FinTech, Vol. 3, Pages 173-183: Account Information and Payment Initiation Services and the Related AML Obligations in the Law of the European Union

FinTech, Vol. 3, Pages 173-183: Account Information and Payment Initiation Services and the Related AML Obligations in the Law of the European Union

FinTech doi: 10.3390/fintech3010011

Authors: Michał Grabowski

The Second Payment Services Directive introduced new services into the European Union legal system—Payment Initiation and Account Information Services. These services are based on payment accounts already opened and maintained for customers by the Account Servicing Payment Service Provider (bank, payment institution, electronic money institution). The Account Services Payment Service provider performs AML/CFT verification of the account holder and applies customer due diligence measures to the account holder, such as identifying beneficial owners, obtaining information on the purpose and intended nature of the business relationship, and ongoing monitoring of the business relationship. Payment Initiation and Account Information services are therefore provided to a previously verified client and based on the payment account currently maintained for him. European Union law does not clearly specify whether a Third-Party Service Provider offering Payment Initiation or Account Information Services is obliged to re-apply financial security measures to customers. The aim of this article was to perform a legal analysis of the regulations and soft law acts in force in the European Union and to answer the question. The purposive (teleological) and linguistic–logical (grammatical) methods of interpretation of regulations were used for the analysis. The structure of the legal system of the European Union as a civil law (code law) system was taken into account. This article shows that in the current legal situation, there is no doubt that Third-Party Service Providers are obliged entities in terms of AML/CFT law and are obliged to apply the AML/CFT to customers using Payment Initiation and Account Information services. However, the degree to which customer due diligence measures have to be applied varies depending on the adopted model of providing Payment Initiation and Account Information services. Third-Party Service Providers will be obliged to apply financial security measures in cases where the relationship between the customer and the service providers will have a continuing character. In the case of occasional provision of services, when the transaction value does not exceed a certain threshold, the supplier may only perform simplified customer verification. In particular, this applies to Payment Initiation service models, where the Payment Initiation Service Provider works for merchants, enabling them to accept payments for goods and services sold. In such a model, the Service Provider has a continuous relationship with the merchant but only performs an occasional transaction for the user. The analysis also allowed for the conclusion that European Union law, including that in the draft phase, does not regulate in a sufficiently precise manner when a given model of Account Services and Payment Initiation Services may be treated as based on an occasional transaction. This made it possible to formulate a de lege ferenda request to include this issue in the proposal for an EU Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.