Key fintech lobbyists have called on the EU’s political institutions to keep payment initiation service providers (PISPs) out of the scope of the new Anti-Money Laundering Regulation (AMLR).
The EU’s co-legislators need to ensure that there is a level playing field among all fintech providers when it comes to their obligations to perform customer due diligence (CDD), according to a new statement from the European Third Party Providers Association (ETPPA), the European Fintech Association (EFA), the Electronic Money Association (EMA) and the European Payment Institutions Federation (EPIF).
“We can only hope that the EU co-legislators realise how essential it is for Open Banking to get this right. PISPs could never compete otherwise in retail payments,” said Ralf Ohlhausen, chair of the ETPPA.
He told VIXIO: “A few missing or wrong words in AMLR could void five years and billions spent into implementing PSD2.”
The European Commission first proposed the AMLR in July 2021. It is the EU’s first move towards a regulatory framework, as opposed to a directive.
This new single EU rulebook for anti-money laundering/counter-terrorism financing (AML/CTF) will harmonise rules across the trading bloc, including, for example, more detailed rules on CDD, beneficial ownership and the powers and task of AML supervisors and financial intelligence units (FIUs).
In their statement, the trade associations warn that if PISPs are kept in scope of AMLR, it will then be of “utmost importance to make clear that PISPs serving merchants under no circumstances have to perform CDD on payers”.
Currently, the established practice in Europe, as well as the rest of the world, is that the account servicing payment service provider, which is typically a bank, performs CDD on its customers, the account holders.
Meanwhile, merchant-facing payment services providers (PSPs) perform CDD on their merchant customers.
The statement points out that no one who has paid with debit cards or with online banking solutions such as the Netherlands’ iDEAL, nor Apple Pay or Google Pay, has ever been asked to verify their identity and address, or provide source or proof of source of funds, such as a payslip, to the merchant-facing acquirer to effect a payment.
“ETPPA, EFA, EMA and EPIF call on the European co-legislators to ensure in AMLR trilogues that Recital 34 of the AML Regulation makes it 100 percent clear that merchant-facing PISPs should perform CDD on the payee only,” the statement says.
This is both in terms of establishing a customer relationship and for occasional transactions, no matter whether they touch merchant funds or not.
In their statement, the groups quip that nobody would suggest that card acquirers should do CDD on the cardholder. However, as AML regulation does not explicitly address payment initiation services, which have only recently become regulated under PSD2, it leaves room for interpretation in this case.