Part 3: Screening Full of Holes Like a Swiss Cheese
Grzegorz Hansen, PhD
Head of Cash Management Sales Bureau - Structured Transactions
The New Concept of Sanctions Screening
According to the new Regulation (EU) 2024/886 [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202400886] the sanctions screening of instant credit transfers shall be replaced with screening of customer bases of the PSPs participating (directly or indirectly) in the exchange of instant credit transfers.
So the new art. 5d of the Regulation (EU) 260/2012 (Screening of PSUs by PSPs that offer instant credit transfers to verify whether a PSU is a person or entity subject to targeted financial restrictive measures) shall read:
“1.?? PSPs offering instant credit transfers shall verify whether any of their PSUs are persons or entities subject to targeted financial restrictive measures.
PSPs shall carry out such verifications immediately after the entry into force of any new targeted financial restrictive measures, and immediately after the entry into force of any amendments to such targeted financial restrictive measures, and at least once every calendar day.
2.?? During the execution of an instant credit transfer, the payer’s PSP and the payee’s PSP involved in the execution of that instant credit transfer shall not verify whether the payer or the payee whose payment accounts are used for the execution of that instant credit transfer are persons or entities subject to targeted financial restrictive measures in addition to carrying out verifications under paragraph 1 of this Article.
(…)”
?
The matter which we are about to explore below is: IS THIS TYPE OF SANCTIONS SCREENING SUFFICIENT?
?
Screening The “Ordinary” or “Direct” Fund Transfers
If an individual would like to make a fund transfer to an entity, both of them - the payer and the payee must use payment intermediaries: payment service providers (PSPs).
The payer and the payee may keep their accounts at banks (or payment institutions or e-money institutions) directly (or indirectly) participating in the instant credit transfer system (ICTS) or they can keep their accounts (or at least be “occasional customers”) at payment (or e-money) institutions, which – for this or another reason – do not participate in the ICTS directly (nor indirectly) but keep their accounts in the banks which do.
If the payer and the payee keep their accounts in the PSPs being direct (or indirect) participants to the ICTS, they are clearly identified as customers of these participants. As such, they will have to be screened – each by its PSP - for the purpose of identifying sanctioned individuals or entities, according to the new Regulation (EU) 2024/886, at least once a day.
In this case, the “DIRECT” fund transfer between:
and
will be made as an instant credit transfer via ICTS.
?
Customers of PSPs Not Participating in ICTS
However, the payer or the payee may decide to open their accounts with non-bank PSPs (nbPSPs) which are not participants to the ICTS themselves. Although neither of these nbPSPs is currently using instant credit transfer for a payment of to their customers (i.e. the payer or the payee), it does not mean they cannot use instant credit transfers themselves (offered to them by their banks) to send or receive fund transfers in the name or on behalf of their own customers (the payer and the payee).
?
POBO, COBO and POBO&COBO
We can therefore have 3 types of fund transfers where at least one of the customers of the PSPs (the payer or the payee) is not the customer of the PSP participating (directly or indirectly) in the ICTS. However, ICTS may be used to effect a fund transfer between them (or at least: either from the payer or to the payee):
POBO or “payment on behalf of” a payer, will be made between
and
as an instant credit transfer between accounts of P1 (with B1) and Y (with B2)
?
COBO or “collection on behalf of” a payee, will be made between
and
as an instant credit transfer between accounts of X (with B1) and P2 (with B2)
?
领英推荐
POBO&COBO at the same time, where the transfer between
and
as an instant credit transfer between accounts of P1 (with B1) and P2 (with B2).
?
The Travel Rule to the (Limited) Rescue
Obviously, whenever the Travel Rule (Regulation (EU) 2023/1113) would apply to a transfer, the data of every customer of the of the nbPSP not participating in the ICTS should accompany the very transfer. However, there are multiple cases where the Travel Rule Regulation either does not apply or where the data of the payer or the payee do not have to be supplied (e.g. when the transfer refers to a purchase of goods or services for the amount not exceeding EUR 1000).
Luckily, the Travel Rule screening has not been excluded by the Regulation 2024/886 (see Part 2 of this series for details).
?
Sanctions Screening Full of Holes
However, the sanction screening as designed in the Regulation (EU) 2024/886 on Instant Credit Transfers in euro omitted the issue of POBO, COBO and POBO&COBO fund transfers leaving the instant credit transfer framework for EU highly vulnerable to inefficient sanctions screening.
Of all the above presented 4 cases, only
In all of the remaining cases, the payee, the payer or both of them will not be screened as per the Regulation (EU) 2024/886:
It is worth mentioning, that P1 and P2 will have multiple customers (X1, X2, …Xn, Y1, Y2,… Ym) sometimes thousands or even hundreds of thousands… So this hole in the sanctions screening – as introduced by the Regulation (EU) 2024/886 – is potentially not a minor issue.
?
The Risk-Based Approach vs. Rule-Based Micromanagement
Naturally, all PSPs, being obliged entities, have obligations to prevent sanctioned individuals from effecting fund transfers being subject to sanctions. This obligation has not been lifted. However, they are doing it as per Risk-Based Approach so their effects cannot be guaranteed.
On the contrary, Regulation (EU) 2024/886 introduces a Rule-Based 'micromanagement', which should ensure proper protection notwithstanding PSPs’ own assessments.
However, the imperfect rule leaves too much room for vulnerabilities resulting from the lame applications of KYC and screening by some nbPSPs not participating in the ICTS directly or indirectly.
Although KYC and sanctions screening in many nbPSPs is at the high or even very high level, the overall situation is not quite satisfactory as per EBA’s assessment which can be found in the Opinion of the European Banking Authority on money laundering and terrorist financing risks affecting the EU’s financial sector of 13 July 2023 [https://www.eba.europa.eu/sites/default/files/document_library/Publications/Opinions/2023/1058335/EBA%20Op%202023%2008%20Opinion%20on%20MLTF%20risks%20EBA%20REP%202023%2021.pdf, pp. 51-60].
That is why the new rule being introduced by the Regulation (EU) 2024/886 shall be as tight and as complete as possible, to include also the cases of the non-EU respondents and “unexposed” nested relationships, which have not been discussed in this article (although this matter deserves another article like this one).
?
The Doubts
Will EU still be compliant with the FATF Recommendation 16, which – in its explanatory note – assumes “preventing terrorists and other criminals from having unfettered access to wire transfers for moving their funds” and “detecting such misuse when it occurs”?
If such persons may not be successfully identified, will then EU be ready to fulfil the task of FATF Recommendation 4, which requires competent authorities to “suspend or withhold consent to a transaction” (point b) of the Recommendation) and subsequently “expeditiously carry out provisional measures, such as freezing and seizing, to prevent any dealing, transfer or disposal of criminal property and property of corresponding value”?
?
Shouldn’t all PSPs, not just the ones currently using instant credit transfers vis a vis their customers, but also the ones using this type of payment service (as customers), as well as their customers, being PSPs themselves (the entities nested in the correspondent relationships) be obliged to undergo the daily sanction screening of their customer bases as well?
And if so, who should make esp. non-resident, non-EU users of instant credit transfers being themselves equivalent to PSPs (respondents) obliged to exercise such daily screenings?
Isn’t then, the art. 5d of the Regulation (EU) 260/2012 as inserted by the Regulation (EU) 2024/886, as it is, making EU too vulnerable to the deficiencies of sanctions screening?
?
?
Till next time.
?
24 March 2024?
The above publication contains its author’s private opinions only.
Market Manager (VP) w Citi
8 个月Thanks, Grzegorz, for bringing that up! This regulation has been quite ambiguous when it comes to indirect participation - in many aspects. I have been constantly asking multiple questions - like: how do we calculate the 10 seconds if the payer’s PSP has to use an IPSP who will need another IPSP to reach the payee’s PSP (the third scenario from your article: POBO and COBO combined). Or, how will the verification of payee work then (across the whole chain). Never have I seen clear answers (…yet?). I feel like we’re all expected to take an exam in quantum physics soon, while it has still not been established how uniform linear motion works in this bank-and-non-bank-combined Universe…
Executive Director at Santander. I help Banks, FinTechs and corporates to win on the Polish & European financial eniviroment. IT & AI passionate. An experienced: head of sales and products teams, project manager.
8 个月Important topic!
Head of Cash Management Sales Bureau - Structured Transactions
8 个月Part 2 of the series: https://www.dhirubhai.net/pulse/part-2-dont-make-promises-you-cant-keep-grzegorz-hansen-phd-b91pf/?trackingId=N8lcG8V2TvSQaT96kFRPsQ%3D%3D
Head of Cash Management Sales Bureau - Structured Transactions
8 个月Part 1 of the series: https://www.dhirubhai.net/pulse/part-1-service-ensuring-verification-payment-account-held-grzegorz-ctuef/?trackingId=cmcl%2FAtkCLUf1vju1EuAIQ%3D%3D