LogoRegulatory Alerts
2024-06-26

Regulation on Information Accompanying Transfers of Funds

The Central Bank of Kosovo has issued a regulation mandating that licensed payment service providers ensure specific payer and payee information accompanies all fund transfers to combat money laundering and terrorist financing. The rules require originators to verify and transmit details such as names, account numbers, and unique transaction identifiers, while destination providers must detect missing data, verify amounts over 1,000 euros, and apply risk-based measures to execute or reject transfers. Applying to domestic and cross-border transactions in any currency, the regulation establishes standardized data retention, intermediary obligations, and strict compliance protocols for financial institutions operating within Kosovo.

Central Bank of the Republic of Kosovo logo

Kosovo

Central Bank of the Republic of Kosovo

Click to view thumbnail

1 of 11 Pursuant to Article 35, paragraph 1, subparagraph 1.1, of the Law No. 03/L-209 on the Central Bank of the Republic of Kosovo (Official Gazette of the Republic of Kosovo, No. 77 / August 16, 2010, Prishtina) , amended and supplemented by Law No. 05/L -150 on the Central Bank of the Republic of Kosovo (Official Gazette of the Republic of Kosovo, No. 10 / 03 April 2017, Prishtina), Article 85, Paragraph 1, of Law No. 04/L-093 om Banks, Microfinance Institutions and Non-Bank Financial Institutions (Official Gazette of the Republic of Kosovo No. 11 / May 11, 2012, Prishtina) , Article 4, paragraph 3, of Law No. 05/L-045 on Insurances ( Official Gazette of the Republic of Kosovo / No. 38 / December 24, 2015, Prishtina) , Article 23, paragraph 6, and Article 66, paragraph 2, of Law No. 05/L￾096 on Preventing Money Laundering and Combating the Financing of Terrorism (Official Gazette of the Republic of Kosovo No. 18 / 15 June 2016, Prishtina) , the Board of the Central Bank, at its meeting held on June 26, 2024, approved the following: REGULATION ON INFORMATION ACCOMPANYING TRANSFERS OF FUNDS CHAPTER I GENERAL PROVISIONS Article 1 Purpose The purpose of this Regulation is to set out rules of information on the payer and the payee that must accompany the transfer of funds, in any currency, for the purposes of preventing, identifying and investigating money laundering and terrorist financing, where at least one of the payment service providers involved in the transfer of funds is licensed in Kosovo. This regulation also sets out rules on internal policies, procedures and controls to ensure the implementation of measures for PML/CFT where at least one of the payment service providers involved in the transfer of funds is licensed in Kosovo. Article 2 Scope

  1. This Regulation shall apply to payment service providers and their licensed branches in Kosovo, sending or receiving transfer of funds in any currency.
  2. This Regulation shall not apply to transfer of funds made through a payment card, electronic payment instruments, mobile phone or any other prepaid or paid technology device with similar characteristics, provided that the following criteria are met: 2.1. the card, instrument or device is used only to pay for goods and services;

2 of 11 2.2. the number of the card, instrument or device accompanies all transfers resulting from the transaction. 3. Nevertheless, this Regulation shall apply when a payment card, electronic payment instrument, mobile phone or any other prepaid or paid technology device with similar characteristics is used to transfer funds between natural persons acting as customers for purposes other than trade, business or professional activity. 4. This Regulation shall not apply to transfer of funds in cases where one of the following criteria is met: 4.1. includes cash withdrawals by the payer from the payer's own payment account; 4.2. constitutes a transfer of funds to a public authority as payment for taxes, fines or other charges within the country. 4.3. the payer and payee are payment service providers acting on their behalf; Article 3 Definitions

  1. All terms used in this regulation shall have the same meaning as the terms defined in the Law on the Prevention of Money Laundering and Combating the Financing of Terrorism (hereinafter - the Law on PML/CFT) and the Law on Payment Services / or with the following definitions for the purpose of this regulation: 1.1. Terrorist Financing– means terrorist financing as defined in the Law on Prevention of Money Laundering and Combating the Financing of Terrorism; 1.2. Money Laundering – means money laundering as defined in the Law on Prevention of Money Laundering and Combating the Financing of Terrorism; 1.3. CBK – Central Bank of the Republic of Kosovo; 1.4. FIU-K – Kosovo Financial Intelligence Unit; 1.5. Payer – means a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; 1.6. Payee – means a person that is the intended recipient of the transfer of funds; 1.7. Payment Service Provider - PSP - means any financial institution licensed, registered or authorized under applicable laws and regulations to provide transfer of funds services; 1.8. Intermediary Payment Service Provider – means a PSP that is not the PSP of payer or payee and that receives and transmits a transfer of funds on behalf of PSP of payer or payee or another intermediary PSP; 1.9. Payment Account – means an account held on behalf of one or more users of the payment service which is used for the execution of payment transactions; 1.10. Funds – means banknotes and coins, cash or electronic money;

3 of 11 1.11. Transfer of funds - means any transaction at least partially carried out by electronic means on behalf of a payer through a PSP, with a view to making funds available to a payee, irrespective of whether the payer and the payee are the same person and irrespective of whether the PSP of the payer and that of the payee are one and the same, including: 1.11.1. credit transfer; 1.11.2. direct debit; 1.11.3. a money remittance; 1.11.4. transfer carried out using a payment card, an electronic payment instrument, a mobile phone or other prepaid or post-paid electronic device with similar characteristics; 1.12. Batch file transfer – means a bundle of several individual transfers of funds put together for transmission; 1.13. Unique Transaction Identifier – means a combination of letters, numbers or symbols determined by the PSP, in accordance with the protocols of the payment and settlement systems or messaging systems used for the transfer of funds, which permits the traceability of the transaction back to the payer and the payee; 1.14. SEPA – stands for the Single Euro Payments Area; 1.15. Legal Entity Identifier – means a unique code based on the ISO 17442 standard assigned to a legal entity. 1.16. Remittance – means a payment service where funds are received from a payer, without any payment account being created in the name of the payer or the payee, for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee and/or where such funds are received on behalf of and made available to the payee. CHAPTER II OBLIGATIONS FOR PAYMENT SERVICES PROVIDERS Section I Obligations on the payment service providers of payer Article 4 Information accompanying transfers of funds The payment service provider of the payer shall ensure that the transfers of funds are accompanied by the following information on the payer: 1.1. the name of the payer; 1.2. the payer's payment account number; 1.3. the payer’s address including the name of the country, the official personal identification document and the customer identification number or date and place of birth;

4 of 11 2. The payment service provider of payer shall ensure that the transfer of funds is accompanied by the following information on the payee: 2.1. the name of the payee; 2.2. the payee's payment account number; 3. By way of derogation from subparagraph 1.2 of paragraph 1, and subparagraph 2.2 of paragraph 2 of this Article, in the case of a transfer not made from or to a payment account, the payment service provider of the payer shall ensure that the transfer of funds is accompanied by a unique transaction identifier. 4. Before transferring funds, the payment service provider of the payer shall verify the accuracy of the information referred to in paragraph 1 of this article and, when applicable, in paragraph 3 of this Article, on the basis of documents, data or information obtained from a reliable and independent source. 5. Verification referred to in paragraph 4 of this article shall be deemed to have taken place when one of the following applies: 5.1. a payer's identity has been verified in accordance with the provisions of due diligence to the customer as defined in the Law on PML/CFT and the information obtained pursuant to that verification has been registered in accordance with the provisions of Article 64 of the Law on PML/CFT. 5.2. The provisions of paragraph 1.4 of article 19 of the Law on PML/CFT apply to the payer. 6. Without prejudice to the derogations provided for in Articles 5 and 6, the payment service provider of the payer shall not execute any transfer of funds before ensuring full compliance with this Article. Article 5 Transfer of funds within the country

  1. By way of derogation from paragraphs 1 and 2 of Article 4, where all payment service providers involved in the payment chain are operating in Kosovo, transfer of funds shall be accompanied by at least the payment account number of both the payer and the payee or, where paragraph 3 of Article 4 applies, the unique transaction identifier.
  2. Notwithstanding paragraph 1 of this Article, the payment service providers of payer, within three working days of receiving the request for information from the payment service providers of payee or intermediary payment service providers, shall make available the following: 2.1. for transfers of funds exceeding the value of 1,000 euros, if these transfers are made in a single transaction or in several transactions that appear to be linked, the information on the payer or the payee in accordance with Article 4; 2.2. for transfers of funds that do not exceed the value of 1,000 euros that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed the value of 1,000 euros, at least: 2.2.1. the names of the payer and the payee;

5 of 11 2.2.2. the payment account numbers of the payer and the payee or, where paragraph 3 of Article 4 applies, the unique transaction identifier. 3. By way of derogation from paragraph 4 of Article 4, in the case of transfer of funds referred to in paragraph 2.2 of this Article, the payment service provider of payer does not need to verify information on the payer, unless the payment service provider of payer: 3.1. has received the funds to be transferred in cash or in anonymous electronic money; or 3.2. has reasonable grounds for suspecting money laundering or terrorist financing. Article 6 Transfers of funds to outside the country

  1. In the case of a batch file transfer of fundsfrom a single payer, where the payment service providers of the payee are established abroad, paragraph 1 of Article 4 shall not apply to individual transfers bundled together, provided that the batch file contains the information referred to in paragraphs 1, 2 and 3 of Article 4, that that information has been verified in accordance with paragraphs 4 and 5 of Article 4, and that the individual transfers bear the payer's payment account number or, where paragraph 3 of article 4 applies, the unique transaction identifier.
  2. By way of derogation from paragraph 1 of Article 4 and, when applicable, without prejudice to the information required in accordance with the CBK Regulation on the establishment of technical and business requirements for credit transfers and direct debits in euros, funds that do not exceed the amount of 1,000 euros and which do not appear to be related to other transfers of funds which, together with the transfer in question, exceed the amount of 1,000 euros, must be accompanied by at least: 2.1. the names of the payer and the payee 2.2. payment account numbers of the payer and the payee or when paragraph 3 of article 4 applies, the unique transaction identifier.
  3. By way of derogation from paragraph 4 of Article 4, the payer's payment service provider does not need to verify the information about the payer referred to in this paragraph, unless the payer's payment service provider: 3.1. has received the funds to be transferred in cash or in anonymous electronic money; OR 3.2. has reasonable grounds for suspecting money laundering or terrorist financing. Section II Obligations on the payment service providers of payee Article 7 Detection of missing information on the payer or the payee
  4. The payment service provider of the payee shall implement effective procedures to detect whether the fields relating to the information on the payer and the payee in the messaging or payment and

6 of 11 settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system. 2. The payment service provider of the payee shall implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the following information on the payer or the payee is missing: 2.1. for transfers of funds where the payment service provider of the payer is established in the Country, the information referred to in Article 5; 2.2. for transfers of funds where the payment service provider of the payer is established outside the Country, the information referred to in subparagraphs 1.1, 1.2 and 1.3 of paragraph 1 of Article 4, and in subparagraphs 2.1 and 2.2 of paragraph 2 of Article 4; 2.3. for batch file transfers where the payment service provider of the payer is established outside the Country, the information referred to in subparagraphs 1.1, 1.2 and 1.3 of paragraph 1 of article 4, and in subparagraphs 2.1 and 2.2 of paragraph 2 of article 4. 3. In the case of transfers of funds exceeding EUR 1 000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before crediting the payee's payment account or making the funds available to the payee, the payment service provider of the payee shall verify the accuracy of the information on the payee referred to in paragraph 2 of this Article on the basis of documents, data or information obtained from a reliable and independent source, and if it is regulated by the legislation in the country without prejudice to the requirements laid down regarding the time of execution and the date of validity of the transaction. 4. In the case of transfers of funds not exceeding EUR 1 000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1 000, the payment service provider of the payee need not verify the accuracy of the information on the payee, unless it: 4.1. effects the pay-out of the funds in cash or in anonymous electronic money; or 4.2. has reasonable grounds for suspecting money laundering or terrorist financing. 5. Verification referred to in paragraphs 3 and 4 of this Article shall be deemed to have taken place where one of the following applies: 5.1. a payee's identity has been verified in accordance with the provisions of due diligence to the customer as defined in the Law on PML/CFT and the information obtained pursuant to that verification has been stored in accordance with the provisions of Article 64 of the Law on PML/CFT. 5.2. The provisions of paragraph 1.4 of article 19 of the Law on PML/CFT apply to the payee. Article 8 Transfer of funds with missing or incomplete information on the payer or the payee

  1. The payment service provider of the payee shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis for determining whether to execute, reject or suspend a transfer of funds lacking the required complete payer and payee information and for taking the appropriate follow-up action.

7 of 11 1.1. Where the payment service provider of the payee becomes aware, when receiving transfers of funds, that the information referred to in subparagraphs 1.1, 1.2 and 1.3 of paragraph 1 and subparagraphs 2.1 and 2.2 of paragraph 2 of Article 4, paragraph 1 of Article 5, and Article 6, is missing or incomplete or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system as referred to in paragraph 1 of Article 7, the payment service provider of the payee shall on a risk-sensitive basis: 1.1.1. reject the transfer of funds; or 1.1.2. ask for the required information on the payer and the payee before or after crediting the payee's payment account or making the funds available to the payee. 2. Where a payment service provider repeatedly fails to provide the required information on the payer or the payee, the payment service provider of the payee shall: 2.1. take steps, which may initially include the issuing of warnings and setting of deadlines, before the rejection, restriction or termination in accordance with subparagraph 2.2 of this Article if the requested information has not yet been provided; or 2.2. directly reject any future transfer of funds from that payment service provider or restrict or terminate its business relationship with that payment service provider. 3. Based on the previous paragraph, The payment service provider of the payee shall report that failure, and the steps taken, to the CBK and FIU-K. Notvithstanding, in cases of reporting under Article 26 of the Law on PML/CFT, the payment service provider of payee must apply the provisions set forth in paragraph 4 of Article 26 of the Law on PML/CFT. Article 9 Assessment and reporting The payment service provider of the payee shall take into account missing or incomplete information on the payer or the payee as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious and whether it is to be reported to the to the FIU-K in accordance with the Law on PML/CFT. Section III Obligations on intermediary payment service providers Article 10 Retention of information on the payer and the payee accompanying the transfer Intermediary payment service providers shall ensure that all the information received on the payer and the payee that accompanies a transfer of funds is retained with the transfer.

8 of 11 Article 11 Detection of missing information on the payer or the payee

  1. The intermediary payment service provider shall implement effective procedures to detect whether fields relating to information of payer and payee in the messaging or payment and settlement system used to effect the transfer of funds have been filled using characters or inputs admissible in accordance with the conventions of that system.
  2. The intermediary payment service provider shall implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the following information on the payer or the payee is missing: 2.1. for transfers of funds where the payment service providers of the payer and the payee are established within the country, the information referred to in Article 5; 2.2. for transfers of funds where the payment service provider of the payer or of the payee is established outside the Country, the information referred to in subparagraphs 1.1, 1.2 and 1.3 of paragraph 1, and in subparagraphs 2.1 and 2.2 of paragraph 2 of article 4; 2.3. for batch file transfers where the payment service provider of the payer or of the payee is established outside the country, the information referred to in subparagraphs 1.1, 1.2 and 1.3 of paragraph 1, and in subparagraphs 2.1 and 2.2 of paragraph 2 of article 4. Article 12 Transfer of funds with missing information on payer or payee
  3. The intermediary payment service provider shall establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds lacking the required payer and payee information and for taking the appropriate follow up action.
  4. Where the intermediary payment service provider becomes aware, when receiving transfers of funds, that the information referred to in subparagraphs 1.1, 1.2 and 1.3 of paragraph 1 and subparagraphs 2.1 and 2.2 of paragraph 2 of article 4, paragraph 1 of Article 5 , or Article 6, is missing or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system as referred to in paragraph 1 of Article 7, the intermediary payment service provider, on a risk-sensitive basis shall: 2.1. reject the transfer; 2.2. ask for the information on the payer and the payee before or after the transmission of the transfer of funds.
  5. Where a payment service provider repeatedly fails to provide the required information on the payer or the payee, the intermediary payment service provider shall: 3.1. take steps, which may initially include the issuing of warnings and setting of deadlines, before the rejection, restriction or termination in accordance with subparagraph 3.2 of this Article if the requested information has not yet been provided; or 3.2. directly reject any future transfer of funds from that payment service provider or restricting or terminating its business relationship with that payment service provider.

9 of 11 3.3. Based on the previous paragraph, the intermediary payment service provider shall report that failure, and the steps taken, to the CBK and FIU-K. Notwithstanding, in cases of reporting under Article 26 of the Law on PML/CFT, the payment service provider of payees shall apply the provisions set forth in paragraph 4 of Article 26 of the Law on PML/CFT. Article 13 Assessment and Reporting The intermediary payment service provider shall take into account missing or incomplete information on the payer or the payee as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious, and whether it is to be reported to the FIU - K in accordance with the Law on PML/CFT. Section IV Implementation of restrictive measures Article 14 Policies, procedures and internal controls to ensure the implementation of preventive measures Payment service providers shall have policies, procedures and internal controls to ensure the implementation of PML/CFT measures according to the law in force or CBK regulation when performing transfer of funds according to this Regulation. CHAPTER III INFORMATION, DATA PROTECTION AND RECORD RETENTION Article 15 Data protection

  1. The processing of personal data under this Regulation is subject to the provisions of the Law on the Protection of Personal Data.
  2. Personal data shall be processed by payment service providers on the basis of this Regulation only for the purposes of the prevention of money laundering and terrorist financing and shall not be further processed in a way that is incompatible with those purposes. The processing of personal data on the basis of this Regulation for commercial purposes shall be prohibited.
  3. Payment service providers shall provide new clients with the information required in accordance with the provisions of the Law on Protection of Personal Data before establishing a business relationship or carrying out an occasional transaction. This information will be provided in a concise, transparent, understandable and easily accessible form in accordance with the provisions of the Law on the Protection of Personal Data and, in particular, include a general notice concerning the legal obligations of payment service providers under this Regulation when processing personal data for the purposes of the prevention of money laundering and terrorist financing.

10 of 11 4. Payment service providers shall always ensure that the transmission of any personal data to parties involved in the transfer of funds is carried out in accordance with the provisions of the Law on Protection of Personal Data. Article 16 Record retention

  1. Payment service providers of the payer and of the payee shall retain records of the information referred to in Articles 4 to 7 for a period of five years.
  2. Without prejudice to the following paragraph, upon expiry of the retention period referred to in paragraph 1 of this Article, payment service providers shall ensure that personal data is deleted, unless otherwise provided by the law.
  3. The CBK may allow or require further retention for a maximum period of five years after having carried out a thorough assessment of the necessity and proportionality of such further retention, and where they considers it necessary for the prevention, detection or investigation of money laundering or terrorist financing. Article 17 Cooperation with other authorities The exchange of information between the CBK and other local and foreign authorities with powers in preventing and combating money laundering and terrorist financing shall be subject to the provisions of the Law on PML/CFT. CHAPTER IV ADMINISTRATIVE PENALTIES AND REMEDIAL MEASURES Article 18 General provisions
  4. Violations of the provisions of this Regulation shall be subject to remedial and punitive measures as defined by the Law on PML/CFT, the Law on the Central Bank and the relevant legislation for financial institutions.
  5. CBK shall oversee financial institutions in terms of compliance with obligations under the Law on PML/CFT, Regulation on PML/CFT and this Regulation.

11 of 11 CHAPTER V FINAL PROVISIONS Article 19 Transitional provisions The deadline for the full implementation of the provisions of this Regulation is December 31, 2024. Article 20 Entry into force This Regulation shall enter into force on August 1, 2024. Bashkim Nurboja Chairman of the Board of the Central Bank of the Republic of Kosovo

Share