (or permitted alternative) should correspond to the account holder. Any request to override customer information should be processed within a rigorous referral and approval mechanism to ensure that only in cases where a licenceholder is entirely satisfied that the reason is legitimate should the instruction be exceptionally dealt with on that basis. Any suspicion of improper motive by a customer must be reported to the licenceholder's MLRO.
22.214.171.124 Reduced Payer Information:
Where the PSPs of both Payer and Payee are located within the UK Payment Area, wire transfers need be accompanied only by the Payer's account number or by a unique identifier which permits the transaction to be traced back to the Payer.
However, if requested by the Payee's PSP, complete information must be provided by the Payer's PSP within 3 working days, starting the day after the request is received by the Payer's PSP. ("Working days" is as defined in the jurisdiction of the Payer's PSP).
126.96.36.199 Batch File Transfers:
A hybrid complete/reduced requirement applies to batch file transfers from a single Payer to multiple Payees outside the UK Payment Area in that the individual transfers within the batch need carry only the Payer's account number or a unique identifier, provided that the batch file itself contains complete Payer information.
188.8.131.52 Payments via Intermediaries:
Intermediary PSPs ("IPSPs") must, subject to the following guidance on technical limitations, ensure that all information received on the Payer which accompanies a wire transfer is retained with the transfer. A requirement to detect 'lack of presence of information' (see Section 5.3.5 below under Checking Incoming Payments) applies in the same way as for transfers of funds received direct by the Payee PSP.
It is preferable for an IPSP to forward payments through a system which is capable of carrying all the information received with the transfer. However, where an IPSP within the Isle of Man is technically unable to on-transmit Payer information originating outside the UK Payment Area, it may nevertheless use a system with technical limitations provided that:
(a) if it is aware that the Payer information is missing or incomplete it must concurrently advise the Payee's PSP of the fact by an agreed form of communication, whether within a payment or messaging system or otherwise,
(b) it retains records of any information received for 5 years, whether or not the information is complete. If requested to do so by the Payee's PSP, the IPSP must provide the Payer information within 3 working days of receiving the request.
Note: the above information requirements are minimum standards. It is open to licenceholders to elect to supply complete Payer information with transfers which are eligible for a reduced information requirement and thereby limit the likely incidence of inbound requests for complete information. (In practice a number of large UK and European banks have indicated that they will be providing complete payer information for all transfers where systems permit).
5.3.5 Checking Incoming Payments
Licenceholders must have effective procedures for checking that incoming wire transfers are compliant with the relevant information requirement. In order not to disrupt straight-through processing, it is not expected that monitoring should be undertaken at the time of processing the transfer. The Regulation specifies that PSPs should have procedures "to detect a lack of presence" of the relevant information, which is a reference to the validation rules of whichever messaging or payment system is being utilised. Additionally, the Regulation requires PSPs to take remedial action when they become aware that an incoming payment is not compliant. Hence, in practical terms it is expected that this requirement will be met by a combination of the following:
Licenceholders must therefore subject incoming payment traffic to an appropriate level of post event random sampling to detect non-compliant payments. This sampling should be risk based, e.g.:
(a) the sampling could normally be restricted to payments emanating from PSPs outside the UK Payment Area where the complete information requirement applies;
(b) the sampling could be weighted towards non FATF member jurisdictions, particularly those deemed high risk under a PSP's own country risk assessment, or by reference to external sources such as Transparency International, or FATF or IMF country reviews;
(c) focused more heavily on transfers from those Payer PSPs who are identified by such sampling as having previously failed to comply with the relevant information requirement;
(d) other specific measures might be considered, e.g. checking, at the point of payment delivery, that Payer information is compliant and meaningful on all transfers that are collected in cash by Payees on a "Pay on application and identification" basis.
NB None of the above requirements obviate the obligation to report suspicious actions in accordance with normal suspicious transaction reporting procedures.
If a licenceholder becomes aware in the course of processing a payment that it contains meaningless or incomplete information, under the terms of Article 9(1) of the Regulation it should either reject the transfer or ask for complete information on the Payer. In addition, in such cases, a licenceholder is required to take any necessary action to comply with any applicable law or administrative provisions relating to money laundering and terrorist financing. Dependent on the circumstances such action could include making the payment or holding the funds and advising the MLRO.
Where a licenceholder becomes aware subsequent to processing the payment that it contains meaningless or incomplete information either as a result of random checking or other monitoring mechanisms under its risk based approach, it must:
(a) seek the necessary information on the Payer
(b) take any necessary action under any applicable law, regulation or administrative provisions relating to money laundering or terrorist financing.
Where a PSP is identified as having regularly failed to comply with the information requirements, a licenceholder must take steps, which may initially include issuing warnings and setting deadlines, prior to either refusing to accept further transfers from that PSP or deciding whether to terminate its relationship with that PSP either completely or in respect of funds transfers.
A licenceholder must consider whether incomplete or meaningless information of which it becomes aware on a funds transfer constitutes grounds for suspicion which would be reportable to its MLRO for possible disclosure to the FCU.
With regard to transfers from PSPs located in non-member countries of FATF, licenceholders should endeavour to transact only with those PSPs with whom they have a relationship that has been subject to a satisfactory risk-based assessment of their AML/CFT culture and policy and who accept the standards set out in the Interpretative Note to FATF Recommendation 16.
It should be borne in mind when querying incomplete payments that some FATF member countries outside the EU may have framed their own regulations to incorporate a threshold of Euro or US Dollars 1000 below which the provision of complete information on outgoing payments is not required. This is permitted by the Interpretative Note to FATF Recommendation 16. The USA is a case in point. This does not preclude Isle of Man PSPs from calling for the complete information where it has not been provided, but it is reasonable for a risk-based view to be taken on whether, or how far, to press the point.
5.3.6 Record Keeping Requirements
Records of all electronic payments and messages must be retained in accordance with paragraph 17 of the Codes.