LogoRegulatory Alerts
2024-08-07 | 43/2024

Regulation 43/2024 on Information Accompanying Transfers of Funds

The Bank of Albania’s Supervisory Council issued Regulation 43/2024 to mandate that Albanian payment service providers attach specific payer and payee details—including names, account numbers or unique identifiers, and legal entity codes—to all fund transfers. The regulation applies to euro-denominated SEPA transfers, domestic transactions, and cross-border payments involving licensed Albanian institutions, requiring PSPs to verify information accuracy based on transaction values and money laundering risks. Receiving and intermediary PSPs must implement risk-based procedures to detect missing data, request or reject non-compliant transfers, and report rejected transactions to the Financial Intelligence Agency.

Bank of Albania logo

Albania

Bank of Albania

Click to view thumbnail

R E P U B L I C O F ALB ANI A BANK OF ALBANIA SUPERVISORY COUNCIL DECISION No. 43, dated 7.8.2024 ON THE APPROVAL OF REGULATION “ON INFORMATION ACCOMPANYING TRANSFERS OF FUNDS” In accordance with article 1, paragraph 4, letter “b”, article 3, paragraph 3, article 12, letter ”a” and article 43, letter “c” of the law no. 8269, dated 23.12.1997 “On the Bank of Albania”, as amended; article 9 of the law no. 9662, dated 18.12.2006 “On banks in the Republic of Albania”, as amended; law 55/2020, dated 30.4.2020 “On payment services”; law no. 9917, dated 19.05.2008 “On prevention of money laundering and terrorism financing”, as amended; the Supervisory Council of the Bank of Albania, having regard to the proposal from the Supervision Department, DECIDED:

  1. To approve the regulation “On information accompanying transfers of funds”, according to the text attached to this decision.
  2. Payment service providers defined in article 3, paragraph 2, letters “a”, “b” and “c” of the law no. 55, dated 30.4.2020 “On payment services” are responsible for the implementation of this decision.
  3. The Bank of Albania’s Supervision Department is responsible for monitoring the implementation of this decision.
  4. The Governor’s Office and the Research Department shall be responsible for the publication of this decision in the Official Journal of the Republic of Albania and in the Official Bulletin of the Bank of Albania, respectively. This decision shall enter into force 15 days following its publication in the Official Journal. SECRETARY CHAIR Elvis ÇIBUKU Gent SEJKO

2 REGULATION “ON INFORMATION ACCOMPANYING TRANSFERS OF FUNDS” CHAPTER I GENERAL PRINCIPLES Article 1 Object The object of this regulation is to define the rules for: a) the information on payers and payees accompanying transfers of funds, in euro, in the context of the Single Euro Payments Area (SEPA), the participation of payment service providers in Albania, in payment schemes administered by the European Payments Council, and for the purposes of preventing money laundering and terrorism financing, where at least one of the payment service providers involved in the transfer executed in a payment scheme administered by the European Payment Council is established and licensed in Albania; b) the policies, procedures and internal controls, to ensure the implementation of restrictive measures, when at least one of the payment service providers is established and licensed in Albania, regardless of the transaction involved or the currency used. Article 2 Subjects The subjects of this regulation are payment service providers, as defined in article 3, paragraph 2, letters “a”, “b” and “c” of the law no.55/2020, dated 30.4.2020 “On payment services”. Article 3 Legal basis This regulation is issued based on and for the implementation of: a) article 1, paragraph 4, letter “b”, article 3, paragraph 3, article 12, letter ”a” and article 43, letter “c” of the law no. 8269, dated 23.12.1997 “On the Bank of Albania”;

3 b) article 9 of the law no. 9662, dated 18.12.2006 “On banks in the Republic of Albania”, as amended, which in this regulation shall be referred as the law “On banks”; c) law no. 55/2020, dated 30.4.2020 “On payment services”, which in this regulation shall be referred as the law “On payment services”; d) law no. 9917, dated 19.05.2008 “On prevention of money laundering and terrorism financing”, as amended which in this regulation shall be referred as the law “On prevention of money laundering and terrorism financing”. Article 4 Scope of application

  1. The provisions of articles 7 to 14 of this regulation shall apply to transfers of funds in euros, sent or received, by payment service providers or intermediary payment service providers licensed and operating in Albania, as participants in a payments scheme administered by the European Payments Council, where at least one of the payment service providers or intermediary payment service providers involved in the transaction is established and licensed in Albania.
  2. The provisions of articles 15 to 18 of this regulation shall apply to all payment service providers licensed and operating in Albania, regardless of the system, scheme, transaction or currency used.
  3. This regulation applies when a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics, is used to carry out a transfer of funds between natural persons acting as consumers not for commercial, business or professional purposes. Article 5 Exemptions from the scope of application
  4. This regulation shall not apply to: a) the services listed in letters “a” to “i” and in letter “k” of article 4 of law “On payment services”; b) transfers of funds carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics, provided that the following conditions are met: i. that card, instrument or device is used exclusively to pay for goods or services, and

4 ii. the number of that card, instrument or device accompanies all transfers flowing from the transaction; c) persons that have no activity other than to convert paper documents into electronic data and that do so pursuant to a contract with a payment service provider, or to persons that have no activity other than to provide payment service providers with messaging or other support systems for transmitting funds or with clearing and settlement systems; d) transfer of funds where any of the following conditions is met: i. it involves the payer withdrawing cash from the payer’s own payment account, ii. it constitutes a transfer of funds to a public authority as payment for taxes, fines or other levies within Albania, iii. both the payer and the payee are payment service providers acting on their own behalf, iv. it is carried out through cheque images exchanges, including truncated cheques; e) transfers of funds within Albania to a payee’s payment account permitting payment exclusively for the provision of goods or services where all of the following conditions are met: i. the payment service provider of the payee is subject of the law “On prevention of money laundering and terrorism financing”, ii. the payment service provider of the payee is able to trace back, through the payee, by means of a unique transaction identifier, the transfer of funds from the person who has an agreement with the payee for the provision of goods or services, iii. the amount of the transfer of funds does not exceed EUR 1,000. Article 6 Definitions

  1. The terms used in this regulation have the same meaning as the terms used in the law “On payment services”, in the law “On banks” and in the law “On prevention of money laundering and terrorism financing”.
  2. In addition to what is provided in paragraph 1 of this article, for the purposes of this regulation, the following definitions apply: a) “terrorism financing” - means terrorism financing as defined in articles 230/a to 230/ç of the Criminal Code; b) “money laundering” - means the money laundering activities referred to in article 287 of the Criminal Code;

5 c) “intermediary payment service provider” - means a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider; d) “transfer of funds” - means any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including: i. a credit transfer, ii. a direct debit, iii. a money remittance, iv. a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; e) “batch file transfer” - means a bundle of several individual transfers of funds put together for transmission; f) “unique transaction identifier” - means a combination of letters, numbers or symbols determined by the payment service provider, in accordance with the protocols of the payment and settlement systems or messaging systems used for the transfer of funds, which permits the traceability of the transaction back to the payer and the payee; g) “legal entity identifier” or ‘LEI’ - means a unique alphanumeric reference code based on the ISO 17442 standard assigned to a legal entity; h) “payment scheme” - is a single set of rules, practices, standards and/or implementation guidelines agreed between payment service providers for the execution of payment transactions within Albania and throughout the Single Euro Payments Area (SEPA), and which is separate from any infrastructure or payment system that supports its operation; i) “SEPA” - is the Single Euro Payments Area; j) “SEPA area” - is the geographical extent of the SEPA schemes as determined by the criteria established by the European Payments Council (EPC); k) “EPC SEPA payment scheme” - is a payment scheme administered by the European Payments Council (EPC).

6 CHAPTER II OBLIGATIONS OF PAYMENT SERVICE PROVIDERS FOR THE INFORMATION ACCOMPANYING TRANSFERS OF FUNDS SUBCHAPTER I OBLIGATIONS OF THE PAYMENT SERVICE PROVIDER OF THE PAYER Article 7 Information accompanying transfers of funds

  1. The payment service provider of the payer shall ensure that transfers of funds are accompanied by the following information on the payer: a) name and surname of the payer or the legal entity name of the payer; b) the payer’s payment account number; c) the payer’s address, including the name of the country or jurisdiction, identification document number and personal customer number, or, alternatively, the payer’s date and place of birth; and d) the legal entity identifier (subject to the existence of the necessary field in the relevant payments message format, and where provided by the payer to its payment service provider), or, in its absence, any available equivalent official identifier.
  2. The payment service provider of the payer shall ensure that transfers of funds are accompanied by the following information on the payee: a) name and surname of the payee or the legal entity name of the payee; b) the payee’s payment account number; and c) the legal entity identifier (subject to the existence of the necessary field in the relevant payments message format, and where provided by the payer to its payment service provider), or, in its absence, any available equivalent official identifier.
  3. By way of derogation from paragraph 1, letter “b”, and paragraph 2, letter “b” of this article, in the case of transfers not made to or from a payment account, the payment service provider of the payer shall ensure that the transfer of funds is accompanied by a unique transaction identifier rather than the payment account number.
  4. Before transferring funds, the payment service provider of the payer shall verify the accuracy of the information referred to in paragraph 1 of this article and, where applicable, in paragraph 3 of this article, on the basis of documents, data or information obtained from a reliable and independent source.

7 5. Verification as referred to in paragraph 4 of this article shall be deemed to have taken place where: a) the identity of the payer has been verified in accordance with article 4/1 of the law “On prevention of money laundering and terrorism financing” and the information obtained pursuant to that verification has been retained in accordance with article 16 of that law; b) article 4/1 of the law “On prevention of money laundering and terrorism financing” shall apply even when the payer is an existing customer. 6. Without prejudice to the derogations provided for in articles 8 and 9 of this regulation, the payment service provider of the payer shall not execute any transfer of funds before ensuring full compliance with this article. Article 8 Transfers of funds within Albania

  1. By way of derogation from article 7, paragraphs 1 and 2 of this regulation, where all payment service providers involved in the payment chain are established in Albania, transfers of funds shall be accompanied by at least the payment account number of both the payer and the payee or, where article 7, paragraph 3 of this regulation applies, the unique transaction identifier, without prejudice to the information requirements laid down in regulation “Establishing requirements for credit transfers and direct debits in euro”, where applicable.
  2. Notwithstanding paragraph 1 of this article, the payment service provider of the payer shall, within three working days of receiving a request for information from the payment service provider of the payee or from the intermediary payment service provider, make available the following: a) for transfers of funds exceeding EUR 1,000, whether such transfers are carried out in a single transaction or in several transactions which are considered to be linked, the information on the payer or the payee in accordance with article 7 of this regulation; b) for transfers of funds not exceeding EUR 1,000 that are not considered to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1 000, at least: i. the name and surname of the payer and of the payee; and ii. the payment account number of the payer and of the payee or, where article 7, paragraph 3 of this regulation applies, the unique transaction identifier.
  3. By way of derogation from article 7, paragraph 4 of this regulation, in the case of transfers of funds referred to in paragraph 2, letter “b” of this article, the payment

8 service provider of the payer need not verify the information on the payer unless the payment service provider of the payer: a) has received the funds to be transferred in cash; b) has reasonable grounds for suspecting money laundering or terrorist financing; c) has doubts about the authenticity or suitability of the previously received data; or d) has suspicions of fraud. Article 9 Transfers of funds outside Albania

  1. In the case of a batch file transfer from a single payer where the payment service providers of the payees are established outside Albania, paragraph 1 of article 7 of this regulation shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in article 7, paragraphs 1, 2 and 3 of this regulation, and that information has been verified in accordance with article 7, paragraphs 4 and 5 of this regulation, and that the individual transfers carry the payment account number of the payer or, where article 7, paragraph 3 of this regulation applies, the unique transaction identifier.
  2. By way of derogation from article 7, paragraph 1 of this regulation, and, where applicable, without prejudice to the information required in accordance with regulation “Establishing requirements for credit transfers and direct debits in euro”, where the payment service provider of the payee is established outside Albania, transfers of funds not exceeding EUR 1,000 that are not considered to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1,000, shall be accompanied by at least: a) the name and surname of the payer and of the payee, or legal entity name of the payer and of the payee; and b) the payment account number of the payer and of the payee or, where article 7, paragraph 3 applies, the unique transaction identifier.
  3. By way of derogation from article 7, paragraph 4 of this regulation, the payment service provider of the payer need not verify the information on the payer referred to in paragraph 2 of this article, unless the payment service provider of the payer: a) has received the funds to be transferred in cash; b) has reasonable grounds for suspecting money laundering or terrorist financing; c) has doubts about the authenticity or suitability of the previously received data; or d) has suspicions of fraud.

9 SUBCHAPTER II OBLIGATIONS OF THE PAYMENT SERVICE PROVIDER OF THE PAYEE Article 10 Detection of missing information on the payer or the payee

  1. The payment service provider of the payee shall implement effective procedures to detect whether the fields relating to the information on the payer and the payee in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.
  2. The payment service provider of the payee shall implement effective procedures, including, where appropriate, monitoring during or after the transfers, in order to detect whether the following information on the payer or the payee is missing: a) for transfers of funds, where the payment service provider of the payer is established in Albania, the information referred to in article 8 of this regulation; b) for transfers of funds, where the payment service provider of the payer is established outside Albania, the information referred to in letters “a”, “b” and “c” of paragraph 1, and in letters “a” and “b” of paragraph 2 of article 7 of this regulation; c) for batch file transfers, where the payment service provider of the payer is established outside Albania, the information referred to in letters “a”, “b” and “c” of paragraph 1, and in letters “a” and “b” of paragraph 2 of article 7 of this regulation, in respect of that batch file transfer.
  3. In the case of transfers of funds exceeding EUR 1,000, whether those transfers are carried out in a single transaction or in several transactions which are considered to be linked, before crediting the payee’s payment account or making the funds available to the payee, the payment service provider of the payee shall verify the accuracy of the information on the payee referred to in paragraph 2 of this article, on the basis of documents, data or information obtained from a reliable and independent source, without prejudice to the requirements laid down in articles 76 and 77 of the law “On payment services”.
  4. In the case of transfers of funds not exceeding EUR 1,000 that are not considered to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1,000, the payment service provider of the payee need not verify the accuracy of the information on the payee, unless the payment service provider of the payee: a) effects the pay-out of the funds in cash;

10 b) has reasonable grounds for suspecting money laundering or terrorist financing; c) has doubts about the authenticity or suitability of the previously received data; or d) has suspicions of fraud. 5. Verification as referred to in paragraphs 3 and 4 of this article shall be deemed to have taken place where: a) the identity of the payee has been verified in accordance with article 4/1 of the law “On prevention of money laundering and terrorism financing” and the information obtained pursuant to that verification has been retained in accordance with article 16 of that law; b) article 4/1 of the law “On prevention of money laundering and terrorism financing” applies even when the payee is an existing customer. Article 11 Transfers of funds with missing or incomplete information on the payer or the payee

  1. The payment service provider of the payee shall implement effective risk-based procedures, as referred to in article 4/1 and article 11 of the law “On prevention of money laundering and terrorism financing” for determining whether to execute, reject or suspend a transfer of funds lacking the required complete information on the payer and the payee, and for taking the appropriate follow-up actions.
  2. Where the payment service provider of the payee becomes aware, when receiving a transfer of funds, that the information referred to in article 7, paragraph 1, letters “a”, “b” and “c”, in article 7, paragraph 2, letters “a” and “b”, in article 8, paragraph 1, or in article 9, is missing or incomplete or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system, as referred to in paragraph 1 of article 10 of this regulation, the payment service provider of the payee shall: a) request the required information on the payer and the payee before crediting the payee’s payment account or making the funds available to the payee; b) reject the transfer, if the information requested under letter “a” of this paragraph is not provided, as foreseen in article 10 of the law “On prevention of money laundering and terrorism financing”.
  3. Following paragraph 2 of this article, the payment service provider of the payee shall report to the Financial Intelligence Agency, the rejected transfer due to lack of information and the steps taken, as provided in article 10 of the law “On prevention of money laundering and terrorism financing”.

11 SUBCHAPTER III OBLIGATIONS ON INTERMEDIARY PAYMENT SERVICE PROVIDERS Article 12 Retention of information on the payer and the payee accompanying the transfer The intermediary payment service provider shall ensure that all the information received on the payer and the payee that accompanies a transfer of funds is retained with the transfer. Article 13 Detection of missing information on the payer or the payee

  1. The intermediary payment service provider shall implement effective procedures to detect whether the fields relating to the information on the payer and the payee in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.
  2. The intermediary payment service provider shall implement effective procedures, including, where appropriate, monitoring during or after the transfers, in order to detect whether the following information on the payer or the payee is missing: a) for transfers of funds, where the payment service provider of the payer and of the payee is established in Albania, the information referred to in article 8 of this regulation; b) for transfers of funds, where the payment service provider of the payer or of the payee is established outside Albania, the information referred to in letters “a”, “b” and “c” of paragraph 1, and in letters “a” and “b” of paragraph 2 of article 7 of this regulation; c) for batch file transfers, where the payment service provider of the payer or of the payee is established outside Albania, the information referred to in letters “a”, “b” and “c” of paragraph 1, and in letters “a” and “b” of paragraph 2 of article 7 of this regulation, in respect of that batch file transfer. Article 14 Transfers of funds with missing information on the payer or the payee
  3. The intermediary payment service provider shall establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds

12 lacking the required information on the payer and the payee and for taking the appropriate follow-up actions. 2. Where the intermediary payment service provider becomes aware, when receiving a transfer of funds, that the information referred to in article 7, paragraph 1, letters “a”, “b” and “c”, and in paragraph 2, letters “a” and “b” of this regulation, in article 8, paragraph 1, or in article 9, is missing or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system, as referred to in article 10, paragraph 1 of this regulation, that intermediary payment service provider shall: a) request the required information on the payer and the payee, before or after the transmission of the transfer of funds; or b) reject the transfer. 3. Where a payment service provider repeatedly fails to provide the required information on the payer or the payee, the intermediary payment service provider shall: a) take steps, which may initially include the issuing of warnings and setting of deadlines, before proceeding to a rejection, restriction or termination in accordance with letter “b” of this paragraph, if the required information is still not provided; or b) directly reject any future transfers of funds from that payment service provider or restrict or terminate its business relationship with that payment service provider. 4. The intermediary payment service provider shall report to the Financial Intelligence Agency, the rejected transfer due to lack of information and the steps taken. CHAPTER III IMPLEMENTATION OF RESTRICTIVE MEASURES Article 15 Internal policies, procedures and controls to ensure implementation of restrictive measures

  1. Payment service providers shall have in place internal policies, procedures and controls to ensure the implementation of restrictive measures according to law no. 72/2019 “On international restrictive measures in the Republic of Albania”, when performing transfers of funds under this regulation and other provisions in force.

13 CHAPTER IV INFORMATION, DATA PROTECTION AND RECORD-RETENTION Article 16 Provision of information Payment service providers shall respond fully and without delay in accordance with the adequate legal and regulatory requirements to enquiries from the Bank of Albania or Financial Intelligence Agency concerning the information required under this regulation. Article 17 Data protection

  1. Payment service providers shall ensure that the processing of personal data under this regulation shall be subject to the legislation in force on personal data protection and relevant by-laws issued under its implementation.
  2. Personal data shall be processed on the basis of this regulation, only for the purposes of the prevention of money laundering and terrorist financing and shall not be further processed in a way that is incompatible with those purposes. The processing of personal data on the basis of this regulation for commercial purposes shall be prohibited.
  3. Payment service providers shall provide new clients with the information required pursuant to the legislation in force on personal data protection, before establishing a business relationship or carrying out an occasional transaction. That information shall be provided in a concise, transparent, intelligible and easily accessible form in accordance with the legislation in force on personal data protection and shall, in particular, include a general notice concerning the legal obligations of payment service providers under this regulation, when processing personal data for the purposes of the prevention of money laundering and terrorist financing.
  4. Payment service providers shall ensure at all times that the transmission of any personal data on the parties involved in a transfer of funds is conducted in accordance with the legislation in force on personal data protection. Article 18 Record retention
  5. Information on the payer and the payee shall not be retained for longer than strictly necessary. Payment service providers of the payer and of the payee shall retain

14 records of the information referred to in articles 7 to 10 of this regulation, in accordance with the deadlines defined in article 16 of the law “On prevention of money laundering and terrorism financing”. 2. Upon expiry of the retention period referred to in paragraph 1 of this article, payment service providers shall ensure that the personal data is deleted, unless otherwise provided for by the law. 3. The Financial Intelligence Agency may allow or require further retention only after it has carried out a thorough assessment of the necessity and proportionality of such further retention, and where considers it to be justified as necessary for the prevention, detection or investigation of money laundering or terrorist financing. CHAPTER V OTHERS Article 19 Other acts in force

  1. This regulation will be interpreted and applied in accordance with the provisions of the law “On prevention of money laundering and terrorism financing”, and the latter will prevail in case of any conflict. The application of enhanced measures, reporting obligations or any related obligations will take precedence in case of suspicion of money laundering or terrorist financing.
  2. Provisions of regulation “On prevention of money laundering and terrorism financing” shall apply to any case that is not expressly provided for in this regulation. Article 20 Reporting of breaches Payment service providers shall establish appropriate internal procedures for their employees at all levels, to report internally breaches of this regulation through a secure, independent, specific and anonymous channel, proportionate to the nature and size of the payment service provider.

15 Article 21 Entry into force

  1. This regulation shall enter into force upon the approval of the expansion of the geographical scope of SEPA in the Republic of Albania by the European Payments Council.
  2. Payment services providers that are subject to this regulation shall take the necessary measures to adapt their activities and operations to the requirements of this regulation within a period of 180 days, from the date of approval of the expansion of the geographical scope of SEPA in the Republic of Albania by the European Payments Council. CHAIR OF THE SUPERVISORY COUNCIL GENT SEJKO
Share