European Commission DG Internal Market and Services (DG MARKT)

Transcription

1 European Commission DG Internal Market and Services (DG MARKT) Study on the application of the Regulation on information accompanying transfers of funds MARKT/2011/054/F 16th September 2012 FINAL REPORT

2 Contents 1.0 Executive Summary Introduction Nature of the Problem Money Laundering & Terrorist Financing Key Problem Drivers Vulnerability of Fund Transfers Regulation 1781/2006 The Fund Transfers Regulation (FTR) Implementation of the Fund Transfers Regulation Impact of the existing obligations of the Fund Transfers Regulation Risk assessment and Crime Proofing Regulation of E-Money and Other New Payment Methods The FTR and Non-Bank Stakeholders in the Payment Sector Extending the Scope of the Fund Transfers Regulation Recommendations Introduction Study Background and Methodology Study Objectives and Design Study Methodology Initial Interviews Desk Research Stakeholder Interview Programme Non-bank Practitioners Interviewed Third Country Case Studies Cost-Benefit Analysis Risk Assessment and Crime-Proofing Analysis Problem Identification Nature of the Problem Money Laundering & Terrorist Financing Problem Drivers Vulnerability of Fund Transfers The Banking System Money Value Transfer Services Electronic Money and New Payment Methods Regulation 1781/2006 The Fund Transfers Regulation (FTR) Logic Model for the FTR Scope of the Regulation Obligations on Payment Service Providers 36 Matrix Insight Ltd. & Transcrime 16th September

3 4.3.4 Cover Payments and SWIFT MT202 COV Amendments to FATF SR VII Implementation of the FTR National Implementation of the FTR EU Implementation Transposition at National Level Practical Guidelines Issued by Member States Scope and Exemption from Scope Use of Derogations ,000 thresholds (Art. 3.3, Art. 3.6, 5.4) The Regulation of E-Money and Other New Payment Methods Intra- vs. Extra-EU Differentiation Implementation Issues Compliance costs Rejected Transfers Due to Missing Information Technical Limitations and New Messaging Formats New Messaging Formats Effectiveness of Supervision Cooperation between Authorities Penalties Feedback from Non-Bank Stakeholders in the Payment Sector Money and Value Transfer Service Companies Interviews with MasterCard and VISA Impact of the FTR and Possible Extension of Scope Cost-Benefit Analysis Cost Benefit Analysis of existing FTR obligations Possible Extension of the Scope of the FTR Inclusions of Beneficiary Information (as per FATF Recommendation 16) Cost Benefit Analysis for the Possible Extension of the Scope of the FTR Cost Benefit Analysis: Conclusions Freezing Actions Risk Assessment and Crime Proofing Violations and Breaches of the FTR Areas of Risk Associated to FTR Derogations and Exemptions Money Value Transfer Services (MVTS) E-Money and New Payment Methods 117 Matrix Insight Ltd. & Transcrime 16th September

4 6.3.5 FTR Risk Assessment and Crime Proofing: Conclusions Conclusions and Recommendations Scope and Exemptions from Scope (Art. 3 FTR) Use of Derogations ,000 Thresholds E-Money and New Payment Methods Intra- vs. Extra-EU Rules Implementation issues Compliance Costs Rejected Transfers due to Missing Information Technical Limitations Effectiveness of Supervision Cooperation between Authorities Monitoring of Compliance with the Fund Transfers Regulation Penalties (Art. 15 FTR) Possible extension of the Scope of the Regulation Information on the Beneficiary of Wire Transfers Practical Challenges for PSPs to Take Freezing Actions Appendices Research Questions Matrix Detailed Work Plan Phase 1: Inception (Completed) Phase 2: Data Collection (Partly completed) Phase 3: Analysis and Reporting Bibliography EU Framework to Combat Money Laundering & the Financing of Terrorism Case Studies (Country Profiles) List of Stakeholders Contacted for Data Collection List of Stakeholders to be Contacted for Data Collection Interview guide for initial interviews (Phase 1) Questionnaire for interviews with practitioners (Phase 2) Questionnaire for National Supervisory Authorities (Phase 2) Questionnaire for interviews with Law Enforcement Agencies (Phase 2) Questionnaire for Financial Intelligence Units (Phase 2) Follow-up Survey with Practitioners (Phase 2) 205 Matrix Insight Ltd. & Transcrime 16th September

5 8.14 Follow-up Survey with National Supervisory Authorities (Phase 2) Follow-up Survey with LEAs (Phase 2) Follow-up Survey with FIUs (Phase 2) Stakeholder Interview Summary Template (Qualitative Information) Country Summary Template (Quantitative Information) Detailed timeline Legal Definitions 232 List of Figures Figure 1: Overview Study Design Figure 2: Total Number of Suspicious Transaction Reports in Figure 3: Logic Model for the Fund Transfers Regulation (1781//2006) Figure 4: Transfer of Funds Obligations on Payer PSP Figure 5: Transfer of Funds Obligations on Payee PSP Figure 6: Transfer of Funds Obligations on Intermediary PSP Figure 7: Existence of Implementing Measures Designating Competent Authorities Figure 8: Member States Ranked by Highest Possible Financial Penalty for Breach of the FTR Figure 9: Stakeholders Positions on the Inclusion of Beneficiary Information Figure 10: Stakeholders positions on the inclusion of beneficiary information broken down by stakeholder category Figure 11: Number of EU MSs which Reported Cases of FTR Violations in the Interviews, Broken Down by Type of Violation Figure 12: Volume of Money Remittances Sent and Received in Selected MONEYVAL/FATF Member States (Millions EUR) Figure 13: Number of Money Remittance Providers in Selected FATF Countries (year 2008) Figure 14: Anti-Money Laundering (AML) / Combating the Financing of Terrorism (CFT) European Framework List of Tables Table 1: Overview of Technical Concepts used in the Report... 8 Table 2: Overview of Interviews Conducted Table 3: FTR Derogations Table 4: Type / Nature of Guidance Provided to PSPs by the Supervisory Authorities for the FTR Implementation Table 5: General Overview of Derogations Used* Table 6: Overview of Derogations Used (by Type of Derogation) Table 7: Overview of Derogations Used (by Member State) Table 8: Applied Derogations of the FTR in the Member States Table 9: Reasons Provided for not Using Specific Derogations Table 10: Extension of Scope of Fund Transfers Regulation to cover E-Money and other New Payment Methods Table 11: Application of Different Rules for Intra-EU and Extra-EU Transactions Table 12: Categories of Respondents Who Answered Questions Related to the Application of Rules for Intra-EU vs. Extra-EU transfers Matrix Insight Ltd. & Transcrime 16th September

6 Table 13: Stakeholders Perceptions with Regard to the Benefits and Costs of Applying Same Rules for Intra-EU and Extra-EU Transfers Table 14: Stakeholders Perceptions with Regard to the Benefits and Costs of Applying Different Rules for Intra-EU and Extra-EU Transfers Table 15: Categories of Measures (and their Costs) Member States Use to Comply with the FTR Table 16: Most Relevant Sources of Costs for Complying with Existing FTR Rules Table 17: Annual Costs of Complying with the FTR Table 18: Reports Received by FIUs Under Art. 9 of the FTR Regarding Transactions with Missing or Incomplete Information Table 19: Frequency of Information Requests from Other EU and Non-EU Countries Table 20: Number of Cases where LEAs in one EU Member State were contacted by LEAs from other EU Member States Table 21: Actions PSPs Undertake vis-à-vis Other PSPs to Ensure that full information is provided (according to Art. 9 FTR) Table 22: Rejected Transfers Due to Missing Information Table 23: Likely Technical Limitations Experienced According to Art. 13 FTR Table 24: Perceived Impacts of New Messaging Formats Table 25: Frequency of Monitoring the Implementation of the FTR by Supervisory Authorities Table 26: Overview of On-Site Visits and Off Site Supervisions Specifically Related to AML/CFT and the Fund Transfers Regulation Table 27: Details on Supervision and of the Actors Responsible Table 28: Issuer of Penalties Table 29: Different Penalty Regimes in Member States for Non-Compliance with FTR Table 30: Benefits and Costs of Including Beneficiary Information in Wire Transfers Table 31: EU Stakeholders Perception of the Benefits of Including Beneficiary Information in Wire Transfers Table 32: Summary of CBA Results Table 33: Benefits and Costs of Requesting Financial Institutions to take Freezing Actions against Designated Persons and Entities Table 34: Implementation of the Freezing of Accounts by Financial Institutions Table 35: Summary of Risk Assessment and Crime Proofing Table 36: EU-level Stakeholders interviewed as part of the Inception Phase Table 37: Draft Country Overview United Kingdom Table 38: Draft Outline of Country Fiches Table 39: List of National Stakeholders Contacted for Data Collection Table 40: List of Stakeholders Contacted for Data Collection Matrix Insight Ltd. & Transcrime 16th September

7 Glossary The field of anti-money laundering (AML) and terrorist financing (TF) is characterised by a distinct terminology, which is not always entirely coherent across jurisdictions or with other fields of regulation of financial markets. There are legal terms used by the FATF, for example Money or Value Transfer Service, which are not used in any EU legal act. Secondly, some terms such as Money Service Business are used in Anglo-Saxon legal systems such as the UK, Ireland and the US, but not in EU legal acts. In addition, the concept of Payment Service Provider is defined differently in the Directive on Payment Services (PSD) and the Fund Transfers Regulation (FTR). A detailed overview of some of the key legal concepts and their legal sources is provided in Annex Below, an overview of some of the key concepts used in this report is provided, followed by a more comprehensive list of technical expressions and short descriptions. The Payment Service Provider (PSP) is the general term used to describe all economic operators within the scope of Regulation 1781/2006. The term Practitioner is applied to cover all PSPs as well as businesses somehow affected Payment Service Provider (PSP) Natural or legal person whose business includes the provision of transfer of funds services, Fund Transfers Regulation 2006/1781/EC Art. 2,5 Transfers of funds are defined as: any transaction carried out on behalf of the payer through a payment service provider by electronic means with view of making funds available to a payee at a payment service provider irrespective of whether payer and payee is the same Fund Transfers Regulation 2006/1781/EC Art. 2,7 There are several types of Payment Service Providers, but for the purposes of this report it is important to stress two sub-groups whose relation to the FTR differ from the rest. The first one is electronic money institutions, which are specifically mentioned in the FTR. Electronic Money Institutions (EMI) 1. Electronic money institution means a legal person that has been granted authorisation under Title II to issue electronic money; 2. Electronic money means electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions as defined in point 5 of Article 4 of the Payment Services Directive 2007/64/EC, and which is accepted by a natural or legal person other than the electronic money issuer; Electronic Money Directive 2009/110/EC art. 3 The other type of business is the Money or Value Transfer Service (MVTS) company. This concept refers to businesses which are engaged in money transfers outside the traditional banking system. This group of businesses is not referred to specifically in the FTR, but is described in the FATF Recommendation 16. Matrix Insight Ltd. & Transcrime 16th September

8 Money or value transfer services (MVTS) refers to financial services that involve the acceptance of cash, cheques, other monetary instruments or other stores of value and the payment of a corresponding sum in cash or other form to a beneficiary by means of a communication, message, transfer, or through a clearing network to which the MVTS provider belongs. Transactions performed by such services can involve one or more intermediaries and a final payment to a third party, and may include any new payment methods. Sometimes these services have ties to particular geographic regions and are described using a variety of specific terms, including hawala, hundi, and fei chen. The following table provides an overview of some technical concepts used in the report. Table 1: Overview of Technical Concepts used in the Report Technical Term Beneficiary Beneficial owner Customer Due Diligence(CDD)/ Know Your Customer (KYC) Enhanced due diligence Freezing Action Originator Practitioner Risk-based approach Simplified Definition The natural or legal person receiving a payment/benefiting from a transaction, i.e. the payee. The natural or legal person standing behind the beneficiary or the originator and actually executing/benefiting from a transaction. Interchangeable expressions for the checks that banks make on clients including identifying the customer and verifying the customer's identity on the basis of documents, data or information obtained from a reliable and independent source 1. Stricter CDD requirements (e.g. for entities classified by authorities as high-risk). According to FATF Recommendation 16, countries should ensure that, in the context of processing wire transfers, financial institutions take freezing actions and should prohibit conducting transactions with designated persons and entities, as per the obligations set out in the relevant United Nations Security Council resolutions, such as Resolution 1267 (1999) and its successor resolutions, and Resolution 1373(2001), relating to the prevention and suppression of terrorism and terrorist financing. Freezing means preventing the funds to be transferred. The natural or legal person making a payment/initiating a transaction, i.e. the payer. In this study, the term practitioner refers to the stakeholders which are either PSPs or associations representing PSPs. Regulators adopting this approach start with identifying and assessing the risk and then only imposing laws and rules that are adequate and proportionate for different entities and their risk level. Resources should be directed in accordance with priorities so that 1 AML Directive Art.8,1 (a) Matrix Insight Ltd. & Transcrime 16th September

9 Technical Term Simplified due diligence (Cuckoo) Smurfing Suspicious Transaction Report (STR) U-Turn Transaction Simplified Definition the greatest risks receive the highest attention. The alternative approaches are that resources are either applied evenly, so that all PSPs, customers, products, etc. receive equal attention, or that resources are targeted, but on the basis of factors other than the risk assessed. Less strict CDD requirements (e.g. for small transactions, entities classified by authorities as low-risk). Tactic of splitting a high value financial transaction into several small transactions in order to escape the attention of authorities. Reports from practitioners to the FIU informing them about suspicious transactions. In the context of this study, in so-called U-turn transactions, a foreign institution routes money to a bank in the United States, which transfers the money immediately to a separate foreign institution. Matrix Insight Ltd. & Transcrime 16th September

10 Abbreviations Abbreviation International Organisations FATF Financial Action Task Force IMF International Monetary Fund Abbreviation Stakeholder Groups FIU Financial Intelligence Unit LEA Law Enforcement Agency SA Supervisory Authority Abbreviation Legislative Acts FTR Fund Transfers Regulation PSD Payment Services Directive AMLD Anti Money Laundering Directive EMD Electronic Money Directive SRVII Special Recommendation VII Abbreviation Technical Terms (*Find legal definition in Annex 8.20) AML / TF Anti-money laundering / Terrorist Financing AR Alternative Remittance System CBA CIP CDD EMI ML MT MSB MVTS PI PSP SEPA DD STR Cost Benefit Analysis Complete Information on the Payer Customer Due Diligence Electronic Money Institution* Money laundering Message Type Money Service Business* Money and Value Transfer Business* Payment Institution* Payment Service Provider* SEPA Direct Debit Suspicious Transaction Report Matrix Insight Ltd. & Transcrime 16th September

11 1.0 Executive Summary 1.1 Introduction Matrix Insight Ltd and Transcrime were contracted by the European Commission in December 2011 to carry out a Study on the application of the Regulation on information accompanying transfers of funds. The main purpose of the study was to: assist the EC in preparing a full legal and economic assessment of the application of Regulation (EC) 1781/2006 (FTR); suggest possible revisions to the Fund Transfers Regulation in order to improve its effectiveness against money laundering and transfer of funds in the EU; assess the practical challenges of extending the FTR to include information on beneficiaries of wire transfers, based on Financial Action Task Force s (FATF) Recommendation 16 on wire transfers. The information provided in this study draws in large parts on the following research tools: 27 Country Profiles: the country profiles for all EU Member States are based on desk research to provide detailed information on the implementation of Regulation 1781/2006 at national level by reviewing EU and national policy as well as legal documents and other literature. Stakeholder Interview Programme: face to face and telephone interviews were carried out to gather stakeholder s 2 views and perceptions on the implementation of the Regulation at national level. Questionnaires to collect quantitative information: Information and data on the costs of national authorities and practitioners for complying with the specifications set out by the Regulation were collected through brief structured questionnaires to national stakeholders. Interviews with non-bank practitioners: three practitioner groups (representing e- money institutions, MVTS companies and businesses facilitating the execution of wire transfers) were undertaken to capture the full picture of views within the industry regarding the implementation of Regulation 1781/2006. Third Country Case Studies: two case studies were carried out on non-eu countries (the US and Switzerland) that implemented the Financial Action Task Force s SR VII, but which do not fall under the scope of Regulation 1781/ Interviews were undertaken with Supervisory Authorities; Law Enforcement Authorities; Financial Intelligence Units and Practitioners. Matrix Insight Ltd. & Transcrime 16th September

12 Cost-Benefit Analysis / Crime Proofing Analysis: the CBA includes an assessment of the effects as well as costs for industry and Member States related to the implementation of Regulation 1781/2006. A separate CBA was undertaken for any potential changes in the scope or the obligations of the Fund Transfers Regulation that the Commission is considering, based on the revised Financial Action Task Force s Recommendation Nature of the Problem Money Laundering & Terrorist Financing Money laundering and terrorist financing are posing significant economic and security concerns for the European Union as well as national governments (section 4.0). Research published by the United Nations Office on Drugs and Crime 3 estimates that the amount available for money laundering in 2009 was equivalent to some 2.7% of global GDP, amounting to some US$ 1.6 trillion. An equivalent estimate of a global figure for terrorist financing does not exist. 1.3 Key Problem Drivers Vulnerability of Fund Transfers Millions of global transactions facilitate the transfer of funds, central to the functioning of the global economy, through the use of financial systems, money transfer businesses, the international trade system, charities, remittance systems and new payment methods. Given the high number of daily transfers, the challenge is to distinguish between their legal and illegal use, especially because money laundering and terrorist financing activities are likely to require the movement of funds or value at some point. The Financial Action Task Force has published a list of sub-features of transfers of funds 4 as the main means/sources for the abuse of funds in relation to money laundering and terrorist financing, of which the following three fall within the scope of this study: The Banking System: Using the banking sector was identified as a primary technique for money laundering and terrorist financing. Funds need to be moved securely and quickly, making the transactions to appear legitimate. The size and scope of the global financial sector, together with the complexity of banking arrangements, are contributory factors rendering the banking sector vulnerable to abuse by money launderers and terrorists. Hence, the requirements and needs for stricter customer identification, the monitoring of transactions by financial institutions and the inclusions of meaningful and accurate information on the originator of wire transfers were recognised as important factors for the combating of money laundering and terrorist financing. Money Value Transfer Services: Non-banking structures or structures that process both banking and non-banking transactions are increasingly used by criminals and terrorists. The use of these systems often allows for access to locations where the 3 Estimating Illicit Financial Flows resulting from drug trafficking and other transnational organized crimes, UNODC, October FATF Report (2010): Global Money Laundering and Terrorist Financing. Threat Assessment, p. 24 Matrix Insight Ltd. & Transcrime 16th September

13 banking system is not present, so that funds can be moved quickly, cheaply and securely, using trusted and personalised arrangements. Electronic Money and New Payment Systems: New payment methods such as electronic money and mobile banking have become increasingly prevalent across the EU as well as markets in Africa, South America or the Middle East. Especially e-money seems to be less strictly regulated in many countries than conventional payment systems. The system does not require a personal contact with the client, which makes its usage easier for criminals without leaving any useful information about themselves or their deals. International e-money transactions greatly complicate investigations in money laundering cases, as victims and criminals are likely to be located in different jurisdictions. 1.4 Regulation 1781/2006 The Fund Transfers Regulation (FTR) In order to enhance the transparency and traceability of domestic and cross-border wire transfers, in October 2001 the Financial Action Task Force issued Special Recommendation VII (SR VII) to make it easier for law enforcement authorities to track funds transferred electronically by terrorists and criminals. SR VII was implemented at EU level through Regulation 1781/2006 on information on the payer accompanying transfers of funds, coming into effect on 1st January This study has confirmed that the overall scope and objectives of the Fund Transfers Regulation are clearly relevant for addressing the problem of money laundering and terrorist financing related to fund transfers. However, there are several issues that need to be further clarified and refined by the European Commission in order to avoid misinterpretations, ensure a consistent level of implementation of the Regulation s provisions, and finally to maximise its effectiveness Implementation of the Fund Transfers Regulation The study examined how different aspects of Regulation 1781/2006 have been implemented at Member State level. These aspects are further described below. Use of derogations (Art. 3 and Art. 18) The study findings suggest that the derogations set out in Art. 3 of the Regulation are currently all being used by national stakeholders, but not to the same extent in all EU Member States. In addition, Regulation 1781/2006 leaves it at the discretion of Member States to make use of three specific derogations (as set out in Art. 3(3) on e money transactions, Art. 3(6) on transfers with a Member State with a unique reference number, and Art. 18 on transfers to non-profit organisations within a Member State). The research shows that the derogation in Art. 3(3) is the one most often used by Member States, whereas the derogation used in Art. 18 is used least often. Matrix Insight Ltd. & Transcrime 16th September

14 Implementation guidelines The study found that there are varying degrees of implementation of the Fund Transfers Regulation across all Member States. Several Member States have issued practical guidelines that are circulated to PSPs at national level to comply with the Fund Transfers Regulation s provisions and national derogations. Many of these practical guidelines are based on the Committee of European Banking Supervisors (CEBS) common understanding 5. Intra-/Extra-EU differentiation The Fund Transfers Regulation allows for the application of different intra-eu/extra-eu rules in terms of data requirements (Art. 6 and Art. 7) for fund transfers. The study findings show that these rules are not applied uniformly across Member States, but that there seems to be a more or less equal split between stakeholders who apply one or the other rule. However, stakeholders from PSPs interviewed for this study were generally in favour in keeping the distinction between intra- and extra-eu rules. It was argued that a change to the current system would entail high costs, which don t seem to be proportionate compared to the benefits. Penalties The study identified a framework for penalties to be in place in all EU Member States against infringements of the Fund Transfers Regulation. All Member States provide the possibility of imposing fines, but there are significant variations in the magnitude of such fines. The study findings also suggest that financial penalties are not imposed very often. They are usually used as the last resort in the chain of possible actions. Rather, the threat of naming and shaming, which could lead to serious reputational damage of Payment Service Providers, as well as the personal liability of owners and senior managers of Payment Service Providers often prove effective enough to make them comply with the provisions of the Fund Transfers Regulation Impact of the existing obligations of the Fund Transfers Regulation The study also assessed the impact of the application of the Fund Transfers Regulation across EU Member States in terms of costs and benefits to EU stakeholders. The findings can be summarised as follows: Costs The findings of the cost-benefit analysis undertaken show that little quantitative information is available on costs resulting from the implementation of Regulation 1781/2006 (i.e. reports received by FIUs and Supervisory Authorities under Art of the Fund Transfers Regulation; number of investigations performed by LEAs, FIUs and prosecutors on issues related to fund transfers). Cost figures generally refer to the compliance with the wider AML obligations, such as expenses for staff training on the Anti-Money Laundering Directive, the Payment Services Directive and the FTR etc.). 5 CEBS Common understanding of the obligations imposed by European Regulation 1781/2006 on the information on the payer accompanying funds transfers to payment service providers of payees. CEBS / CEIOPS-3L / CESR/08-773; Matrix Insight Ltd. & Transcrime 16th September

15 Two main sources of expenses for European Payment Service Providers have been identified resulting from the implementation of the FTR: Costs related to the inclusion of information on the payer of a fund transfer (mainly adjustments to the existing IT systems); Costs related to the verification of information on the payer of a fund transfer (mainly staff costs devoted to cross-checking the payer s identity and checking the coherence between different pieces of information, such as name and account number of the payer. In terms of ranking the type of institutions bearing the main costs, payee s Payment Service Providers are those suffering the most significant burden, followed by payer s Payment Service Providers and then intermediary Payment Service Providers. Benefits Two types of benefits arising from the implementation of the Fund Transfers Regulation could be identified by the study: Increased transparency and traceability in relation to fund transfers, reflected by an improvement of the activities of LEAs/FIUs/SAs against money laundering and terrorist financing; An increase in the standardisation of payment procedures across the European Payment Service Providers, which correspondents to the developments in the EU payment system outlined in other EU initiatives (e.g. SEPA; PSD etc.) Risk assessment and Crime Proofing To complete the assessment of the implementation of the Fund Transfers Regulation, the study has analysed its impact in terms of effectiveness in combating money laundering and terrorist financing. Violations and Breaches of the FTR The study findings suggest that to date there are no or only minor violations of the Fund Transfers Regulation reported by national stakeholders across the EU Member States. The most common violations regard cases of missing or incomplete information on the payer, followed by the lack of reporting to relevant and correct institutions, such as LEAs, FIUs or SAs. The study found that the most common incomplete or missing information in fund transfers are the payer s name, address and account number. In addition, the lack of Payment Service Providers internal systems or procedures to automatically detect missing information on the payer was identified in some Member States, while cases of wire transfers with missing information on the payer have been recorded with particular reference to selected non-eu countries, especially transfers coming from the US and Switzerland. Matrix Insight Ltd. & Transcrime 16th September

16 Areas of Risk Associated to FTR Derogations and Exemptions The study could not identify any specific risks associated to the use of the Fund Transfers Regulation s derogations. The quite extensive application of the Fund Transfers Regulation s derogations across all EU Member States could confirm the low level of risk associated to these exemptions. Some concerns, however, were expressed with regard to the derogations in Art. 3.2 (use of debit/credit cards), Art (use of e-money) and Art. 3.4 (use of mobile phones and other new payments systems), especially with reference to the 1,000 threshold due to the high money-laundering and terrorist financing risk also associated with small amounts of fund transfers Regulation of E-Money and Other New Payment Methods The study concludes that the national regulation of e-money products varies widely across the EU due to different levels of market penetration of these products in certain countries. This was seen by individual stakeholders as an incentive for e-money providers to set up their business in jurisdictions with the most permissive regulatory environment. Most stakeholders did not feel that Regulation 1781/2006 addresses e-money and other new payment methods to a sufficient extent. Some stakeholders contacted for the study suggested dropping the 1,000 threshold for e-money transactions in order to extend the scope of the Regulation to specific e-money products (i.e. prepaid cards that can only be used for transactions below 1,000). In contrast, some stakeholders argued that e-money is not the typical target of abuse due to the low value of transactions, and warned that a stricter regulation of e-money products could drive customers into cash alternative systems. These, however, cannot be as easily supervised by FIUs as there is no digital trail to follow The FTR and Non-Bank Stakeholders in the Payment Sector The study found that there might be potential conflicts between the current Anti-Money Laundering legislation and data protection issues. When Money and Value Transfer Service Companies, which often offer money transfers to developing countries at cheaper rates than the traditional banking system, send funds to countries where there is no or little safeguard against the receiving institution (ab)using the customer information sent with these transfers or passing it on to third parties, the risk for the concerned individual could be significant. The industry has responded to this dilemma by limiting the information shared with recipient Payment Service Providers to the minimum permitted by Regulation 1781/2006. Matrix Insight Ltd. & Transcrime 16th September

17 1.4.6 Extending the Scope of the Fund Transfers Regulation The study concludes that it is not a question of if, but rather of how Regulation 1781/2006 should be amended in line with the new Financial Action Task Force s Recommendation 16 to include information on the beneficiary of wire transfers. According to the interpretative note to Recommendation 16, information accompanying all qualifying wire transfers should always include originator s name, account number and address (or national identity number / customer identification number / date and place of birth), as well as the name and account number of the beneficiary. Most stakeholders, especially the Supervisory Authorities, FIUs and LEAs, favoured this inclusion, as it will be easier to trace back transactions when both originator and beneficiary information are available. The inclusion will also facilitate cross-border cooperation between investigators. The study concludes that the main implementation costs related to the inclusion of beneficiary information would be related to amending IT systems, which could be a significant cost especially for smaller Payment Service Providers. Money and Value Transfer Businesses were concerned that Payment Service Providers in developing countries will need a lot of effort and investments in adapting their systems for conducting transactions with Payment Service Providers in the EU, which could lead to a potential suspension of business relationships between the different entities. Some stakeholders were uncertain about potential verification requirements for information on the beneficiary. This could imply serious difficulties, especially when beneficiaries are legal entities. However, the Financial Action Task Force s Recommendation 16 only requires the name and account number (or unique transaction reference number) of the beneficiary. Verification of such information only has to be carried out by Payment Service Providers for their own customers, i.e. the payer s Payment Service Provider for the originator, and the payee s Payment Service Provider for the beneficiary of wire transfers. Concerns were also raised by stakeholders in relation to the potential violation of data protection and privacy rights of customers when reporting beneficiary information and the abuse for commercial reasons by Payment Service Providers which receive such information and use it to directly contact their competitors customers. 1.5 Recommendations Based on the findings and conclusions of this study, the following recommendations are made to address existing shortcomings and take advantage of room for improvements when revising the current Fund Transfers Regulation: Matrix Insight Ltd. & Transcrime 16th September

18 If DG MARKT would decide to abolish any of the existing derogations, this should be done in order to further align the Regulation with the new FATF international standards. Extend the scope of the Fund Transfers Regulation to sufficiently cover e-money and other new payment methods by better reflecting new methods that have entered the market, and to better reflect the revisions made to the FATF international standards. Keep the current distinction of intra-eu vs. extra-eu rules for data requirements for fund transfers in place. Consider introducing a simplified regime for cross-border wire transfers amounting to 1,000 or less, unless there is suspicion of ML or TF. Further clarify the reporting obligations for Payment Service Providers under Art. 9 of the Regulation ( Transfers of funds with missing or incomplete information on the payer ) by either outlining the necessary actions as specified in the CEBS common understanding in the revised Regulation, or by making reference to the relevant parts in the common understanding. Further clarify the provisions and definitions in Art. 13 of the Fund Transfers Regulation ( technical limitations ), either in the text of the Regulation or by issuing clear guidelines for Payment Service Providers. Include the obligation in the revised Regulation for intermediary Payment Service Providers to ensure that all originator and beneficiary information is retained with wire transfers, as well as to take reasonable measures to detect missing information, and to establish effective risk-based policies and procedures for determining the action to take. SWIFT to provide international guidance on how information should be provided and presented by Payment Service Providers in order to guarantee a uniform application of the messaging system. Enhance and improve official and established communication lines between national authorities. For example, the current cooperation within the FIU platform could be enhanced in terms of efficiency, and the cooperation between FIUs and LEAs could be improved to strengthen the information exchange. Provide specific guidance on the Fund Transfers Regulation s implementation process, including guidelines on the definition of certain terms and practices. This could be carried out by the EBA and could include publishing best practice examples of countries that have successfully implemented the FTR to date, or provide a forum where common problems could be discussed. Disseminate best practices in the field of sanctions and penalties. DG MARKT to decide whether to introduce specific sanctions in the text of the revised Regulation. When extending the scope of the current Regulation in order to include beneficiary information requirements, define what beneficiary information needs to be verified, and by whom. Adapt the nature of the verification requirements on the basis of the Financial Action Task Force s Recommendation 16, where the payee s Payment Service Provider has to verify the beneficiary information, not the payer s Payment Service Provider. Matrix Insight Ltd. & Transcrime 16th September

19 Beneficiary Payment Service Providers to implement effective risk-based policies and procedures to determine what to do with wire transfers that lack the required originator / beneficiary information as well as to determine appropriate follow-up actions. Clarify data protection requirements when extending the scope of the Fund Transfers Regulation (and also with respect to the existing requirements in the Regulation). Ensure there is sufficient time for the implementation of new provisions for Payment Service Providers to adapt their IT and messaging systems. Matrix Insight Ltd. & Transcrime 16th September

20 2.0 Introduction This document contains the Draft Final Report of the Study on the application of the Regulation on information accompanying transfers of funds, submitted by Matrix Insight and Transcrime. The aim of this study is to assist the European Commission in carrying out a full economic and legal assessment of the application of the Fund Transfers Regulation 1781/2006 (FTR) and suggesting its possible revision in order to improve its effectiveness against money laundering (ML) and terrorist financing (TF) in the EU. The study also takes into account the on-going revision process of the existing AML legal framework, in particular around FATF Special Recommendation VII (to include information on beneficiaries of wire transfers). The main purpose of this report is to provide conclusions in respect of the research questions specified in the Terms of Reference (ToR), generated through the data collected and analysed. The report also contains recommendations made on the basis of the conclusions reached. The Draft Final Report consists of the following main sections: Section 3 summarised the study background and methodology, presenting the study objectives and design, including an overview of the different methods and tools used for this study. Section 4 presents our understanding of the problem identification and problem drivers in the context of the EU anti-money laundering and anti-terrorist financing framework, in which Regulation 1781/2006 is embedded. Section 5 provides a detailed overview of the implementation of the FTR in the EU Member States, based on the findings of the desk research, initial stakeholder interviews undertaken and the quantitative questionnaires collected. Section 6 presents the findings stemming from the cost-benefit as well as risk assessment/crime proofing analysis undertaken, assesses the impact of the FTR in Member States as well as the practical challenges related to a potential extension of the scope of the FTR to include information on the beneficiaries of wire transfers. Section 7 presents the conclusions and recommendations for this study, which are based on the research questions outlined in the ToR and presented in more detail in Annex 8.1. The Appendices contain all supporting material for this study. In a separate document to this report (Case Study Report), we present 27 EU country profiles which we have put together over the course of the study. The country profiles provide an overview of the state of implementation of the FTR in all EU Member States and summarise national stakeholders perceptions and views on issues related to the Fund Transfers Regulation. They are based on desk research and interviews with national stakeholders, and where possible, their content has been verified with national authorities. Matrix Insight Ltd. & Transcrime 16th September

21 3.0 Study Background and Methodology The following chapter provides an overview of the study objectives and design as well as the methodology and tools used. 3.1 Study Objectives and Design Art. 19 of Regulation (EC) 1781/2006 requires the European Commission to present a report to the European Parliament and the Council providing a full economic and legal assessment of the application of this Regulation, accompanied, if appropriate, by a proposal for its modification or repeal. The report should focus in particular on the application of Article 3, so as to identify if electronic money and other new means of payment could be misused for money laundering and terrorist financing purposes, and on Article 13, so as to understand the technical limitations that could impede the filing of complete information on the payer of funds transfers. The study is designed to answer the following high-level questions, which are based on the tender specifications (ToR): Relevance: How relevant is the current FTR to addressing the problem of money laundering and terrorist financing in relation to fund transfers? Effectiveness: How effective is the FTR at achieving its objectives of reducing money laundering and terrorist financing in relation to fund transfers? With regard to the change of the FATF s Special Recommendation VII into FATF Recommendation 16, which among other things sets out that information on beneficiaries of wire transfers needs to be included for the transfer of funds, the study seeks to answer the following question: Extension of Scope: What are the practical challenges of extending the FTR to include information on beneficiaries of wire transfers, based on the recently amended FATF Recommendation 16 on wire transfers? In order to answer these questions, we have developed a research questions matrix (Annex 8.1), presenting: all research questions the study needs to discuss; a set of indicators; and all relevant data sources. The figure below provides a brief overview of the study design. Matrix Insight Ltd. & Transcrime 16th September

22 Figure 1: Overview Study Design 3.2 Study Methodology In order to provide answers to the research questions as well as to make meaningful conclusions and recommendations, this study used a range of tools and methods which are described in detail below. Please refer to Annex 8.2 for a more detailed work plan that outlines the different study phases and individual methodological tools used Initial Interviews The study team carried out 11 initial interviews with European level stakeholders and experts in the field of financial transactions and money laundering to further the team s understanding of the study context, recent policy developments and the role and importance of the Fund Transfers Regulation. Annex provides an overview of the names and positions of those interviewed Desk Research The study team conducted an extensive review of all available documentation with regard to Regulation 1781/2006. This included a review of general information available on the Fund Transfers Regulation (see Annex 8.3) as well as a comprehensive evidence synthesis of the implementation of the Regulation at national level by reviewing EU and national policy and legal documents and other literature, covering the following sources: Online portals of national authorities in all Member States; Matrix Insight Ltd. & Transcrime 16th September

23 FATF and Moneyval evaluation reports; Studies / documents recommended by stakeholders contacted; The information collected fed into 27 country overviews, which can be found in a separate document to this report ( Case Study Report ). Where no information was found through desk research, the study team collected missing data through in-depth interviews with Member State authorities Stakeholder Interview Programme The research team approached more than 108 stakeholders in the EU 27 between April and June 2012 in order to: Carry out phone discussions to better understand the implementation of the Regulation in each Member State; Request the completion of a brief structured questionnaire to gather quantitative data, in particular those related to the costs of national authorities and practitioners complying with the specifications set out in the Regulation. At least one stakeholder was contacted from each of the following categories: Supervisory authorities (SAs); Law enforcement authorities (LEAs); Financial Intelligence Units; and Practitioners (PSPs). However, not all stakeholders contacted accepted to be interviewed though, due to time or other constraints. In total, the study team conducted 71 phone interviews with national stakeholders. However, it is important to remark that the number of individuals the team spoke to is higher than 71. On many occasions, each interview involved discussions with a group of stakeholders covering different expertise areas. The number of interviews undertaken ranged from a minimum of one (e.g. Estonia, Ireland, Latvia, Lithuania, the Netherlands, Poland and Romania) to a maximum of five (e.g. the Czech Republic, Hungary, Slovakia, Spain and the United Kingdom). The highest number of interviews was conducted with national Supervisory Authorities (88.89% response rate), while the lowest number of interviews was conducted with LEAs (25.93% response rate). For a detailed interview list please refer to Annex 8.6. Table 2: Overview of Interviews Conducted id Member State Supervisory FIUs LEAs PSPs Country total 1 Austria Belgium Bulgaria Cyprus Czech Republic Denmark Estonia Finland France Matrix Insight Ltd. & Transcrime 16th September

24 id Member State Supervisory FIUs LEAs PSPs Country total 10 Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta The Netherlands Poland Portugal Romania Slovakia Slovenia Spain Sweden United Kingdom Total Response rate 88.89% 81.48% 25.93% 66.67% 65.74% Stakeholders were asked to provide quantitative information, i.e. on the costs of the FTR implementation, reports filed for missing information in wire transfers etc. by responding to a paper questionnaire which the study team usually sent out after the interviews. In total, 32 questionnaires were filled in and sent back to the study team, 8 filled in by FIUs, 1 filled in by an LEA, 9 provided by practitioners and 14 were returned by Supervisory Authorities Non-bank Practitioners Interviewed With the purpose of capturing the full picture of views within the industry, the research team conducted interviews with stakeholders from five international companies whose business differs from traditional banking. Three general groups of practitioners were included in this category: 6 E-Money Institutions (1 interview); MVTS companies (2 interviews); Businesses facilitating the execution of wire transfers (2 interviews). The e-money institution interviewed is a leading player in its field with 555 million transactions globally in the first quarter of 2012 alone. These transactions amounted to a total payment volume of $ 22 billion. One of the interviewed MVTS companies does not disclose the size of its EU-level operations, but globally has an annual 226 Million of C2C transactions with a face value of $ 81 Billion and about 425 million business payments. The other MVTS company interviewed conducted during 2011 a total of 15.7 million transactions in the EEA with a face value of $ 7.8 Billion. 6 Please note that several of the non-bank practitioners requested to remain anonymous. Matrix Insight Ltd. & Transcrime 16th September

25 One of the two businesses facilitating the execution of wire transfers the study team spoke to processed in 2011 a total of over 27 million transactions with a face value of over $ 3 billion. The other company had in million transactions in the EU alone, with a face value of 1.6 trillion. In addition, the study team also spoke to representatives from the European Payments Institution Federation (EPIF) as well as the UK Money Transmitters Association (UKMTS) Third Country Case Studies In order to gain further insights into the logic model behind the FTR and to assess whether the objective to reduce money laundering and terrorist financing in fund transfers could have been addressed more effectively or efficiently through a different initiative, the team has carried out two case studies on non-eu countries that implemented the FATF s SR VII, but do not fall under the scope of the FTR, namely the US and Switzerland. The study team spoke to 5 stakeholders (i.e. supervisory authorities, FIU and practitioners) in the US, and one stakeholder representing the Swiss Payment Council in Switzerland. The case study summaries can be found in the Case Study Report (a separate Annex to this report), and the list of stakeholders / entities interviewed is available in Annex Cost-Benefit Analysis The study team has carried out a cost-benefit analysis based on the qualitative and quantitative information collected through the desk research and stakeholder input. The CBA includes an assessment of the effects as well as costs for industry and Member States related to the implementation of the FTR, as well as stakeholder opinions about benefits in terms of ML and TF, and our expert assessment. A separate cost-benefit assessment has been made for any potential changes in the scope or the obligations of the FTR that the Commission is considering, based on the revised FATF Recommendation 16. The cost-benefit analysis is presented in Section Risk Assessment and Crime-Proofing Analysis Finally, we have undertaken a comprehensive risk assessment/crime proofing of the current Regulation 1781/2006 to ensure that the existing crime risks in the Regulation are addressed and that recommendations do not open further opportunities for criminal activity. The Risk Assessment/Crime Proofing of Legislation (CPL) assesses whether the current FTR creates unintended crime opportunities. The detailed assessment can be found in Annex 6.2. Matrix Insight Ltd. & Transcrime 16th September

26 4.0 Problem Identification The following section presents our understanding of the nature and extent of the problem, namely money laundering and terrorist financing, which Regulation 1781/2006 aims to address. The section elaborates on the drivers and underlying causes of money laundering and terrorist financing, gives some case examples the study team collected over the course of this study, and finally provides a detailed overview of the Fund Transfers Regulation, its scope, obligations on payment service providers as well as new messaging formats. These elements are relevant to answering the research questions for this study (see Annex 8.1). The section is based on the literature review and stakeholder interviews carried out during the inception and data collection phase of this study. Please note that a detailed description of the EU framework on AML and CFT can be found in Annex 8.4. Money laundering and terrorist financing are posing significant economic and security concerns for the European Union as well as national governments. Criminals operate across jurisdictions and without regards to national borders, and use various different systems and methods for their purpose, which makes the prevention of money laundering and terrorist financing challenging. The key problems and their causes as well as the relevant specification of the FTR to address them are outlined in the section below. 4.1 Nature of the Problem Money Laundering & Terrorist Financing Money laundering and terrorist financing are often subject to the same rules. However, although the two concepts might share many elements, their defining features are quite different. Money laundering concerns activities related to assets 7 which have a criminal or illicit origin. Criminals engaged in money laundering will therefore attempt to conceal or disguise the true nature, source or ownership of the assets in question. Terrorist financing on the other hand concerns the provision or collection of funds to carry out any of the offences defined in Council Framework Decision 2002/475/JHA on combating terrorism. 8 Terrorist activities can be funded through legitimate as well as criminal activities and terrorist organisations engage in revenue-generating activities which in themselves may be, or at least appear to be, legitimate 9. The IMF estimates that between $600 billion and $1,800 billion are laundered globally each year. 10 However, data on the magnitude of money laundering seems hard to be obtained. The Financial Action Task Force (FATF) stated that "overall it is absolutely impossible to produce a reliable estimate of the amount of money laundered and therefore the FATF does not publish any figures in this regard." 11 More recent research has been published by the United Nations Office on Drugs and Crime 12. The findings, which are broadly in line with the earlier IMF estimates, suggest that all criminal proceeds are likely to have amounted to some 3.6% of global GDP or around US$ 2.1 trillion in 2009, with an estimated amount available for money laundering equivalent to some 2.7 % of global GDP, amounting 7 These may take any form, including money or money s worth, securities, tangible property and intangible property Eurostat (2010), Money Laundering in Europe, p Estimating Illicit Financial Flows resulting from drug trafficking and other transnational organized crimes, UNODC, October Matrix Insight Ltd. & Transcrime 16th September

27 to some US$ 1.6 trillion. Money flows related to transnational organised crime activities represent the equivalent of 1.5% of global GDP. With similar assumptions as above, the amount of money laundered annually in the EU could be estimated at around 330 billion. An equivalent estimate of a global figure for terrorist financing does not exist. According to a report to the British House of Commons in 2009, however, the mounting of terrorist operations appears not to be very costly. 13 For example, the 2005 London bombings were estimated to have merely cost 8, In addition, the CIA estimated that Al-Qaeda had an annual budget of $30 million prior to 9/11 attacks in New York City, while the total cost related to the preparation and execution of the attacks themselves was estimated not to exceed $500, In order to detect money laundering and terrorist financing, reporting entities (i.e. banks, MVTS companies, notaries, casinos etc.) are obliged to take preventative measures and to disclose any money laundering or terrorist financing suspicions. The number of disclosures made to Financial Intelligence Units (FIUs) is therefore considered a key indicator of the overall anti-money laundering and terrorist financing regime. 16 Reporting entities comply with their obligation through the disclosure of various reports, such as suspicious transaction reports (STRs). However, a recent Eurostat publication shows that figures reported by Member States on the total number of suspicious transactions in their jurisdiction vary greatly, even allowing for the different sizes of the respective financial markets, with high figures reported by some countries (e.g. NL with 295,464 Unusual Transaction Reports, UK with 221,466 Suspicious Activity Reports and LV with 23,963 STRs in 2008). This is, in part, because concepts and counting rules are not uniform across the EU. For illustrative purposes, a selection of Member States is compared in the table below 17 : Roudaut, Mickaël/Karvounaraki, Athina, Money Laundering in Europe, Measuring money laundering at continental level: the first steps towards a European ambition, January 2011 p The UK and the NL, despite showing the highest numbers, are not included in Figure 2 as the indicators they use do not correspond to the STRs counted in most other Member States. For example, a Suspicious Activity Report in the UK does not necessarily cover a specific transaction (to which STRs refer). Instead, it could also refer to an attempt to open an account or retain services of a legal adviser. Consequently, the number of reports may be higher as it would be if only suspicious transactions were counted. Matrix Insight Ltd. & Transcrime 16th September

28 Figure 2: Total Number of Suspicious Transaction Reports in 2008 Latvia Belgium Sweden Italy Estonia Germany Spain Romania Czech Republic Slovakia Greece Denmark Poland Austria Luxembourg Bulgaria Portugal Slovenia Lithuania Malta Hungary Source: Eurostat (2010) Money Laundering in Europe, p It should be noted that this data is only comparable to a limited degree due to differences in reporting habits. For example, while the majority of Member States uses Suspicious Transaction Reports as the counting unit, some countries (Cyprus, Finland and United Kingdom) use Suspicious Activity Reports instead. The Netherlands uses the concept Unusual Transaction Report. For this reason, the figure above only displays countries which use the term Suspicious Transaction Reports. Nonetheless, the data still is not perfectly comparable as reporting entities and the criteria which are used to decide whether to report an activity or not differ across countries. In Latvia, for example, cash transactions are included in the number, potentially inflating it. Moreover, these numbers need to be compared with the size of the financial sector of each Member State in order to become more meaningful. As a result, the fact that a Member State makes a high number of reports must not necessarily be regarded as an indicator of sensitivity to money laundering and/or of the effectiveness of the prevention system Problem Drivers Vulnerability of Fund Transfers The transfer of funds is central to the functioning of the global economy. On a daily basis, millions of global transactions facilitate the transfer of funds through the use of financial systems, money transfer businesses, the international trade system, charities, remittance systems and new payment methods. In order to ensure the efficiency of these transactions, only essential information at a minimum of human intervention ( straight through processing or STP) is transmitted. While the vast majority of 18 The Latvian figure includes Cash Transaction Reports. 19 Cynthia TAVARES, Geoffrey THOMAS, Mickaël ROUDAUT (2010), Money laundering in Europe, Eurostat Matrix Insight Ltd. & Transcrime 16th September

29 transactions are legitimate, the challenge is to distinguish legal from illegal use of transfers of funds. Money laundering and terrorist financing activities are likely to require the movement of funds or value at some point. 20 According to the 2009 FATF Strategic Surveillance Survey, a number of jurisdictions have reported that transfers of funds facilitate various money laundering schemes involving fraud and tax. The FATF has published a list of sub-features of transfer of funds 21 as the main means and sources for the abuse of transfer of funds in relation to money laundering and terrorist financing. The following three sub-features fall within the scope of this study in relation to Regulation 1781/2006 and we will therefore look at them in more detail: The Banking System; Money Value Transfer Service Electronic Money and New Payment Methods The Banking System Bank transfers allow monetary value to be moved electronically and relatively quickly. The 2009 FATF Strategic Surveillance Survey 22 noted wire transfers involving cash deposits and withdrawals as a primary technique for moving terrorist funds. It also noted that the financial systems in a number of jurisdictions have been used as part of a train of transactions, with funds linked to terrorism in and then directly out of their countries. Risk of Money Laundering According to the FATF, the factors that are likely to drive criminals and terrorists to use the banking sector to transfer funds for money laundering and terrorist financing include the need to move funds securely and quickly, and the attempt to make transactions appear legitimate. In addition, funds need to be converted into various other products and moved away from offences. Another driver is the need to move funds to where they may be needed / accessible, including for the commission of more criminal activity or to separate funding for terrorist logistics from other funds. 23 Finally, funds are likely to be transferred to locations with weaker anti-money laundering / countering terrorist-financing regimes because there the activities are less likely to be identified, reported and investigated, while the proceeds are less likely to be confiscated and offenders less likely to be prosecuted. The size and scope of the global financial sector together with the complexity of banking arrangements are contributory factors which render the banking sector vulnerable to abuse by money launderers and terrorists. 24 Weak preventive measures in some jurisdictions can also facilitate abuse of the banking sector. In addition, false or stolen identities can be used to avoid being identified through the application of customer due diligence (CDD) 25 requirements or to gain access to accounts. Finally, customers ability to remotely access deposited funds means that illegal funds integrated into the banking system can be managed without the physical presence of the account 20 FATF Report (2010): Global Money Laundering and Terrorist Financing. Threat Assessment, p FATF Report (2010): Global Money Laundering and Terrorist Financing. Threat Assessment, p FATF Annual Report 2009/ FATF Report (2010): Global Money Laundering and Terrorist Financing. Threat Assessment (July 2010), p FATF Report (2010): Global Money Laundering and Terrorist Financing. Threat Assessment (July 2010), p CDD requirements can include the identification and of customers and the verification of their identity, the identification of the beneficial owner of a transaction and, for business relationships, information on the purpose and intended nature of the business relationship. Matrix Insight Ltd. & Transcrime 16th September

30 owner, i.e. through a bank-customer system which is operated via the internet or the telephone from virtually any place of the world. 26 When a bank s internal control system detects a suspicious transaction, it may then be difficult to get in touch with the customer to clarify the nature and goal of the transaction. As a consequence, the requirement and needs for stricter customer identification, the monitoring of transactions by financial institutions and the inclusion of meaningful and accurate information on the originator of funds transfers were recognised as important factors for the combating of money laundering and terrorist financing. Relevant policy initiatives at EU level are discussed in Annex Money Value Transfer Services In addition to the use of banking systems, non-banking structures or structures that process both banking and non-banking payments/transactions are also used by criminals and terrorists. Money or value transfer services and alternative remittance systems (MVTS/AR) are both retail financial services that allow for funds to be transferred. The 2009 FATF Strategic Surveillance System noted that a number of jurisdictions are seeing increasing abuse of alternative remittance systems. 27 For further details, please refer to Case example 1 below or section in this report. Risk of Money Laundering The main factors that drive criminals and terrorists to use MVTSs and ARs include the need to place cash and move its value quickly and outside of the banking sector, often in high volumes. The use of these systems often allows for access to locations where the banking system is not present. 28 Funds can then be moved quickly, cheaply and securely using trusted and personalised arrangements. In addition, currency control restrictions as well as existing AML/CTF controls in the banking sector can be avoided through the abuse of these systems. Case example 1: Cases of money laundering in the UK 29 The magnitude and nature of money laundering activities in the UK can be illustrated by the following two cases. In the first case 30, three men were jailed for their involvement in an international money laundering racket which moved over a million pounds of drugs money every month. They collected up to 160,000 at a time from criminal associates in the UK. They used a method of money laundering known as cuckoo smurfing, where criminals replace legit money intended for legal transfer into bank accounts with the proceeds of crime. The original untainted money can then be used overseas. In this case, the men received orders from associates in Afghanistan and Iran to pick up drugs money, part of which was transferred to foreign students who were expecting money from back home. Their parents were unaware that their MVTS companies were corrupt. The MVTS companies would then pay in the money in small amounts in various bank branches in the West Midlands. After having observed them for a considerable time, the Serious Organised Crime Agency (with both FIU and LEA competences), with the assistance of the UK Border Agency and local police forces, 26 FATF Report (2010): Global Money Laundering and Terrorist Financing. Threat Assessment (July 2010), p FATF Annual Report 2009/2010, p FATF Report (2010): Global Money Laundering and Terrorist Financing. Threat Assessment (July 2010), p Information on this case was collected during the interviews with national stakeholders Matrix Insight Ltd. & Transcrime 16th September

31 arrested the money launderers, all of whom pleaded guilty. In another case 31, financial investigators identified a gang of four laundering more than 300,000 a week over a considerable period of time. In order to avoid suspicion, the money was split into small amounts which were then transported in bags and distributed across numerous third party bank accounts. At the heart of these professional money laundering operations was Nasrullah Khan, owner of Khan Properties Money Exchange, who was sentenced to ten years of prison. To date, nearly 370,000 cash has been seized from the men Electronic Money and New Payment Methods In recent years, new payment methods such as electronic money and mobile banking, have become increasingly prevalent across the EU as well as other markets, such as Africa, South America or the Middle East. Electronic money (e-money) can be described as a digital equivalent of cash, stored on an electronic device or remotely on a server. The E-money Directive (2009/110/EC) uses three criteria to distinguish e-money from other financial payment systems: 1. Stored on an electronic device; 2. Issued on receipt of funds of an amount not less in value than the monetary value issued; 3. Accepted as means of payment by other parties than the issuer 32. Directive 2000/46/EC, Art. 1(3) defines the scope of e-money as follows: Electronic money can be considered an electronic surrogate for coins and banknotes, which is stored on an electronic device such as a chip card or computer memory, and which is generally intended for the purpose of effecting electronic payments of limited amounts. E-money services contribute to the development of electronic commerce which has been growing steadily in recent years to 4.2% of enterprise turnover in the EU 33. The e-money product first introduced and in use is the 'electronic purse', which allows users to store relatively small amounts of money on a payment card or other smart card, to use for making small payments. E-money can also be stored on (and used via) mobile phones or in a payment account on the internet. In the latter case, funds are stored on a central server (e.g. at the provider) and are often used in pre-funded personalised online payment schemes, involving the transfer of funds stored on a personalised online account (not including traditional bank deposits). The most well known example of these services is PayPal. The advantage for consumers is that it allows them to purchase in a secure way on the internet without disclosing credit card details. As these systems introduce competition to common payment systems, they contribute to an innovative payments market in the EU. Another increasingly popular e-money product is based on prepaid cards which are not linked to a bank account, but instead often used in conjunction with online accounts for purposes such as e-gambling. Card issuers using the MasterCard brand alone provide 11 million prepaid cards in the EU Article 2, EC Directive 2009/110/EC 33 Eurasian Group on Combating Money Laundering and Terrorism Financing (EAG). Working Group on Typologies (WGTYP) (2010). Risks of Electronic Money Misuse for Money Laundering and Terrorism Financing, p Information retrieved from MasterCard comments to the Commission on the Third AML Directive. Matrix Insight Ltd. & Transcrime 16th September

32 A 2008 impact assessment conducted by the European Commission 35 acknowledges, however, that there remain problems around the definition of e-money which create legal uncertainty. For example, sometimes wire transfer systems as employed by Western Union are regarded as e-money systems 36. Furthermore, mobile phones can be used for both e-money as well as for payments with real money (through internet banking). There are no comprehensive statistics available on the total amount of e-money in circulation in the EU 37. Up to 2006, the e-money market had developed slower than expected and only a limited number of new institutions had been established. The impact assessment also argues that e-money has had a limited market uptake in Europe so far in terms of volume of e-money issued and number of market participants 38. Risk of Money Laundering In 2010, the Eurasian group, along with MONEYVAL, published a report on the risk of abuse of e- money systems for money laundering and terrorism financing 39. It identified the following main vulnerable spots in e-money transactions: E-money allows fast transfer of large amounts of money across large distances. It is less strictly regulated in many countries than conventional payment systems. E-money does not require a personal contact of the system with the client, making it easier for criminals to use such systems without leaving any useful information about themselves or their deals. If e-money transactions are carried out internationally, this greatly complicates investigations in money-laundering cases as victims and criminals are likely to be located in different jurisdictions. In this case, the FIU of the country where the victim is based has to send a request to the FIU of the country where the e-money system is registered. The e-money system could also be located in a country with a weak legal base in the field of combating money laundering and terrorist financing. The report also questions the deposit and withdrawal of e-money since it needs to be converted into actual money in order to be used for most expenses. Many ways of depositing e-money exist, and some of them do not allow appropriate identification and thus increase the risk of abuse. The 2010 study concludes that client identification needs to provide credible information without complicating the use of e-money (these two goals could be achieved, for example, by attaching electronic purses to the user s bank card) and the amount of transferred money should be limited during a fixed amount of time. This should not be confused with simplified customer due diligence, and the study affirms that corporate entities should go through a complete identification process (Eurasian Group 2010: 16). Furthermore, the total amount of transferred money among different user groups could be limited, and the study considers that it is also important to require information on payment designation for each transaction. 35 European Commission. Accompanying document to the proposal for a Directive of the European Parliament and of the Council amending Directive 2000/46/EC on the taking up, pursuit of and prudential supervision of the business of electronic money institutions. Impact Assessment. Draft Commission Staff Working Document SEC(2008) Ibid, p Ibid, p Ibid., p Eurasian Group on Combating Money Laundering and Terrorism Financing (EAG). Working Group on Typologies (WGTYP). Risks of Electronic Money Misuse for Money Laundering and Terrorism Financing. Matrix Insight Ltd. & Transcrime 16th September

33 Case example 2: Prepaid cards and cross-border transfers between Austria and Sweden 40 The Austrian FIU mentioned a case that illustrates the risk for abuse that new payment methods entail. In this incident, two persons purchased prepaid cards from an Austrian company who sold these through a distribution network. Those cards are determined for online purchases and also for e- gambling. They charged the cards with 280,000 with the purpose of using them for e-gambling with a Sweden-based provider. The Austrian FIU analysed information they received from the prepaid card provider which had filed an STR and discovered some discrepancies. They then asked the prepaid card service operator to provide them with information on when, where and by whom those cards had been purchased and how they had been used. International authorities such as other FIUs, Interpol and Europol had not been contacted at this stage as it was not clear that the cards were used for international operations. Since the Austrian FIU is located within the police, it had access to intelligence which suggested deceptive activities. The FIU then forwarded this information along with the information obtained from the card provider to the responsible authorities. They also requested the card provider to obtain from the Swedish e-gambling provider information on the players accounts, their identification and whether they played or not. It turned out that one of the accounts was not actually used for gambling and the money was in fact transferred onto that persons private bank account. Subsequent investigations by the Austrian FIU along with the responsible national authorities revealed that within the distribution network of prepaid cards there was someone cooperating with the players who then gave them the names of the players who had purchased the cards. It turned out the police already knew those names and the case is now at court and will likely lead to convictions. Since they were not contacted by Swedish authorities, the Austrian FIU does not know whether the e- gambling provider sent an STR to the Swedish FIU or not. Putting the information on e-money and new payment methods presented above in the context of this study, we assess to what extent the FTR allows the misuse of electronic money 41 as well as other newly developed means of payment, for the purpose of ML and TF (please refer to Question 5 in the research questions matrix in Annex 8.1 of this report). 4.3 Regulation 1781/2006 The Fund Transfers Regulation (FTR) As described above, transfers of funds create a vulnerability which can be exploited in the context of money laundering and terrorist financing. In order to enhance the transparency of electronic payment transfers ( wire transfers ) of all types, domestic and cross-border, the FATF issued in October 2001 Special Recommendation VII (SR VII), which had the objective to make it easier for law enforcement authorities to track funds transferred electronically by terrorists and criminals. 42 SR VII was implemented by EU Member States through Regulation 1781/2006 on information on the payer accompanying transfers of funds (FTR) 43, which came into effect on 1 January The following section describes those aspects and features of the FTR and its provisions that are most relevant for this study and that will subsequently be assessed in order to answer the research questions stated in Annex Information on this case was collected during the interviews with national stakeholders. 41 As defined in Article 1 (3) of Directive 2000/46/EC Regulation (EC) No. 1781/2006 of the European Parliament and of the Council of 15 November 2006 on information on the payer accompanying transfers of funds, OJ L345/1 Matrix Insight Ltd. & Transcrime 16th September

34 4.3.1 Logic Model for the FTR The figure below presents the logic model for the FTR, which has been developed using information collected through the initial desk review and interviews in order to describe the problem that the Regulation 1781/2006 is addressing, the obligations it imposes, as well as their immediate effect and wider impact (costs and benefits) on different stakeholders. The figure sets out the scope of the Regulation as it stands at present. The model dissects the FTR and traces its (potential) impacts from general to specific objectives through to obligations for public authorities and industry (operational objectives) to wider crime reduction. Matrix Insight Ltd. & Transcrime 16th September

35 Figure 3: Logic Model for the Fund Transfers Regulation (1781//2006) Matrix Insight Ltd. & Transcrime 16th September

36 4.3.2 Scope of the Regulation Regulation 1781/2006 is widely drawn and intends to cover all types of funds transfers carried out by electronic means in any currency, from a payer to a payee, which are sent or received by a Payment Service Provider (PSP) established in the EU (Art. 3.1). The FTR includes the following derogations: Table 3: FTR Derogations FTR derogations Debit or credit cards transactions (under the condition of traceability by means of a unique identifier in the transaction and use for purchase of goods and services) (Art. 3.2); E-Money where a Member State decides to apply the derogation of Art. 11 (5) (d) 44 of the Directive 2005/60/EC and the amount does not exceed EUR 1,000 (Art. 3.3); Transfers of funds carried out by means of a mobile telephone or any other digital or IT device, when such transfers are pre-paid and do not exceed EUR 150 (Art. 3.4); Transfer of funds carried out by means of a mobile telephone or any other digital or IT device, when such transfers are post-paid and meet all of the conditions described in Art. 3.5; At the discretion of Member States, transfers of funds within that Member State to a payee account permitting payment for the provision of goods or services subject to a number of conditions stipulated in Art. 3.6; Cash withdrawal from the payer s account by himself or herself (At. 3.7 (a)); Direct debit transactions when a debit authorisation exists between payer and payee as long as a unique identifier accompanies the transaction allowing the transaction to be traced back to the payer (3.7 (b)); Transfer of funds resulting from a truncated cheque (Art. 3.7 (c)); Transfers of funds within a Member State in favour of public authorities for taxes, fines etc. (Art. 3.7 (d)); Transaction generated by a PSP to another PSP acting on their own behalf (Art. 3.7 (e)); Intra-national transfer of funds for non-profit organisations duly identified by a national official list subject to a limit of EUR 150 per transfer (Art. 18). Art. 3.6 offers Member States the possibility to exempt giro payments when the amount transacted is less than EUR 1,000. Member States are required to inform the EC if they make use of this possibility Obligations on Payment Service Providers The FTR lays down the rules on the information that has to accompany transfers of funds, concerning the payers of those funds, for the purpose of the prevention, investigation and 44 The derogation specifies that Member States may allow not to apply CDD on electronic money (as defined in Directive 2000/46/EC) if two criteria are fulfilled: the device cannot be recharged and the maximum amount stored in the device is no more than 250; the device can be recharged but not more than 2,500 can be transacted in one calendar year except when 1,000 or more are redeemed in the same year by the bearer of the device. Matrix Insight Ltd. & Transcrime 16th September

37 detection of money laundering and terrorist financing. For these purposes only, the Payment Service Providers (PSPs) send out payer information to payee PSPs, and check payer information from sending PSPs according to the rules of the Regulation. A number of permitted variations and concessions notwithstanding, the core requirements include: Name; Address; Account number (or unique identifier if an account number does not exist). Regulation 1781/2006 covers all types of funds transfers carried out by electronic means in any currency 45, from a payer to a payee, which are sent or received by a PSP established in the EU (Art. 3.1). The following figures provide an overview of the normal process that the payer PSPs (Figure 4), payee PSPs (Figure 5) and intermediary PSPs (Figure 6) have to perform for respecting its obligations under the Regulation. Figure 4: Transfer of Funds Obligations on Payer PSP Source: Matrix Insight, adapted from Prevention of money laundering / combating terrorist financing, Part III: Specialist Guidance, The Joint Money Laundering Steering Group, 20 October 2010 and Guidance notes on the implementation of Regulation (EC) No 1781/206 on information on the payer transposing SR VII of the FATF related to anti money laundering and fight against terrorism into EC law, European Payments Council, 3 October A list of exclusions is provided in Articles 3 and 18 of the FTR. Matrix Insight Ltd. & Transcrime 16th September

38 Figure 5: Transfer of Funds Obligations on Payee PSP * Note: In practice the procedures required to detect may be met by a combination of system (e.g. SWIFT) validation and risk-based post event random sampling. Source: Matrix Insight, adapted from Prevention of money laundering / combating terrorist financing, Part III: Specialist Guidance, The Joint Money Laundering Steering Group, 20 October 2010 and Guidance notes on the implementation of Regulation (EC) No 1781/206 on information on the payer transposing SR VII of the FATF related to anti money laundering and fight against terrorism into EC law, European Payments Council, 3 October 2008 While there is no legal obligation for the intermediary PSP to check if information in the transaction as per the requirements of Art. 4 and Art. 6 of the Regulation is missing, the intermediary PSP is free to apply the same verification procedures as any receiving PSP. As part of this procedure it will check if the PSP of the payer is located within or outside the Community. Matrix Insight Ltd. & Transcrime 16th September

39 Figure 6: Transfer of Funds Obligations on Intermediary PSP Source: Matrix Insight, adapted from Prevention of money laundering / combating terrorist financing, Part III: Specialist Guidance, The Joint Money Laundering Steering Group, 20 October 2010 and Guidance notes on the implementation of Regulation (EC) No 1781/206 on information on the payer transposing SR VII of the FATF related to anti money laundering and fight against terrorism into EC law, European Payments Council, 3 October 2008 Case example 3: Money laundering and information on originator of payment 46 This case, which took place in the United Kingdom, illustrates how the ambiguity of Regulation 1781/2006 can result in different legal viewpoints. Here, Mr Jaffery, running an MVTS, received cash from an unknown source and then instructed his bank to transfer this amount to another PSP. Her Majesty s Customs and Revenue (HMCR), one of the responsible supervisory authorities in the UK with some law enforcement competence, charged Mr Jaffery with laundering the proceeds of crime. It was said that he took in and sent abroad about 51 million worth of cash through banks and his Remittance To Pakistan money transfer firm, which let people send funds to Pakistan through the website R2PK.com. It is assumed that the money used derived from drug trafficking. The prosecution relied on a failure to comply with the FTR as well as the British Proceeds of Crime Act 2002 (under which individuals also have to report suspicious activity), and a failure to make any suspicious activity reports. This was regarded as evidence that Mr. Jaffery knew or suspected the cash to be proceeds of crime. The case was taken to the Court of Appeal (Criminal Division) at the Royal Courts of Justice. Here, the defendants lawyer argued that there had been no obligation for his client to report information as he was merely putting cash on his bank account and it was consequently the banks obligation to ensure it had proper originator information. This was a question of where the transaction chain begins and whether the bank was the first PSP in this chain, or 46 Information on this case was collected during the interviews with national stakeholders. Matrix Insight Ltd. & Transcrime 16th September

40 whether it was only an intermediary, receiving money from that individual s MVTS. According to the defendant s lawyer, if HMRC were right with their interpretation of Regulation 1781/2006, every individual putting cash into a bank account and ordering a transaction would have to inform their bank about the origin of that money, which would be impractical. At the same time, the lawyer acknowledged that it was important to identify the actual source of the money, but argued that this was part of customer due diligence obligation of the bank executing the transaction. Eventually, the allegation that Mr Jaffery did not fulfil his duty to report suspicious activities was used as evidence that helped convicting him of money laundering for which he now serves ten years in prison Cover Payments and SWIFT MT202 COV The Terms of Reference for this study also ask for an assessment of the impact of new messaging formats, i.e. SWIFT 202 COV, on any additional costs for PSPs. This format has to be understood in the context of cover payments. A customer funds transfer usually involves the ordering customer (payer) instructing its bank to make a payment to the account of a payee (the beneficiary) with the beneficiary s bank. In the context of international funds transfers in third party currencies, the payer s bank will not usually maintain an account with the beneficiary bank in the currency of the payment that enables them the payment directly. Intermediary banks are usually used for this purpose, which may be located in the country where the currency of the payment is the national currency. 47 Cover payments are usually effected via SWIFT 48 and involve two distinct message streams: A customer payment order which is sent by the payer s bank directly to the beneficiary s bank and carries payment details, including payer and beneficiary information (usually a SWIFT Message Type (MT)103); A covering bank-to-bank transfer (a SWIFT MT202), which is sent by the payer s bank to an intermediary bank asking the intermediary bank to cover the payer s bank s obligation to pay the beneficiary bank. The intermediary bank debits the payer s bank account and either credits the beneficiary s bank account under advice, or if no account is held, sends the funds to the beneficiary s bank correspondent with settlement usually being effected through the local Real Time Gross Settlement System (RTGS). The beneficiary bank is then able to reconcile the funds that it receives on its correspondent account with the MT103 received directly from the payer s bank. Payments are sent using the cover method primarily to avoid delays associated with differing time zones and to reduce the costs associated with commercial transactions. However, in the cover payment mechanism the cover intermediary PSPs do not necessarily see all the information sent to the beneficiary PSP. 49 This mechanism, however, is distinct from the direct sequential chain of payment envisaged in the FATF SR VII on wire transfers. For example, the cover message system SWIFT MT 202 provides no underlying beneficiary or ordering customer information. Thus, the lack of 47 ayments.page 48 SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a member-owned co-operative for more than 9000 financial institutions in 209 jurisdictions worldwide. It provides a communications platform that allows its members to communicate with each other by means of standardised, encrypted messages. The SWIFT network handled a daily average of 17.2 million messages in March Basel Committee on Banking Supervision (May 2009): Due diligence and transparency regarding cover payment messages related to cross-border wire transfers; p. 1 Matrix Insight Ltd. & Transcrime 16th September

41 payer and beneficiary information for fund transfers can hinder or limit a cover intermediary PSP s ability to accurately assess risks associated with correspondent and clearing operations. The cover intermediary PSP might also be unable to screen the transaction information against locally applicable lists of individuals or entities whose assets should be blocked, rejected or frozen under national law. The issue of cover payments has subsequently been the point of discussion by the Basel Committee on Banking Supervision as well as the Wolfsberg Group and other organisations who published statements and recommendations how to overcome this weakness. As a consequence, a new message format, referred to as MT202 COV, was implemented on 21 November 2009, incorporating ordering party information and beneficiary details. This format was adopted by all SWIFT member banks in order to improve transparency in respect of cover payments, and to assist financial institutions with their sanctions and AML/CTF obligations. 50 The MT202 COV format enables originator and beneficiary information contained in customer transfers to be replicated in certain fields of the MT202 COV. This study assesses in further detail the impact of new messaging formats, such as the SWIFT202 COV, in terms of additional costs for payment service providers and potential delays in the execution of transfers. The SWIFT MT 202 COV format has recently come under scrutiny as it played a central role in the HSBC money laundering scandal made public in July 2012: HSBC Affiliates: Circumventing OFAC prohibitions 51 The United States prohibits doing business with certain persons and entities, including terrorists, persons engaged in nuclear proliferation, drug kingpins, and persons associated with rogue jurisdictions such as Iran, North Korea, and Sudan. To implement the law, the U.S. Treasury Department s Office of Foreign Assets Control (OFAC) has developed a list of prohibited persons and countries which banks use to create an OFAC filter to identify and halt potentially prohibited transactions. Transactions stopped by this filter typically undergo an individualized review to see if the transaction can proceed or the funds must be blocked. Because the OFAC filter can end up delaying or blocking transactions that are permitted under U.S. law or by other jurisdictions, some non-u.s. financial institutions have used tactics to circumvent it, i.e. by stripping information from wire transfer documentation to conceal the participation of a prohibited person or country, or using cover payments where the information about parties sending and receiving international wire transfers were not shared with intermediary banks that facilitated the transactions (such as clearing banks in New York). Evidence suggests that in the case of HSBC, some affiliates took action to circumvent the OFAC filter when sending OFAC sensitive transactions through their U.S. dollar correspondent accounts at HBUS. From at least 2001 to 2007, two HSBC affiliates, HSBC Europe (HBEU) and HSBC Middle East (HBME), repeatedly sent U-turn transactions (see glossary for further explanation) through HBUS without disclosing links to Iran, even though they knew HBUS required full transparency to process U-turns. To avoid triggering the OFAC filter and an individualized review by HBUS, HBEU systematically altered transaction information to strip out any reference to Iran and characterized the transfers as between banks in approved jurisdictions. 50 The SWIFT MT 202 Cover Payment, 20 August 2009, Presentation by Catherine Mwangi, Global Product Manager, Treasury and Trade Solutions. 51 Levin, Carl and Coburn, Tom (2012) U.S Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing: HSBC Case History. Majority and Minority staff Report. United States Senate, Permanent Subcommittee on investigations, Committee on Homeland Security and Governmental Affairs, p. 113ff. Matrix Insight Ltd. & Transcrime 16th September

42 In November 2009, due to an industry-wide switch to SWIFT202 cover payments, OFAC alerts increased dramatically at HBUS. HBUS was so concerned about the large number of false OFAC hits being generated that it stopped the verification step. HSBC s legal counsel told the Subcommittee investigating the case that the verification step was turned off for 13 days, from November 25, 2009 and December 7, This raised questions if HBUS decision to turn off part of the OFAC filtering system reduced its effectiveness in screening for prohibited transactions and increased U.S. vulnerabilities to money laundering and terrorist financing Amendments to FATF SR VII On 16th February 2012, the Financial Action Task Force (FATF) published a set of revised FATF Recommendations. The revisions, made with input from governments, the private sector and civil society, provide authorities with a stronger framework to act against criminals and address new threats to the international financial system. The recommendations set out a new framework of measures which countries shall implement in order to combat money laundering and terrorist financing, as well as the financing of proliferation of weapons of mass destruction. 53 In the context of wire transfers, the FATF has reviewed its former Special Recommendation VII and issued a new text (now Recommendation 16), which includes the obligation for financial institutions to provide not only required and accurate originator information on wire transfers and related messages, but also information on the beneficiary. 54 In addition, Recommendation 16 also sets out that countries should ensure that, in the context of processing wire transfers, financial institutions take freezing actions and should prohibit conducting transactions with designated persons and entities. In light of the recent changes to the FATF SR VII, the study assesses the practical challenges of extending the scope the FTR to include the requirement related to beneficiary information for wire transfers as well as to introduce the requirement for financial institutions to take freezing action against designated persons and entities. This has enabled the study team to assess: The potential impediments for payment service providers to obtain information on beneficiaries (i.e. name and account number or unique transaction reference number) The additional costs in terms of additional resources, staffing and delays in transactions in the context of changing the FATF s SR VII. 52 Subcommittee briefing by HSBC legal counsel (6/27/2012). 53 FATF, International standards on combating money laundering and the financing of terrorism & proliferation (2012), The FATF Recommendations, p Recommendation 16, FATF, International standards on combating money laundering and the financing of terrorism & proliferation (2012), The FATF Recommendations, p. 17 Matrix Insight Ltd. & Transcrime 16th September

43 5.0 Implementation of the FTR The following section presents the study findings with regard to the implementation of the FTR across the EU Member States. It presents a detailed analysis of the information stemming from the desk research, national stakeholder interviews (please see Annex 8.6 for a detailed overview of the interviews we have undertaken to date) as well as the quantitative questionnaires filled in by national stakeholders (these information collected is are presented for each of the 27 Member States in the Country Profile Report, which is a separate Annex to this report). 5.1 National Implementation of the FTR EU Implementation On 16 October 2008, the three Level 3 Committees (Committee of the European Banking Supervisors (CEBS), the Committee of the European Securities Regulators (CESR) and the Committee of European Insurance and Occupational Pensions (CEIOPS)) published a Common understanding of the obligations imposed by the European Regulation 1781/2006 on the information on the payer accompanying funds transfers to payment service providers of payees. 55. It reflects the common understanding of supervisors concerning the application of Chapter III of the Fund Transfers Regulation, aiming to clarify the requirements and supervisory expectations on compliance with the FTR. The Common Understanding sets out explanations around: Payments covered; Flow process, describing the process an institution has to perform for respecting its obligations towards the Regulation; and Role and responsibilities of the different PSPs involved in wire transfers under Regulation 1781/2006; The study findings suggest that the CEBS common understanding is widely known among stakeholders and used as a reference point for understanding the provisions of the FTR when in doubt. It also had an impact on the national implementation of the FTR, as is outlined below Transposition at National Level The focus with regard to implementing measures for the FTR at national level lies on legislative as well as non-legislative measures (i.e. laws, amendments to laws, rules or other forms of regulation) that countries may have introduced in order to facilitate the implementation of the FTR and to adapt it to the national context. While the FTR is directly applicable across the EU, it only provides general guidelines on how Member States should implement its provisions (i.e. general obligations for the monitoring of wire transfers; requirement to appoint competent authorities; introducing penalties/sanctions; etc.), whereas it leaves it to the discretion of Member States which national authorities should deal with the 55 CEBS Common understanding of the obligations imposed by European Regulation 1781/2006 on the information on the payer accompanying funds transfers to payment service providers of payees. CEBS / CEIOPS-3L / CESR/08-773; Matrix Insight Ltd. & Transcrime 16th September

44 implementation and monitoring of the FTR or the measures to be taken to ensure compliance with the requirements of the Regulation. Consequently, the way Member States implement Regulation 1781/2006 differs from country to country. In order to set out more specific rules and procedures, most Member States have issued transposition measures that specify the provisions, competent authorities and penalties associated with the information requirements on wire transfers. The study team has been able to collect information on this issue for a total of 25 Member States 56, out of which 20 have such implementing measures in place, while 5 57 Member States have not (as illustrated by the figure below). In order to obtain a first impression of the institutional framework in each Member State it is helpful to look at which competent authorities have been designated. Out of the 20 countries who have implementing measures in place, 6 countries 58 designate all competent authorities (such as Supervisory Authority/ies, Financial Intelligence Units and Law Enforcement Agency/ies), while the remaining 14 countries 59 only designate some competent authorities. Quite commonly, the Supervisory Authorities and FIUs are specified, while LEAs are often not mentioned explicitly in the implementing national law or regulation. Figure 7: Existence of Implementing Measures Designating Competent Authorities Interestingly, some countries do not seem to have a clear distinction between competent authorities. For example, in some countries the FIU is based within the LEA (i.e. Austria) while in other countries it is located at the Ministry of Finance or Justice (i.e. Bulgaria and the Czech Republic) Practical Guidelines Issued by Member States In addition to transposition measures, quite a few Member States also issue practical guidelines that are circulated to PSPs in order to help them complying with the provisions of the FTR and any national derogations. In this context, many Member States refer to and/or translate the Common Understanding published by CEBS 60 as the main practical guide when it comes to implementing the FTR. 56 Information for Spain and Italy is still missing and will be added at a later stage. 57 Bulgaria; France; Germany; Latvia; Netherlands 58 Austria; Estonia; Greece; Poland; Portugal; United Kingdom. 59 Belgium; Cyprus; Czech Republic; Denmark; Finland; Hungary; Ireland; Lithuania; Luxembourg; Malta; Romania; Slovakia; Slovenia; Sweden. 60 CEBS Common understanding of the obligations imposed by European Regulation 1781/2006 on the information on the payer accompanying funds transfers to payment service providers of payees. CEBS / CEIOPS-3L / Matrix Insight Ltd. & Transcrime 16th September

45 The study findings suggest that in most EU Member States, relevant national authorities have issued guidelines for the implementation of the FTR at national level (n=22). As the table below illustrates, several of these guidelines were based on the CEBS Common Understanding from Table 4: Type / Nature of Guidance Provided to PSPs by the Supervisory Authorities for the FTR Implementation Country Implementation Guidelines Based on CEBS Common Issued By National Authorities Understanding? Austria Yes Yes Belgium Yes Yes Bulgaria Yes Yes Cyprus Czech Republic Denmark Estonia Yes No Recommendations on the FTR implementation issued after inspections Yes No Some seminars and consultations have been taken place Finland No France Yes Germany Yes Yes Greece Yes Yes Hungary Yes Ireland No Italy Yes Yes Latvia No Consultations and personal communication between the Supervisory Authority and the PSPs The CEBS Common Understanding was translated into Latvian. Lithuania Yes Luxembourg Yes Malta Netherlands N/A N/A Poland N/A N/A Portugal N/A N/A Romania N/A N/A Slovakia No Slovenia Yes Yes Spain No Sweden No UK Yes Yes Source: Matrix and Transcrime Interviews with Stakeholders. N=22 The guidelines issued have different forms, i.e. papers or circulars to be sent to PSPs and followedup by seminars or workshops, extensively elaborated guidelines (i.e. Denmark and the UK), or be included in the guidance on the overall AML framework (i.e. Hungary). In the UK, the HMRC, which shares supervisory responsibilities in the field of AML and TF with the FSA, has a written enquiries service in place and conducts seminars and workshops around the UK to help businesses understand their compliance obligations. It also contacts all businesses by phone within 9 months of them joining CESR/08-773; Matrix Insight Ltd. & Transcrime 16th September

46 the HMRC s register to explain their AML responsibilities (1,296 phone calls in 2010). In the case of Italy, FTR guidelines have been issued by the Bank of Italy in the autumn 2012 after draft guidelines for consultation with stakeholders were published in In cases where no official guidelines have been published by national authorities, different approaches apply, i.e. recommendations for the FTR implementation are made by Supervisory Authorities following their inspections of the systems and compliance (Czech Republic); seminars and consultations have been organised by the Supervisory Authority (Estonia); consultations and personal communication takes place between the Supervisory Authorities and the PSPs (Latvia). Practitioners were also asked about the perceived usefulness of the support they received by Supervisory Authorities. The study team received responses from practitioners in 13 Member States to this question, out of which practitioners in 9 Member States 62 perceived the support as being useful, while practitioners in 4 Member States 63 found that more support by the Supervisory Authorities is needed. Feedback included for example the clarification of some definition issues, i.e. PSPs are asked to regularly report to Supervisory Authorities on FTR monitoring issues, but it was unclear how often this should be the case. 5.2 Scope and Exemption from Scope Use of Derogations Interviewees were asked which of the derogations, provided by Article 3 and 18 of the FTR (Regulation 1781/2006) are currently being used (please refer to Section for a description of the derogations). Table 5 below provides a general overview of the use of the derogations across the EU 27. It is important to note that not all stakeholders could confirm which derogations are actually used in their countries. Consequently, some cells for certain Member States are left empty Belgium; Bulgaria; Cyprus; France; Greece; Lithuania; Luxembourg; Slovenia; Spain 63 Austria; Czech Republic; Germany; Sweden Matrix Insight Ltd. & Transcrime 16th September

47 Table 5: General Overview of Derogations Used* Art. 3.2 Art. 3.3 Art. 3.4 Art. 3.5 Art. 3.6 Art. 3.7 a Art. 3.7 b Art. 3.7 c Art. 3.7 d Art. 3.7 e Art. 18 MS Y N Y N Y N Y N Y N Y N Y N Y N Y N Y N Y N Austria Belgium Bulgaria Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta The Netherlands Poland Portugal Romania Slovakia Slovenia Spain Sweden United Kingdom Total Source: Matrix and Transcrime Interviews with Stakeholders. Empty cells mean no answer provided. Matrix Insight Ltd. & Transcrime 16th September

48 What emerges from the table above is that derogations provided by Articles 3.3, 3.4 and 3.7 of Regulation 1781/2006 are the ones mostly used, while the derogation provided by Article 18 is the least used (only by four member States). The table below provides a breakdown by type of derogation. 64 Table 6: Overview of Derogations Used (by Type of Derogation) Derogation Derogations Applied N. of Member States Yes 14 Derogation Art. 3.2 No 3 No answer 10 Yes 16 Derogation Art. 3.3 No 6 No answer 5 Yes 15 Derogation Art. 3.4 No 4 No answer 9 Yes 12 Derogation Art. 3.5 No 5 No answer 10 Yes 10 Derogation Art. 3.6 No 9 No answer 8 Yes 15 Derogation Art. 3.7 a No 3 No answer 9 Yes 13 Derogation Art. 3.7b No 4 No answer 10 Yes 11 Derogation Art. 3.7c No 8 No answer 8 Yes 12 Derogation Art. 3.7d No 6 No answer 10 Yes 12 Derogation Art. 3.7e No 6 No answer 10 Yes 4 Derogation Art. 18 No 17 No answer 8 Source: Matrix and Transcrime Interviews with Stakeholders. The table below provides an overview of the derogations used in each EU Member State. Denmark is the Member State reporting the highest number of derogations used (11). Lithuania, the Netherlands and the UK report the lowest number of derogations used (one each). Finland and Spain are the Member States which declare the highest number of derogations not used (11 respectively), while stakeholders in Hungary, Ireland, Italy and Portugal report the lowest number of derogations not used (one respectively). Stakeholders in Hungary, Ireland, and Italy do not use the derogation provided by Article18 while Portugal does not use the derogation specified in Article See Table 5 above for details on the Member States. 65 See Table 5 above for details on the Member States. Matrix Insight Ltd. & Transcrime 16th September

49 Table 7: Overview of Derogations Used (by Member State) Member State Number of Derogations Used 66 Number of Derogations Not Used 67 Austria N/A N/A Belgium 9 6 Bulgaria 8 3 Cyprus 9 2 Czech Republic 4 7 Denmark 11 0 Estonia 5 5 Finland 0 11 France 3 0 Germany 3 3 Greece 7 0 Hungary 10 1 Ireland 10 1 Italy 10 1 Latvia 5 6 Lithuania 1 N/A Luxembourg N/A N/A Malta N/A N/A The Netherlands 1 0 Poland N/A N/A Portugal 10 1 Romania N/A N/A Slovakia 9 2 Slovenia 6 7 Spain 0 11 Sweden 9 2 United Kingdom 1 0 Source: Matrix and Transcrime Interviews with Stakeholders. N=22 Note: The sums of the two columns might come short of or exceed the total number of existing derogations (eleven). In some cases (such as the UK), respondents could not or did not provide an answer in relation to which derogations are applied. Therefore, the sum of the two tables is less than 11. In other cases (such as Belgium), different respondents, namely individual PSPs, provided different answers as to which derogations are used, not used but possible, or not used. Consequently, when a PSP declares it makes use of one derogation, and another declares it does not make use of this derogation, the table doublecounts the derogation and the sum is greater than eleven. These findings show that there is quite a difference in making use and applying certain derogations across all Member States. Reasons provided by national stakeholders for not making use of certain derogations are provided further below. Apart from the set of derogations laid out in Art. 3 of Regulation 1781/2006 that each Member State has to implement, the FTR leaves at the discretion of Member States whether they make use of three specific derogations or not. These are specified in the FTR in Art. 3(3) on e-money transactions; Art. 3(6) on transfers with a Member State with a unique reference number; and Art. 18 on transfers to non-profit organisations within a Member State. Our findings for the EU 27 confirm that at least a total of 16 Member States make use of the derogation in Art. 3(3), while 8 countries make use of the derogation in Art. 3(6). With regard to Art. 18 of the Regulation, 4 Member States were confirmed that use this derogation. The table below shows 66 These reflect the answers declared by the respondents. 67 These reflect the answers declared by the respondents. Matrix Insight Ltd. & Transcrime 16th September

50 that out of the 27 EU Member States, only Portugal has applied all three derogations discussed above. 68 In those Member States that are not using the derogation in Art. 3.3 of the Fund Transfers Regulation in the case of e-money, information on the payer must be included. In these countries, Art. 5.3 a) of the Regulation then applies mutatis mutandis, which means that e-money products cannot be purchased anonymously and normal due diligence applies. In Germany, the principle that no anonymous e-money products should exist is represented in 25 Abs. 1 of the German Banking Act, according to which e-money issuers, agents and persons distributing or redeeming e-money must always identify their customers. Furthermore, the data collected must be recorded in accordance with Section 8 of the Anti-money Laundering Act. 69 However, e-money issuers, agents and points of sale are exempt from the identification requirement if the value stored to the pre-paid card does not exceed 100 a month and, in case of a rechargeable card, the amount cannot exceed 100 a month and the e-money cannot be combined technically with e-money from another issuer. 70 One German stakeholder interviewed stated that the scope of application of this exceptional rule is so narrow that it is almost unused. In addition, there is an exception to the exception if the e-money owner acquires an amount of more than 100 a month via several transactions which obviously belong together ('smurfing'). In the case of such artificial splitting, the customer due diligence measures apply (Section 25i(2)2 of the Banking Act). Table 8: Applied Derogations of the FTR in the Member States Austria Belgium MS Art. 3(3) E-money <1000 Art. 3(6) Unique number <1000 Art. 18 non-profits Y N Y N Y N Bulgaria Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta The Netherlands Poland 68 See Table 5 above for details on the Member States i Abs. 1 KWG: i Abs. 2 KWG Matrix Insight Ltd. & Transcrime 16th September

51 MS Art. 3(3) E-money <1000 Art. 3(6) Unique number <1000 Art. 18 non-profits Y N Y N Y N Portugal Romania Slovakia Slovenia Spain Sweden United Kingdom Total Source: Matrix and Transcrime Interviews with Stakeholders. Empty cells mean no answer provided. N=21 While all interviewees were asked for reasons why PSPs are not making use of certain derogations, only a limited number of answers were provided. The table below reports those answers put forward by stakeholders in Germany, Hungary, Slovenia, Spain and Sweden in relation to derogations specified in Article 3.3, 3.6, 3.7 a, 3.7b 3.7.c and 18. Table 9: Reasons Provided for not Using Specific Derogations Derogation Reason for not Using Derogation Art. 3.3 Derogation Art. 3.6 Derogation Art. 3.7 a Derogation Art. 3.7 b Derogation Art. 3.7 c Derogation Art. 18 Source: Matrix and Transcrime Interviews with Stakeholders. Germany: The Supervisory Authority argued that the existing threshold does not reflect the risks of e-money adequately. Slovenia: There is no e-money issuer in Slovenia. Spain: Practitioners noted that the E-money Directive has been transposed in Spain in Article 10 foresees simplified measures but legislation on e-money is still in progress. It is foreseeable that there will be derogations, but so far e-money transfers are uncommon. Germany: The Supervisory Authority argued that this derogation is ineffective, as there are too many preconditions. Spain: Practitioners argue that the derogation is not applicable as the payer is the same as beneficiary. Spain: Transfers that this derogation refers to already carry sufficient information. Therefore, no need was perceived to apply this derogation. Slovenia: Truncated checks are not in use. Sweden: Swedish Bankers' Association states that the market in Sweden has almost disappeared. This derogation is therefore not very important. Germany: The Supervisory Authority argued that this is an ineffective derogation, as there are too many pre-conditions. There is no such "national official list" in Germany. Hungary: Due to the discussions with the relevant ministries and private sector representatives the Ministry of National Economy does not see the merit of using this provision. 71 Finally, stakeholders unanimously agreed that there is no need for further derogations. However, some stakeholders put forward a number of suggestions including: 71 Ministry of National Economy, Department of International Finance. Matrix Insight Ltd. & Transcrime 16th September

52 Eliminating some of the existing derogations. 72 Lowering the threshold for e-money (please refer to the section on e-money further below). 73 Modifications to current derogations could be required depending on the future development of the industry, in particular with reference to the e-money sector (please refer to the section on e-money further below). 74 Improving the derogation on debit or credit cards transactions ,000 thresholds (Art. 3.3, Art. 3.6, 5.4) Three Articles of the Fund Transfers Regulation apply only to transactions exceeding the amount of 1,000: Art. 3.3 (in the context of e-money), Art. 3.6 (when a unique identifier number is available), and Art. 5.4 (in the case of transfers not made from an account). The following section presents the findings stemming from the stakeholder interviews for Articles 3.6 and 5.4 of the FTR. Art. 3.3 FTR is dealt with in the subsequent section on e-money. Some stakeholders interviewed 76 argued in favour of maintaining the 1,000 threshold in the context of Art. 3.6 and 5.4 at the current level. For example, a British supervisor strongly supported maintaining the 1,000 threshold as otherwise small transactions such as remittances would not be carried out (which is also of concern to countries who are major recipients of global remittances such as Pakistan or Mexico) or people would be forced to resort to cash transactions which cannot be monitored by the FIUs. MasterCard underlined this point in their comments submitted to the Commission on the Third AML Directive and quoted the Fund Transfers Regulation which recognises the need to balance the risk of driving transactions underground by imposing overly strict identification requirements against the potential terrorist threat posed by small transfers of funds (preamble 11). One Austrian practitioner argued in the same vein, stating that the threshold of Art. 5.4 FTR was important as many people making small donations prefer to remain anonymous. Two MTVS companies interviewed also argued strongly in favour of keeping this 1,000 threshold. They were both concerned about excluding migrant workers with no permanent address from formal ways of remitting money to their home country. They were also concerned with the level of personal information which is sent to PSPs in foreign countries with weak judicial systems, as the protection of this data cannot always be guaranteed. In contrast, other stakeholders interviewed 77 generally would like to see the 1,000 threshold to be lowered or dropped altogether, and suggested making respective amendments to both the Fund Transfers Regulation and the Third AML Directive. Those stakeholders generally argued that even transactions of small amounts can represent a risk for money laundering and terrorist financing and 72 Supervisory Authority of Austria suggested that the thresholds of Art 3.3 and Art 3.4 should be given up since even small transactions can be dangerous. The elimination of some derogations was also put forward by the FIU in the Czech Republic, 73 Suggested by practitioners in France. 74 Suggested by Italian stakeholders. 75 Suggested by practitioners in Slovakia: Some credit card companies offer services where money transfer is made via prepaid card accounts. It is a mobile based service that links the mobile phone to a financial account through a phone or online. It allows receiving and sending money from and to other person (no purchase of goods or services). The derogation doesn t state clearly if such services should fall within its scope or should be rather subject to information requirements accompanying the transfers of funds. Such credit card services are a common practice in India and other Asian countries. 76 Practitioner AT, SA UK 77 SA LV, SA & FIU SI Matrix Insight Ltd. & Transcrime 16th September

53 therefore need to be supervised. One British stakeholder declared a threshold of 1,000 to be arbitrary and meaningless in relation to terrorist financing as the relative value of 1,000 varies across Member States and is, for example, a lot less valuable in Denmark than in Romania or Bulgaria where transactions below 1,000 are likely to be much more frequent. Finally, some authorities 78 were concerned that simplified due diligence for transactions below 1,000 will encourage criminals to disguise their activities by splitting their transactions into small amounts, socalled smurfing of funds. 79 In this context, it is interesting to see that in the US, a similar threshold is set at $ 3,000 under which simplified due diligence is applied. The FATF recommends lowering this threshold to $ 1,000 but supervisory authorities in the US argued that this threshold works well in practise as PSPs have comprehensive CDD programmes in place in any case. Nonetheless, this threshold may be subject to revision soon The Regulation of E-Money and Other New Payment Methods As described in section 4.2.3, electronic money and other new payment methods play an increasingly important role in the financial payments sector. Many stakeholders have voiced clear opinions regarding E-Money and other new payment methods. A majority of stakeholders found that Regulation 1781/2006 does not address these issues to a sufficient degree and appeared to be in favour of extending the scope of the Regulation to cover all types of e-money and other new payment methods. In addition, some stakeholders would like to drop the threshold of 1,000 for E-Money transactions which would extend the scope of the Regulation to E-Money products such as some prepaid cards who can only be used for transactions below 1,000. The table below provides an overview of the position of stakeholders towards e-money and the scope of the FTR, specifying the type of stakeholders interviewed: Table 10: Extension of Scope of Fund Transfers Regulation to cover E-Money and other New Payment Methods Generally in favour of extending scope of the FTR Practitioner Austria; Practitioner Greece. FIU Germany; FIU United Kingdom; FIU Finland; FIU Slovenia Neutral SA Poland; SA Slovenia. FIU Luxembourg; FIU Portugal. Generally against extending the scope of he STR SA Finland; SA Luxembourg SA France; SA Italy; SA Latvia; SA Portugal; SA United Kingdom. Source: Matrix and Transcrime Interviews with Stakeholders. 78 FIU & SA ES, SA IE 79 Tactic of splitting a high value financial transaction into several small transactions in order to escape the attention of authorities. Matrix Insight Ltd. & Transcrime 16th September

54 Stakeholders found that the market penetration of e-money is likely to increase in the EU as it provides a low-cost payment service and thus integrates people into financial markets who previously had no access to them. In light of this development, most stakeholders argued that the Fund Transfers Regulation needs to be adapted to reflect new technologies and to be consistent with current regulatory developments (such as the Payment Services Directive, E-Money Directive, the revised Third AML Directive and the revised FATF recommendations). Similarly, supervisory authorities in the US conceded that the US regulatory system needs to be amended to properly account for new payment methods. The study team, however, already found consistency across all EU legislation. Art. 3.3 FTR makes reference to Art. 11(5)d of Directive 2005/60/EC, which is modified by virtue of the 2 nd E-Money Directive. The consolidated version of Directive 2005/60 (dating January 2011) contains the updated references. Another argument brought forward by both, PSPs and Supervisory Authorities 80, was that the regulation of e-money is a matter of competition and that equal types of transactions should also be treated equally from the regulatory side in order to create a level playing field for all PSPs (i.e. banks should not be regulated more strictly than other e-money institutions). In Belgium, for example, e-money institutions are currently not subject to the same CDD requirements as banks, potentially creating substantial risks for ML and TF. In contrast to this, stakeholders in some countries 81 did not have much or any experience with e- money products and new payment methods, given that these methods have not entered their markets yet or are just about to enter these markets. As a consequence, Supervisory Authorities in certain Member States 82 are still in the phase of assessing the size and risk of the market and subsequently deciding on an adequate regulatory response. At the same time, there was no consensus on whether this sector represents a higher risk for abuse if compared to conventional bank transactions or not, and whether this is linked to the scope of the Regulation. Thereby, opinions differed depending on the type of stakeholders interviewed. A more detailed breakdown of their perceptions is provided below. Perceptions suggesting higher risk Some stakeholders argue that a considerable risk of abuse of e-money and new payment methods cannot be ruled out, even for small transactions, indicating that the 1,000 threshold may have to be lowered or dropped altogether. 83 For example, a large French bank suggested lowering the threshold since an average e-money transaction in France lies in the area of 90, which has the effect that most transactions fall outside the scope of the Fund Transfers Regulation. The German Supervisory Authority for example would like the threshold to be lowered to 100. In addition, it was argued that national regulation varies across Member States which provides e- money providers with an incentive to set their business up in the jurisdiction with the most permissive regulatory environment. 84 For example, Spain is currently implementing new legislation on e-money. Previously, strict CDD requirements were applied even for e-money transactions below 1,000; this will change after implementation is completed. This is a concern to the Spanish FIU which will then receive less information on these transactions than it used to 80 Practitioner AT, DE, Practitioner FR, SA UK 81 CY, EL, EE, LV, LU, SE, SI 82 DK, LU 83 Practitioner AT, Banks BE, SA UK 84 Bank FR, IT Matrix Insight Ltd. & Transcrime 16th September

55 The Belgian FIU emphasised the risk resulting from the anonymous nature of e-money (as such transactions are not linked to a bank account which would make identification of the originator easier), global reach and rapidity of e-money transactions which both make it hard to trace such transactions and to identify the people involved and the work of FIUs is generally aggravated. 85 The Austrian FIU argued that current data protection rules make it harder for LEAs to get to the bottom of suspicious activities. Stakeholders mentioned some concrete examples of risk associated with e-money: E-money attached to virtual accounts which are used for online gambling and other purposes. Such systems permit cross-border payments without leaving any link to the origin of the payment. 86 In Ireland, the police encountered cases of likely abuse of electronic purses (i.e. debit cards) for laundering the proceeds of criminal activity. Some of those cards were charged with remarkably high balances of up to 50,000. The Bank of Italy registered an increase in anomalous use of prepaid cards and e-money for withdrawing cash. In Spain, LEAs detected drug criminals who carried out transactions of small amounts with e- money systems. The Swedish FIU confirmed that e-gambling and internet accounts where a front man sets up the account for others are a problem. This is consistent with a case of abuse of prepaid cards mentioned by the Austrian FIU (see section 4.2.3). A representative of a Czech bank warned that in the Czech Republic, it is possible to open an online-bank account without personal proof of identity. Instead, so-called courier companies deliver the documents necessary to open the account and verify the identity of the account applicant. In many cases, temporary employees of these courier companies misuse personal data of foreigners, without those foreigners being aware of that, to create fake accounts which are then often abused for various types of fraud, potentially including money laundering. Since the courier companies are not covered by the anti-money laundering regulation in the Czech Republic, their employees cannot be held responsible for the existence of fraudulent bank accounts. Perceptions suggesting no higher risk Some stakeholders 87 argued that e-money is not a typical target of abuse due to the low value of transactions typically carried out via such means and the limits imposed in many countries on the maximal amount to be transacted via e-money (such as in Luxembourg, see below). As a consequence, large transactions naturally raise attention, deterring criminals from using these systems. In Hungary, for example, e-money can currently only be used to purchase flowers and for parking and therefore is not suitable for money laundering or terrorist financing abuse 88. Similarly, in Luxembourg, mobile banking can only be used for parking and at certain bakeries and as a 85 FIU BE, SA BG 86 DK 87 CZ, SK, MasterCard 88 SA & FIU HU Matrix Insight Ltd. & Transcrime 16th September

56 stakeholder noted they are in any case subject to a limit of 2,500 in total per year. In Finland, e- money can currently be used for public transportation and lunch vouchers. 89 In Estonia, national legislation imposes strict CDD requirements (e.g. face-to-face identification requirement) on e-money users down to transactions of 250 and the Estonian supervisory authority consequently does not see a need for amendments of the Fund Transfers Regulation in this respect. The German Supervisory Authority regarded the risk of abuse to be little as in their interpretation the FTR already covers e-money providers sufficiently. In contrast to that, the Luxembourgian Supervisory Authority argued that since e-money transaction work very differently than conventional transactions, they should not be covered by the FTR. MasterCard warned that stricter regulation of e-money transaction could drive customers into cash alternative systems which cannot be as easily supervised by FIUs as there is no digital trail (see section for more details). Proposed ways of dealing with the risk of e-money and other new payment methods Apart from extending the scope of the Regulation to cover e-money and other new payment methods, stakeholders suggested some further solutions that tackle the risks associated with e-money and other new payment methods. The Irish supervisory authority suggested requiring payers PSPs to record a photo ID and link it to a unique identifier for all transmitters. Recording the official ID of all transmitters (as is current practice in Ireland) may be considered overkill; The Bulgarian LEA and FIU stated that authorities should collaborate with financial institutions to ensure they have adequate safeguards in terms of identification of transmitters and monitoring of transactions; A Czech practitioner would support public awareness raising campaigns on the risks associated with new forms of financial transactions; One Czech bank suggested establishing a secure database which holds personal information on beneficiaries of transactions. In order to comply with data protection laws, authorities would only be able to validate information received by checking it with the database without actually seeing the content of the database; Another idea brought forward by the same bank is to inform account holders who just opened an account about that fact to make sure they are the persons who actually opened the account; The Danish Supervisory Authority mentioned that there is a conflict between the Third Anti- Money Laundering Directive which assigns national authorities the competence to supervise all PSPs who carry out transactions in their jurisdiction and the Payment Service Directive as well as the E-Money Directive which assign authorities supervisory competence only for those PSPs who obtained a license in their jurisdiction. In order to resolve this, the Danish Supervisory Authority suggested either harmonising those provisions or granting supervisors direct powers to supervise all PSPs who are active in their jurisdiction no matter where they obtained their license to operate. 89 Practitioner FI Matrix Insight Ltd. & Transcrime 16th September

57 5.2.4 Intra- vs. Extra-EU Differentiation Unlike the US, where domestic and international wire transfers are subject to the same rules 90 (with few exceptions such as screening requirements by the Office of Foreign Assets Control regarding sanctions), the EU allows for the application of different intra-eu and extra-eu rules in terms of data requirements (Art. 6 and 7 FTR) for fund transfers. However, this distinction is not applied uniformly across EU Member States. Table 11 below provides an overview of the application of the rules across the EU 27. A total of 46 stakeholders (from Supervisory Authorities, FIU, practitioners and LEAs) in 23 Member States responded to this question. Stakeholders in 13 Member States report that they apply different rules, while stakeholders in 12 Member States reported applying the same rules for intra-eu and extra-eu transfers. A number of stakeholders did not provide any answers, namely stakeholders in Lithuania, Malta, the Netherlands and Romania (see Table 12 for details on stakeholders). Not all stakeholders that reported different rules for intra- and extra-eu transfers provided criteria for such differentiations. Generally, however, it appears that the requirements for intra-eu transfers only include the requirement to carry the account number of the payer and the unique identifier allowing the transaction to be traced back to the payer (Art. 6), while extra-eu transfers, where the payment service provider of the payee is situated outside the Community (Art. 7 FTR), require additional information (complete information on the payer). According to the questionnaires received, this information includes name and address of the payer 91. Greece and Slovakia are the only two countries which report making a distinction between national and international transfers, but make no distinction between intra- and extra-eu transfers. Table 11: Application of Different Rules for Intra-EU and Extra-EU Transactions Member State Different Rules for Intra-EU and Extra-EU Transactions Criteria for Differentiation Yes No Austria 92 Higher requirements for external transactions. Belgium For intra-eu money transfers: account number and a meaningful name are required. For extra-eu money transfers: account number, name and address of the payer are required. According to the Law on the Measures against Money Laundering 96 (Art.4. paragraph 9), information shall not be required when the customer is a credit institution in the Republic of Bulgaria, a credit institution from another Bulgaria 95 Member State or a bank from a third country included in a list approved by a joint order of the Minister of Finance and the Governor of the Bulgarian National Bank. Furthermore, Art. 5(b) explains the procedure in case the institution is credit institution from a third country is not in the 90 Interviews with the Federal Reserve Bank, the Treasury and the Financial Industry Regulatory Authority. 91 See Belgian, Hungarian, Irish summaries of interviews 92 Supervisory Authority 93 Practitioner (bank) 94 One bank reported that it applies same rules. However, it carries out more extensive control checks on extra EU banks 95 Supervisory Authority and FIU 96 Available at Matrix Insight Ltd. & Transcrime 16th September

58 Member State Different Rules for Intra-EU and Extra-EU Transactions Criteria for Differentiation Yes No list under Art.4 paragraph 9. Cyprus 97 Not applicable Czech Republic 98 Not applicable Denmark 99 No answer provided Estonia 100 Not applicable Finland 101 Not applicable France 102 Not applicable 103 The criteria for such rules are taken from Art. 6.1 Germany of Regulation 1781/2006 and recital 12. Greece 104 intra-greek and extra-greek transactions. The majority of banks use intra-bic rules for intra-eu In Greece, a distinction is made only between transactions. Hungary single identification number of the transaction are needed. For extra-eu transactions additional Within the EU only the account number and the data are requested. Ireland 106 Where the PSPs of both Payer and Payee are located within the European Union, it is possible to append reduced Payer Data (i.e. wire transfers may be accompanied only by the Payer s account number or by a unique identifier) Italy 107 No answer provided Latvia 108 No answer provided Lithuania No answer provided Luxembourg 109 Not applicable Malta No answer provided The Netherlands No answer provided Poland 110 Not applicable Portugal rules stated in the mentioned Regulation (articles In accordance with FTR, Portugal applies the 6 and 7). Romania No answer provided Slovakia 112 Not applicable Slovenia 113 Not applicable Spain No answer provided 97 Supervisory Authority and FIU 98 Supervisory Authority and FIU 99 Supervisory Authority 100 Supervisory Authority 101 Practitioner (bank) and FIU 102 Practitioner (bank) and Supervisory Authority 103 Practitioner (bank) and Supervisory Authority 104 Practitioner (Hellenic Bank Association) 105 Supervisory Authority and FIU 106 Supervisory Authority 107 Supervisory Authority and FIU 108 Supervisory Authority 109 Supervisory Authority and FIU 110 FIU 111 Supervisory Authority and FIU 112 There is a difference between national and international transfers, but not between intra-eu and extra-eu money transfers. SWIFT is used for all extra-eu money transfers. In difference to international money transfers, national money transfers usually contain only the account number. Supervisory Authority, FIU and Practitioner (bank) 113 Supervisory Authority, FIU and Practitioner (Slovenian banking Association) Matrix Insight Ltd. & Transcrime 16th September

59 Member State Different Rules for Intra-EU and Extra-EU Transactions Criteria for Differentiation Yes No Sweden 116 Not applicable United Kingdom 117 No answer provided Total Source: Matrix and Transcrime Interviews with Stakeholders. N=23 The table below shows the categories of stakeholders who answered the questions related to application of intra EU vs. extra EU rules. Those stakeholders (a total of 37) that expressed applying different rules are highlighted in bold. Table 12: Categories of Respondents Who Answered Questions Related to the Application of Rules for Intra-EU vs. Extra-EU transfers Member State Supervisory Authority Practitioners Financial Intelligence Unit Austria Belgium Bulgaria Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta The Netherlands Poland Portugal Romania Slovakia Slovenia Spain Sweden United Kingdom Total Source: Matrix and Transcrime Interviews with Stakeholders. The table above suggests that, with the exception of practitioners in Austria, Finland, Greece and Sweden, all other practitioners who have responded to the study questionnaire stated that there are no different rules for intra- and extra-eu transfers. This observation should be noted with care as only practitioners of 10 Member States out 27 have provided an answer. It is also interesting to LEA 114 Supervisory Authority/FIU and Practitioner 115 LEA 116 FIU and Practitioner 117 Practitioner Matrix Insight Ltd. & Transcrime 16th September

60 note that the two practitioners in Belgium providing answer to this question had different practices in terms of applying rules for intra- vs. extra-eu transfers Stakeholders were also asked to express their perceptions with regard to: the benefits and costs of applying different rules for intra and extra-eu transfers; and the benefits and costs of waving the different information requirements for intra and extra-eu transfers. The responses collected suggest that there is no common perception about the benefits and costs incorporated in this differentiation. Table 14 and Table 13 below provide an overview of stakeholders views. Table 13: Stakeholders Perceptions with Regard to the Benefits and Costs of Applying Same Rules for Intra-EU and Extra-EU Transfers Stakeholders perceptions with regard to the benefits and costs of applying same rules for intra-eu and extra-eu transfers Benefits Costs Simplification across all transactions as Implementing full identification data on the the same information would be needed to payer and payee for those products developed execute any money transfer. This is of for intra-eu-use only (e.g. SEPA Credit significant importance given the rapidity and Transfer (SCT) and SEPA Direct Debit volume of transfers, the global nature of the (SEPA DD) might involve fundamental business models of PSPs, and the desirability changes in these products, resulting in of avoiding any distortions between large extensive changes in both banking and trading blocks. 118 clearing systems, investments; also recurrent costs will rise. 125 Avoiding problems linked to the risk-based approach with EU-internal transactions. 119 The risk based approach classifies internal transactions as less risky. However, some stakeholders believe this is a misconception. Consequently, waving the differences between the two will entail same risks for all types of transactions. Same rules would introduce a more homogeneous legal framework for transactions 120 and a more harmonised PSP system. 121 More information available for FIUs which will improve analysis and investigations. 122 This will also make it easier to trace payments origin when authorities have full information including the account number. 123 Greater transparency, as with no Due to different payment systems, technical limitations for transferring complete originator information would still exist Czech Bank and Irish Supervisory Authority 119 The Austrian FIU. 120 Portugal Supervisory Authority 121 Spanish PSP 122 Finnish bank 123 Luxembourg Supervisory Authority Matrix Insight Ltd. & Transcrime 16th September

61 Stakeholders perceptions with regard to the benefits and costs of applying same rules for intra-eu and extra-eu transfers Benefits Costs differentiation between intra- and extra-eu rules complete information on the payer would be always on disposal. Such a requirement should not have significant impact on the costs. 124 Source: Matrix and Transcrime Interviews with Stakeholders Table 14: Stakeholders Perceptions with Regard to the Benefits and Costs of Applying Different Rules for Intra-EU and Extra-EU Transfers Stakeholders perceptions with regard to the benefits and costs of applying different rules for intra-eu and extra-eu transfers Benefits Cost reduction and administrative savings. 127 As different systems for national and international transactions are already implemented, it would be cheaper to maintain this distinction. 128 Simplified money transfers within the European Union (SEPA system) compared to extra-eu transfers. 129 This is because less information is required for intra-eu transfers. Increased effectiveness of intra-eu transfers. The large intra-eu market of goods implicates a high volume of intra-eu payment transactions. Therefore, applying the same and simpler requirements for verifying information on the payer accompanying each transfer of funds made from and to an intra-eu account makes the operation smoother and more effective. In other words, establishing similar standards for every operation, without making distinctions between jurisdictions, increases the effectiveness of transactions and avoids Costs Increased complexity. There is a need for multiple systems and processes to be maintained as different data are required from different payment destinations 131 PSPs have to store all information for later requests by authorities in any case, so there is little cost reduction, if any, by keeping the distinction. 132 Complicating the work of FIUs, as the type, accuracy and promptness of information needed is the same irrespective of the region in which transfers are carried out Belgian Bank, Austrian FIU, Czech PSP, Spanish PSPs and Bulgarian Supervisory Authority 126 Finnish Supervisory Authority 124 Slovenian Supervisory Authority 127 French bank and German Supervisory Authority 128 Greek Banking Association 129 German PSP, Dutch FIU and Greek Banking Association. This is particularly true for Greek transactions where no information on beneficiary required and this kind of information is not easy to obtain. Matrix Insight Ltd. & Transcrime 16th September

62 Stakeholders perceptions with regard to the benefits and costs of applying different rules for intra-eu and extra-eu transfers Benefits Costs the misuse of some countries that have weak regulations on ML/TF. 130 Source: Matrix and Transcrime Interviews with Stakeholders. 5.3 Implementation Issues Compliance costs Practitioners were asked to supply data on the measures they use to comply with the FTR (in terms of staffing, policies, IT systems etc.) and their respective costs. However, only a limited number of stakeholders were in a position to provide such data (n=7). This is mainly due to the fact that stakeholders do not seem to collect or measure cost items for the FTR alone, but rather in an overall AML context. Table 15 below provides an overview of the responses received. Please also note that the data the study team received varied from each other in their type, due to the fact that Member States seem to have different measurement systems for cost items place. For example, two Member States provided quantitative estimates: stakeholders in France provided financial costs, and stakeholders in Spain provided costs in the form of man hours. Consequently, this makes it difficult to compare the costs of implementing the FTR across Member States. Table 15: Categories of Measures (and their Costs) Member States Use to Comply with the FTR Member State Staffing Training New Policies IT Systems Other Belgium Yes (area unspecified) Czech Republic Yes Yes Yes France 220, , included in training and Costs staffing 30, ,000 Project cost implementation of new systems. Slovenia Yes Yes Yes Spain 500 hours hours hours Sweden 141 Yes 142 Yes Yes Yes Yes United Kingdom Yes (area unspecified) 143 Source: Matrix and Transcrime Interviews with Stakeholders. N=7 131 Finnish bank. This view is not shared by the Swedish bankers association. According to this body, differentiation entails some costs to the banks, but considering that they have not implemented any particular systems, these cannot be considered substantial. 132 Luxembourg Supervisory Authority 133 Slovenian FIU 130 German Supervisory Authority and Spanish LEA 134 Since Since Since Bank 1 acting as a payer's and a payee's PSP 138 Bank 1, 50 hours for when acting as a payer's PSP and 250 hours when acting as a payee's PSP. 139 Bank 1, 50 hours for when acting as a payer's PSP and 100 hours when acting as a payee's PSP. 140 Bank 1, 200 hours for when acting as a payer's PSP and 1000 hours when acting as a payee's PSP. 141 It has not been possible to investigate/analyse all the different cost elements. A ranking between the different measures indicate that the most costly is staffing. Secondly the IT-systems and thirdly new policies. 142 For the COV 143 One bank s FATF investigation team comprised 20 dedicated full-time equivalents in two different centres Matrix Insight Ltd. & Transcrime 16th September

63 Practitioners were also asked to specify which of the above measures are most costly for PSPs in terms of complying with existing FTR rules (broken down by payers PSP, payees PSP and intermediary PSP). Stakeholders in the above stated countries, with the exception of the UK, have provided an answer to this question. However, similar above, the responses received have been quite different - for example, stakeholders in Belgium and Sweden answered by ranking the costs according to the three categories of PSP. Both countries reported that the highest costs are borne by PSPs when acting as the payee s PSP, because they have to check the coherence of the information received for the beneficiary of the fund transfer (e.g. coherence between beneficiary name and account number), which implies additional costs. The lowest costs are born by PSPs when acting as an intermediary PSP, as coherence checks of information are minimal. The other four Member States instead reported the measures that require the most resources, broken down by payers PSP, payees PSP and intermediary PSP. While stakeholders in Slovenia and Spain focussed on IT systems and training, stakeholders in France and the Czech Republic focussed on staffing. Table 16: Most Relevant Sources of Costs for Complying with Existing FTR Rules. Member State Payer s PSP Payee s PSP Belgium Limited cost for one bank 144 and significant for another. Intermediary PSP High cost 145 Limited cost 146 Czech Republic Staffing France Staffing Staffing Slovenia IT systems and training IT systems, IT systems, training training Spain IT systems 147 IT systems 148 Sweden Lower than Payees PSP Highest Lowest Source: Matrix and Transcrime Interviews with stakeholders. N=6 Stakeholders were also asked to provide estimates for the annual costs of complying with the FTR in terms of: Staff costs - estimate of the number of man days devoted yearly by PSPs for complying with the FTR, excluding training costs; Training costs - estimate of the total number of hours of training yearly provided by PSPs on FTR issues; IT costs - estimate of the total IT costs of PSPs (unit/branch/group) on a yearly basis for complying with the FTR; Other costs - estimate of all other costs. Only five Member States provided some quantitative estimates, reported below in Table 17. The limited number of response makes it difficult to compare the costs of implementing the FTR across Member States. Figures vary across and within countries. For example, one PSP in Belgium stated that, when acting as the payee s PSP, it needed the equivalent of 20 man days per year to comply 144 Cost will increase significantly if control on information of the beneficiary will be mandatory. 145 Bank A 146 Bank A 147 Bank Bank 1 Matrix Insight Ltd. & Transcrime 16th September

64 with the FTR, while another PSP reported the figure to be zero. Looking at the same column for PSPs costs when acting as the payee s PSP (across the five Member States), figures vary greatly from zero to seventy man days reported in Sweden. Please note that figures for Sweden were reported by the Swedish Banking Association on behalf of an unspecified number of PSPs. As it is the case with the section on the frequency of supervision (see section 5.4). It is important to note that missing information is not the only problem preventing the study team from compiling an accurate overview of the costs of complying with the FTR. In fact, the data should also be compared to the number and size of financial institutions existing in the country. However, these statistics are difficult to obtain in every EU Member State. Table 17: Annual Costs of Complying with the FTR. MS Payer s PSP Staff (man days) Training IT Other Payee s Intermediary s PSP PSP In hours Belgium , Czech Republic 10 2 France ,000 10, Spain / , /30, , , Sweden Source: Matrix and Transcrime Interviews with Stakeholders. N= Rejected Transfers Due to Missing Information FIUs, practitioners and Supervisory Authorities were asked to provide figures regarding transactions with missing or incomplete information under Art. 9 FTR ( Transfers of funds with missing or incomplete information on the payer). Again, very few statistics were provided that would allow for a comprehensive EU-wide assessment. Table 18 below reports the figures provided by the Czech Republic, Germany, Greece and Slovenia. 149 Bank B 150 Bank A 151 Bank B 152 Bank B 153 Management cost 154 Bank 1 and Bank Bank Bank Bank Bank Bank Swedish Bankers Association 161 Swedish Bankers Association 162 Swedish Bankers Association Matrix Insight Ltd. & Transcrime 16th September

65 Table 18: Reports Received by FIUs Under Art. 9 of the FTR Regarding Transactions with Missing or Incomplete Information Member State Year Reports (#) Czech Republic Germany Greece , , Slovenia Source: Matrix and Transcrime Interviews with Stakeholders. N=4 In the case of Greece, it is important to note that the high figure of reports provided by the FIU include all disclosures received, not only those filed under Art. 9 FTR (as the FIU was unable to separate out those figures). In addition, the number for 2009 includes the total of 8 requests received from FIUcounterparts in different countries. FIUs, practitioners and Supervisory Authorities were also asked about the outcomes of the reports filed under Art. 9 FTR in terms of cases opened by the authorities as well as the number of investigations, indictments and prosecutions. The study team only received information for four countries Belgium, the Czech Republic, Greece and Poland. The findings show that in 2007, out of the 3 Czech reports filed under Art. 9 FTR, no cases were eventually opened, investigated, indicted or prosecuted. In 2007, out of the 1,432 Greek disclosures received, 1,293 (90%) cases were opened, 588 (41%) investigations where launched, and 126 (8.7%) cases prosecuted. However, it was not possible for the Greek authorities to identify how many of these cases were specifically related to breaches of the FTR - the numbers reported for Greece thus include follow up on all disclosures received, not only those filed under Art. 9 FTR. Supervisory Authorities in Austria and the United Kingdom noted that FIUs in their countries never received any reports under Art. 9 from PSPs and that it seemed as if PSPs were not complying with this provision at all. The Austrian Supervisory Authority raised this issue at on-site visits and, based on the discussions had, speculated that there could be three reasons for such non-compliance: Lack of awareness on the PSPs side that they are required to file such reports whenever sending PSPs regularly fail to send complete information independently from a suspicion of abuse concerning the respective transaction. Sending PSPs always send complete information so there is no need to file reports under Art. 9. PSPs do recognise such cases but file them under the category of regular STRs (while they should actually be reported separately). Stakeholders interviewed were also asked about the frequency that FIUs/LEAs/PSPs receive requests either from LEAs of another EU Member State or from non-eu countries to provide information on the payer of transfers of funds made from a PSP in their country. Again, only a 163 FIU 164 Supervisory Authority 165 Supervisory Authority 166 Supervisory Authority 167 FIU 168 FIU; Covers the period 1/2/ /4/ FIU Matrix Insight Ltd. & Transcrime 16th September

66 limited picture can be drawn from the data provided due to unavailability of information. The main reason for this is that most stakeholders stated that they do not keep any statistics about the requests they receive. Table 19 provides an overview of the data received by the study team. Table 19: Frequency of Information Requests from Other EU and Non-EU Countries. Member State Austria Frequency of Requests from LEA in Another EU Member State LEA country of Number of contacts origin 2009: ; 2010: 2010: Unknown 172 Belgium Greece 2007: ; 2008: ; 2009: Bulgaria, Belgium and Romania Slovenia : Spain Frequency of Requests from a LEA in a Non-EU Country Number of LEA country of contacts origin Sweden U/N 181 Asia Source: Matrix and Transcrime Interviews with Stakeholders. U/N: unspecified number. N=6 2009: Taiwan The findings in the table presented suggest that the FIU in Greece has most frequently been contacted by the LEAs in Bulgaria, Belgium and Romania, as well as by the FIU in Taiwan. In addition, the Swedish Banking Association has been contacted by Asian LEAs (countries not specified) to provide further information. In the context of intra-eu cross-border transfers, the interview findings suggest that there is a well established cooperation between authorities. The FIUs are organised in an FIU platform, though individual stakeholders mentioned that the cooperation of this platform could be enhanced in terms of its efficiency. For the cooperation between LEAs, it was reported that information on cross-border transfers is available through channels of international police cooperation or through the FIUs. In two cases 182 it was mentioned that the cooperation between LEAs on fund transfers is usually a standard operating procedure, as LEAs get information only through mutual legal assistance. There will be no direct contact from an LEA to a PSP in another EU Member State in order to obtain the required information, but LEAs will contact their counterpart in the country in question which will then request the information from the payer s PSP, the FIU or any other relevant agency according to national law. 170 LEA 171 LEA 172 Austrian authorities in turn mainly contacted LEAs in Germany, Switzerland and Italy 173 Bank B 174 Bank B 175 FIU 176 FIU 177 FIU 178 Bank Association of Slovenia 179 Bank Association of Slovenia 180 Bank Swedish Bankers Association 182 Supervisory Authorities in Germany and Spain Matrix Insight Ltd. & Transcrime 16th September

67 In this context, the study findings in five countries confirm that LEAs have been approached by their LEA counterparts in other EU countries. 183 Table 20: Number of Cases where LEAs in one EU Member State were contacted by LEAs from other EU Member States Do LEAs from other EU Member States request information on the payers of transfers of funds made from a PSP in the country in question? (Responses Yes 5 Czech Republic; Denmark 184 ; Ireland 185 ; Spain; UK No 1 Luxembourg; N/A 1 Hungary Source: Matrix and Transcrime Interviews with Stakeholders. N= 27 There have been few indications stemming from stakeholder s feedback that AML authorities have difficulties receiving information without delay according to Art. 14 of the Regulation if transactions are investigated for AML purposes within an EU Member State. The Czech LEA stated, however, that requesting information from LEAs/FIUs in other countries is always problematic, given that the threeday timeframe available for launching an investigation is very tight. It was argued that in many cases the requested information cannot be made available in this timeframe and a suspicious transaction can therefore not be stopped. When asked about examples for information exchange, only one stakeholder 186 stated that information on money transfers can be requested in police investigations. According to the importance of the case, investigators will then determine whether it is necessary to obtain information from another Member State. However, no concrete examples were made available to the study team. In addition, practitioners were asked about the actions they undertake vis-à-vis other PSPs to ensure that full information is provided (according to Art. 9 FTR). Responses were provided by Belgium, the Czech Republic, France, Slovenia, Spain and Sweden. It appears that while respondents might follow different course of actions in relation to missing information, they all request complete information from their counterparts. Replies from individual PSP stakeholders suggest that financial institutions are usually able to collect missing information from other PSPs within three days according to Art. 6 FTR. Banks have specific procedures in place to facilitate information exchange with each other (also internationally), usually using the SWIFT messaging system. 183 Please note that only 4 LEAs across the EU27 were available for an interview for this study, as well as two organisations that functions as LEAs and FIUs at the same time. 184 Stated by the Danish Supervisory Authority 185 Stated by the Irish Supervisory Authority 186 Stakeholder from Spain. Matrix Insight Ltd. & Transcrime 16th September

68 Table 21: Actions PSPs Undertake vis-à-vis Other PSPs to Ensure that full information is provided (according to Art. 9 FTR) MS Talked to PSPs not complying with the FTR obligations Requested complete information Rejected the transfer Issued a report about other PSPs who are not complying with the FTR obligations Belgium Yes 187 Yes 188 Yes 189 Yes 190 Other Bank B states that it will not reject transfers in case of missing information. It would then interrogate and request explanations from non-european banks, ordering payments with incomplete information. What are the recent trends in terms of actions undertaken Bank A s control system will evolve from post factum control to real time control in summer 2012 for certain checks that were not yet realtime. Czech Republic No Yes No Yes No New KBC rules 191 should be implemented in the future- International Transfers outside EEA: if the information on the payer is incomplete or if the information on the payer is obviously meaningless, the transfers of funds must be rejected directly. 187 Both banks 188 Both banks 189 Both banks 190 Both banks 191 KBC bank has issued and implemented number of fraud detection rules that help spotting irregularities with transactions. Matrix Insight Ltd. & Transcrime 16th September

69 MS Talked to PSPs not complying with the FTR obligations Requested complete information Rejected the transfer Issued a report about other PSPs who are not complying with the FTR obligations Other What are the recent trends in terms of actions undertaken France There are two banks under scrutiny which might be reported Slovenia Mostly used No technical limitations in payment systems are used in Slovenia. Spain Yes 192 Yes 193 Yes 194 Yes 195 Direct contact with PSP in order to obtain their commitment to regularise the situation in the near future, advising of possible cancellations of correspondent relations in case the situation persists. (B1) Request for complete information, insist and warn on potential rejections / nonacceptance (B2) 192 Both banks 193 Both banks 194 Bank Bank 1 Matrix Insight Ltd. & Transcrime 16th September

70 MS Talked to PSPs not complying with the FTR obligations Requested complete information Rejected the transfer Issued a report about other PSPs who are not complying with the FTR obligations Other What are the recent trends in terms of actions undertaken Sweden Some of the member banks have declared that they spoke directly with the worst banks not complying with Regulation 1781/2006. Yes No No More and more live up to the rules so the number of hits are decreasing Source: Matrix and Transcrime Interviews with Stakeholders. N=6 Matrix Insight Ltd. & Transcrime 16th September

71 Practitioners were also asked for the most common type of missing information they usually come across, as well as how many transfers they rejected due to missing information. Belgium, the Czech Republic, France, Slovenia, Spain and the UK have provided some inputs to this question (Table 22). Overall, the most common types of missing information include: Name; Incomplete or missing address; Missing account; Account number in wrong field; Country of origin. However, the data received on the number of transfers rejected are quite fragmented and do not provide a full picture. They therefore do not allow for drawing meaningful conclusions. The information provided in the table below should therefore be taken as illustrative case examples only. The information suggests that rejecting transfers does not seem to be common practice of PSPs, which suggests that issues evolving around missing information are resolved in a different way or might have been resolved before a rejection of a transfer is necessary. Matrix Insight Ltd. & Transcrime 16th September

72 Table 22: Rejected Transfers Due to Missing Information Member State Year Rejected Transfers due to missing information (#) Percentage of transfers rejected due to missing information Most common type of missing information Country from which transfers with missing / incomplete information most commonly derived Belgium Name/Address 196 USA and Switzerland Czech Republic France 2011 Missing Address UK and USA Incomplete address, missing Switzerland, Germany, USA, France, Austria account number Incomplete address, missing Serbia, Montenegro, Germany account number Slovenia Incomplete address, missing account number Brazil, Moldova, Iraq, Botswana, China, New Zealand, Canada, Italy, Albania, USA, Nigeria, Luxembourg, Egypt, Switzerland, Ghana, Jordan, Russia, Great Britain, Thailand, FROY Macedonia, Libya Arab Emirates, Armenia, Austria, Australia, Bosnia, Belgium, Belarus, Germany, Romania, France, Ireland, Serbia, Gibraltar, Croatia, Israel, India, Jamaica, Kenya, South Korea, Montenegro, Mongolia, Oman, Singapore, Turkey and South Africa Incomplete address, missing account number Libya, Russia, China, Moldova, Turkey, Botswana, Mexico, NZ, Switzerland, Latvia, USA, Egypt, China, Ireland, India, Taiwan, Montenegro, Libya, Ghana, Italy, Malta, VB, Australia, Ecuador, Switzerland, Russia, Croatia, Luxembourg Bosnia and Herzegovina, Albania, Germany, Macedonia, J. Korea, Hong Kong, Serbia, France, United Arab Emirates, Austria, Hungary, 196 Bank B Matrix Insight Ltd. & Transcrime 16th September

73 Member State Year Rejected Transfers due to missing information (#) Percentage of transfers rejected due to missing information Most common type of missing information Incomplete address, missing account number Saudi Arabia 201 and the USA 202 Spain , % 198 address and Country 199 ; city 200 Country from which transfers with missing / incomplete information most commonly derived Japan, Luxembourg, Indonesia, Oman, Saudi Arabia and Vietnam Australia, Austria, Bosnia, Montenegro, Egypt, Ecuador, Hong Kong, Croatia, India, Italy, Israel, South Africa, South Korea, Kuwait, Macedonia, Russia, Serbia, Switzerland, Turkey, USA, United Arab Emirates, Sudan, Peru, Belarus, Ireland, Japan, Luxembourg, France, Great Britain, Liechtenstein, Germany, Cambodia and Afghanistan Sweden Invalid format, account number in wrong field Most common country is the US acting as Intermediary PSP % 203 UK 2009 Unknown % 205 Source: Matrix and Transcrime Interviews with Stakeholders. U/N: unspecified number. All answers provided by practitioners n=7 197 Bank B 198 Bank B 199 Bank Bank Bank Bank Out of nearly 350,000 cases. Source: FSA 204 One bank had 10,000 alerts per month; one year later this number went down to 3,000 per month. It is unknown how many of these alerts resulted in rejections. 205 Out of nearly 560,000 cases. Matrix Insight Ltd. & Transcrime 16th September

74 5.3.3 Technical Limitations and New Messaging Formats With a view to likely technical limitations according to Art. 13 of Regulation 1781/2006 (where the payer s PSP is situated outside the EU and the intermediary PSP is situated within the EU), stakeholders from 15 Member States provided some insights. Most of the interviewees stated that they did not experience any technical limitations. Table 23: Likely Technical Limitations Experienced According to Art. 13 FTR What are likely technical limitations according to Art. 13 FTR? Yes 5 Austria; Estonia; Germany; Ireland; Spain No 9 Belgium; Bulgaria; Czech Republic; Denmark; Greece; Hungary; Luxembourg; Slovenia; Sweden N/A 13 Cyprus; Finland; France; Italy; Latvia; Lithuania; Malta; Netherlands; Poland: Portugal; Romania; Slovakia; UK Source: Matrix and Transcrime Interviews with Stakeholders. Examples of limitations experienced by a few stakeholders were instances when two different payment systems for cross-border transfers from and to a country outside the EU and for domestic payments are used by the intermediary institution. Other cases of technical limitations mentioned included cases where an intermediary PSP outside the EU does not pass on all information received from the payer PSP to the beneficiary PSP (i.e. in Austria). Finally, stakeholders in one country stated that, as long as the messaging formats allow for non-structured fields (e.g. 50K in the SWIFT format) and structured fields (e.g. 50F in the SWIFT format) not to be mandatory, the information might be provided in a text which needs to be manually interpreted to check its completeness. It has to be noted that in a few cases stakeholders commented that they did not understand what technical limitations as stated in the Regulation 1781/2006 actually means, and that they had difficulties confirming with relevant national authorities. This suggests that there is some uncertainty around the exact definition of Art. 13 FTR. When asked about new developments in the payment area that could overcome technical limitations according to Art. 13 of Regulation 1781/2006, only four responses were received by the study team. Two stakeholders mentioned the SEPA credit transfer scheme introduced in , which was seen as one of the main developments in the payment area, both in terms of upper limits of transfers as well as the amount of data handled. Possible improvements of Regulation 1781/2006 in light of such advancements suggested by stakeholders interviewed included implementing the use of SEPA through EU Regulations such as the Fund Transfers Regulation in interbank transfers between EU Member States and third countries, which could make Art. 13 FTR superfluous. Another suggestion included to define minimum standard information in the form of compulsory structured fields that all PSPs would have to request from PSPs outside the EU. For example, the SWIFT format allows for BIC codes to be filled into the name fields, or to fill an address into a random field. In general there is too much free text allowed that causes confusion when using the SWIFT format, and such a situation could be prevented through introducing definitions of information to be provided in each categories. 206 The SCT Scheme enables payment service providers to offer a core and basic credit transfer service throughout SEPA whether for single or bulk payments. The scheme s standards facilitate payment initiation, processing and reconciliation based on straight-through-processing (STP). The scope is limited to payments in euro within the 32 SEPA countries. The payment service providers executing the credit transfer must formally participate in the SCT Scheme. See: Matrix Insight Ltd. & Transcrime 16th September

75 5.3.4 New Messaging Formats Stakeholders interviewed were also asked about the impact of the new messaging formats (e.g. SWIFT 202 COV) on any additional costs for PSPs and potential delays in the execution of fund transfers. Out of the stakeholders interviewed across the EU 27, 16 provided a reply to this question. While 4 stakeholders stated that they did not record any impacts, 12 stakeholders could identify impacts. Table 24: Perceived Impacts of New Messaging Formats What has been the impact of the new messaging formats (e.g. SWIFT 202 COV) on any additional costs for PSP and potential delays in the execution of transfers? Yes 12 Belgium; Czech Republic; Finland; France; Germany; Greece; Hungary; Slovakia; Slovenia; Spain; Sweden; UK No 4 Bulgaria; Estonia; Latvia; Luxembourg N/A 11 Austria; Cyprus; Denmark; Ireland; Italy; Lithuania; Malta; Netherlands; Poland; Portugal; Romania Source: Matrix and Transcrime Interviews with Stakeholders. N=16 Most interviewees, the majority of them practitioners, stated that the introduction of new messaging formats (e.g. SWIFT 202 COV) required only minor technical changes to the existing systems, and that the additional financial costs were minimal. However, interviews with individual practitioners 207 revealed that there had been issues with SWIFT in the past, and stakeholders from two PSPs claimed that challenges and problems remain with SWIFT even at present. It was argued that there is not a consistent understanding among PSPs internationally in terms of what kind of information should be provided in the different fields to be filled in for fund transfers. The reason is that no or only limited guidance seems to exist on how these field should be filled in. This was perceived as especially problematic for European or international transfers and implies an additional burden on PSPs to get in touch with their counterparts abroad on these issues / questions. It was suggested that SWIFT should issue international guidelines on what kind of information should be inserted in the individual fields and how. In addition, a Belgian bank argued that the SWIFT system is less well formatted in comparison to, for instance, the SEPA system. For example, it is possible to provide certain information in spaces where other/different information should be provided, and this can create confusion. This also complicates automatic screening procedures for missing information. The same bank argued that SWIFT could do a lot within the current system to develop tools to scan payments for meaningless recipient names (see section 5.3.2). When asked if new messaging formats have caused delays in fund transfers, the majority of respondents 208 stated that delays in transfers can occur, but they are usually rare and not substantial. Given that almost no delays occur, PSPs behaviour in terms of their reporting duties has not been affected. 207 These banks have asked to remain anonymous. 208 N=14 Matrix Insight Ltd. & Transcrime 16th September

76 5.4 Effectiveness of Supervision The findings from the stakeholder interviews suggest that Supervisory Authorities approaches for monitoring the implementation of the Fund Transfers Regulation vary greatly among EU Member States. Out of 25 responses received from Supervisory Authorities, explained that the monitoring of the FTR implementation is undertaken within the wider AML supervision activities. In addition, the monitoring practices vary across Member States between on-site and offsite visits. Eight Supervisory Authorities 210 stated that they undertake regular inspections without specifying the exact frequency of these visits, the findings suggest however that the frequency is dependent on the size and the activities of the respective banks monitored. Two Supervisory Authorities (Austria and Germany) are undertaking annual monitoring inspections (on-site and offsite), whereas the Supervisory Authority in the Czech Republic is undertaking their monitoring every 2-3 years. Only the Supervisory Authority in Greece stated that they undertake inspections once between every 20 days and three months, again within the wider AML framework. Table 25: Frequency of Monitoring the Implementation of the FTR by Supervisory Authorities Country Monitoring FTR as such / within AML framework? Frequency Austria Annually Belgium Wider AML framework Bulgaria Wider AML framework Regular inspections Cyprus Wider AML framework Czech Republic Every 2-3 years Denmark Regular inspections Finland Regular inspections France Regular inspections Germany Wider AML framework Annually Greece Wider AML framework Between every 20 days and three months Hungary Regular inspections Italy Wider AML framework Malta Regular inspections Slovenia Regular inspections Sweden Regular inspections Source: Matrix and Transcrime Interviews with Stakeholders. N=15. Supervisory Authorities were also asked to provide quantitative information on the number of on-site visits and off-site supervisions implemented in relation to the AML/CFT framework and the Fund Transfers Regulation. Only a limited number of stakeholders was able to provide such figures (N=15), mainly due to the fact that supervisory authorities do not seem to keep official statistics of their visits in relation to monitoring the FTR implementation, or because they take place as part of the wider AML/CFT framework. Table 26 below provides an overview of the available responses the study team received. It is important to note that these data should be viewed in light of the number and size of financial institutions existing in the respective countries. However, these statistics are difficult to obtain in every country. 209 Belgium; Bulgaria; Cyprus; Germany; Greece; Italy. 210 Bulgaria; Denmark; Finland; France; Hungary; Malta; Slovenia and Sweden. Matrix Insight Ltd. & Transcrime 16th September

77 Table 26: Overview of On-Site Visits and Off Site Supervisions Specifically Related to AML/CFT and the Fund Transfers Regulation MS # On-Site Visits Undertaken Specifically Related to AML/CFT and the Fund Transfers Regulation Effectiveness of Supervision # Off-Site Supervisions Performed Specifically Related to AML/CFT and the Fund Transfers Regulation Austria Belgiu m Bulgari a Denma rk Finland U/N U/N U/N U/N U/N U/N U/N U/N U/N U/N France U/N U/N U/N U/N U/N Germa N/A N/A ny Latvia Luxem bourg Malta Portug al U/N U/N U/N U/N 14 U/N U/N U/N U/N U/N Slovaki a Spain Swede n 7 21 United 1,964 Kingdo 216 m Source: Matrix and Transcrime Interviews with Stakeholders.U/N: Unspecified number. N=15 Please note that the figure for the UK only represents visits undertaken to non-bank PSPs, not to any banks, resulting in 396 warning letters. Visits to banks in relation to the FTR are not carried out on a regular basis in the UK. Table 27 below provides more details on supervision and of the actors responsible in 13 Member States. The information illustrated above shows that supervisory approaches to the FTR differ substantially across EU Member States. Some supervisory authorities undertake more on-site visits, while others adopt different techniques. In addition, and as highlighted above, the frequency of these on-site visits varies significantly between different countries. This can be partly explained by the fact that different actors are involved in supervision (as outlined by the table below), but also by the fact that supervision activities often take place as part of the wider AML/CFT framework and are not carried out specifically for the FTR. 211 Two visits at credit institutions and three visits at non-banking financial institutions licensed under the local Financial Institutions Act Four visits at credit institutions and two visits at non-banking financial institutions licensed under the local Financial Institutions Act Four visits at credit institutions 214 Three visits at credit institutions 215 Two visits at credit institutions and three visits at non-banking financial institutions licensed under the local Financial Institutions Act This large figure reflects general compliance visits (not exclusive to FTR). Furthermore, it only includes HMRC visits, which is responsible for the supervision of non-banking MSBs only (in other words it excludes FSA visits). Matrix Insight Ltd. & Transcrime 16th September

78 Table 27: Details on Supervision and of the Actors Responsible Member State Details Actors Responsible Austria Bulgaria Denmark Finland France Germany Latvia Risk-based approach: High risk PSPs are visited more often. Risk assessment is based on the number of STRs submitted. PSPs with no reports at all and those with many reports are considered a "high risk" and thus visited more often. Regular inspections dedicated to the compliance to the provisions of AML and CFT including Regulation 1781 Risk-based top-down approach, focussing firstly on risk management, including risk assessment, internal controls, and management reporting, and then on procedures and staff training programmes. All on-site inspections include testing of sample customer files for KYC purposes and sample transactions for monitoring of customers transaction purposes. Comprehensive self-assessment schemes covering all regulated investment firms (non-banks) and life and pension insurance companies. Frequency of monitoring may vary depending on e.g. the size and activities of the bank. Off-site control consists in particular of a questionnaire of 120 questions that PSPs (including branches of foreign PSPs operating in France) must fill in and send back on an annual basis. On-site control the control of the implementation of regulatory requirements include the control of regulation 1781/2006. Supervisions are carried out by an external controller whose reports are then sent to the Supervisory Authority. Supervision is done in the context of specific AML supervision. Risk-based approach is followed, based on the risk level of each institution PSP's auditors and supervisory authorities (Financial Market Authority (FMA) and the Money Laundering Reporting Unit/Geldwäschemeldestelle (FIU) Special Supervision Directorate set up by the Supervisory Authority (Central Bank) Legal Department of the Danish Supervisory Authority 217 Finnish Supervisory Authority (FIN-FSA) 218 Supervisory Authority (Autorité de contrôle prudentiel) The Supervisory Authority commissions and external consultancy KPMG Supervisory Authorities: Bank of Latvia Financial and Capital Market Commission Ministry of Transport (Latvian Post acts as agent for money transmitters such as Western Union) 217 Up until 1st July 2010 (with effect 1st Jan 2012) AML supervision was performed as a part of general prudential supervision. Now there is a specific unit, which conducts specific supervision on all AML matters (naturally also beyond the FTR). 218 The FIN-FSA conducts regular on-site visits and inspections targeting also payment systems and compliance issues related to payments, as part of the on-going supervision. The FIN-FSA does not, as its day-to-day task "monitor" operations of the payment systems. Matrix Insight Ltd. & Transcrime 16th September

79 Member State Details Actors Responsible Luxembourg Risk-based approach is followed, based on the risk level of each institution The implementation of the Regulation is monitored Part of wider AML/CFT supervision: on-site (control transactions) and off-site inspections (questionnaires, request External auditor information from compliance officers at the banks) of Luxembourgian banks Portugal Supervision used to be done in the context of prudential supervision inspections as well as by analysing mandatory reports due by the financial institutions. From 2011 onwards, inspections and reports are more AML-focused. Financial Institutions have an obligation to report the description of the strategies, Supervisory Authority (Banco de Portugal) policies, procedures and internal control processes to ensure compliance with legal and regulatory AML / CFT, which includes the FTR. 219 On- site activities Supervisory authorities undertake regular controls at PSPs. Part of the inspection includes reviewing existing monitoring systems Slovakia and the nature of information accompanying money transfers. Off- site activities reporting obligations of financial institutions. The checklists are evaluated and if needed, recommendations are issued. Spain Financial institutions are requested to provide their operations database, including the information regarding the identity of payers. FIU/Supervisory Authority (Sepblac); There is a specialised AML unit performing Sweden specific AML audits. But other units within the Onsite and offsite audits are carried out. Either the authority requests Supervisory Authority (finansinspektionen) also information or it goes on-site and inspects directly. audit AML issues when they perform general prudential supervision. United Kingdom Intelligence-led risk-based approach FSA: For banks HMRC: For other non-bank PSPs, general antimoney laundering supervisor. Treasury: negotiates at FATF and EU level for the UK, devises UK legislation (implementing FTR etc.) Source: Matrix and Transcrime Interviews with Stakeholders. N= Notice n.º 9/2012 issued by Banco de Portugal Matrix Insight Ltd. & Transcrime 16th September

80 5.5 Cooperation between Authorities Information exchange and cooperation between authorities in the context of cross-border wire transfers has become increasingly important over recent years. Several systems were implemented by various actors over recent years. For example, in 2009 Europol introduced the information exchange tool SIENA ( Secure Information Exchange Network Application ), which is directly accessible for authorised users in Member States Europol National Units, Member States and third parties that have cooperation agreements with Europol. 220 In 2010, SIENA was adjusted so that it could be extended to EU law enforcement authorities and cooperation partners, such as Eurojust, Interpol, Australia, Canada, Norway, Switzerland and the USA. Countries that reached agreements with Europol in 2011 permitting their authorities to use SIENA included Australia, Croatia, Iceland and Norway. In 2012 Albania, Bosnia and Herzegovina, Montenegro, Serbia, Switzerland and Turkey have been be given access to SIENA. According to a Europol review report from 2011, the information exchange via SIENA has led to an increase of 12% of newly initiated cases within its first year of operating, of which 16% were related to fraud and swindling, 13% to forgery of money, and 8% to other fraudulent means of payment. 221 In addition, in 2000 the FIU-net (network for information exchange among EU Financial Intelligence Units) was launched at the initiative of the Netherlands Ministry of Justice and the FIUs of the Netherlands (MOT), the United Kingdom (NCIS) and Belgium (CTIF-CFI). The FIU-net is a decentralised computer network supporting the FIUs in the European Union in their fight against Money Laundering and Terrorist Financing. When sending the information from one FIU to another, the exchanged data is only and safely stored on the FIU.NET databases at the premises of the FIUs involved in the exchange. 222 This type of information exchange mechanism is considered as vital to increasing the success of cross-border investigations and prosecutions involving organised criminal activities. 5.6 Penalties The following section outlines the regime of penalties in the 27 EU Member States in relation to noncompliance with the specifications set out in the FTR. Regulation 1781/2006 requires from Member States to [...] lay down the rules on penalties applicable to infringements of the provisions of [the] Regulation and take all measures necessary to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive. They shall apply from 15 December In all EU Member States the study team identified a framework for penalties against infringements of the FTR to be in place. The responsible body for issuing penalties has been identified in 19 Member States. 224 In 5 of these countries, penalties are issued by FIUs 225, while in the remaining 14 countries they are issued by Supervisory Authorities. Table 28: Issuer of Penalties Regulation (EC) No. 1781/2006 of the European Parliament and of the Council of 15 November 2006 on information on the payer accompanying transfers of funds, OJ L345/1 224 Cyprus, Czech Republic, Estonia, France, Greece, Hungary, Latvia, Malta, Netherlands, Poland, Slovakia and Sweden. 225 Czech Republic, Poland, Estonia and Malta. Matrix Insight Ltd. & Transcrime 16th September

81 Issuer of Penalties FIUs or LEAs (i.e. national courts) No. of countries Supervisory Authorities 14 5 Country Source: Matrix and Transcrime Interviews with Stakeholders. N=19 Czech Republic; Denmark; Estonia; Malta; Poland. Belgium; Bulgaria; Cyprus; Finland; France; Germany; Greece; Hungary; Ireland; Latvia; Lithuania; Portugal; Slovakia; Sweden. All Member States provide the possibility of imposing fines, however, with significant variations in the magnitude of such fines. In addition to fines, many countries also provide for the possibility of imposing different kinds of non-financial penalties. 226 These range from written warnings to the withdrawal of operating licences or even liquidation of assets. 227 Little over a third of all countries surveyed allowed supervisory authorities or public prosecutors to target responsible individuals within legal entities for the breach of FTR provisions. 228 Penalties available against individuals in these countries are usually fines. 229 In Poland, Latvia and Denmark, however, serious offences can lead to imprisonment of owners or senior managers, and in Greece, Lithuania and Portugal individuals can be suspended from their job or even prohibited from holding certain positions in the financial sector. The Supervisory Authority in the United Kingdom, where the majority of penalties have been imposed, called for this kind of individual liability to be introduced in the UK as well. This view is shared by the Latvian Supervisory Authority, which mentioned the individual liability of managers as a strong tool to ensure compliance in the field of AML. Penalty regimes of the EU Member States also differ in terms of public disclosure of imposed penalties. In Belgium, Finland, Portugal and Spain, penalties can be publicly announced, whereas for example in Slovenia, even the average annual number of penalties imposed is classified information. The size of fines possible to impose for breaches of the FTR differs widely across Member States. The exact amounts imposable have been identified by the study team in 20 Member States 230. The desk-research findings suggest that the minimum fines possible according to national law are the lowest in Belgium and Malta ( 250) and highest in Austria ( 60,000), while the maximum fines possible range from 1,700 in Hungary to 2,000,000 in Greece. 231 The following figure presents a country overview ranked by the highest financial penalties that can be imposed by the relevant authorities. The differences between minimum fines are so high that it is hard to visualise them. 226 Bulgaria, Cyprus, Czech Republic, Finland, France Germany, Greece, Hungary, Latvia, Lithuania, Luxembourg, Slovakia, Spain and the United Kingdom. 227 According to a French industry stakeholder 228 Belgium, Estonia, Greece, Latvia, Lithuania, Luxembourg, Malta, Poland, Portugal and Slovenia. 229 Belgium, Estonia, Greece, Luxembourg, Malta and Slovenia. 230 Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Estonia, Germany Greece, Hungary, Ireland, Latvia, Lithuania, Malta, Poland, Portugal, Romania, Slovakia, Slovenia and Spain 231 This value is for legal persons, while for natural persons the maximum is 100,000. Matrix Insight Ltd. & Transcrime 16th September

82 Greece Belgium Slovakia Czech Republic Luxembourg Cyprus Poland Latvia Slovenia Austria Portugal Estonia Romania Bulgaria Lithuania Ireland Malta Hungary Germany Study on the application of the Regulation on information accompanying transfers of funds Figure 8: Member States Ranked by Highest Possible Financial Penalty for Breach of the FTR 2,500,000 2,000,000 1,500,000 1,000, ,000 0 Source: Desk Research and Matrix and Transcrime Interviews with Stakeholders. It is important to note that in practice high penalty ceilings are often not being used. Only in three countries the research team identified cases where penalties had been imposed as a consequence of breaching the provisions laid down in Regulation 1781/2006. For example, Ireland has imposed penalties in 19 cases, and in France there have been cases since In the UK there have been 178 infringement cases which have led to the imposition of a total of 63,750 in fines. This means that the average fine has been in the magnitude of countries reported that they have not imposed any penalties based on provisions in the Regulation. This can be interpreted in different ways: One interpretation could be that the mere risk of a penalty and serious reputational damage has been a sufficient deterrent for PSPs to implement the required procedures. There is some evidence supporting this hypothesis. Two out of three supervisory authorities interviewed stated that the penalties in their country were effective, dissuasive and proportionate 232. In most of these countries no penalties had actually been imposed. The German, Luxembourg, Hungarian and Lithuanian Supervisory Authorities mention that a written warning is always the first step in the procedure. The German experience is that a letter is generally sufficient to make PSPs implement the appropriate corrections. This is also corroborated by experiences in Sweden where compliance improved drastically from the moment when sanctions became applicable (December 2007). Finally, it could mean that the competent authorities for one reason or another are reluctant to impose penalties. According to a Belgian stakeholder the lack of imposed penalties could risk reducing their dissuasive effect. While not all stakeholders interviewed could provide data on penalties imposed in direct relation to breaches of the FTR, some of them made some overall figures for penalty regimes related to the wider AML framework available. In the case of Denmark, the range of financial penalties is not 232 Austria, Bulgaria, Cyprus, France, Germany, Latvia, Luxembourg, Portugal, Spain and Sweden Matrix Insight Ltd. & Transcrime 16th September

83 specified in any legal provision. Only a court of law can impose penalties and the court of law bases its decision on past practice in related fields. In the two existing Danish cases on AML, which have led to penalties in the last five years, the fines imposed have been approximately 800,000 and 500,000 respectively. This suggests according to the Danish FIU and LEA that potential fines in Denmark in the field of the FTR would be relatively high. In two countries, Sweden and Luxembourg, there has been one high-profile case. In Sweden this case yielded a fine of almost 6 million (SEK 50 Million) whereas in Luxembourg the fine was 10,000. In both cases, however, the penalty was only partially related to the FTR, and mainly issued under the wider AML framework. In most Member States, the provisions regarding penalties for infringing the FTR are more general and cover the whole field of AML. As illustrated above, reported cases of serious misconduct typically involve infringements of a series of provisions beyond the FTR. Estimating the imposable amount in a hypothetical situation of failure to respect one or more FTR provisions alone is therefore not possible in some Member States. Consequently, the figure above and the table below report maximum penalties within the national frameworks. It is, however, worth noting that cases where PSPs wilfully disregard the rules which then results in a situation that enables criminal activities, national provisions unrelated to the FTR pertaining to organised crime could apply, leading to much more severe punishments than indicated here. The following table provides an overview of the different penalty regimes in the European Member States for non-compliance with the FTR. It clearly illustrates the wide variation in types and size of imposable penalties across Member States. According to the UK Supervisory Authorities it would be preferable if penalties were defined in the FTR to increase transparency and coherence. Matrix Insight Ltd. & Transcrime 16th September

84 Table 29: Different Penalty Regimes in Member States for Non-Compliance with FTR Case Study Minimum imposable financial penalty Maximum imposable financial penalty Other Number of imposed penalties Austria 60, ,000 0 Belgium 250 1,250,000 Bulgaria 10,000 Cyprus 200,000 Czech Republic Denmark Possibility to publicly disclose infringements and fines to individuals Possibility for non-financial penalties such as written warnings or in extreme cases revocation of license Possibility for non-financial penalties such as written warnings or in extreme cases revocation of license 0 Effective Dissuasive Proportionate Supervisor: Practitioner: FIU: Supervisor: Practitioner: Supervisor: Practitioner: FIU: Supervisor: Practitioner: Supervisor: Practitioner: FIU: Supervisor: Practitioner: N/A Supervisor: Supervisor: Supervisor: N/A Supervisor: Supervisor: Supervisor: 403,000 N/A Supervisor: Supervisor: Supervisor: Approximately Size of penalty not fixed in law but 600, based on previous practise 0 (2 under AML) Estonia 32,000 N/A Supervisor: FIU: Supervisor: FIU: Supervisor: FIU: Finland France Possibility for non-financial penalties including reprimand, revocation of licence and fines Possibility for non-financial penalties such as written warnings or in extreme cases revocation of license Supervisor: Practitioner: Supervisor: Practitioner: Supervisor: Practitioner: Supervisor: Practitioner: Supervisor: Practitioner: Supervisor: Practitioner: 233 This is the highest penalty to imposed in a financial service provider within the framework of anti money laundering legislation. It was, however, not related to the provisions in the Fund Transfers Regulation Matrix Insight Ltd. & Transcrime 16th September

85 Case Study Minimum imposable financial penalty Maximum imposable financial penalty Other Number of imposed penalties Effective Dissuasive Proportionate Germany Greece 5,000 2,000,000 Hungary 670 1,700 Ireland 3,000 Latvia ,000 Lithuania ,000 Any action usually begins with a written warning Possibility for non-financial penalties such as written warnings or in extreme cases revocation of license Possibility for non-financial penalties such as written warnings or in extreme cases revocation of license Currently no possibility for nonfinancial penalties Possibility for non-financial penalties and fines to individuals Possibility for fines to individuals ( 5,800) 0 Supervisor: Supervisor: Supervisor: N/A Practitioner: Practitioner: Practitioner: N/A 25 0 Supervisor: Supervisor: Supervisor: N/A FIU: FIU: FIU: Luxembourg 250,000 Possibility for fines to individuals ( 25,000) 1 (Only partly elated under the FTR) Malta 250 2,500 N/A Netherlands Poland 180,000 N/A Portugal ,000 Possibility for fines to individuals ( 500-3,500 or prohibition of taking manager position in PSP) Public disclosure of fines and penalties possible N/A Supervisor: Supervisor: Supervisor: 0 Supervisor: Supervisor: Supervisor: Matrix Insight Ltd. & Transcrime 16th September

86 Case Study Minimum imposable financial penalty Maximum imposable financial penalty Other Number of imposed penalties Romania 2,300 11,400 N/A Slovakia 3, ,000 Slovenia 3, ,000 Spain 60,000 Sweden UK 6,224, as well as an additional starting penalty 235 1% of net worth of institution Approximately 6 million 10% of a business s gross profit in a preceding 12 month period 236 Source: Matrix and Transcrime Interviews with Stakeholders N=127 Possibility for non-financial penalties including revocation of licence Possibility for fines to individuals ( 200-4,000) Possibility for fines to individuals ( ,000) 0 N/A 0 1 (Only partly elated under the FTR) No possibility for fines to individuals 178 Effective Dissuasive Proportionate Supervisor: Practitioner: Supervisor: Practitioner: FIU: Supervisor: Practitioner: Supervisor: Practitioner: Supervisor: Practitioner: FIU: Supervisor: Practitioner: Supervisor: Practitioner: Supervisor: Practitioner: FIU: Supervisor: Practitioner: 234 This is equivalent to It is important to note that according to the HM Revenue and Customs, a penalty is imposed when failing to comply with the Money Laundering Regulation (including the FTR). The fine will take account of the reason for non-compliance, seriousness of the offence, compliance history of the business, relative size of the business and amount exposed to money laundering activities ( 235 The additional starting penalty takes into consideration the business gross profit ( Matrix Insight Ltd. & Transcrime 16th September

87 5.7 Feedback from Non-Bank Stakeholders in the Payment Sector The following section presents an overview of the interviews carried out with MVTS companies, e-money institutions and businesses facilitating the execution of wire transfers. Given that the FTR only applies to certain aspects of their businesses, their perceptions and views partially included in the overall presentation of the findings stemming from interviews with national stakeholders in the EU 27, but are outlined in more detail below Money and Value Transfer Service Companies While the former FATF Special Recommendation VII did not make any specific reference to different types of PSPs 237 the explanatory note to the new FATF Recommendation 16 mentions specifically Money and Value Transfer Service Companies. At the moment, this is a concept which is neither used in European, UK or US AML law. It is, however, useful for the purposes of this report as it captures a group of market operators which are affected by the FTR in a different way than traditional banks. The following section is based on interviews with two leading MVTS companies, from here on referred to as MVTS A and MVTS B. Both pointed out that the FTR seems to be more designed for and aimed at classic credit institutions rather than at MVTS companies. In order to understand what distinguishes these businesses from traditional banks, it is helpful to look at the following characteristics of MVTS companies: Absence of Accounts Closed-Loop System Specific Types of Clients and Direction of Transfers It is important to note that the following description does not accurately reflect all the different products offered by the two interviewed operators. This also shows how hybrid businesses offering different financial services are developing. The following three characteristics are nevertheless relevant to their core business, which is clearly distinguished from the traditional banking system. In the vast majority of cases, the clients of MVTS companies do not open an account and do not as such establish a business relationship with their clients in the sense of art 3.9 of the AML Directive. This means that MVTS companies are not required to perform the CDD which is required from a bank before, for example, opening a bank account with a new client. When a bank performs a wire transfer on behalf of a client, it has by default all the necessary information on the payer as it was collected when the account was opened. This is not the case for MVTS businesses, so they will ask for documentation for every transfer above 1,000. Art. 5,4 of the FTR exempts the requirement to verify the information on the payer for transfers not sent from an account if the amount does not exceed 1,000. This threshold is crucial to keep for MVTS companies (see section 5.2.2). Except for a few countries 238, however, proof of ID must still be presented in most EU Member States. Most of the operations of the MVTS companies interviewed are cash-to-cash, where the sending and receiving PSP is an agent, branch or a partner of the same business. This is called a closed-loop system, where the MVTS company uses its own internal system and protocol. In this case, all relevant information on the payer is retained centrally. MVTS businesses, however, also operate cash to account or account to cash transfers, in which cases they communicate with PSPs from the normal banking system. This generally does not present any problems. 237 The FATF does actually not use the term PSP but rather Financial Institution. As this concept has a special meaning in EU law in this report the term PSP is consistently used. 238 Ireland, Denmark, Sweden, Finland, Portugal and the United Kingdom Matrix Insight Ltd. & Transcrime 16th September

88 For a number of reasons, MVTS companies in particular service the market of remittances from migrant workers. First, the MVTS companies often offer money transfers to developing countries at cheaper rates than the traditional banking system. Second, migrant workers in some cases have difficulties presenting the necessary documentation to open a bank account as they might for example not have a permanent address. Finally the recipients in developing countries will often not have a bank account which is why cash transfers are the preferred option. For these reasons the MVTS companies have the vast majority of their transfers flowing from Western Europe to many developing countries. During the interviews the MVTS businesses raised two main issues: Potential conflicts between the AML legislation and data protection Challenges associated with verifying information on the beneficiary AML Legislation and Data Protection Following Article 4 of the FTR, PSPs should generally include full name, account number and residential address 239 on all wire transfers. Each time an individual in the EU transfers money to a foreign country, this person s personal information will be sent along to the receiving PSP including: Full Name Residential Address OR place and date of Birth OR National Identity number Transaction Number As long as the receiving PSP, agent or branch is located within the EU where legal protection such as the data protection directive (Directive 95/46/EC) is in place, this will constitute a minor risk. However, when sending funds to countries where there is no or little safeguard against the receiving institution (ab)using the information or indeed passing it on to third parties, the risk for the concerned individual could be significant. Since approximately 85% of the transactions processed by MVTS A are directed at countries outside the EU, including countries with weak legal systems, this is a real concern to this business. The response of the industry to this dilemma has been to limit the information shared with recipient PSPs to the minimum permitted by the FTR. For example, residential address or date and place of birth of the payer of MVTS A is only sent with transfers exceeding 1,000. In addition to this, the risk and consequences associated with sending this information to foreign countries is detailed in the terms of reference in order for the customers to make an informed choice before they give consent. According to the stakeholders interviewed, it would be useful to reflect on the proportionality of requiring personal and sensitive information to be sent to foreign countries for the purpose of fighting AML/TF (Please note that a similar point has been made by stakeholders representing MasterCard, see section 5.7.2). Perceptions on Verification of Beneficiary Information While MVTS companies in most cases already collect information such as name and city/country from the payer on the beneficiary of transfers, they are, however, not in a position to easily verify this information. MVTS B argues that this would be very difficult if not impossible to do in practice. MVTS B acknowledged that Regulation 1781/2006 seems to be headed in this direction, but warns at the same time that it will involve significant practical challenges. First of all it will require that all countries transpose such a 239 Art. 4 of the FTR Matrix Insight Ltd. & Transcrime 16th September

89 requirement into national law. This could potentially take some time especially in developing countries. Before that happens, PSPs in these countries will be unlikely to comply with any requirements regarding beneficiary information. The stakeholder warned that a scenario could occur in which payees or payers (especially in the case of banking agents) in developing countries, which have not implemented the FATF Recommendation, will experience difficulties conducting transactions with PSPs operating in the EU. For the PSPs in developing countries, the adaption of systems will require a lot of effort and investments, which will inevitably take time. It was also argued that a potential freeze or suspension of business relationships with PSPs in developing countries could lead to serious costs for the MVTS companies dealing with remittances as well as for their clients, who are often already in disadvantaged legal and economic situations. In addition, this could nurture and encourage illicit and unregulated ways of transmitting funds which would go counter to the very objective of AML/TF laws Interviews with MasterCard and VISA The study team also conducted interviews with stakeholders representing MasterCard and VISA. Both MasterCard and VISA are not PSPs in the sense that they carry out transactions themselves. Rather, they act as transaction facilitators and providers of payment products. In this role, they process payments between the banks of merchants and the card issuing banks or credit unions that use the MasterCard and VISA brands on their debit and credit cards. MasterCard and VISA are not directly involved with the end customer (and not with the merchants in the case of VISA) but they run the networks through which financial institutions (who are their customers) complete payment transactions. They have a legal relationship with the PSPs and assume partial responsibility for transactions. As a consequence, they have an interest in their customers (banks and other PSPs) complying with regulatory requirements. In this role, they are also in contact with the FATF and regulators. VISA, however, now introduced a person-to-person payment system which makes them a PSP covered by the FTR in this respect. MasterCard provided comments to the FATF on Special Recommendation VII 240 (now Recommendation 16) in which they emphasised their role as a wholesale or retail payment networks rather than money transfer services. Following this definition, they would be excluded from the scope of regulation on transfers. They further emphasised that they have no access to or knowledge of the end customers. While they can see the information accompanying wire transfers, they are unable to verify it. Referring to the term full and accurate information used in the Recommendation, MasterCard argues that a risk-based approach is more conducive than a prescriptive list to achieving both financial inclusion and satisfying AML/ATF concerns. In their words, an overly cautious approach to AML/CFT safeguards can have the unintended consequence of excluding legitimate businesses and consumers from the formal financial system. (MasterCard comments to the FATF). Another issue of major concern to MasterCard are evolving e-money markets in the EU. E-money is regarded as helpful in providing access to banking services, facilitating government payments and eliminating cash transaction alternatives. The latter aspect is particularly important as stricter regulation of e- money transaction could drive customers into cash alternative systems which cannot be as easily supervised by FIUs as there is no digital trail. MasterCard therefore is against a much stricter regulation of the e- money sector. The last major issue raised by MasterCard during the interview is the conflict of law between AML requirements on the one hand and privacy and data protection requirements on the other hand. In this context, data sharing should be better coordinated between governments and the private sector. 240 Information provided to the study team by MasterCard Matrix Insight Ltd. & Transcrime 16th September

90 VISA generally seemed to be concerned with technical problems arising from too many information requirements and regarded it as responsibility of its customers (the PSPs) to comply with regulation. They made it clear that from their perspective any reporting of information on the beneficiary of a transaction without verifying such information is without any value to authorities. However, VISA argued at the same time that such a requirement to verify beneficiary information would technically be impossible to be met by PSPs. Matrix Insight Ltd. & Transcrime 16th September

91 6.0 Impact of the FTR and Possible Extension of Scope The following chapter presents an assessment of the impact of the FTR 1) on different types of stakeholders across Member States, and 2) in terms of its objectives in combating money laundering and terrorist financing. In addition, the section also makes an assessment with regard to the practical challenges of potentially extending the scope of the FTR in line with the new FATF Recommendation 16 to include information on the beneficiary of wire transfers. The analysis is based on the findings stemming from the desk research, the stakeholder interviews as well as the follow-up questionnaires to collect quantitative information from national stakeholders. The existence of the complex set of FTR obligations and exemptions, as described in Section 4.3, makes it necessary: To assess the impact and the costs of the FTR obligations on EU payment service providers and other intermediaries, and compare the figures across EU countries; To identify areas where the exemptions and loopholes in the FTR could create opportunities for misuse of FT for ML purposes. The study team has therefore carried out a cost-benefit analysis, which was used to: Assess, also from an economic point of view, the impact of the application of the FTR across the EU Member States; Assess the effect of the FTR application on the activities of Financial Intelligence Units, Supervisory Authorities, Law Enforcement Agencies (LEAs) and other national stakeholders, for example by estimating the increase of suspicious transaction reports due to the introduction of the FTR; In addition, the study team has applied the risk assessment/crime proofing of regulation / legislation (CPL) methodology to the FTR, a scientific approach developed by Transcrime to assess and neutralise the opportunities for crime created by regulation. In the light of the results of the assessment of the FTR implementation among EU Member States, the CPL assesses if other loopholes within the FTR could facilitate the execution of ML and TF activities. The CPL also contributes to the overall assessment of the impact of the FTR and its possible misuse for illicit purposes. The following sections present the findings stemming from the Cost-Benefit Analysis (CBA) of FTR obligations on different stakeholders, and the Risk Assessment and Crime Proofing Exercise (RA and CP) to identify if and how the FTR addresses the ML and TF risks associated to fund transfer activities, and if revisions of the FTR should be envisaged in order to strengthen its effectiveness against ML and TF. In both, the CBA and RA sections, an assessment is performed of the practical challenges of potentially extending the scope of the FTR in line with the revised FATF Recommendation 16, and in particular with the recommendation to include beneficiary information in wire transfers. Please refer to Annex 8.1 for a detailed set of questions for the assessment of the FTR impact as well as relevant indicators. Matrix Insight Ltd. & Transcrime 16th September

92 6.1 Cost-Benefit Analysis The aim of this section is to assess the impact of the application of the FTR across EU Member States in terms of costs and benefits to EU stakeholders. The assessment will focus on three categories of stakeholders: 1. EU PSPs, in terms of costs borne for being compliant with FTR obligations; 2. EU LEAs, FIUs and SAs, in terms of effects on their activity (e.g. by an increase/decrease in STRs/SARs due to FTR application); 3. Other EU stakeholders (EU consumers, EU market and Member States as a whole). In order to produce a comprehensive assessment, the cost-benefit analysis (CBA) will not only look at how the FTR has been implemented, i.e. focus on existing FTR obligations, but will also take into account possible extensions of the scope of the FTR, i.e. new FTR obligations, and in particular the inclusion of beneficiary information, as foreseen by revised FATF Recommendation 16 (see section 6.2 ff.). This assessment will allow to understand not only to what extent the FTR has had an impact to date, but also the additional costs which would be borne by EU PSPs should the FTR be revised according to FATF Recommendation 16. For each FTR dimension (i.e. existing FTR obligations and new FTR obligations), the following issues are identified and assessed: a) Benefits; b) Direct costs; c) Indirect costs. Direct costs are evaluated in terms of net losses borne by EU PSPs as a consequence of the adjustments made to their activities, systems and procedures for being compliant with FTR obligations. Indirect costs are intended as indirect consequences and externalities of the FTR implementation which have affected other EU stakeholders (e.g. EU consumers, EU market operators, EU MSs as a whole). It must be remarked that, whenever possible, an estimation of the costs in quantitative/monetary terms has been attempted. However, it must be highlighted that EU PSPs usually collect and provide cost statistics and estimations, even for internal reasons, which refer in general to compliance with AML obligations and not specifically to each piece of the AML regulatory framework, such as the FTR, PSD, etc. For example, PSP staff periodically receives training on AML issues, but it is not possible to distinguish the share of it specifically attributable to the FTR. It is therefore not possible to distinguish the expenses specifically referring to the FTR. In recent years, few estimations on the costs to EU intermediaries and practitioners for complying with EU AML regulation have been produced, both at academic level (see e.g. Transcrime, ) and at institutional level (e.g. the on-going EU AMLD review), but most refer to the 3 rd AML Directive and in any case cannot be broken down in order to identify the FTR related expenses. 241 Transcrime, 2007, Cost Benefit Analysis of Transparency Requirements in the Company/Corporate Field and Banking Sector relevant for the fight against Money Laundering and other Financial Crime, study funded by EC, DG JLS/D2/2005/01, available at < Matrix Insight Ltd. & Transcrime 16th September

93 Whenever reliable quantitative cost estimations specifically referring to the FTR could not be provided, the CBA has looked at: a) Identifying the main sources of costs and benefits due to the FTR; b) Providing a ranking of the costs/benefits so as to understand those that are most/least significant in terms of impacting on EU stakeholders Cost Benefit Analysis of existing FTR obligations This paragraph aims at performing a CBA of the FTR as it has been implemented, i.e. with respect to existing FTR obligations as applied by EU MS. Benefits Two main types of benefits arising from the FTR application could be identified by the study team: 1. Benefits in terms of increased transparency in relation to fund transfers which should be reflected by an improvement in LEAs/FIUs/NSAs activities against ML and TF; 2. Benefits in terms of increase in standardisation of payment procedures across EU PSPs, which corresponds to the developments in the EU payment system outlined in other EU initiatives (e.g. SEPA, PSD, etc). This section focuses on the first type, since the study aims at assessing the impact of the FTR in terms of its effectiveness against ML and TF. In order to measure the increase in terms of transparency of fund transfers, two issues are being analysed: 1. The effectiveness of the FTR in combating the abuse of fund transfer activities for ML and TF purposes; 2. The impact on the activity of LEAs, FIUs, and Supervisory Authorities, evidenced for example by an increasing or decreasing number of STRs, or by an increasing or decreasing amount of investigations as a consequence of the implementation of the FTR. Section 6.2 of this report will describe in detail if and how the FTR has been able to address ML and TF risks. When looking at the FTR s impact on the activities of LEAs, FIUs, and Supervisory Authorities, it must be noted that: a) Little quantitative information on the number of reports received by FIUs and Supervisory Authorities under Art. 9.2 of the FTR are available (see section for details); b) It is not possible at EU MS level to break down STRs received by EU FIUs per type of ML offence or violation 242, therefore it is not possible to understand whether an increase or decrease in STRs has occurred as a consequence of implementation of the FTR; c) Similarly, very little significant statistics are publicly available or have been provided by interviewed stakeholders as regards the number of investigations performed by EU LEAs, FIUs and prosecutors on issues related to Fund Transfers (see paragraph for details). 242 Cynthia TAVARES, Geoffrey THOMAS, Mickaël ROUDAUT (2010), Money laundering in Europe, Eurostat Matrix Insight Ltd. & Transcrime 16th September

94 Consequently, it is difficult to provide a quantitative estimate of the impact of the FTR on the activity of EU FIUs, LEAs, and Supervisory Authorities as well as prosecution offices. Nonetheless, a qualitative assessment will be presented in section 6.2. Costs As for direct costs, two main sources of expenses for EU PSPs have been identified as a consequence of the implementation of the FTR: 1. Expenses related to the adjustments to the existing messaging systems of EU PSPs in order to include information on the payer of a FT; 2. Expenses related to the verification of information on the payer of a FT. The first source leads mainly to IT expenses (upgrade or modifications to EU PSPs IT software or messaging standards). As regards the second, an increase of staff costs is envisaged, and in particular an increase of man-hours to be devoted to the following activities: a) Cross-check of the payer s identity (if not previously checked under CDD/ Know Your Customer activities under the AML regulation) with reference to other watch lists, PEPs lists, etc; b) Check of the coherence between different pieces of information (e.g. name of the payer with relevant account number). According to interviewed stakeholders, costs could be ranked in this order, from the most to the less significant (see section 5.3.1): 1. IT costs 2. Staff costs 3. Training costs. In terms of ranking per type of institution bearing the cost, payee s PSPs are those suffering the most significant burden, followed by payer s PSPs and intermediary s PSPs. Finally, on the basis of stakeholders comments, some hypothesis could be formulated: a) The more derogations a Member State applies, the fewer obligations are posed on PSPs and hence less costs are borne. It can therefore be assumed that costs are higher the lower the number of FTR derogations applied in the country. As for the state of implementation of FTR derogations across EU MS, please see section 5.2.1; b) Costs are higher in those cases where the payer has no on-going business relationships with PSPs which apply CDD, as required by Directive 2005/60/EC, and implementing measures. No statistics are available referring to cases where the wire transfer is coming from a payer who is already a customer of the PSP; c) Costs are increased in the absence of IT systems which are able to check and monitor information on the payer automatically included in transfers. If PSPs relied less frequently on IT systems, the need of having more manual controls by the personnel would increase, and so would staff costs. Matrix Insight Ltd. & Transcrime 16th September

95 6.2 Possible Extension of the Scope of the FTR Inclusions of Beneficiary Information (as per FATF Recommendation 16) In February 2012, the FATF published revised Recommendations. Recommendation 16 on wire transfers replaced Special Recommendation VII. The first sentence was modified in the following way: Special Recommendation VII (2001) Recommendation 16 (2012) Countries should take measures to require financial institutions, including money remitters, to include accurate and meaningful originator information (name, address and account number) on funds transfers and related messages that are sent, and the information should remain with the transfer or related message through the payment chain. Countries should ensure that financial institutions include required and accurate originator information, and required beneficiary information, on wire transfers and related messages, and that the information remains with the wire transfer or related message throughout the payment chain. The interpretative note to Recommendation 16 (INR16.6 and 7) clarifies that information accompanying all qualifying wire transfers should always contain: the name of the originator; the originator s account number where such an account is used to process the transaction; the originator s address, or national identity number, or customer identification number, or date and place of birth; the name of the beneficiary; and the beneficiary account number where such an account is used to process the transaction. During the interviews undertaken as part of this study, stakeholders were asked how practical they regard it to extend the scope of the FTR in line with the new FATF Recommendation 16 to include information on beneficiaries of wire transfers. The responses (N=50) are illustrated in the figure below, broken down by type of stakeholder: Figure 9: Stakeholders Positions on the Inclusion of Beneficiary Information SA PRO FIU & LEA PRO Practitioner PRO SA Neutral FIU & LEA Neutral Practitioner Neutral SA CON FIU & LEA CON Pracitioner CON 17 N=50. No stakeholders in Ireland, Italy, Malta and Romania provided any response to this question. Matrix Insight Ltd. & Transcrime 16th September

96 The majority of respondents was in favour of extending the scope of the FTR to reflect the recent changes made to FATF Recommendation 16 (all shades of green) while few respondents were neutral (shades of grey) and some stakeholders were against such a change of scope of the FTR (all shades of red). Broken down into the different stakeholder categories, the figure below demonstrates a clear preference for extending the scope of the FTR to include information on the beneficiary of wire transfers among Supervisory Authorities, while practitioners seemed much more reluctant: Figure 10: Stakeholders positions on the inclusion of beneficiary information broken down by stakeholder category PRO Neutral CON 2 0 Supervisory authorities FIUs and LEAs Practitioners N=50. No stakeholders in Ireland, Italy, Malta or Romania provided any response to this question. Many stakeholders (including several practitioners) were in principle in favour of including beneficiary information in the FTR, but cautioned that this should not result in a requirement for PSPs to verify such information. In other words, most stakeholders would support such an amendment as long as it does not go beyond the provision of FATF Recommendation 16, in which case the adjective accurate information should be avoided for the benefit of required information. The most common argument was that verifying such information would be practically impossible as it would potentially require PSPs to know the identity of the beneficial owner of a transaction. Arguments in Favour of requiring the inclusion of beneficiary information According to some stakeholders 244, information on the beneficiary even if not verified could prove very useful in investigations and in tracing money flows and could even be decisive in legal proceedings. It would also facilitate cross-border cooperation between investigators. 245 The Luxembourgian FIU mentioned that they received some STRs related to terrorist financing only because of beneficiary information (as the name of the beneficiary was similar to one on a sanction list, although in the end this turned out to be false alarm), 243 N=50. No stakeholders in Ireland, Italy, Malta or Romania provided any response to this question. 244 Supervisory Authority Denmark, Supervisory Authority Estonia, FIU Finland, Practitioner France, FIU Lithuania, Supervisory Authority Portugal, FIU Slovenia 245 FIU Germany Matrix Insight Ltd. & Transcrime 16th September

97 making this information more valuable than originator information in a terrorism context. Some authorities 246 would go further and see a great added value in requiring PSPs to verify such information. Some practitioners 247 claimed to already have implemented the new FATF Recommendation or routinely include such information on their transactions and thus see no problem with making statutory what is already commercial reality. In any case, stakeholders argued that it is commonplace for the EU to implement FATF Recommendations and an inclusion of beneficiary information in the FTR would be the most practical and appropriate way of doing so. 248 Arguments Against requiring the inclusion of beneficiary information Some practitioners interviewed 249 stated that it would technically be impossible for them to verify the accuracy of beneficiary information accompanying a transfer. This should not be confused, however, with an obligation for beneficiary PSPs to verify the identity of the beneficiary themselves. In turn, it was argued that any inclusion of beneficiary information without verification would not provide authorities with any meaningful additional information and could be easily circumvented by criminals. 250 It was also argued that the question of verification, notwithstanding any mandatory requirement, would have the consequence that both internal systems as well as online customer systems would need to be changed. This would entail considerable investments in IT infrastructures (see section on further information on implementation costs). 251 Some stakeholders 252 suggested to only apply the requirement for beneficiary information only to extra-eu transactions in order to minimise the additional bureaucratic burden for PSPs. According to that argument, PSPs licensed inside the EU have to include this information as part of their CDD obligations anyways, diminishing the added value of imposing this requirement on intra-eu transactions. Any amendment of the FTR would also have to be made consistent with the Payment Services Directive. 253 Another point raised by some interviewees 254 was the danger that any comprehensive reporting of beneficiary information may violate data protection and privacy rights of customers and could be abused for commercial reasons by those PSPs who receive such information (who may use this information to directly contact their competitors customers). In the UK, a similar concern by PSPs about passing on information on originators has been resolved by allowing PSPs to sign a written agreement expressing that they accept responsibility for the payment in which case they do not have to report complete information. 255 One interviewee who was involved in the negotiations on the revision of the FATF Recommendations reported that negotiators received questions by the financial industry on what the term accurate information on beneficiary was supposed to mean in practice. As stated above, PSPs feared it would require them to validate information they receive on the beneficiary and to identify the beneficial owner which would impose a much higher burden than merely passing on information on the beneficiary. After a debate about how meaningful accurate beneficiary information could be, the FATF then decided to drop this requirement and now only asks financial institutions to report required beneficiary information. However, the 246 Supervisory authority Bulgaria, Supervisory Authority Estonia 247 According to the Supervisory Authority Bulgaria, Supervisory Authority United Kingdom, Supervisory Authority Luxembourg, FIU Poland 248 Supervisory Authority Germany 249 Practitioner Finland, Practitioner France 250 Practitioner Belgium, 251 Practitioner Sweden 252 Latvian and Luxembourgian Supervisory Authorities, Practitioner Czech Republic 253 Practitioner Spain 254 Practitioner Czech Republic, Practitioner Greece 255 Supervisory Authority United Kingdom Matrix Insight Ltd. & Transcrime 16th September

98 interviewee stated that the PSP of the beneficiary should in any case carry out regular CDD checks in order to identify the beneficial owner of a transaction. This, however, does not fall within the scope of Recommendation 16. The same interviewee recommended making this distinction in any revision of the FTR which would then include a requirement to attach information on the beneficiary to transactions. A stakeholder representing a large MVTS company interviewed for this study acknowledged that in the future beneficiary information will be required for wire transfers. The stakeholder only cautioned that a scenario could occur in which payees or payers (especially in the case of banking agents) in developing countries, which have not implemented the FATF recommendation, will experience difficulties conducting transactions with PSPs operating in the EU. For the PSPs in developing countries the adaption of systems will require a lot of effort and investments, which will inevitably take time. A potential suspension of business relationships with PSPs in developing countries could lead to serious costs for the MVTS companies which deal with remittances and for their clients, who are often already in disadvantaged legal and economic situations Cost Benefit Analysis for the Possible Extension of the Scope of the FTR The following sub-section provides an assessment of the possible impact on EU PSPs and other stakeholders of changing the scope of the FTR in the context of recent amendments to the FATF recommendations. In particular, it focuses on the obligation for financial institutions, as foreseen by FATF Recommendation 16, to provide not only payers information on wire transfers but also information on the beneficiary. The following table summarises stakeholders perceptions of the benefits and costs of including beneficiary information in wire transfers, as outlined in the section above. Table 30: Benefits and Costs of Including Beneficiary Information in Wire Transfers Benefits Could be useful in tracing money flows and could be decisive in legal proceedings Would facilitate cross-border cooperation between investigators Some practitioners have already adopted this FATF Recommendation amendment of FTR would merely make statutory what is already commercial reality Source: Matrix and Transcrime Interviews with Stakeholders. Cost Would entail considerable costs in IT infrastructure Both internal and online customer systems would need to be changed Reporting without verification would not add any benefit May violate data protection and privacy rights of customers and could be abused for commercial reasons These findings can be broken down by different stakeholder groups: Table 31: EU Stakeholders Perception of the Benefits of Including Beneficiary Information in Wire Transfers PSPs/Banks SAs/FIUs/LEAs Total Yes Neutral No Total N=50. No stakeholders in Ireland, Italy, Malta or Romania provided any response to this question. Matrix Insight Ltd. & Transcrime 16th September

99 Benefits As stated above, most stakeholders agreed that including beneficiary information in wire transfers could bring some additional benefits in terms of the FTR AML and TF effectiveness; this, as expected, is much higher for SAs/FIUs responses rather than for PSPs, who would bear the highest cost (see section 6.2.1). However, the findings stemming from the stakeholder interviews show that in many cases interviewees are uncertain and make their opinion dependent on how the FATF recommendation will be practically transposed into FTR obligations at EU and MS level. More specifically: a) Costs/benefits would much depend on the type and the amount of beneficiary information to be collected and verified this is something that according to EU stakeholders interviewed still needs to be better specified; b) According to a limited number of stakeholders, benefits would be higher should the inclusion of beneficiary information be applied only to wire transfers with extra-eu countries; c) One stakeholder suggests that benefits would be higher if information on the payer was accompanied by other types of information on the purpose/objective of the transfer 256. Costs Two sources of costs related to a potential extension of scope of the FTR in light of including FATF Recommendation 16 and in particular beneficiary information for wire transfers have been identified: 1. Costs related to the inclusion of information on the beneficiary in wire-transfer related messages (as foreseen by Recommendation 16); 2. Costs related to the verification of information on the beneficiary (Recommendation 16, interpretative notes, Art. 20). 257 As regards the former, similar to paragraph 6.1.1, costs would be represented mainly by IT expenses as a consequence of the adjustments of PSPs messaging systems in order to include beneficiary information. Here, some impediments could be detected (see next paragraph). Costs will: a) be represented mainly by staff costs, resulting from the increase in the number of man-hours to be devoted to the verification of information on the beneficiary; b) much depends on the type of verification required by law. According to several EU stakeholders interviewed, some misinterpretation problems could arise, e.g. in case the beneficiary of the wire transfer was a legal person, should the relevant beneficial owner be identified in a 3 rd AMLD fashion? In this sense, it is highly suggested by interviewees to better specify the nature of the verification which, on the basis of FATF Recommendation 16, should be put in act. Impediments On the basis of EU stakeholders responses, few issues have been identified which could make it difficult to implement FATF Recommendation 16 and especially the inclusion of beneficiary information. 256 Supervisory Authority Estonia 257 Art. 20 of the interpretative notes to FATF Rec. 16 says, in this regard: for qualifying wire transfers, a beneficiary financial institution should verify the identity of the beneficiary, if the identity has not been previously verified, and maintain this information in accordance with recommendation 11. Matrix Insight Ltd. & Transcrime 16th September

100 Technical impediments: Stakeholders mentioned some constraints in the messaging standards currently in use. For example, SEPA standards have a limited number of characters (140) which could pose problems to the inclusion of any additional information in a wire transfer related message. As wire transfers are executed by highly automated systems, any change of information would require considerable changes and human and IT resources. 258 Moreover, customer-facing systems would need to be changed to prompt for beneficiary information and all PSPs would need to change their accounting software in order to avoid delays in the execution of transfers. 259 One Spanish practitioner argued for example that a transitional period after the introduction of this requirement would give PSPs the time to incorporate this information in the payment chain. Impediments to the verification of the information on beneficiaries: Especially in cases of beneficiaries who are legal persons, it would be difficult for sending PSPs to verify with certainty the identity of such a beneficiary. Previous studies 260 indicate that at EU level, information about the natural persons behind corporate entities is not extensive or reliable. It would therefore be practically almost impossible for sending PSPs to verify such information for each transfer, especially in the case of legal persons where the beneficial owner of an entity would have to be identified. Indirect and Additional Costs Both, when talking about CBA of the existing and the possible new FTR obligations, a set of indirect costs could be identified, although they could not be assessed precisely. These costs refer to indirect consequences and externalities of the FTR implementation which could affect not only PSPs or LEAs, FIUs, and Supervisory Authorities, but also other EU stakeholders (e.g. consumers, market operators, MS as a whole). The following indirect costs have been identified: a) Delays in executing wire-transfers due to the inclusion and verification of payers and beneficiaries information: individual EU stakeholders interviewed consider this as one, even though not the most problematic issue, and affirm that additional checks and verification of the information transmitted through wire-transfer could create some delays in the payment system. b) Indirect costs in terms of data protection: a few EU stakeholders interviewed, including major MVTS companies, believe that the inclusion of additional information in wire transfer could increase the risk of a leakage of this data and hence of an abuse of these information for illicit purposes. c) Displacement effects to other forms of FT: the introduction of a new set of obligations in the FTR and the related possible problems (e.g. delays, etc.) could, theoretically, make other forms of wire transfer which are not specifically addressed by the FTR (e.g. MVTS or e-money) more competitive rather than traditional ones. However, as it will be better explained in paragraphs and 6.2.4, it is extremely difficult to understand how much the increase of instruments such as MVTS or e-money could be effectively attributable to FTR and not to other reasons (e.g. lower costs, more flexible instruments, etc). d) Regulatory or surveillance arbitrage of EU PSPs across EU MS: as already signaled by some SAs, migrations of EU PSPs and other wire transfer operators (e.g. MVTS companies) across 258 Practitioner Germany, Practitioner Slovakia, Practitioner United Kingdom 259 Practitioner Belgium 260 Transcrime, 2012, Project BOWNET: Summary of the Project and preliminary results of the analysis, < Matrix Insight Ltd. & Transcrime 16th September

101 EU Member States has occurred after the implementation of the PSD and FTR, and it could not be excluded that they would occur as a consequence of an extension of the FTR scope. These migrations could be explained mainly as an attempt of EU PSPs or MVTS to avoid stricter surveillance by the competent authorities, rather than regulation, and to migrate in EU MS where surveillance is more morbid (see 6.2.3) Cost Benefit Analysis: Conclusions A set of various costs and benefits has been identified and estimated where possible. Costs generally stem from two activities: (a) the inclusion of payer/beneficiary information in the wire transfer related message; (b) the verification of such information. While the first change would result in increased IT costs, the second would primarily result in staff costs. The lack of disaggregated statistics, both in terms of PSPs internal expense estimations and also for LEA/FIU activity, makes it difficult to distinguish costs of compliance with the FTR from overall costs of AML compliance. Some variables appear to be quite important in determining the extent of costs, and on these a sensitivity analysis could be performed. In particular, the question of how the FTR would transpose FATF Recommendation16 (or whether it would go beyond the requirements outlined in this Recommendation), seems to be a crucial issue which could significantly increase or decrease the costs of PSPs. Matrix Insight Ltd. & Transcrime 16th September

102 Table 32: Summary of CBA Results Dimension to be evaluated 1. Existing FTR obligations Costs/Benefits Description Nature of costs/benefits Notes Benefits Increase of transparency in FT activity Direct Costs Indirect costs Costs related to inclusion of information on the payer Costs related to verification of information on the payer Costs and externalities indirectly referable to FTR application Effectiveness of FTR in combating misuse of FT activity for ML and TF purposes Impact on LEAs, FIUs, NSAs activity Adjustments to existing wire-transfer messaging systems so as to include information on the payer. Man-hours of work devoted by EU PSPs to verify the information on the payer of wire-transfer See section 6.2 a) Increase/decrease in No. of Reports sent under art. 9.2 FTR b) Increase/decrease no. STRs/SARs due to FTR issues c) Increase/decrease no. investigations due to FTR issues a) IT costs b) Training costs a) Staff costs b) Training costs Delays in executing wire-transfer due to inclusion and verification of information on the payer Problems in terms of Data protection Displacement effects to other forms of FT Regulatory or Surveillance arbitrage of EU PSPs Statistics on STRs, Reports under Art. 9 FTR, investigations and convictions are not available broken down per type of offence. It is therefore not possible to determine those specifically referring to FTR related issues. Available statistics and estimations refer in general to costs due to compliance with AML regulation, while it is not possible to break-down costs specifically attributable to compliance with the FTR. Matrix Insight Ltd. & Transcrime 16th September

103 Dimension to be evaluated 2. Extension of scope of FTR (inclusion of information on the beneficiary Costs/Benefits Description Nature of costs/benefits Benefits Increase of transparency in FT activity Impedim ents Direct Costs Indirect costs Impediments in including information on the beneficiary in wiretransfers Costs related to inclusion of information on the payer Costs related to verification of information on the payer Improvement in effectiveness of FTR in combating ML and TF thanks to inclusion of information on the beneficiary Technical impediments Other impediments Adjustments to existing wire-transfer messaging systems so as to include information on the beneficiary. Man-hours of work devoted by EU PSPs to verify the information on the beneficiary of wiretransfer a) More information available to EU LEAs, FIUs, NSAs in AML investigations b) Higher controls on intra-extra EU fund transfers for AML purposes c) Higher standardization among EU PSPs Constraints and limitations in existing messaging standards (e.g. limited number of characters in messaging standards in use). Problems in verification of beneficiary information due to lack of available information which could be accessed by EU PSPs, especially in case beneficiary are legal entities. a) IT costs (see also Technical impediments above) b) Training costs a) Staff costs b) Training costs Delays in executing wire-transfer due to inclusion and verification of information on the beneficiary Problems in terms of Data protection Displacement effects to other forms of FT Regulatory or Surveillance arbitrage of EU PSPs Matrix Insight Ltd. & Transcrime 16th September

104 6.2.4 Freezing Actions In the wider framework of prevention of terrorist financing, measures aimed at the freezing of funds and economic resources of certain persons, groups and entities have been taken, as specified in Regulation (EC) No 2580/ , and Council Regulation (EC) No 881/ In the more specific context of wire transfers, freezing actions are mandated as per Recommendation 16 of the FATF Recommendations of February 2012, to prevent terrorists and other criminals from having unrestrained access to wire transfers for moving their funds. To this end, countries should ensure that, financial institutions monitor wire transfers for the purpose of detecting those which lack the required originator and/or beneficiary information and take appropriate measures including freezing actions. The Recommendation however provides no definition for what the term freezing means in practice and leaves it open to interpretation. Some more insights about freezing of funds in general are, however, provided throughout the FATF Recommendations, where for example a freezing mechanism is understood as a false positive. False positives are potential matches to listed persons, either due to the common nature of the name or due to ambiguous identifying data, which on examination prove not to be matches In the context of FATF Recommendation 16 and the possibility to extend the scope of the FTR to include such a provision, Supervisory Authorities, FIU s and PSPs were asked where they would see the main practical challenges to take freezing actions against designated persons and entities. The findings suggest that the insertion of such a requirement on freezing actions would not represented new obligations on PSPs. Rather, it was argued that it would make the FATF Recommendations consistent with existing sanction obligations provided for by existing UN Council Resolution 1373, which is binding to all UN members. Beyond that, many large banks globally compare transactions with the sanction list provided by the US authority OFAC 265, which explains why many interviewees argued that the freezing of assets is common practice for them. If anything, the revision would therefore clarify for intermediary PSPs that they too have a responsibility to take adequate measures right up to freezing actions when they come across suspicious information accompanying a transaction. 266 Stakeholders in 9 Member States 267 report no obstacles, focussing on the fact that taking freezing actions is already a practice in their country. In contrast, stakeholders in 6 Member States 268 have provided their perceptions regarding the obstacles against freezing, which include: The need for LEAs to acquire the necessary information on transactions as well as enough time to react in technical terms. While this takes them between half an hour to half a day, the wire transfers are executed in a minute. 269 Freezing assets in particular by the intermediary PSP could cause interferences regarding the clearing of cross-border wire transfers, especially in case of a cover payment transaction. At a minimum, the beneficiary bank will never credit the transferred amount for the beneficiaries 261 OJ L 344, , p. 70. Regulation as last amended by Commission Regulation (EC) No 1461/2006 (OJ L 272, , p. 11). 262 OJ L 139, , p. 9. Regulation as last amended by Commission Regulation (EC) No 1508/2006 (OJ L 280, , p. 12). 263 The definition of a freezing is provided in the glossary on page FATF Guidance Document (2003): International Best Practices. Freezing of Terrorists Assets. Revised June Office of Foreign Assets Control 266 Interview with a stakeholder involved in the negotiations on the revision of the FATF Recommendations 267 Austria; Belgium; Bulgaria; Cyprus; Czech Republic; UK; Greece; Luxembourg and Poland 268 Estonia; Germany; Hungary; Portugal; Slovenia and Spain 269 Estonian Financial Supervision Authority Matrix Insight Ltd. & Transcrime 16th September

105 account until there is green light by the intermediary bank, so that there will always be a delay in the whole procedure. 270 Not enough time for the freezing actions (currently between 1 to 2 working days). The deadline should be extended. 271 Designated persons change names all the time. Having the names with no other information to identify the person by would make it very difficult for financial institutions to take actions. 272 In terms of the beneficiary, it is questionable whether it is possible to freeze the funds as validating the quality of the receiver's data might be problematic. 273 Freezing actions are very complex as payments are becoming more and more automatic and it is contradictory to legislation aiming to speed up payment processes. 274 A large e-money institution interviewed reported that no impediments existed against requesting PSPs to take freezing actions against designated persons and entities. At the time they are freezing assets less than 50 times in the last four years. Usually the funds frozen are limited (less than 100) The same stakeholders were asked about the costs and benefits of requesting financial institutions to take freezing actions against designated persons and entities. A number of costs and benefits reported have been outlined and summarised in Table 31 below. Table 33: Benefits and Costs of Requesting Financial Institutions to take Freezing Actions against Designated Persons and Entities Benefits Costs Freezing actions will immediately prevent the funds to be transferred or converted into other assets. 275 It will act as a mechanism to deter potential money launderers from using financial institution for their illegal activities. 276 The funds possibly related to money laundering or terrorist financing will be frozen for investigative purposes. Furthermore, it is a means for the PSP that shows its commitment to follow the relevant legislation. 277 Creating problems/transfer delays for both PSPs and their customers. 278 Costs of making the query and loss of time. 279 This would translate into a decrease in the payment chain efficiency and an increase in the cost per transaction. 280 The bank reputation might be affected especially in case the customers whose transfers have been frozen are then cleared from any wrongdoing. 281 Possible delays in the transfer of money until the payer justifies the source of funds. 282 High administrative costs for staff and resources to be able to check funds very 270 German Supervisory Authority 271 Hungarian FIU 272 Portuguese FIU 273 Slovenian Bank Association 274 Spanish FIU 275 Bulgarian Supervisory Authority 276 Cypriot Supervisory Authority, Portuguese FIU and Spanish FIU/SA 277 Estonian Financial Supervision Authority 278 Estonian Financial Supervision Authority 279 Estonian Financial Supervision Authority 280 Spanish practitioners 281 Portuguese FIU 282 Spanish FIU/SA Matrix Insight Ltd. & Transcrime 16th September

106 Benefits Costs quickly and work with police, prosecution and magistrates. 283 Source: Matrix and Transcrime Interviews with Stakeholders. Stakeholders were also asked how the freezing of accounts is implemented in practice by financial institutions. Eleven Member States provided evidence on the practicalities of account freezing. As Table 34 below shows, in some Member States the process is simplified, triggered and executed by the PSPs themselves (e.g. Belgium Finland and Poland), while in others a more complex process needs to take place before the freezing of accounts can be executed. A number of stakeholders interviewed (N=10) also specified the main actors involved, which could be PSPs, FIUs, public prosecutors, national ministries and the courts. Only stakeholders from two Member States provided information on the length of the freeze, which could range from a minimum of 24 hours (Czech Republic) to a maximum of three days (Czech Republic and Bulgaria). 283 Spanish FIU/SA Matrix Insight Ltd. & Transcrime 16th September

107 Table 34: Implementation of the Freezing of Accounts by Financial Institutions Member State Details Actors involved Length of Freeze Belgium Funds are deviated to an internal account and blocked for all transactions. 284 PSPs Bulgaria Cyprus Czech Republic Several Steps: 1. Whenever suspicion arises, the reporting entity is obliged to immediately notify the FIU before performing the transaction, delaying it within the admissible term according to the respective legislation. If this is objectively impossible, the reporting entity shall notify the FIU immediately about the execution of such transaction. 2. The Minister of Finance, upon proposal of the Chairman of State Agency "National Security", shall be able to stop the operation with a written order for a term of 3 working days from the day following the day of issuance of the order. 3. If until the expiration of this term no preventive measure, distraint or prohibitions are imposed, the reporting person shall be able to carry out the transaction. The FIU shall immediately inform the prosecution for the stopping of the transaction by presenting the necessary information, preserving the anonymity of the reporting person. 4. The prosecutor can impose a preventive measure or extend a request before the respective court for imposing a distraint or prohibition. 5. The court shall rule on the request not later than 24 hours from its receipt. 285 Two ways: the FIU in some cases may issue a letter to the bank asking for the postponement of transactions for a limited time period, according to Article 68 B of the Prevention and Suppression of Money Laundering and Terrorist Financing Laws of 2007 and A freezing order is obtained following an application to the Court on behalf of the Attorney General, according to article 14 of the abovementioned Law. Accounts are first frozen for 24 hours; this period can be extended to 72 hours. If more investigation is necessary, par. 20 Act 253/2008 gives the possibility to extend the freezing of account for an additional 3 days. 287 PSPs FIU Minister of Finance Chairman of State Agency "National Security The prosecutor FIU PSP 3 days 24 hours extended to a total of 6 days. 284 Belgian practitioners 285 Bulgarian Supervisory Authority 286 Cypriot Supervisory Authority 287 Czech FIU Matrix Insight Ltd. & Transcrime 16th September

108 Member State Details Actors involved Length of Freeze Payment service providers freeze the accounts on their own decision on the PSP Finland grounds of the EU sanctions regulations or by the order of the competent authorities. 288 Latvia Malta Poland Portugal Only the Latvian FIU can request PSPs to take freezing actions. The court mandates freezing orders. All financial institutions are required to check that the person listed is not their client. Otherwise they have to freeze their assets. The freezing orders are published on the FIU website to facilitate detection of freezing orders. 289 Under the Regulation, PSPs can freeze an account once there is a positive match. The practical question is therefore one of precise identification. Institutions should generally have procedures in place setting out the policy on freezing. However, at this point no freezing pursuant to EU regulations has taken place. 290 Three ways: a) Any Public Prosecutor has the power to initiate an inquiry and freeze, without delay, any funds or other assets or economic resources belonging: 1. to persons that commit or attempt to commit BC/FT offenses, participate or facilitate in the commission of the acts, 2. that are owned or controlled, directly or indirectly, by such persons or entities, or 3. to persons or entities acting on its behalf or under its supervision, including the freezing of funds that are derived from or representing the result of funds that are owned or controlled, directly or indirectly, by such persons or persons and entities linked to them, regardless of the fact that the person is classified as EU internal terrorist or not. b) In addition, the freezing could also take place under the mutual legal assistance request submitted by another Member State that may send the request directly to the Attorney-General Office or to any Public Prosecutor. Therefore, the Portuguese Authorities are empowered with the mechanisms to give execution to actions initiated under freezing mechanisms of other jurisdictions. FIU PSP Court PSP PSP Public Prosecutor FIU 2 days 288 Finish Supervisory Authority 289 Maltese FIU 290 Polish FIU Matrix Insight Ltd. & Transcrime 16th September

109 Member State Details Actors involved Length of Freeze c) Freezing actions can also be done by instruction of the FIU. The FIU receives communication from financial institution; the FIU can then take freezing actions for 2 days while they get the formal order from the judge. They can also take actions while analysing the data they receive. Slovakia Spain In the case of suspicious money transfers, financial institutions are obliged to report such operation to the FIU. The FIU liaises with the Ministry of Finance and the Ministry of Economy. If the allegation is confirmed, the transfer is stopped. If not, the transfer is executed with a time delay. 291 Accounts can only be frozen by judicial order or by order from the Commission on Terrorist Financing Monitoring. Currently, PSPs work with the police, prosecution services and magistrates. It is the judge who decides whether it is necessary to take freezing actions. The process is lengthy and expensive. According to practitioners, any freezing actions not being requested by local authorities and any transfer that does not come with a unique identifier number are likely to cause problems if freezing actions of the account are to be taken. Source: Matrix and Transcrime Interviews with Stakeholders. N=11 PSPs FIU Ministry of Finance Ministry of Economy Judicial order from the Commission on Terrorist Financing Monitoring PSPs 291 Slovak Supervisory Authority Matrix Insight Ltd. & Transcrime 16th September

110 6.3 Risk Assessment and Crime Proofing To complete the assessment of the FTR implementation, it is necessary to analyse its impact in terms of effectiveness in combating money laundering and terrorist financing. This section aims to understand: a) if and to what extent the FTR has addressed the ML and TF risks associated to fund transfer activity; b) if exemptions and loopholes in the FTR could have created opportunities for misuse for ML and TF purposes; c) if other areas of risks in the FT activity exist outside the scope of the FTR; d) if and how these additional areas of risk could be targeted by a revision of the FTR. Methodology In order to respond to the objectives listed above, a two-step methodology has been adopted: 1) the first step aims at identifying the areas of ML and TF risk: within the scope of the FTR; outside the scope of the FTR, but related to fund transfer activity. 2) the second step aims at identifying, for each area of risk, the possible revisions of FTR which could improve its effectiveness and proof against ML and TF. Areas of ML and TF risks are identified, as shown in figure 11 below, through analysing the following issues: The types of violation of the FTR experienced by EU MS; The risks associated to the use of FTR derogations; The risks associated to other exemptions foreseen by the FTR; The potential risks associated to the introduction of new FTR derogations; The risks associated to other forms of FT activity which drop outside the scope of FTR. After assessing each area of risk, suggestions are then provided: How to revise the FTR in order to better address these risks and to neutralise the opportunities of misuse for ML and TF purposes (crime proofing of the FTR); If and how to extend the scope of the FTR in order to cover other forms of fund transfers at high risk of ML and TF which are not specifically addressed by Regulation 1781/2006. The information which is used in the analysis has been collected in various manners, namely: 1) Desk research; 2) Interviews with selected stakeholders in each of the 27 EU MS (see section for the list of interviewees); 3) Questionnaires disseminated to selected stakeholders in each of the 27 EU MS (see section 3.2.3); Matrix Insight Ltd. & Transcrime 16th September

111 4) Case-studies of misuse of fund transfers for ML and TF purposes, provided by relevant EU LEAs, FIUs, SAs; 5) Statistics provided by EU MS NSAs or other relevant EU institutions (e.g. ECB, Eurostat, etc) Violations and Breaches of the FTR For identifying the main areas of risk of the FTR, it is crucial to first understand the most common violations and breaches of the regulation recorded by national Supervisory Authorities after the implementation of the FTR. According to the results of the stakeholder interviews, most of the EU Member States have signalled either none or only minor violations of the FTR to date. The most common issues regard (please see Figure 11 below for details): a) Cases of missing or incomplete information on the payer; b) Lack of reporting to relevant and correct LEAs/FIUs/SAs institutions; c) No diligent application of selected FTR obligations, e.g. distinction between intra-eu and extra-eu fund transfers (Art. 6 and 7) and obligations regarding record keeping of information on the payer (Art. 11). However, it should be noted that violations are only reported by a small fraction of the EU Member States contacted during the interviews. Figure 11: Number of EU MSs which Reported Cases of FTR Violations in the Interviews, Broken Down by Type of Violation Missing or incomplete information on the payer Not diligent application of FTR wrt distinction between intra EU and extra EU Not diligent application of FTR wrt freezing of assets Not diligent application of FTR wrt record keeping of info on the payer Lack of check between payers' ID and sanction lists Lack of Lack of PSP reporting to internal relevant and systems or correct procedures to LEA/FIU/NSA detect missing information on the payer N=23 With regard to the cases of incomplete or missing information on the payer, it must be remarked that almost no official statistics are available at EU Member State level, neither regarding rejections of transfers due to missing or incomplete information on the payer, nor regarding requests of additional information (Art. 9.1 FTR) or reports filed to the competent authorities (Art. 9.2 FTR). Matrix Insight Ltd. & Transcrime 16th September

112 However, on the basis of the results of the interviews carried out at Member State level, the following issues could be highlighted: 1) The Payers name, address and payers account number are the most common incomplete or missing information in fund transfers; 2) The lack of PSPs internal systems or procedures to automatically detect missing information on the payer has been acknowledged by a few respondents with regard to PSPs operating in EU Member States; 3) Cases of wire transfers with missing information on the payer have been recorded with particular reference to selected non-eu countries, especially transfers coming from the US and Switzerland. 292 Finally, as already pointed out in the cost-benefit analysis (see section 6.1), it is not possible, given the available statistics on suspicious transaction reports filed to FIUs, to understand how many STRs have been generated due to violations of the FTR. It is therefore not possible to use STRs as proxies of the extent of misuse of the FTR for ML or illicit purposes Areas of Risk Associated to FTR Derogations and Exemptions The second issue to be taken into account in the risk assessment of the FTR is the existence of areas of risk incorporated in the Regulation, and in particular with regard to its exemptions. This is particularly crucial for identifying FTR loopholes and for revising the FTR to better protect it against ML or TF misuse. Three possible sources of risk have been identified: 1) Risks associated to the use of FTR derogations (Art. 3 FTR); 2) Potential risks associated to the introduction of new FTR derogations; 3) Risks associated to the application of intra EU-extra EU differentiation (Art. 6 and 7 FTR). These areas have been assessed in each of the 27 EU Member States through interviews and desk research to understand the actual levels of risk associated. Risks associated to the use of FTR derogations and the introduction of new FTR derogations No specific risks associated to the use of FTR derogations have been identified by the stakeholders interviewed. The quite extensive application of FTR derogations across all EU MSs (see section 5.2.1) could confirm the low level of risk associated to these exemptions. However it must be remarked that few stakeholders have expressed concerns regarding: a) The derogation foreseen by Art. 3.2 related to the use of debit or credit cards; b) The derogation foreseen by Art. 3.3, related to the use of E-Money; c) The derogation foreseen by Art. 3.4 related to the use of mobile telephones and other new payment systems. 292 Stakeholder interviews in Belgium, Italy, Slovenia, Sweden, France and Spain. Matrix Insight Ltd. & Transcrime 16th September

113 In particular with regard to e-money, it has been suggested by respondents of 3 EU Member States 293 to revise Art. 3.3 by lowering the 1,000 threshold due to the high ML and TF risk associated also to small amounts of fund transfers. Respondents in 2 Member States 294 have even suggested eliminating Art. 3.3 from the list of derogations. As shown in section 5.2.1, no need for further derogations has been highlighted by national stakeholders; as a consequence, no potential risks associated to new derogations could be identified. Risks Associated to the Application of Intra-EU vs. Extra-EU Differentiation As shown in section 5.2.4, the application of intra EU vs. extra-eu differentiation to fund transfers (Art. 6 and 7 FTR) is not applied uniformly across EU Member States. Similarly, there is no common perception about the risk incorporated in this exemption. In general, no specific risks associated to the use of intra-eu vs. extra-eu differentiation have been identified. 295 However, suggestions to take away the intra-extra EU differentiation have been raised by some interviewed stakeholders, even if these are not necessarily linked to AML purposes. See Tables 13 and 14 in section for costs and benefits which have been identified by interviewees that could arise after taking away this exemption. In addition, modifications to current and existing PSP IT systems are indicated as the most important source of cost by stakeholders. Other Areas of Risk in FT Activity On the basis of the analysis carried out across EU Member States, other areas of ML and TF risks have been identified, which refer to forms of fund transfers not specifically addressed by the FTR. These are connected in particular to Money Value Transfer Services (MVTS) and e-money Money Value Transfer Services (MVTS) As already outlined in section 4.2.2, in recent years MVTS have experienced a significant growth in terms of volume and type of services, both, in and outside the EU. This could be attributed in particular to the increase of remittances from migrants across the globe, with countries often operating as senders and others as receivers of remittances (see Figure 12 below). However, the risk that MVTS companies could be also misused by criminal organisations and adopted for ML, TF and other illicit purposes, has often been signalled by both EU and international authorities and agencies in the AML field. 296 Figure 12: Volume of Money Remittances Sent and Received in Selected MONEYVAL/FATF Member States (Millions EUR) Country Sent Received Armenia Bulgaria NA NA Cyprus SA Latvia; SA & FIU Slovenia. 294 SA Austria; FIU Czech Republic. 295 Concerns have been highlighted, occasionally, since internal transactions are wrongly classified as less risky (see for example Austria (FIU) and Germany (PSP) 296 See e.g. FATF (2010), Money Laundering through Money Remittance and Currency Exchange Providers Matrix Insight Ltd. & Transcrime 16th September

114 Country Sent Received Germany Spain NA NA Georgia Greece NA NA Croatia Italy Monaco FYR Macedonia Malta Ukraine Source: FATF, 2010 On the basis of the desk research and the interviews held with national stakeholders, several factors could be identified that make MVTS companies particularly vulnerable for ML/TF purposes, e.g. the lack of AML regulations specifically addressing MVTS (see below); the variety of products and services offered; the variety of distribution channels (see below); the high transfer speed; their cash-intensive business model. With regard to the way how MVTS companies could be exploited by organised crime, common techniques could be profiled. These include, for example: 1. Structuring or smurfing, i.e. whenever a criminal or a criminal group breaks down an amount to be transferred into small transactions so as to stay within the surveillance threshold and avoid CDD check; 2. Use of money mules, i.e. use of natural persons acting as straw men of criminals or criminal groups; 3. Multiple senders, i.e. use of high number of senders transferring funds to single beneficiaries linked to OC groups; 4. Use of false identities, which aimed at making it ineffective any CDD or identity verification performed by MVTS officers. Each of these activities leaves signals which represent indicators of ML activity and should be taken into account both by PSPs and LEAs. For example, occurrences such as the mismatch between the economic activity, country of origin, person and the money remittances received or high numbers of transfers over a short period of time made by the same person could signal the commission of ML and TF offences For a more detailed list please see FATF (2010), p. 21, 46-48; Matrix Insight Ltd. & Transcrime 16th September

115 Due to its implications in terms of policy, it is crucial to note that MVTS companies are not exploited by organised crime only acting as clients, but also as owners of the same MVTS companies. This new trend is evident, for example, in those cases reported by some EU LEAs/FIUs regarding: the involvement of MVTS agents and employees in ML cases; the exploitation by OC of MVTS as third-party settlement of invoices. In the first case, LEAs/FIUs at both, EU and international level, have discovered that OC groups could corrupt employees or hire MVTS agents and sub-agents to perform fund transfers avoiding monitoring or CDD measures 298 ; in the second case it has been signalled that MVTS companies operating in selected countries could be controlled by OC and exploited for ML or TF purposes especially as part of a third-party settlement process. 299 The fact that OC groups exploit MVTS for ML and TF purposes not only as clients but also as owners of the same companies asks for a change in the EU AML policy in the sense that controls should be strengthened not only for monitoring the degree of compliance of MVTS with the existing AML obligations, but also for identifying the people controlling these companies, i.e. reconstructing their ownership structure and clarifying their beneficial ownership. MVTS Risks and the FTR Besides a general assessment of the ML and TF risk associated to MVTS, the focus needs to be on those risk issues specifically relating to the FTR. On the basis of the analysis carried out in the 27 EU Member States as well as the interviews carried out with MVTS companies and e-money providers, the following critical matters have been identified: 1. Risks related to MVTS companies proprietary messaging systems; 2. Differences in the application of the FTR between credit institutions and MVTS companies; 3. Differences in the application of the FTR between different types of MVTS companies; 4. Cases of surveillance arbitrage by MVTS companies across EU Member States. 1. Regarding the risks related to MVTS proprietary messaging systems, the fact that MVTS in general rely on an own proprietary messaging standard could theoretically create problems of loss of information whenever a transfer involves different MVTS companies or PSPs (e.g. MVTS and banks) due to the use of different messaging systems (e.g. proprietary MVTS vs. SWIFT, etc.). However, it must be noted that: a) Although available, transfers between MVTS and banks (e.g. cash-to-account, account to-cash transfers) are not yet widespread; b) In case of major MVTS groups (e.g. Western Union or Moneygram), messaging systems already include information compliant with FTR obligations and even with new FATF Recommendation 16 (info on the beneficiary). In general, a deeper analysis of the messaging systems used by EU PSPs and of the related problems is highly recommended. 298 See for example FATF (2010), p ; 299 See for example SOCA (2011). Matrix Insight Ltd. & Transcrime 16th September

116 2. Indications that banks could currently be more strictly regulated than MVTS companies have been provided by selected Member State stakeholders 300, both pertaining to the LEA/FIU/SA domain and to PSPs. In particular, it has been signalled that an unequal application of the FTR and related regulations, mainly regarding a less strict application of KYC/CDD measures, could guarantee MVTS an unfair competitive advantage with respect to banks in the FT activity. Harmonising the playing field for all PSPs, including money remitters, has been highly recommended by stakeholders. 3. The MVTS industry is characterised by a huge variety. Both, the number of MVTS companies in each Member State (see Figure 13 below) and the type of distribution channels used vary largely across the EU. Depending on the country, MVTS services could be offered either by post offices, banks, currency exchanges, travel agents, hotels, phone centres, internet centres, news agents and stationers. In addition, while major MVTS companies (e.g. Western Union, Moneygram, etc.) operate at international level, in some countries FT services are provided also by small or even micro businesses. Differences across MVTS could entail different degrees of compliance with the FTR and AML regulations. In particular, some of the interviewed stakeholders among Supervisory Authorities have signalled an effective cooperation with major MVTS groups while lamenting some problems with smaller MVTS businesses. 301 Figure 13: Number of Money Remittance Providers in Selected FATF Countries (year 2008) Country N of MR providers Country N of MR providers USA Netherlands 28 UK 2818 Greece 14 Hong-Kong, China 2008 Slovakia 11 Mexico 1085 Bulgaria 7 Denmark 334 Cyprus 7 Sweden 96 Malta 7 Finland 70 Latvia 6 Spain 46 France 4 Germany 38 Poland 2 Estonia 34 Croatia 1 Italy 30 Other 0 Source: FATF, Stakeholders have pointed out that after the implementation of the FTR, PSD and other related regulations in their countries, MVTS companies have migrated to other EU Member States while keeping the local agencies active on the territory. This change of jurisdiction could be explained as an attempt of surveillance arbitrage to avoid stricter monitoring in selected EU MS. Although this phenomenon is still under scrutiny 302, a closer look to MVTS company movements across EU Member States would be highly recommended. 300 In particular Austria, France, UK. 301 For example in Italy. 302 For example see Italy. Matrix Insight Ltd. & Transcrime 16th September

117 6.3.4 E-Money and New Payment Methods Similar to MVTS, the e-money sector has rapidly grown in recent years. In particular, an increase has been registered for e-money as a substitute of traditional banking instruments (e.g. of banking accounts), which could be attributed to the low costs of certain instruments if compared to the correspondent banking ones (e.g. prepaid cards vs. debit cards). This has helped the diffusion of e-money among low-income groups of the EU population who were not able to access the financial sector before. The risk that e-money could also be misused by criminal organisations for ML and TF has been increasingly underlined by competent authorities at EU and international level 303, and special warnings have been occasionally issued by SAs, FIUs and LEAs, signalling anomalous use of e-money which could be related to ML activity. 304 The analysis carried out across EU Member States by the study team confirms these concerns, as in 11 cases (N=22), e-money was identified as a critical area of ML and TF risk in the FT activity. As described in section 5.2.3, it must be noted that e-money at EU level is already very highly regulated and subject of a complex set of obligations, including Regulation 1781/2006, Directive 2009/110/EC ( E- Money Directive ), Directive 2007/64/EC (PSD), Directives 2005/60/EC and 2006/70/EC (AML Directives) and others. However, uncertainties and loopholes around how e-money is regulated still remain, due to the fact that this sector is still under development and new products and services are constantly put on the market. E-Money Risks and the FTR With particular reference to the FTR, the following critical issues have been identified: 1. Risks related to the definition of e-money; 2. Risks associated to anonymity of pre-paid cards holders; 3. Risks associated to the 1,000 threshold for the FTR application. 1. In 2008, an impact assessment conducted by the European Commission 305 identified problems around the definition of e-money which create legal uncertainty and which could make it difficult to define exactly the extent of application of AML regulations, including the FTR, to e-money products. For example, sometimes wire transfer systems as employed by MVTS companies are regarded as e-money systems 306. Furthermore, mobile phones can be used for both e-money as well as for payments with real money (through internet banking). Legal uncertainty applies also to the foreign exchange market as it has been signalled by a few stakeholders that it is not yet clear whether FOREX dealers who order transactions via are carrying out an e-money transaction or not. 303 See for example Eurasian Group on Combating Money Laundering and Terrorism Financing (EAG). Working Group on Typologies (WGTYP). Risks of Electronic Money Misuse for Money Laundering and Terrorism Financing See for example the warning issued by Italian FIU on 27th February 2012 regarding an anomalous use of pre-paid cards for withdrawing cash from ATM points. See Circolare UIF UTILIZZO ANOMALO DI CARTE DI PAGAMENTO PER PRELEVAMENTI DI DENARO CONTANTE available at < 305 European Commission. Accompanying document to the proposal for a Directive of the European Parliament and of the Council amending Directive 2000/46/EC on the taking up, pursuit of and prudential supervision of the business of electronic money institutions. Impact Assessment. Draft Commission Staff Working Document SEC(2008) Ibid, p. 6 Matrix Insight Ltd. & Transcrime 16th September

118 In this sense, it has to be remarked that definition problems are worsened by the fact that the e-money sector is still under development, and that the financial industry is constantly producing new e-money products or services which have not been fully comprehended from a legal point of view. Hence: An extension of the scope of the FTR, taking into account the current developments of the e- money industry, and the Harmonization of the E-Money Directive and of AML, PSD, FTR obligations. have been highly recommended by interviewed stakeholders for improving the effectiveness of the FTR against a possible misuse of e-money for ML and TF purposes. 2. The second critical issue related to e-money concerns the anonymity of holders of pre-paid cards. Several forms of e-money do not require a personal contact of the financial system with the client. In these cases, it is hence difficult or almost impossible to identify the actual holder and user of these instruments, thus making it difficult for PSPs, FIUs or LEAs to establish links between e-money users and OC groups. 3. Finally, as already anticipated in section with the comments to the FTR derogation in Art. 3.3 FTR, concerns about the 1,000 threshold foreseen by Regulation 1781/2006 have been expressed by several selected stakeholders, as also smaller amounts of money could entail high risk of ML and TF. In fact, criminals may make use of smurfing or structuring techniques (see section 6.2.3) for laundering money which rely on a high number of transfers of small amounts in order to avoid CDD activity by PSPs. As outlined above (see section 6.2.2), it could hence be recommended to consider the appropriateness of removing the FTR derogation specified in Art FTR Risk Assessment and Crime Proofing: Conclusions Table 35 below summarises the results of the risk assessment exercise. For each category different areas of risk have been identified. On the basis of the desk research and of the interviews with selected national stakeholders, an extent of risk has been qualitatively assessed for each area of risk. Finally, possible revisions of the FTR are suggested which could improve the FTR s effectiveness against ML and TF with respect to the relevant critical issues; policy and research implications have also been considered, given that most of the identified areas would require modifications to the FTR on the one hand, or on the other hand deserve a closer examination and further analysis. Matrix Insight Ltd. & Transcrime 16th September

119 Table 35: Summary of Risk Assessment and Crime Proofing Risk category Areas of risk Extent of risk Violations breaches FTR and of Areas of risk associated to FTR derogations and exemptions Missing or incomplete information on the payer Lack of reporting to relevant and correct LEA/FIU/NSA institutions Not diligent application of selected FTR obligations Derogation 3.2 Low NA Derogation 3.3 Possible revisions to FTR Policy implications/proposals Research implications Low NA Improving NSAs ways of collecting statistics and figures Low NA a) Improving Better identification and communication to PSPs of the relevant NSA/FIU/LEA in the FTR domain in each EU MS Low NA a) Increasing awareness of EU PSPs towards FTR obligations; b) Strengthening the monitoring of PSPs compliance with respect to selected FTR issues: - Intra-extra EU distinction - Payers information record keeping - Freezing of assets Medium /High - Lowering 1,000 Euro threshold - Take away Derogation 3.3 Derogation 3.4 Medium - Lowering 250 Euro threshold - Take away derogation Extending FTR scope to better address developments in E-Money industry Extending FTR scope to better address developments in NPM industry on violations and breaches of FTR Strengthening and widening the analysis of the E-Money and NPM industry so as to better understand its role and impact on EU financial market and payment service sector. Matrix Insight Ltd. & Transcrime 16th September

120 MVTS Risks related to MVTS proprietary messaging systems 3.4 Low NA Strengthening standardization of messaging systems across EU PSPs Better understanding of the technical differences among different FT messaging systems Differences in the application of FTR between banks and MVTS Differences in the application of FTR between different types of MVTS companies Cases of surveillance arbitrage by MVTS across EU MS Cases of MVTS controlled by OC groups E-Money Risks related to the definition of E-Money; Medium NA Extending FTR scope to better address developments in MVTS industry Medium NA a) Increasing awareness of small MVTS towards FTR obligations; b) Strengthening the monitoring of compliance with FTR and related obligations on selected types of MVTS companies (e.g. small companies, companies owned by groups active in risky countries, etc) Strengthening and widening the analysis of MVTS industry in order to better estimate its impact on EU financial market and PS sector Identifying risk factors within MVTS companies Low NA NA Gaining a better understanding of the cross-border dynamics within the MVTS sector in the EU High NA Strengthening the controls over the groups/companies/individuals controlling MVTS companies in the EU so as to identify possible connections with organised crime groups or with ML / TF purposes High Revisions in terms of definition of E-Money a) Extending FTR scope to better address developments Gaining a better understanding of the ownership structure of MVTS companies in the EU Strengthening and widening the analysis of the E-Money Matrix Insight Ltd. & Transcrime 16th September

121 adopted in the FTR, by taking into account recent developments in the E-money industry in the E-Money industry b) Increasing harmonization among AMLD, PSD, FTR, E- Money and related regulatory initiatives industry, and especially of prepaid cards usage, so as to better understand its role and impact on EU financial market and payment service sector. Risks associated to anonymity of pre-paid cards holders; High Evaluate the possibility whether to introduce certain EDD measures in the FTR in order to tackle prepaid cards holders, though this could be better applied by the revised Anti-Money Laundering Directive a) Increasing awareness among EU PSPs about E- Money issue; b) Strengthening the controls over prepaid cards operations Risks associated to 1,000 euro threshold for FTR application; Medium /High - Lowering 1,000 euro threshold - Take away Derogation 3.3 Extending FTR scope to better address developments in E-Money industry Matrix Insight Ltd. & Transcrime 16th September

122 7.0 Conclusions and Recommendations The following chapter brings together and summarises the key conclusions drawn from the various findings of this study, and makes recommendations to maximise the relevance and effectiveness of the FTR by addressing the main shortcomings that were identified. In addition, conclusions and recommendations are presented for a possible extension of the scope of the FTR, i.e. to include information on the beneficiary for wire transfers. The study has confirmed that the overall scope and objectives of the FTR are clearly relevant in view of addressing the problem of money laundering and terrorist financing related to fund transfers. However, there are several specific issues that will need to be further clarified and refined by the European Commission in order to avoid misinterpretations, ensure a consistent level of implementation of the FTR s provisions and finally to maximise the effectiveness of the Regulation (these are specified in the sections below). In this context, there seems to be a lack of informationflow between actors nationally (i.e. national authorities, practitioners etc.) as well as at European and international level, which needs to be addressed (i.e. implementation guidelines issued, issues around the SWIFT messaging system and other issues further described below). The study has shown that the FTR was originally designed having primarily credit institutions in mind rather than all types of Payment Service Providers (for example MVTS companies), which means that the obligations of MVTS companies specialised in remittances are not always clear. In order to ensure a greater coverage and a more effective approach towards global AML and TF, the scope and coverage of the FTR should be reviewed and potentially extended to address this issue. The remainder of this section will be structured according to the research questions set out in the ToR (presented in Annex 8.1) and address the following five main issues: 1) Scope and exemptions from scope (Art. 3 FTR); 2) Implementation issues; 3) Effectiveness of Supervision; 4) Penalties (Art. 15 FTR); 5) Possible extension of the Scope of the Regulation. 7.1 Scope and Exemptions from Scope (Art. 3 FTR) Use of Derogations Art. 3 of Regulation 1781/2006 excludes certain transfers of funds from the scope of this Regulation. The findings of the study show that the derogations provided for by Art. 3 are currently all being used, but not to the same extent in all EU Member States (see section 5.2.1). 307 The findings stemming from the desk research and stakeholder interviews show that the derogations provided for by Art. 3(4) and Art. 3(7) of the FTR are those used most often by Member States. 307 As outlined in section 5.2.1, the use of derogation is under the discretion of PSPs; however, given that not all PSPs for each Member States have been interviewed, these findings need to be treated with caution. Matrix Insight Ltd. & Transcrime 16th September

123 The FTR leaves to the discretion of Member States whether they make use of three specific derogations or not, namely Art.3(3) FTR (e-money < 1,000), Art. 3(6) FTR (unique reference number < 1,000) and Art. 18 FTR (non-profits). The study concludes that out of these three, the derogation provided for by Art. 3(3) FTR is the one most often used by Member States, while the derogation in Art. 18 FTR is the one used least often. Stakeholders provided a number of reasons for not making use of certain derogations (see Table 9 in section 5.2.1). Most relevant in this context is the feedback received for not using the derogations provided for by Art. 3(7)b and Art. 3(7)c FTR. In case of the former derogation (debit transfer authorisation between two parties), it was argued that the derogation is no longer necessary as the transfers described by this derogation already carry sufficient information. For the latter (truncated cheques), some stakeholders informed that the market for this is experiencing reducing volumes and hence the derogation is not used. The study findings also indicate that there is unanimous agreement among stakeholders that no further derogations are needed, but that modifications to current derogations might be required depending on the future development of the industry, i.e. around e-money and other new technologies (see section below). Recommendations: The study concludes that there are differences in the use of certain derogations, and that no further derogations are needed for the time being. Given that a number of Member States have already made the choice not to apply certain derogations, and due to the fact the recent changes made to the FATF international standards have limited the possibility for derogations while at the same time requiring that certain information will still be transmitted below the 1,000 threshold (see INR16.5), a reduction of the set of derogations in the current FTR could be envisaged. If DG MARKT would decide to abolish any of the existing derogations, this should be done in order to further align the Regulation with the new FATF international standards ,000 Thresholds The study findings reveal that there is no uniform perception among national stakeholders across the 27 Member States whether the 1,000 thresholds should be maintained, and opinions largely depend on the type of stakeholder interviewed. Several stakeholders argued though that even transactions of small amounts can represent a risk for money laundering and terrorist financing. This is a consideration to be taken into account for the revision of the FTR. Recommendations: The study concludes that while there are numerous different perceptions on the 1,000 threshold, no clear indication has been given if and to what extent this threshold should be changed. However, given that even transactions of small amounts can pose a risk for money laundering and terrorist financing, it is recommended to DG MARKT to ensure that a revised Regulation does not allow for a complete exemption of this threshold. As indicated above, the new FATF international standards already require that certain information will be transmitted below the 1,000 threshold. Therefore, the FTR should be revised in alignment with these standards. Matrix Insight Ltd. & Transcrime 16th September

124 7.1.3 E-Money and New Payment Methods The study found e-money and new technologies to be important aspects in the context of fighting money laundering and terrorist financing. There is still little concrete information available on both issues, which makes it difficult to assess the size and the actual risk of the market. In most EU Member States, very few if any PSPs are licensed to trade with e-money and the e-money sector is still under development. In addition, there appear to be issues around the definition of e-money and other new technologies / new payment methods (see section 5.2.3), which make it difficult to assess exactly the extent of application of AML regulations, including the FTR, to e-money products. The lack of clarity is amplified by the fact that the financial industry is regularly producing new e-money products or services which have not been fully assessed from a legal viewpoint. The study s risk assessment (see section 6.3) shows that e-money was identified as a critical area of ML and TF in the transfer of funds activity. At EU-level, e-money is already very highly regulated. However, the study findings suggest that the regulation of banks and providers of e-money and other new payment products in this context differs, with banks perceiving themselves to be more strictly regulated, indicating an unfair competitive advantage granted to the providers of new payment methods. Finally, the study found that there are concerns around the 1,000 threshold related to e-money foreseen by Art. 3(3) of Regulation 1781/2006, as smaller amounts of money could also entail high risks of ML and TF (as indicated above). On the other hand, concerns were voiced that lowering this threshold too much could drive small businesses and less wealthy consumers into the market for cash transactions which is harder to supervise than the market for new payment methods. Recommendations: In light of the above conclusions, and taking into account the current developments of the e-money industry, the study recommends that DG MARKT extend the scope of the FTR to sufficiently cover e- money and other new payment methods by better reflecting new payment methods that have entered the market, and to better reflect the revisions made to the FATF international standards Intra- vs. Extra-EU Rules The study concludes that the application of intra-eu vs. extra-eu rules in terms of data requirements for fund transfers is not applied uniformly across the EU Member States (see section 5.2.4). In addition, stakeholders in two Member States reported to have different data requirement rules between national and international transfers, but do not make any distinction between intra- and extra-eu transfers. The analysis of the data collected suggests that those PSPs who differentiate between intra-eu vs. extra-eu rules are generally in favour of keeping this distinction. It was argued that any change to the current system would lead to high costs in terms of necessary modifications to the existing IT systems and technical standards, the increase in the amount of information to be collected as well as the increase in the workload of officers. These costs were not perceived as being proportionate when compared to the potential benefits of harmonising the existing rules. Recommendations: The study concludes that there is not a strong evidence base that changing the current system of intra-eu vs. extra-eu rules would have an impact on ML or TF activities, whereas the costs incurred for changing the systems seem high. It is therefore recommended to generally keep the current distinction of intra-eu vs. extra-eu rules for data requirements for funds transfers in place. DG Matrix Insight Ltd. & Transcrime 16th September

125 MARKT could consider though allowing for a "simplified" regime for cross-border wire transfers amounting to EUR 1,000 or less (according to INR16.5 of the interpretative note to Recommendation 16), unless there is a suspicion of ML or TF. The study also concludes that specific systems are in place for PSPs (i.e. SWIFT) and LEAs to request missing information from the payer s PSP in cross-border cases. While these systems seem to work sufficiently for the information exchange of PSPs, the study findings suggest that in the case of LEAs, further work on cooperation arrangements is necessary to enhance the information exchange without delay according to Art. 14 FTR, especially in a cross-border context (see section 5.3.2). 7.2 Implementation issues Compliance Costs Only limited data on measures and costs for compliance with the FTR were made available by stakeholders contacted over the course of the study. The findings collected nevertheless suggest that IT costs as well as staff costs, i.e. the number of man days devoted by PSPs for complying with the FTR, were the highest cost items for complying with Regulation 1781/2006. In terms of ranking by type of institution bearing the costs, the study concludes that payee s PSPs are those carrying the most significant burden for implementing the Regulation, given that they have to screen and report on the information received for wire transfers. That having been said, IT costs in particular are likely to be a one-off cost item, as once the FTR has been implemented at national / practitioner level, IT systems will have been adapted accordingly, and therefore no additional costs should be incurred Rejected Transfers due to Missing Information The study findings reveal that the information most commonly missing in wire transfers is information on the payer, i.e. the name and address, as well as the payer s account number. While our research indicates that PSPs usually seem to request complete information from their counterparts, the study findings do not show a uniform picture regarding the extent to which they undertake further actions as required by the FTR, i.e. issuing reports about other PSPs who are not complying with the Regulation. Some stakeholders suggested that PSPs might not be aware of their reporting duties whenever sending/originators PSPs regularly fail to send complete information (Art. 9 FTR). The findings also confirm that PSPs only seem to reject fund transfers in very rare occasions - PSPs seem to be hesitant as they do not want to delay transfers without a legal basis. The study also concludes that few cases of transactions with missing or incomplete information actually lead to cases to be opened, investigations, indictments or prosecutions. Recommendations: In order to further enhance the Regulation s relevance and effectiveness to combat ML and TF, it is recommended that DG MARKT further clarifies the reporting obligations for and further steps to be carried out by PSPs under Art. 9 FTR. The CEBS common understanding outlines the actions to be undertaken by PSPs when information is not complete, accurate or missing in wire transfers. The revised Regulation should either specify these actions, or make reference to the relevant parts in the CEBS common understanding. Matrix Insight Ltd. & Transcrime 16th September

126 7.2.3 Technical Limitations With a view to likely technical limitations according to Art. 13 FTR (where the payer s PSP is situated outside the EU and the intermediary PSP is situated within the EU), the study findings indicate that there is an issue around the definition of technical limitations. In a few cases, stakeholders did not understand what this term in the Regulation means and hence did not know how to apply it. In addition, they had difficulties clarifying the term with relevant national authorities. Therefore, the study concludes that there is some uncertainty and ambiguity around the exact definition of the provisions in Art. 13 FTR, which need clarification. The findings of the study show that technical limitations can occur when intermediary PSPs use different payment systems for intra- and extra-eu transfers, or when information is not sufficiently passed on to intermediary banks. These limitations mainly refer to diverging European and international messaging systems. Individual suggestions from stakeholders as to how to overcome these technical limitations included the newly introduced SEPA credit transfer scheme (see section 5.3.3). With regard to new developments in the payment area, the study findings show that there seem to be some difficulties with the SWIFT format, as PSPs in different Member States appear to interpret the required information to be provided in different ways. Stakeholders argued that at times, the format leaves too much room for interpretation. In such cases, PSPs are forced to request additional clarification from their counterparts in other Member States. This can result in transfers being delayed, though such delays seem to be rather rare and their impact not substantial. It can nevertheless be concluded that there is room for improvement to overcome technical limitations in light of new developments in the payment area. Recommendations: It is recommended that the provisions and definitions in Art. 13 FTR should be further clarified by DG MARKT, i.e. either in the text of the FTR or by issuing clear guidelines for PSPs. In order to overcome technical limitations as per Art. 13, the use of the SEPA credit transfer scheme could be encouraged, i.e. by making its use mandatory in interbank transfers between EU Member States and third countries. To overcome the technical limitations that can occur when intermediary PSPs are involved in wire transfers, they should ensure that all originator and beneficiary information are retained with wire transfers, as well as to take reasonable measures to detect missing information and to establish effective risk-based policies and procedures for determining the action to take. This should be taken into account by DG MARKT when revising the FTR. In addition, it is recommended for SWIFT to provide international guidance on how information should be provided and presented by PSPs in order to guarantee a uniform application of the messaging system. 7.3 Effectiveness of Supervision Cooperation between Authorities Matrix Insight Ltd. & Transcrime 16th September

127 Data and information collected as part of this study show that cooperation appears to take place between national authorities for intra-eu cross-border transfers, but that authorities mainly correspond with their direct counterparts in different Member States. LEAs, for example, will not directly contact PSPs in another Member State in order to obtain required information, but will rather contact other LEAs in a process of mutual legal assistance. Keeping these official communication channels would be an effective approach when organisations at national and European level communicate sufficiently. The research undertaken by the study team suggests, however, that these communication levels and relevant systems, such as Interpol, Europol and FIU-net, could still be improved, especially in terms of cross-border cooperation for wire transfers (as indicated above). Recommendations: In order to avoid waiting times to receive information on payers, as indicated for example by LEAs in cases of cross-border wire transfers, it is recommended that official and established communication lines need to be further enhanced. In this context, the findings of this study suggest that the current cooperation within the FIU platform could be enhanced, and that the cooperation between FIUs and LEAs could be improved to enhance and strengthen the information exchange Monitoring of Compliance with the Fund Transfers Regulation The study also confirms that procedures for monitoring the compliance with the FTR vary across the European Member States. In most Member States, relevant national authorities have issued guidelines for the implementation of the FTR at national level. Most of these guidelines are based on the CEBS common understanding, which was perceived as very helpful by most stakeholders. Several stakeholders still found the level of guidance they receive from national authorities as insufficient though, especially in terms of defining certain terms and procedures. The study therefore concludes that the varying level of implementation of the FTR can be explained in part by divergences between guidance provided by national authorities in the Member States. In the majority of cases, it seems that monitoring Member States compliance with the FTR is undertaken by national authorities as part of the wider AML supervisory activities. In addition, the practices for monitoring vary among Member States and can range from regular on-site inspections to off-site supervisions. Recommendations: In order to guarantee a uniform implementation of the FTR across the EU, it is recommended to provide further / more specific guidance on the implementation process, including guidelines on the definition of certain terms and practices. In addition, best practice examples of countries that have successfully implemented the FTR to date could be published, or a forum could be provided where common problems will be discussed, i.e. in the form of stakeholder workshops where questions could be answered and clarified. This might be a role for the European Banking Authority (EBA), which could provide guidance in a format similar to the common understanding CEBS Common understanding of the obligations imposed by European Regulation 1781/2006 on the information on the payer accompanying funds transfers to payment service providers of payees. CEBS / CEIOPS-3L / CESR/08-773; Matrix Insight Ltd. & Transcrime 16th September

128 7.4 Penalties (Art. 15 FTR) Evidence collected as part of this study shows that varying penalty regimes for infringements of provisions set out in Regulation 1781/2006 exist across the EU. While all Member States have a framework for penalties against infringements of the FTR in place, the type of penalties as well as the responsible authorities for imposing these penalties vary considerably. This lack of a common approach can lead to inconsistency in terms of the application of the Regulation as well as a lack of transparency and may even provide an incentive for PSPs to set up their business in a jurisdiction with less strict penalties. However, given the different legal contexts, it could be very difficult to harmonise or dictate penalty levels or types. The research findings show that in particular financial penalties do not seem to be imposed very often. Some stakeholders argued that they are the last resort in a chain of possible actions. In this context, it seems that the threat of naming and shaming, which could lead to serious reputational damage of PSPs, often proves effective to make PSPs comply. In addition, the personal liability of owners and senior managers of PSPs has a strong deterrent effect. Recommendations: In light of the study findings presented, it is recommended for DG MARKT to disseminate best practices in the field of sanctions and penalties. So far this study has identified publicly announced penalties and individual liability of owners and managers as effective tools. However, these measures have not been applied very often, as PSPs seem to generally comply with the Regulation or act upon questions / demands from Supervisory Authorities in order to avoid an official naming and shaming and the related reputational damage. DG MARKT could also go one step further and include specific sanctions in the text of the revised Regulation. 7.5 Possible extension of the Scope of the Regulation Information on the Beneficiary of Wire Transfers With regard to a potential extension of the FTR to include information on the beneficiary of wire transfers, as per the new FATF Recommendation 16, it is important to note that the inclusion of this provision in Regulation 1781/2006 is not a question of if, but rather of how the Regulation should be amended in line with FATF standards. The inclusion of beneficiary information in wire transfers was favoured by the majority of stakeholders interviewed as part of this study. It was argued that it would be easier to trace back transactions when both originator and beneficiary information are available. In addition, the study concludes that the main implementation costs related to the inclusion of beneficiary information would be related to amending IT systems. However, some practitioners were against the inclusion of beneficiary information, mainly because they assumed that this would oblige them to also verify the information on the beneficiary. This could imply serious difficulties, especially when beneficiaries are legal entities. In this context, the CBA has shown that extending the scope of the FTR to include beneficiary information for wire transfers could be the factor with the biggest impact on benefits as well as costs, depending on whether beneficiary information needs to be verified or not. However, FATF Recommendation 16 only requires the name and the account number (or, in absence of an account number, a unique transaction reference number) of the beneficiary. Verification of such information only has to be carried out by PSPs for their own customers, i.e. the payers PSP for the originator and the payee s Matrix Insight Ltd. & Transcrime 16th September

129 PSP for the beneficiary of wire transfers. The study has nevertheless shown that there might be room for misinterpretation, given that stakeholders interviewed seem to be uncertain about potential future verification requirements under EU regulation. Some stakeholders were also concerned that reporting on beneficiary information may violate data protection and privacy rights of customers and could be abused for commercial reasons by those PSPs who receive such information (who may use this information to directly contact their competitors customers). In addition, the study has also highlighted concerns around sending funds accompanied with customer information to third countries which do not have adequate data protection systems in place to prevent the (ab)use of such information. However, this is an important consideration for DG MARKT to take into account when reviewing the FTR in light of the recent FATF changes to SR VII. In addition, certain MVTS stakeholders were concerned that PSPs outside the EU (i.e. in developing countries), which have not implemented the FATF Recommendations, could experience difficulties conducting transactions with PSPs operating in the EU. According to these stakeholders, the adaptation of systems will require a lot of effort and investment from PSPs outside the EU, which will inevitably take time and may result in problems in the wire transfer system. Recommendations: The study concludes that an extension of the Regulation to include required beneficiary information on wire transfers and related messages, as per INR16.6 and 7, would be useful in order to enhance the Regulation s effectiveness in terms of combating ML and TF. In this context, it is recommended that DG MARKT clearly defines what beneficiary information needs to be verified for wire transfers, and by whom. It is further recommended that the nature of the verification requirements is adapted on the basis of FATF Recommendation 16, where the payees PSP has to verify the beneficiary information, not the payer s PSP. It is also recommended that beneficiary PSPs should have effective risk-based policies and procedures in place in order to determine what to do with wire transfers that lack the required originator or beneficiary information, and what appropriate follow-up actions are. Given the concerns around data protection issues when passing on information in wire transfers, DG MARKT should carefully consider the data protection implications when reviewing the Regulation s current provisions and obligations in the context of required information on the beneficiary. It is also recommended to ensure that a sufficient timeframe for the implementation of potential new provisions of an amended Regulation 1781/2006 will be given to ensure that there is enough time for all PSPs, in particular those based in countries outside the EU, to adapt their IT and messaging systems Practical Challenges for PSPs to Take Freezing Actions FATF Recommendation 16 includes the provision that financial institutions can take freezing actions against those PSPs that do not comply with the information requirements for wire transfers as specified in the FTR. The study concludes, however, that FATF Recommendation 16 provides no definition for what freezing actions means for PSPs, and leaves this issue open for interpretation. Matrix Insight Ltd. & Transcrime 16th September

130 The requirement represents nevertheless no new obligations on PSPs, as many (large) banks already compare transactions with sanction lists, i.e. provided by the US authority OFAC. Recommendations: The study concludes that extending the scope of the FTR to include the requirement of freezing actions would go beyond the scope of the Regulation, as this issue is already sufficiently covered by other legal instruments (e.g. Regulation 881/2002) as well as sanction obligations provided for by existing UN Council Resolutions. In addition, taking freezing actions already seems to be common practice for several PSPs interviewed. Therefore, there seems to be no need to extend the scope of the FTR in this respect. Matrix Insight Ltd. & Transcrime 16th September

131 8.0 Appendices Matrix Insight Ltd. & Transcrime 16th September

132 8.1 Research Questions Matrix Questions TOR Indicators Source Relevant Stakeholders 1. What are the economic and legal consequences of the application of Regulation 1781/2006? 2. To what extent do Member States make use of the derogations provided for by Article 3? Issue 1 General Scope and Exemption From Scope Issue 2.a Number/volume of derogations provided for by Art. 3 used in each MS Type of derogation used in each MS (i.e. which derogations are used?) Desk research Interviews with practitioners Interviews with national supervisory authorities Expert representatives of the financial, accounting, banking sectors National supervisory authorities (Name of/cluster of) MSs making use of certain derogations Rationale and criteria behind applying certain derogations Matrix Insight Ltd. & Transcrime 16th September

133 3. To what extent do practitioners make use of the derogations provided for by Article 3? Issue 2.b Number/type of derogations provided for by Art. 3 used by practitioners Type of derogation used by practitioners (i.e. which derogations are used?) Desk research Interviews with financial practitioners Interviews with national supervisory authorities Payment service providers, including banking and financial industry sector National supervisory authorities Rationale and criteria behind applying certain derogations Type of practitioner making use of certain derogations 4. Are there any derogations that might not be applied in practice? If so, why? Issue 2.b Rationale and criteria behind not applying derogations (Name of/cluster of) MSs not making use of certain derogations Type of practitioner not making use of certain derogations Desk research Interviews with practitioners Interviews with national supervisory authorities Interviews with national policy stakeholders Payment service providers, including banking and financial industry sector National supervisory authorities Ministries of Justice Economics/Finance Ministry Matrix Insight Ltd. & Transcrime 16th September

134 5. Does the regulation unwittingly result / promote in any way the misuse of electronic money 309 as well as other newly developed means of payment, for the purpose of ML and TF? Issue 2.c Evidence to what extent the regulation promotes misuse of electronic money Stakeholders perception to what extent the regulation promotes misuse of electronic money If available, relevant case studies from FIUs, LEAs and PSPs Desk research Interviews with FIUs Interviews with LEAs Interviews with practitioners FIUs in all MSs Law enforcement agencies (LEAs) National supervisory authorities Payment service providers, including banking and financial industry sector If available, work undertaken in the field by supervisors and the FATF) 6. How can the regulation be amended to prevent such misuse?(*) Issue 2.c Evidence demonstrating where there is scope for improvement. Stakeholders perceptions for scope for improvement. Desk research Interviews with supervisory authorities FIUs in all MSs Law enforcement agencies (LEAs) National supervisory authorities Interviews with practitioners Interviews with FIUs Payment service providers, including banking and financial industry sector Interviews with law enforcement agencies (LEAs) 309 As defined in Article 1 (3) of Directive 2000/46/EC. Matrix Insight Ltd. & Transcrime 16th September

135 7. To which extent do Member States use the derogations applied to transfers from accounts where the transfer of funds does not exceed EUR 1,000? 310 Issue 2.d Examples of the extent to which this derogation is used in practice. Stakeholders perceptions of this derogation (i.e. are the derogations useful or not?). Desk research Interviews with national policy stakeholders Interviews with practitioners Payment service providers, including banking and financial industry sector Ministries of Justice Economics/Finance Ministry 8. What are the pros (benefits) and cons (costs) of applying different rules for intra- EU and extra-eu transfers? Issue 2.e Number and criteria for using intra-eu and extra-eu rules? Evidence demonstrating pros and cons to use individual approaches. Desk research Interviews with MS representatives Interviews with practitioners FIUs in all MSs Law enforcement agencies (LEAs) Ministries of Justice Evidence demonstrating that differentiation between the rules makes sense. Economics/Finance Ministry Payment service providers 9. What would be the pros (benefits) and cons (costs) of taking away the differentiation between intra-eu and extra-eu? 10. Should further derogations be made (i.e. concerning products; geographically etc.)? Provide reasons. Issue 2.f Perception of stakeholders Interviews with practitioners Payment service providers, including banking and financial industry sector Stakeholders perceptions of type/number of derogations necessary (i.e. products / geographically?)? Interviews with MS representatives Interviews with practitioners Payment service providers 310 Note: According to the steering group, there is no such differentiation in some Member States, and some Member States do not want a differentiation. Matrix Insight Ltd. & Transcrime 16th September

136 11. What are the potential risks of further derogations? Issue 2.f Stakeholders perceptions if/which other derogations might be necessary? Interviews with FIUs Interviews with LEAs FIUs in all MSs Law enforcement agencies (LEAs) Stakeholders perceptions what risks further derogations might pose? Interviews with MS representatives Ministries of Justice Economics/Finance Ministry Interviews with supervisory authorities Supervisory Authority Payment service providers Interviews with practitioners 12. How could these risks be mitigated? Stakeholders perceptions on how these risks could be mitigated. Interviews with MS representatives FIUs in all MSs Law enforcement agencies (LEAs) Interviews with practitioners Ministries of Justice Economics/Finance Ministry Supervisory Authority Implementation Issues 311 Payment service providers 311 Differentiation between banks and money remitters needed when asking questions on FTR implementation. Matrix Insight Ltd. & Transcrime 16th September

137 13. What measures in terms of staffing, training, policies, IT systems etc do payment service providers 312 use to comply with the FTR? (taking into account national payment systems vs. proprietary systems): Payer s PSP Payee s PSP Intermediary PSP Issue 3.a Number / type of different payment systems in use Specific issues related to national payment systems vs. proprietary systems 313 Number / type of different obligations for: Payer s PSP Payee s PSP Intermediary PSP Results of these obligations (i.e. what are banks /money remitters doing as a result of the FTR / what would they be doing anyway in case the SWIFT system was not in place?) Desk research Interviews with practitioners Interviews with MS representatives Payment service providers Ministries of Justice Economics/Finance Ministry Costs of compliance with existing rules? Number / type of measures necessary to comply with the FTR Costs of compliance with additional rules (estimates)? Monetary value of introducing these additional measures 312 Note: the steering groups stressed that there is a need to identify the difference between certain types of stakeholders (i.e. banks vs Western Union). 313 For questions to be included in the questionnaires, please see the following rows. Matrix Insight Ltd. & Transcrime 16th September

138 14. Among the above measures, which are the most relevant sources of costs for complying with FTR existing rules? Issue 3a Stakeholders perception on the most relevant source of cost due to implementation of FTR as: Payer s PSP Payee s PSP Intermediary PSP Desk research Interviews with practitioners Interviews with MS representatives Payment service providers 15. Which are the staff costs, on an annual basis, arising from implementation of FTR? Issue 3a Number of staff man months devoted yearly for complying with FTR existing rules as: Payer s PSP Payee s PSP Intermediary PSP Desk research Interviews with practitioners Payment service providers 16. Which are the training costs, on an annual basis, arising from the implementation of the FTR? Issue 3a Number of training hours devoted yearly for complying with FTR existing rules as: Payer s PSP Payee s PSP Intermediary PSP Desk research Interviews with practitioners Payment service providers 17. Which are the IT costs, on an annual basis, arising from implementation of FTR? Issue 3a IT costs devoted yearly for complying with FTR existing rules as: Payer s PSP Payee s PSP Intermediary PSP Desk research Interviews with practitioners Payment service providers Matrix Insight Ltd. & Transcrime 16th September

139 18. How many transfers have been rejected due to missing information in each Member State? (Number per year or Trends) 19. How many times PSPs have requested information to be completed? Issue 3.b Total number/percentage 314 of transfers rejected due to missing information - Per Member State Type of missing information Desk research Interviews with practitioners Payment service providers, including banking and financial industry sector Issue 3.b Number/percentage of times that payment service providers have requested information to be completed since its implementation. Interviews with practitioners Payment service providers, including banking and financial industry sector 20. To what extent have PSPs taken action (as per Art. 9 FTR) vis-à-vis other PSPs to ensure full information is provided? Have they: a) talked to the PSPs not complying with the FTR obligations? b) submitted reports about the other PSPs who are not complying with the FTR obligations? 20a) What are the recent trends? Issue 3.b Number/percentage of cases where payment service providers have a) talked to other PSPs b) submitted reports about other PSPs to ensure that full information is provided since the FTR implementation. Interviews with practitioners Payment service providers, including banking and financial industry sector 314 If percentages are asked for, the total number of transfer should also be asked for, otherwise it would be very difficult to estimate the costs. Matrix Insight Ltd. & Transcrime 16th September

140 21. Which are the main countries from which transfers with missing or incomplete information derive? Issue 3.b Evidence on the main countries from which transfers with missing/incomplete information derived since its implementation. Interviews with practitioners Payment service providers, including banking and financial industry sector 22. How many reports did competent authorities receive regarding transactions with missing or incomplete information? Issue 3.c Number / percentage of reports under Art. 9 FTR received on transactions with missing / incomplete information Desk research Interviews with supervisory authorities (FIUs; law enforcement agencies) FIUs in all MSs Law enforcement agencies (LEAs) Payment service providers, including banking and financial industry sector Banking industry, etc 23. What are the outcomes of these reports: - Number of cases opened by the authorities responsible for combating money laundering or terrorist financing; - Investigations by law enforcement; - Indictments; - Prosecutions - Other? Issue 3.c Evidence on the outcome of these reports: - Number of cases opened by FIUs; - Investigations by law enforcement; - Indictments; - Prosecutions. Desk research Interviews with supervisory authorities (FIUs; law enforcement agencies) FIUs in all MSs Law enforcement agencies (LEAs) Payment service providers, including banking and financial industry sector Banking industry etc Matrix Insight Ltd. & Transcrime 16th September

141 24. Can the technical limitations described by Article 13 be overcome in light of new developments in the payment area? How could this regulation be amended according to Art. 19 FTR? (*) Issue 3.d Type/number of costs incurred for payment service providers for solving technical limitations. Type / number of new developments in the payment area Desk research Interviews with payment service providers Payment service providers Stakeholders perceptions how new developments can overcome technical limitations / safe costs (possible policy options). 25. What has been the impact of the new messaging formats (e.g. SWIFT 202 COV) on any additional costs for payment service providers an potential delays in the execution of transfers? Issue 3.e Number of cases where the new messaging formats incurred additional costs for payment service providers. Stakeholders perceptions to what extent this has affected their behaviour? Number of cases where the new messaging formats resulted in delays in the execution of transfers. Desk research Interviews with payment service providers Payment service providers Matrix Insight Ltd. & Transcrime 16th September

142 26. In the context of intra- EU cross-border transfers, how would LEAs try to get access to payer information from a PSP in another Member State? (i.e. would LEAs contact the LEA in this country, or the PSP directly?) Additional Stakeholders perceptions / evidence of existing practices. Interviews with LEAs Law Enforcement Agencies (LEAs) 27. Under what circumstances do LEAs usually try to get access to payer information from a PSP in another Member State? Additional Stakeholders perceptions / evidence of existing practices. Interviews with LEAs Law Enforcement Agencies (LEAs) Effectiveness of Supervision 28. Which domestic authorities are responsible for the monitoring of this Regulation in each Member State? Issue 4.a Type/number/names of domestic authorities responsible for the monitoring of the FTR Desk research Interviews with EU Commission and payment service providers Payment service providers European Commission Matrix Insight Ltd. & Transcrime 16th September

143 29. Is the monitoring of this Regulation done in the context of the regular prudential supervisory activities of supervisory authorities (i.e. safety and soundness) and/or specific AML/CFT supervision? 315 Issue 4.a Frequency of monitoring by supervisory authorities Type of monitoring (i.e. done in the context of the regular prudential supervisory activities of supervisory authorities and/or specific AML/CFT supervision?) Desk research Interviews with supervisory authorities Relevant supervisory authority 30. What is the number of on-site visits and the extent of off-site supervision performed by supervisory authorities specifically related to the AML/CFT and the FTR? Issue 4.b Number of on-site visits performed by supervisory authorities. Number of off-site supervision performed by supervisory authorities. Desk research Interviews with Supervisory Authorities Relevant Supervisory authority 31. What are the efforts undertaken by supervisory authorities to support obliged entities in fulfilling their obligations by analysing any guidance issued for obliged entities concerning the implementation of Regulation 1781/2006? Issue 4.c Type / nature of guidance provided to entities for FTR implementation (recital 17 FTR) Type / nature / frequency of support provided by supervisory authorities to obliged entities Stakeholders perception of the usefulness of this support Desk research Interviews with Supervisory Authorities Interviews with payment service providers Relevant supervisory authority 315 The steering group commented that there are also operational risks. Matrix Insight Ltd. & Transcrime 16th September

144 32. What are the most common problems supervisors have encountered in the course of their supervisory activities (i.e. breaches of rules)? Issue 4.d Number / type of problems encountered by supervisors Frequency of problems encountered by supervisors Interviews with Supervisory Authorities Supervisory Authority Article 15 (Penalties) 33. What are the sanction regimes that Member States have established with regards to infringement of provisions of the Regulation? Issue 5 Type / number of sanctions established by Member States Frequency of the use of these sanctions Desk research Interviews with Law Enforcement Agencies (LEAs) Supervisory authority Ministries of Justice National supervisory authorities (Interviews with National Ministries?) Matrix Insight Ltd. & Transcrime 16th September

145 34. What is the number of Issue 5.a Number / nature of penalties imposed penalties imposed? 316 since the implementation of the FTR. Monetary amount of fines (value). Frequency of penalties imposed since the implementation of the FTR. Desk research Interviews with Law Enforcement Agencies (LEAs) National supervisory authorities Ministries of Justice Economics/Finance Ministry Interviews with MS representatives 35. To what extent is the sanctions regime in the Member State: Effective Proportionate Dissuasive Issue 5.b Stakeholders perceptions of the extent to which the sanctions regime in the MSs is: Effective (i.e. extent to which the objectives set were achieved); Proportionate (i.e. the nature/size of the sanctions in relation to the infringement of FTR provisions); Dissuasive (i.e. extent to which there is a decrease in infringements of FTR provisions). Desk research (FATF and Moneyval evaluation reports) Interviews with payment service providers Private sector stakeholders Interviews with MS representatives Payment Service Providers Private sector industry Ministries of Justice Economics/Finance Ministry 316 Include questions in the questionnaire How serious were the breaches? Was it desired to avoid the obligations of the FTR? Matrix Insight Ltd. & Transcrime 16th September

146 36. What is the usefulness / practicality of extending the Regulation to the beneficiaries of transfers? Issue 6.a.i Possible Extensions of the Scope of the Regulation Existing evidence regarding the usefulness / practicality of extending the Regulation. Stakeholders perception on the feasibility to extend the FTR to include accurate information on beneficiaries of transfers? Desk research Interviews with payment service providers Interviews with Interviews with Law Enforcement Agencies (LEAs) Law Enforcement Agencies FIUs Relevant supervisory authority Payment Service Providers + financial and banking industry Interviews with FIUs 37. What are the potential impediments 317 for PSPs to obtain information on beneficiaries 318? Issue 6.a.ii Type / nature / number of impediments for PSPs? Stakeholders perceptions in potential impediments for PSPs. Desk research Interviews with payment service providers Interviews with Interviews with Law Enforcement Agencies (LEAs) Law Enforcement Agencies FIUs Payment Service Providers Interviews with FIUs Cost-benefit analysis 317 The steering group mentioned the following: 1) increased hiccups in the system; 2) need to include information (what would be the impact on the system?) 318 1) Identity of beneficiary; 2) Verifying identity. Matrix Insight Ltd. & Transcrime 16th September

147 38. What are the additional costs with regard to staff training IT costs delays in transactions Issue 6.a.iii Type / value of additional costs for originator / beneficiary in terms of: - staff; - training; - IT costs - delays in transactions Stakeholders perceptions on additional costs for: - staff; - training; - IT costs; - delays in transactions Desk research Interviews with payment service providers Payment Service Providers 39. How feasible is it to request financial institutions to (on a risksensitive basis) take freezing actions against designated persons and entities (as per new FATF Recommendation 16 / former SR VII)? Issue 6.b.i (optional) Costs / benefits of requesting PSPs to take freezing actions against designated persons and entities. Stakeholders perceptions of feasibility to for PSPs to take freezing actions against designated persons and entities. Desk research Interviews with payment service providers Interviews with Law Enforcement Agencies (LEAs) Interviews with FIUs Payment Service Providers Financial and banking industry Matrix Insight Ltd. & Transcrime 16th September

148 40. What are the potential impediments against requesting financial institutions to take freezing actions against designated persons and entities (as per new FATF Recommendation 16 / former SR VII)? 41. How is the freezing of accounts implemented in practice, and what are the impacts? Issue 6.b.ii (optional) Type / nature / number of potential impediments. Stakeholders perceptions of potential impediments against requesting PSPs to take freezing actions against designated persons and entities? Existing practices for freezing accounts. Stakeholders perceptions of likely impacts? Desk research Interviews with payment service providers Interviews with Law Enforcement Agencies (LEAs) Interviews with FIUs Desk research Interviews with payment service providers Interviews with Interviews with Law Enforcement Agencies (LEAs) Law Enforcement Agencies FIUs Payment Service Providers Law Enforcement Agencies FIUs Payment Service Providers Interviews with FIUs 42. What are the pros and cons of each of the above solutions with regard to the additional costs associated with additional resources, staffing, delays in Issue 6.b.iv (optional) transactions etc? (*) Instances where amendments are put forward by TOR Cost and benefits of each of the above options with regard to: - additional resources; - staffing; - delays in transactions Desk research Cost-benefit analysis Matrix Insight Ltd. & Transcrime 16th September

149 8.2 Detailed Work Plan This section describes our detailed work plan. Our methodological tools are structured around the following three phases: Inception (Phase 1) Data Collection (Phase 2); Analysis and Reporting (Phase 3). The different phases are described in more detail in the paragraphs below, also presenting an overview of the study progress to date since the signature of the contract. Each of the phases is instrumental to answer the research questions presented in Annex Phase 1: Inception (Completed) During the inception phase (Phase 1), the study team has carried out the following main activities: Internal Start-Up Meeting As a first step upon award of the contract, we have undertaken an internal teleconference (on 9 th January 2012) with the whole study team to clarify roles and responsibilities. Kick-Off Meeting A first meeting between the study team and the steering group took place in Brussels on 16 th January The meeting was an opportunity for the steering group and the study team to clarify project objectives and methodology, define project management arrangements, available data resources, interview partners, and to agree on some key parameters and milestones. The meeting minutes were included in the Inception Report. Initial Round of Interviews Members of the study team conducted 11 interviews with European level stakeholders and experts in the field of financial transactions and money laundering. These interviews furthered the study team s understanding of the study context, recent policy developments and the role and importance of the Fund Transfers Regulation. The following table provides an overview of the names and positions of those interviewed, as well as the interview dates and methods. Table 36: EU-level Stakeholders interviewed as part of the Inception Phase Name Role and organisation Interview date and method Mickael Roudaut DG HOME; Policy Officer - Fight against organised crime Ingo Weustenfeld DG HOME; Policy Officer - Counter-terrorism / prevention Birgit Weise-Montag DG MARKT; Retail Financial Services and Consumer Policy 17/01/2012; face-to-face 26/01/2012; telephone 17/01/2012; face-to-face Philip Pellé DG MARKT; Deputy Head of 17/01/2012; face-to-face Matrix Insight Ltd. & Transcrime 16th September

150 Name Role and organisation Interview date and method Unit, Retail Financial Services and Consumer Policy Fiona Murray Julien Ernoult Anti-money laundering Europe (AME) Senior Advisor to the Secretary General at European Association of Public Banks (EAPB) 17/01/2012; face-to-face 20/01/2012; telephone Mauro Falesiedi Europol; First Officer responsible for financial crime and co-ordination for antimoney laundering matters Nicolas Stuckens / Patrick Krekels SWIFT; Manager AML & Sanctions initiatives / Deputy General Counsel 27/01/2012; telephone 03/02/2012; telephone Robert Palmer Global Witness; Campaigner 26/01/2012; telephone Mary Pothos Visa Europe 09/02/2012; telephone Jose M. Morera AIA Group - Aplicaciones en Informática Avanzada, S.A. 03/02/2012; telephone In addition, we tried to set up interviews with officials from the FATF, Moneyval as well as DG Justice. However, the stakeholders we approached were either not available for an interview or felt they could not add value to the study. This was flagged up early to the steering group and it was agreed that the study team would continue trying to approach stakeholders from the FATF over the course of the study. The information provided during the interviews has subsequently informed the section on the problem identification, presented in Section 2 of this report. An overview of the topics we discussed with interview partners can be found in Annex 6.6. Initial Document Review We conducted a first review of existing documentation, based primarily on literature and documentation published at European level (i.e. policy documents and reports), and/or indicated by interviewees. Annex 6.3 provides a bibliographical list of the documents reviewed. This initial review helped us to gain an overview of the documentation available, the information that the documents present, and their quality and quantity. Refine Information Requirements and Development of the Data Collection Plan Based on the information collected and reviewed as part of the familiarisation exercise (see above), we were in a position to further elaborate the study methodology, and to develop the necessary methods and tools to ensure that the study s objectives will be achieved. The Terms of Reference set out a number of questions that the study needs to cover. In order to answer these questions, we have developed a research questions matrix, presenting indicators and data sources. The research questions matrix is presented in Annex 6.1 of this report. Based on this matrix, we have refined our information requirements and developed our data collection plan in more detail. Based on the desk review, we further developed the logic model (see Section 2.4) to describe the problem that the FTR is addressing, the obligations it imposes, their immediate effect and wider Matrix Insight Ltd. & Transcrime 16th September

151 impact (costs and benefits) on different stakeholders. This logic model will serve as a reference framework throughout the study. We also collected contact details for the different stakeholder groups we have started to consult in all EU Member States as part of the data collection phase. Finally, we have developed a set of questions for the data collection targeted for the different stakeholder groups to be contacted. The questionnaires can be found in Annex 6.8- Annex Inception Report Though not required in the Terms of Reference, we submitted an Inception Report at the end of Phase 1 (16 th February 2012). The Inception Report included a full list of relevant background material, a refined methodological framework, the research tools discussed (see above), the finalised sampling strategy and the draft topic guides for the interviews. The Inception Report was an operational document to be used to guide the research and analysis activities. Review Meeting A review meeting took place in Brussels shortly after the submission of the Inception Report (28 February 2012) to discuss the study progress and any subsequent tasks to be carried out in Phases 2 and 3 of the assignment Phase 2: Data Collection (Partly completed) This section presents an overview of our refined approach to the chosen methods to collect both qualitative and quantitative data, as well as (where relevant) the sampling criteria used, and logistical considerations. The objective of this phase of the study is to develop a comprehensive and systematic evidence base of the operation and implementation of the FTR in the Member States with respect to the research questions defined in the ToR and presented in the research questions matrix (Annex 6.1). This evidence base will form an essential building block for further analysis on the impact of the FTR. Incorporate Feedback and Finalise Questionnaires As a first step in this phase the study team implemented the feedback provided by the steering group to the Inception Report at the review meeting. A revised Inception Report was re-submitted to the steering group for sign-off on 7 th March Desk Overview of Implementation The study team undertook a comprehensive evidence synthesis at national and European level by reviewing policy and legal documents and other grey literature, covering the following sources: Online portals of national authorities in all Member States; Team experts including the scientific panel; Studies / documents recommended by stakeholders during the initial interviews; FATF and Moneyval evaluation reports. Matrix Insight Ltd. & Transcrime 16th September

152 The information collected fed into 27 country overviews, which can be found in a separate document to this report ( Case Study Report ). The template below presents the example for the UK, illustrating the type of questions that were answered through the desk review. Table 37: Draft Country Overview United Kingdom Country overview United Kingdom Implementing measure(s): The Transfer of Funds (Information on the Payer) Regulations 2007 No These Regulations implement, in part, Regulation (EC) 1781/2006 and place penalties on payment institutions for non-compliance with the Wire Transfer Regulation and provide relevant supervisory authorities with appropriate monitoring and enforcement powers. 319 Implementation Guidelines The Financial Services Authority (FSA) has issued several guidelines concerning AML/TF regulations. Prevention of money laundering/combating terrorist financing 2011 REVIEW VERSION GUIDANCE FOR THE UK FINANCIAL SECTOR PART III: SPECIALIST GUIDANCE Amended: December 2011 The Joint Money Laundering Steering Group Anti-money laundering guidance for money service businesses (2007), Her Majesty s Customs and Revenue. Name and role of institutions involved The Financial Services Authority and Her Majesty s Revenue and Customs have been given the same monitoring powers for compliance with the Wire Transfers Regulation, as they have been given for the Money Laundering Regulations The British Government believes that these supervisors should have the powers to require information, undertake onsite inspection and impose administrative penalties for those firms that do not comply with the Wire Transfer Regulation. Decisions to impose a civil penalty are subject to review and appeal according to the particular legislative framework applying to that supervisor. 320 Industry institutions and role The Joint Money Laundering Steering Group (JMLSG) This body consists of industry stakeholder groups. Its aim is to promulgate good practice in countering money laundering and to give practical assistance in interpreting the UK Money Laundering Regulations. This is primarily achieved by the publication of Industry Guidance. The guidance is approved by the treasury and is taken into consideration by courts. When considering whether to take disciplinary action against an FSA-regulated firm in respect of a breach of the relevant provisions of SYSC, the FSA will have regard to whether a firm has followed relevant provisions in this guidance. 321 Law Enforcement Agency: Serious Organise Crime Agency/Her Majesty s Revenue and Customs Financial Intelligence Unit: Serious Organise Crime Agency Use of derogations 322 : 3(3) Excludes electronic money issuers where MSs exercised the optional derogation in the Third Money Laundering Directive Derogation exercised in Reg. 13(7)(d) of MLR 2007.HMT 3(6) Optional derogation to Member States for transfers within it if transfer is for payment of goods or services and less than Derogation Not exercised by the UK. HMT 18 optional exemptions for transfer to not for-profit organisations and charities. 319 Explanatory Memorandum to the Transfer of Funds (information on the payer) Regulations 2007 (2007/3298). Available at: Explanatory Memorandum to the Transfer of Funds (information on the payer) Regulations 2007 (2007/3298). Available at: Transposition note for EC Regulation 1781/2006 of 15 November 2006 on information on the payer accompanying transfers of funds, available at: Matrix Insight Ltd. & Transcrime 16th September

153 Country overview United Kingdom What sanctions are being applied at national level for lack of compliance with the FTR? The Regulations provide for both civil and criminal penalties, for non-compliance with the main requirements of the Wire Transfers Regulation 323. Are there studies of the strengths and weaknesses of the FTR regime? Banks management of high money-laundering risk situations How banks deal with high-risk customers (including politically exposed persons), correspondent banking relationships and wire transfers (2011), Financial Services Authority. 324 Weaknesses and loopholes identified: No major concerns about banks compliance with the FTR. However, there seemed to be a lack of strategic response across the industry in terms of dealing with paying banks which repeatedly failed to meet the FTR s standards. Proposed Action: Banks are encouraged to work together to formulate a strategic response to dealing with non-compliant paying banks. Where no information was found through desk research, the study team aims to collect missing data through the in-depth interviews with Member State authorities. We have started asking individual representatives in each Member State to validate the information presented in the country profiles. A first overview of the preliminary analysis of the collected data and information can be found in Section 3 of the main report. In-depth Interviews with Member State Authorities, Industry and Other Stakeholders on the Implementation and Practical Operation of the FTR As a first step of our primary data collection exercise, we have started to undertake an extensive consultation with public authorities, industry and other stakeholders across all 27 Member States. The emphasis of each interview depends on the particular characteristics in the Member State at hand. However, the aim of the interviews is threefold: 1. Validate and complete the picture of the implementation of the FTR; 2. Gather first hand information on the operation of the FTR and its impact, including quantitative data (i.e. Suspicious Transaction Reports); 3. Elicit opinions about the strengths and weaknesses of the FTR regime and suggestions on how to improve it. Our approach includes to interview the following stakeholders in each Member State (depending on the division of anti-money laundering competencies within the national administrations): Public Authorities (competent authorities / supervisory authorities) in 27 Member States, who will be approached as part of the Member State consultation programme. These include: o o o Financial Intelligence Units (FIUs); Law Enforcement Agencies (LEAs); Supervisory Authorities; 323 Explanatory Memorandum to the Transfer of Funds (information on the payer) Regulations 2007 (2007/3298). Available at: Matrix Insight Ltd. & Transcrime 16th September

154 o Ministries of Justice / Finance (units targeting anti-money laundering). Associations of payment service providers in 27 Member States. These associations will be approached both directly and through their o o EU-level representations of payment service providers; National Bank Associations; o Senior managers of selected banking and financial groups. 325 Detailed lists of EU and national institutions we have contacted are included in Annex 8.6. We have produced comprehensive topic guides for the interviews with public authorities and industry which are tailored to the different stakeholder groups (Annex 8.8 to Annex 8.12). Where several organisations represent the payment service industry, we have built flexibility into our budget to accommodate a small number of additional interviews to improve the representativeness of the sample and we will be able to circulate written questionnaires to allow additional organisations to provide input if requested. The information collected during the interviews is presented in country summary templates. These can be found in the Case Study Report. In order to provide the Steering Group with an understanding of the importance of the private stakeholders interviewed, it was important to have an understanding of their representativeness in the market place. We therefore provided an overview of the weight of those banking groups/money transmitters responding to our questionnaires/interviews by providing figures of their revenues. In order to consider activities that happen on the margins of the regulated sector and to analyse what efforts supervisors and regulators are making to monitor what happens in alternative remittance systems and what types of payment systems are out there, we have undertaken further desk research on new payment systems, as well as to conducted interviews with LEA and FIU stakeholders who have investigated cases in EU Member States involving money and alternative remittance systems. This helped us to gain an understanding of the vulnerability, in practice, of this sector. However, it has to be noted that the biggest share of this market is held by companies already involved in the study e.g. Western Union, Moneyval, etc. With regard to supervisors, it was necessary to understand who, in each country, has the responsibility of supervising these systems. In cases where authorities regulating the e-money and the FTR were not the same ones having a supervisory role for the remittance system (i.e the UK), we carried out further interviews with the appropriate entities. Additional Task: Follow-up with Paper Questionnaires In addition to the interviews with stakeholders, we sent out paper questionnaires to the different organisations and interview partners contacted in order to collect quantitative information. In our experience, interview partners do not always have all quantitative information and data we are asking for available or it might take time for them to collect this information. 325 Contacting managers of banking groups could help the study team filling remaining information gaps and gaining more practical and operational insights into the issue. Matrix Insight Ltd. & Transcrime 16th September

155 Interview partners were therefore asked after the telephone or face-to-face interviews to fill in all relevant quantitative data and information, and to send the paper questionnaires back to us in a given timeframe. This exercise ensured that we will got all relevant information we needed for the data analysis, in particular the cost-benefit analysis. The quantitative information collected through the paper questionnaires is presented in county summary tables, which form part of the Case Study Report. Draft Analysis & Presentation of Preliminary Findings We produced a draft analysis of the results of the consultations with public authorities and industry representatives in all Member States. Findings were presented on a country-basis and structured in different categories/headings, i.e. information about the implementation, operation and impact of the FTR. The following table provides an outline of the high level structure of the country fiches: Table 38: Draft Outline of Country Fiches Heading Implementation of the FTR Overview of national legal framework Practical operation of the FTR Institutions Derogations Additional requirements Loopholes Impact of the FTR On public authorities On industry On criminal activity Lessons and planned developments Perceptions on the status quo Possible changes being considered at national level Lessons and good practices Type of Evidence Qualitative Qualitative Qualitative and quantitative Qualitative Main source Desk research (validated in interviews) Interviews Interviews and desk research Interviews The country fiches were updated over the remainder of the project as data collection was finalised. At the end of Phase 2 we provided the Commission with a very good indication of the types of responses received in the fieldwork and an early steer about the kinds of analyses likely to be run in the final report. The country fiches served to organise the information provided by various stakeholders for further analysis and for the production of conclusions and recommendations. In addition, the fiches provided the basis for a database including a comprehensive map of the existing FTR regime and the way it is being applied in the Member States. Consult with Research Team During the course of Phase 2 and before submitting the Interim Report to the Commission, we have consulted our entire research team to discuss the preliminary findings of the study (see section 3) and to ensure that feedback was taken into account in all deliverables. The feedback has focussed mainly Matrix Insight Ltd. & Transcrime 16th September

156 on the link between preliminary findings and the research questions presented in Annex 8.1. We feel it was very important at this stage to ensure a direct link between the main research questions to be addressed in the assignment and the results of the study. The feedback collected from the research team directly resulted in the revision of questionnaires where necessary, or was tested in follow-up interviews. Interim Report An Interim Report was submitted on 20 th April 2012, which served two main objectives: 1. Provide the Commission with an overview of study progress, including the desk research as well as the interviews with Member States and professional organisations. 2. A descriptive analysis of interim findings. Review Meeting A review meeting took place in Brussels shortly after submission of the Interim Report to discuss the study and any subsequent tasks to be carried out in Phase 3 of the assignment. The Interim Report was subsequently signed off by DG MARKT and by Matrix Insight Phase 3: Analysis and Reporting The aim of this phase of the study was to undertake an in-depth analysis of the information collected as part of the desk research and the interviews / surveys in order to develop a comprehensive understanding of the impact of the FTR its strengths and weaknesses and to develop recommendations for the improvement of the regulatory regime. The analysis also took into account the potential feasibility of extending the FTR in light of the recently amended FATF SR VII, to include information on beneficiaries of wire transfers. In addition, the study will present the findings in a final report and draw conclusions and recommendations. We also propose to hold a workshop at the end of the study to present the findings to Commission services and interested stakeholders. Incorporate Feedback The first step of Phase 3 of the study was to implement the feedback received by the Commission on the interim study. Feedback relating to data gaps was particularly important as these gaps were then filled in Phase 3 of the study through the remaining interviews with public authorities or representative associations. Third Country Case Studies In order to gain further insights into the logic model behind the FTR and to assess whether the objective to reduce money laundering and terrorist financing in fund transfers could have been addressed more effectively of efficiently through a different initiative, the team has carried out two case studies on non-eu countries that implement SR VII but do not fall under the scope of the FTR. Matrix Insight Ltd. & Transcrime 16th September

157 The final sample discussed with the Commission at the Inception Report Meeting included case studies in Switzerland 326 and the US 327. These countries are different in terms of geography, size and emphasis on financial services and they both have strong links to the EU. We have undertaken interviews with authorities in the US and Switzerland and developed country profiles for both countries, which are included in the Case Study Report. Cost Benefit Analysis Whilst we have made an effort to collect as much quantitative information as possible as part of the research for the study, most of the data collected through desk research and interviews was of qualitative nature. As a result, it was difficult to carry out a sophisticated economic modelling exercise capturing all types of impact generated by the FTR. Any economic modelling proposed for this study would have remained piecemeal and not be able to answer the complex and important questions on the functioning and impact of the FTR that this study is trying to address. Nevertheless, it was important to be able to provide an indication of the cost-effectiveness of the FTR to identify elements of the regulation that seem to work well, elements that might require amendment as well as gaps in the current regulatory framework. As a result, we have carried out a cost-benefit analysis based on the logic model of the FTR developed in the inception phase (See Section 4.3.1). This model dissects the FTR and traces its impacts from general and specific objectives, through to obligations for public authorities and industry to wider crime reduction. We have populated the logic model with quantitative and qualitative information collected as part of the fieldwork and made an assessment based on desk research and stakeholder input about immediate effects, quantitative data collected on costs for industry and Member States, stakeholder opinion about benefits in terms of ML and TF, and our expert assessment. A separate assessment was made for current obligations under the FTR and any changes in scope or obligations that the Commission is considering. Crime Proofing Analysis In addition to the cost benefit analysis requested in the TOR, we have also undertaken a comprehensive crime proofing of the current FTR to ensure that existing crime risks in the regulation are addressed and that recommendations do not open further opportunities for criminal activity. Crime proofing of legislation (CPL) developed by Transcrime 328 has assessed whether the current FTR creates unintended crime opportunities. This was done through an analysis based on three steps: 326 The 2005 FATF mutual evaluation report on anti-ml and combating FT reports that Switzerland partially complies with SR VII. See FATF (2005) Third mutual evaluation report on anti-money laundering and combating the financing of terrorism. Summary: Switzerland, FATF, Paris. Available at < 327 The 2006 FATF mutual evaluation report on anti-ml and combating FT reports that the US largely complies with SR VII. See FATF (2006) Third mutual evaluation report on anti-money laundering and combating the financing of terrorism: United States, FATF, Paris. Available at < 328 Ernesto U. Savona et al., Finalising the Crime Risk Assessment Mechanism for the Crime Proofing Activities of European Legislation/Regulation, European Journal on Criminal Policy and Research 12, no. 3-4 (2006): ; Ernesto U. Savona, The Crime Risk Assessment Mechanism (CRAM) for proofing EU and national legislation against crime: Final Report of Project MARC Developing Mechanisms for Assessing the Risk of Crime due to legislation and products in order to proof them against crime at an EU level (Milan: Università Cattolica del Sacro Cuore and Transcrime, 2006), Ernesto U. Savona et al., A Study on Crime Proofing - Evaluation of Crime Risk Implications of the European Commission s Proposals Covering a Range of Policy Areas (Trento e Milano: Transcrime, 2006), Matrix Insight Ltd. & Transcrime 16th September

158 1. Initial screening: a quick assessment (based on a checklist of 7 risk indicators) of potentially risky provisions requiring further assessment Preliminary Crime Risk Assessment (PCRA): with the objective of identifying the unintended crime risks arising from specific provisions of the FTR and assessing whether more detailed analysis is needed on such provisions. 3. Extended Crime Risk Assessment (ECRA): drafted by a team of experts including an expert on crime, an expert on economics and an expert on the specific market (transfer of funds). The ECRA is based on a set of indicators aiming at estimating the Legislative Crime Risk Index (LCRI) which evaluates the threat and the seriousness of the crime risks implied in the legislation. The application of the CPL to the FTR has provided important added value to the study. Firstly, it applied a scientific and already tested methodology to assessing the possible unintended consequence of the FTR. Secondly, the CPL methodology has been designed to be compatible with and follow a methodology similar to the Commission s impact assessment procedure. Thirdly, the involvement of external experts with different backgrounds has ensured that different perspectives on the FTR were adequately considered. Draft Final Report We submitted a Draft Final Report on 9 th July 2012 with the objective to steer a discussion about the conclusions of the study with the Commission to allow for modifications in the last phase of the study. Review Meeting A review meeting took place in Brussels shortly after submission of the Draft Final Report. Incorporate Feedback, Develop Conclusions and Recommendations In order to maximise the policy relevance of the study, we worked very closely with the Commission in this final stage of the study. The report and its recommendations were drafted concisely, in clear language and with minimal use of technical jargon. A Final Report was submitted, addressing all comments made by DG MARKT. The findings of the study were also presented in Brussels at the CPMLTF meeting on 3 rd October The seven indicators assesses whether the FTR contains at least one of the following: 1) Provision that introduces product disposal regulations or any other new or more burdensome fee or obligation; 2) Provision that introduces a concession on a tax or a concession on any other fee or obligation; 3) Provision that introduces a grant, subsidy, or compensation scheme or any other scheme that provides a benefit; 4) Provision that introduces or increases the tax on legal goods or in any other way increases the costs of legal goods; 5) Provision that prohibits or restricts a demanded product or service or in any other way decreases the availability of demanded goods or services; 6) Provision that introduces or removes a law enforcement capacity, increases or decreases funding for enforcement activity or in any other way impacts the intensity of law enforcement activity; 7) Provision that provides officials with regulatory power. Matrix Insight Ltd. & Transcrime 16th September

159 8.3 Bibliography Banca d Italia Circolare UIF UTILIZZO ANOMALO DI CARTE DI PAGAMENTO PER PRELEVAMENTI DI DENARO CONTANTE. Banco do Portugal INSTRUÇÃO N.º 9/ (BO N.º 3, ). Mercados Monetários. Basel Committee on Banking Supervision Due diligence and transparency regarding cover payment messages related to cross-border wire transfers British House of Commons Report of the Official Accounts of the Bombings in London on 7 th July HC British Parliament Money Laundering and the Financing of Terrorism. CEBS Common understanding of the obligations imposed by European Regulation 1781/2006 on the information on the payer accompanying funds transfers to payment service providers of payees. CEBS / CEIOPS-3L / CESR/ AMLTF-Common-understanding-on-payment-f.aspx. CESR/CEIOPS/CESR Common understanding of the obligations imposed by European Regulation 1781/2006 on the information on the payer accompanying funds transfers to payment service providers of payees. Deloitte European Commission. DG Internal Market and Services Budget. Final Study on the Application of the Anti-Money Laundering Directive. Service Contract ETDF/2009/IM/F2/90. Eurasian Group on Combating Money Laundering and Terrorism Financing (EAG) Risks of Electronic Money Misuse for Money Laundering and Terrorism Financing. Available at: European Banking Federation EBF position on FATF consultation paper Review of Standards. D2240C January European Commission Directive 2006/70/EC of 1 August 2006 laying down implementing measures for Directive 2005/60/EC of the European Parliament and of the Council as regards the definition of politically exposed person and the technical criteria for simplified customer due diligence procedures and for exemption on grounds of a financial activity conducted on an occasional or very limited basis. European Commission Commission Staff Working Document. The application of Directive 91/308/EEC on the prevention of the use of the financial system for the purpose of money laundering in relation to the identification of clients in non-face to face transactions and possible implications for electronic commerce. SEC(2006) European Commission Commission Staff Working Document. The application to the legal profession of Directive 91/308/EEC on the prevention of the use of the financial system for the purpose of money laundering. SEC(2006) Matrix Insight Ltd. & Transcrime 16th September

160 European Commission. Accompanying document to the proposal for a Directive of the European Parliament and of the Council amending Directive 2000/46/EC on the taking up, pursuit of and prudential supervision of the business of electronic money institutions. Impact Assessment. Draft Commission Staff Working Document SEC(2008)2573. European Commission Commission Staff Working Paper Compliance with the anti-money laundering directive by cross-border banking groups at group level. SEC(2009) 939 final. European Commission Meeting with EU Private Stakeholders on Anti-Money Laundering and Counter Terrorist Financing Policy on 1st February Brussels, 17 February European Council Decision 2000/642/JHA concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information. European Council Framework Decision of 26 June 2001 on money laundering, the identification, tracing, freezing, seizing and confiscation of instrumentalities and the proceeds of crime. (2001/500/JHA). European Council Council Regulation (EC) No 2580/2001 of 27 December 2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism. European Council Regulation imposing certain specific restrictive measures directed against certain persons and entities associated with Usama bin Laden, the Al-Qaida network and the Taliban, and repealing Council Regulation (EC) No 467/2001 prohibiting the export of certain goods and services to Afghanistan, strengthening the flight ban and extending the freeze of funds and other financial resources in respect of the Taliban of Afghanistan. OJ L 139/9. European Council EU Plan of Action on Combating Terrorism Update. 29 November /I/04 REV I. European Council Decisions implementing Article 2(3) of Regulation (EC) No 2580/2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism. (2006/1008/EC). European Parliament and European Council Directive 2000/46/EC on the taking up, pursuit of and prudential supervision of the business of electronic money institutions. European Parliament and European Council Directive 2005/60/EC of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing. European Parliament and European Council Regulation (EC) No 1889/2005 of 26 October 2005 on controls of cash entering or leaving the Community. European Parliament and European Council Regulation (EC) No 1781/2006 of 15 November 2006 on information on the payer accompanying transfers of funds. European Parliament and European Council Directive 2007/64/EC on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC. European Parliament and European Council Directive 2009/110/EC payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC. Matrix Insight Ltd. & Transcrime 16th September

161 European Parliament and European Council Directive 2009/110/EC on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC European Payments Council Guidance Notes: On the implementation of Regulation (EC) No 1781/2006 on information on the payer transposing SR VII of the FATF related to anti money laundering and fight against terrorism into EC law. EPC European Payments Council Shortcut to SEPA Credit Transfer (SCT). Updated Edition. Eurostat Money Laundering in Europe. EU Financial Intelligence Unit Platform Report on Feedback on Money Laundering and Terrorist Financing Cases and Typologies. 22 April FATF FATF IX Special Recommendations (incorporating all subsequent amendments until February 2008). FATF Guidance Document: International Best Practices. Freezing of Terrorists Assets. Revised June FATF Methodology for Assessing Compliance with the FATF 40 Recommendations and the FATF 9 Special Recommendations. FATF Reference Document. FATF Report on New Payment Methods. FATF. Annual Report 2009/2010 FATF Risk-Based Approach. Guidance for Money Service Businesses. esses.pdf FATF Money Laundering Using New Payment Methods. FATF Global Money Laundering and Terrorist Financing. Threat Assessment. FATF Money Laundering through Money Remittance and Currency Exchange Providers. FATF Consultation on Proposed Changes to the FATF Standards. Compilation of Responses from the Financial Sector. FATF Consultation on Proposed Changes to the FATF Standards. Compilation of Responses from NGO s and individuals. FATF Consultation on Proposed Changes to the FATF Standards. Compilation of Responses from designated non-financial business and professions (DNFBP s). FATF The Review of the Standards Preparation for the 4th Round of Mutual Evaluation. Second public consultation. FATF What is Money Laundering? Matrix Insight Ltd. & Transcrime 16th September

162 FATF International standards on combating money laundering and the financing of terrorism & proliferation. The FATF Recommendations. FATF Recommendation 16, International standards on combating money laundering and the financing of terrorism & proliferation. The FATF Recommendations. Financial Services Authority, Banks management of high money-laundering risk situations. How banks deal with high-risk customers (including politically exposed persons), correspondent banking relationships and wire transfers, June 2011 Fisher, Jonathan and Shaen Catherwood Abusing M-banking for money laundering: an unregulated activity. Butterworths Journal of International Banking and Financial Law. May Financial Services Authority Banks management of high money-laundering risk situations. How banks deal with high-risk customers (including politically exposed persons), correspondent banking relationships and wire transfers. Howell, John and Piet van Reenen (European Commission) Scoping Study: Cost Benefit Analysis of Transparency Requirements in the Company/Corporate Field. Contract No. DG JAI/D2/2004/ February Financial Services Authority Banks management of high money-laundering risk situations. How banks deal with high-risk customers (including politically exposed persons), correspondent banking relationships and wire transfers. Joint Money Laundering Steering Group Prevention of money laundering/combating terrorist financing. Guidance for the UK Financial Sector Part III: Specialist Guidance. October Levin, Carl and Rom Coburn. United States Senate. Permanent Subcommittee on Investigations. Committee on Homeland Security and Governmental Affairs Keeping Foreign Corruption out of the United States: Four Case Histories. Majority and Minority Staff Report. Levin, Carl and Coburn, Tom for United States Senate, Permanent Subcommittee on investigations, Committee on Homeland Security and Governmental Affair U.S Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing: HSBC Case History. Majority and Minority staff Report MONEYVAL Horizontal Review of MONEYVAL s Third Round of Mutual Evaluation Reports. Mwangi, Catherine The SWIFT MT 202 Cover Payment. Regulation (EC) No 1781/2006 of the European Parliament and of the Council of 15 November 2006 on information on the payer accompanying transfers of funds; Official Journal of the European Union, L 345/1, Roudaut, Mickaël and Karvounaraki, Athina, Money Laundering in Europe, Measuring money laundering at continental level: the first steps towards a European ambition. Savona, Ernesto et al. (Transcrime) Transparency and Money Laundering. Study of the Regulation and its Implementation, in the EU Member States, that Obstruct Anti-money Laundering International Co-operation (Banking/Financial and Corporate/Company Regulative Fields). Matrix Insight Ltd. & Transcrime 16th September

163 Savona, Ernesto et al. (Transcrime) Use of Cash Payments for Money Laundering Purposes. Comparative Study into the Current Legislative Controls on Large-Scale Cash Payments within the EU Member States and an Analysis of the Use of Such Payments for Money Laundering Purposes. Savona, Ernesto et al. (Transcrime) Cost Benefit Analysis of Transparency Requirements in the Company/Corporate Field and Banking Sector Relevant for the Fight Against Money Laundering and Other Financial Crime. Serious Organised Crime Agency Money launderers handled 300k a week for criminal gangs. Serious Organised Crime Agency Gone in 60 seconds money launderers jailed. SWIFT New standards for cover payments /Newstandardsforcoverpayments.page. Transcrime Cost Benefit Analysis of Transparency Requirements in the Company/Corporate Field and Banking Sector relevant for the fight against Money Laundering and other Financial Crime, Transcrime Project BOWNET: Summary of the Project and preliminary results of the analysis. United Kingdom Explanatory Memorandum to the Transfer of Funds (information on the payer) Regulations 2007 (2007/3298). US National Commission on Terrorist Attacks Upon the United States The 9/11 Commission Report. Final Report of the National Commission on Terrorist Attacks upon the United States. Executive Summary. Matrix Insight Ltd. & Transcrime 16th September

164 8.4 EU Framework to Combat Money Laundering & the Financing of Terrorism In recent years, a number of EU measures have been issued to address a set of distinct yet interrelated issues relevant to money laundering and the financing of terrorism. The figure below provides an overview of the existing EU policy framework, categorised by three different measures and topics they address: Figure 14: Anti-Money Laundering (AML) / Combating the Financing of Terrorism (CFT) European Framework 1. Measures introduced to facilitate cooperation and exchange of information among Member States: Council Decision 2000/642/JHA 330 introduces arrangements to facilitate the cooperation of exchanging information between FIUs in the Member States. The Decision seeks to address the difficulties in communication and exchange of information among FIUs that result from existing different legal status (administrative, judicial or law enforcement based) and providing for direct communication between them. The Decision reflects the standards and principles established by the Egmont Group 331 as well as the recommendations of the Financial Action Task Force (FATF). Regulation 1781/ on information on the payer accompanying transfers of funds: the Regulation is widely drawn and intends to cover all types of funds transfers carried out by electronic means in any currency, from a payer to a payee, which are sent or received 330 Council Decision 2000/642/JHA of concerning arrangements for cooperation between financial intelligence units in respect of exchanging information, OJ No. L 271/4 331 The Egmont Group is the coordinating body for the international group of FIUs formed in 1995 to promote and enhance international cooperation in anti-money laundering (AML) and more lately in CFT. All EU FIUs are members of the Egmont Group. 332 Regulation (EC) No. 1781/2006 of the European Parliament and of the Council of 15 November 2006 on information on the payer accompanying transfers of funds, OJ L345/1 Matrix Insight Ltd. & Transcrime 16th September