The Committee on Economic and Monetary Affairs, jointly with the Committee on Civil Liberties, Justice and Home Affairs, adopted the report of Mojca KLEVA KEKUŠ (S&D, SI) and of Timothy KIRKHOPE (ECR, UK) on the proposal for a regulation of the European Parliament and of the Council on information accompanying transfers of funds.
The parliamentary committees recommended that the position of the European Parliament adopted at first reading under the ordinary legislative procedure modify the Commission proposal as follows.
Scope: this regulation shall not apply to transfers of funds carried out using a credit, debit or prepaid card or voucher, or a mobile telephone, e-money, or any other digital or information technology (IT) device where the card or device is used to pay goods and services to a company within professional trade or business. However, it shall apply when the means of payment is used in order to effect a person-to-person transfer of funds.
Information accompanying transfers of funds: before transferring the funds, the payment service provider of the payer shall apply customer due diligence measures and shall verify the accuracy and completeness of the information.
In the case of transfers of funds not made from an account, the payment service provider of the payer is required to verify at least the name of the payer for transfers of funds of up to EUR 1 000. It shall verify the complete information relating to the payer and the payee where the transaction is carried out in several operations that appear to be linked or where they exceed EUR 1 000.
Transfers within the Union: where the payment service provider(s) of both the payer and the payee are established in the Union, only the full name and the account number of the payer and the payee or the unique transaction identifier shall be required to be provided at the time of the transfer of funds.
In the case of an identified higher risk the payment service provider of the payee require the complete information relating to the payer and to the payee.
Missing information on the payer and the payee: from a practical perspective, Members consider that some kind of verification is going to be required, in order to avoid frauds and assure that the person who receives the funds is in fact the payee designated by the payer.
Where the payment service provider of the payer is established in a third country which presents an increased level of risk, enhanced customer due diligence shall be applied.
In any event, the payment service provider of the payer and the payment service provider of the payee shall comply with any applicable law or administrative provisions relating to money laundering and terrorist financing.
Obligation of cooperation: payment service providers and intermediary payment service providers shall respond fully and without delay to enquiries exclusively from the authorities responsible for combating money laundering or terrorist financing.
No other external authorities or third parties shall have access to the data stored by the payment service providers, and specific safeguards shall be put in place in order to ensure that such exchanges of information comply with data protection requirements.
Because a great proportion of illicit financial flows ends up in tax havens, the EU should increase its pressure on these countries to cooperate in order to combat such illicit financial flows and improve transparency.
It is also proposed that payment service providers established in the Union shall apply this regulation with regard to their subsidiaries and branches operating in jurisdictions outside the Union that are not deemed equivalent.
Data protection: Members stressed that:
· payment service providers shall carry out their tasks for the purposes of this Regulation in accordance with national law transposing Directive 95/46/EC. Data retained shall in no case be used for commercial purposes;
· The transfer of personal data to a third country, or to an international organisation, which does not ensure an adequate level of protection may take place only after prior authorisation by the supervisory authority;
· information on the payer and the payee shall not be kept any longer than strictly necessary. Records of information shall be kept for a maximum period of five years and upon expiry of this period, personal data must be deleted.
In any case, access to the information collected shall be reserved only to designated persons or limited to persons strictly necessary for the completion of the undertaken risk.
Sanctions and monitoring: the Commission is called on to submit a report to the European Parliament, by 1 January 2017, on the implementation of the regulation, in particular, the application of Chapter IV, with regard to sanctions and monitoring.
Members also suggested that the Commission strengthen the cooperation with national authorities outside the Union responsible for investigation and sanctioning in the case of breaches such as repeated non-inclusion of required information on the payer and payee by a payment service provider.