Regulation 2015/847 | Revised Wire Transfer Regulation
An updated anti-money laundering and counter-terrorism financing framework came into effect in the European Union (EU) on June 26, 2017; including the fourth Anti-Money Laundering Directive (AMLD4) and the revised Wire Transfer Regulation (WTR2).
In line with the Financial Action Task Force’s (“FAFT”) Special Recommendation VII, (“SR VII”) which aims to enhance the transparency of electronic payment transfers, the scope of WTR2 has been materially extended and now requires that certain payment service providers, intermediaries and fund transfers include information on the payee/beneficiary of the payment, in addition to the information already required on the payer/remitter. The WTR2 also tightens requirements relating to payment products that are for anonymous use or cannot be linked to individuals.
The scope of the changes intends to prevent criminals/money launderers/financers of terrorism from the possibility of transferring money freely within the EU. It addresses problems relating to illegitimate money transfers, as well as ensuring the adoption of International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation adopted by FATF on 16 February 2012 (the ‘revised FATF Recommendations’).
Key changes and requirements set out in the first Wire Transfer Regulation include:
Exceptions apply to bank-to-bank transfers (regular MT202) as well as certain retail transactions, including payment cards used simply to pay for goods and services.
Impact on Apex Clients
Clients using SWIFT as a fund transfer method must review their current set up to ensure it meets WTR2 requirements. Apex suggests its clients contact their PSP without delay to ensure that any issued (or received) payments contain the required information detailed by WTR2.
**In the case of EU cash transfers (type MT103 payments), whereby all counterparties are located within the EU, the account number will have to be added in most cases. For non-EU cash transfers (valid when one party is not located within the EU) a wider list of additional information will be required by the new regulation. Non-EU cash transfer messages must include all of the information listed below:
In order to support the extended requirements for payee information, SWIFT has added the F format to field 59 (Beneficiary Customer), which provides a structured format to capture name, account number and address of the beneficiary in an MT message. For Non-EU transfers, field 59 will include the account number and name only.
The same structured F format option has been implemented for field 50 (Ordering Customer) for some time.
Originating banks should therefore ensure that appropriate information accompanies wire transfers while others in the payment chain (e.g. intermediaries) are required to monitor the payment they process based on this information.
The below table contains the new obligations PSP are expected to comply with, including the implicit statement that if these are not met no payment can be made.
Full originator information:
Full beneficiary information (Payee bank):
Detect transactions with missing or incomplete information
Establish risk based policies and procedures to determine:
Verify identity of beneficiary
The Basel Committee encourages all banks to apply high transparency standards (in full compliance with applicable national laws and regulations), in the context of cover payments initiated to settle a customer transaction. In particular:
NEW EU Rules to fight money laundering and terrorist financing start to apply across Europe.
On the 26th of June 2017 the Commission released its Supranational Risk Assessment Report, focusing on the vulnerability of financial products and services in relation to money laundering and terrorist financing risk. It is the first time that the European Union has addressed the strengthening of existing rules at an EU level. The fourth Anti-Money Laundering Directive (AMLD) took effect on the 26th of June 2017;all EU countries l have two years from that day to implement AMLD rules into national AML LAWS. The new AMLD applies to banks and financial institutions as well as to auditors and accountant firms.
Extension of the Directive’s Scope
Inclusion of Tax crimes as predicated offences
The 4AMLD includes an explicit reference to tax crimes (related to direct and indirect taxes) as being ‘predicated offences’.
The Circular 15/609 on anti-money laundering in tax matters issued by the Luxembourg financial regulator (“CSSF”) in March 2015, emphasises that supervised entities should continue to actively work on:
At a Group level, Apex Fund Services implemented an upgraded its Anti-Money Laundering and Counter Terrorist Financing Policy in February 2017. This policy already considers certain elements of the 4th AMLD as standard and ensures upgrades are safeguarded to protect Apex and its customers in high risk areas. Apex has created dedicated Transfer Agency Know Your Customer (KYC) Investor Guidelines and checklists, including aspects of the 4th AML Directive. These upgraded standards are been rolled out in Luxembourg, Ireland and will be introduced across Europe and where cross-border services are offered by Apex.
See below the comparison matrix upon which Apex has implemented upgrades into its existing framework:
Financial institutions must determine the level of AML risk posed by a customer prior to applying the SDD status to such customer and provide justification for such qualification.
No public function referred to in points (1) to (8) shall be understood as covering middle-ranking or more junior officials.
Information exchanged between financial institutions in connection with AML/ CTF investigations shall be used exclusively for the purposes of the prevention of money laundering and terrorist financing.
Member States shall ensure that the sharing of information within the group is allowed.
Any suspicious activity is to be promptly reported to the local FIU, which have anonymous access to centralized registers or electronic data retrieval systems.
Where a third country’s law does not permit implementation of the policies and procedures required above, financial institutions must ensure that branches and majority-owned subsidiaries in that third country apply additional measures to handle the risk of money laundering or terrorist financing, and inform the competent authorities of their home Member State. If this is not sufficient, the competent authorities of the home Member State shall exercise additional supervisory actions.
For non-financial institutions, penalties can amount to twice the amount of the benefit derived from the breach, or at least €1M.
GDPR | What is truly new in this Data Protection Regulation?
Apex has performed a comparison of the current and the upcoming GDPR and has detected the following new additions which are part of the GDPR implementation plan.
Key facts on the current EU Data Protection Directive vs the upcoming GDPR:
Cayman Island – First legal Data Protection Framework introduced March 2017
In March 2017, the Legislative Assembly of the Cayman Islands passed the Data Protection Law 2017, introducing for the first time a true legal framework on the management of data in the region. The Cayman government published a Data Protection Bill in 2016 proposing a data protection framework based on principles describing rights and duties in all areas where personal data is involved. The suggestions put forward in the Data Protection Bill, 2016, were inspired by the legislative framework of the European Union and international best practices.Until the law is enforced, the Cayman Islands will continue to operate under the previous duty of confidentiality enshrined in the common law and provisions for the Confidential Relationships Preservation Law (as revised) of the Cayman Islands (the ‘CRPL’).
The new Data Protection Law in Cayman imposes principles such as the ‘fair and accurate management and storage of personal data’. The Data Protection Bill applies to everyone in the Cayman Islands, public and private sector alike, as well as entities outside the Islands that have certain data processing functions. This is similar to the upcoming GDPR going beyond the European territory. Apex is closely monitoring the Cayman Island data protection developments, market practice adaptations and the nuances of each single principles to understand similarities or differences in legal notions and will provide further updates in due course.
This constitutes a big success with regards to progress in this area as it is the third time a government has attempted to implement such a defined legislation – the previous two attempts to pass such a Data Protection Bill failed, not even making it to Legislative Assembly level.
By clicking the button you confirming that you’re agree with our following Terms and Conditions