Wire Transfers Regulation Guidance

Version 01 (First issued November 2021) Wire Transfers Regulation guidance November 2021 Whilst this publication has been prepared by the Financial Services Authority, it is not a legal document and should not be relied upon in respect of points of law. Reference for that purpose should be made to the appropriate statutory provisions. Contact: AML Division Financial Services Authority PO Box 58, Finch Hill House, Bucks Road, Douglas Isle of Man IM99 1DT Tel: 01624 646000 Email: aml@iomfsa.im Website: www.iomfsa.im

Isle of Man Financial Services Authority Version 01 Page 2 of 8 Last updated November 2021 Contents

1. Introduction .......................................................................................................................3
2. Scope of the regulation......................................................................................................4
3. Pre-conditions for making payments.................................................................................4
4. Information requirements.................................................................................................5 4.1 Complete payer information.......................................................................................5 4.2 Reduced Payer Information ........................................................................................5 4.3 Complete Payee Information ......................................................................................6 4.4 Batch File Transfers.....................................................................................................6 4.5 Payments via Intermediaries.......................................................................................6
5. Checking Incoming Payments............................................................................................7

Isle of Man Financial Services Authority Version 01 Page 3 of 8 Last updated November 2021

1. Introduction The Isle of Man is required to comply with FATF Recommendation 16 in relation to wire transfers. Prior to the UK’s withdrawal from the European Union (“the EU”), the Island (along with the other Crown Dependencies) made the decision to apply (with appropriate modifications) the EU wire transfer requirements as part of the law of the Island. This allowed the Island to take advantage of the provision that provides for EU Member States to establish agreements with territories outside the EU with whom they share a monetary union and payment clearing systems for them to be treated as if they were part of the Member State concerned, so that reduced information requirements can apply to payments passing between that member state and its associated territory (but not between other Member States and that territory). In the case of the UK, such arrangements included the Isle of Man and the Channel Islands. With effect from 26 June 2017, the EU strengthened their legislation to prevent electronic transfers of funds (“wire transfers”) being abused for money laundering or the financing of terrorism, when Regulation (EU) 2015/847 (“the Regulation”) repealed and replaced Regulation (EU) No 1781/2006. It was published in the Official Journal of the European Union (OJ L 141) on 5 June 2015. In order for wire transfers between the Island and the UK to be treated as if they were transfers within the UK, Regulation (EU) 2015/847 was applied (with appropriate modifications) as part of the law of the Island by the European Union (Information Accompanying Transfers of Funds) Order 2016 as amended by the European Union (Information Accompanying Transfers of Funds) (Amendment) Order 2017. The text of the EU Regulation as modified in its application to the Island is attached to the amendment Order. The Information Accompanying Transfers of Funds Regulations 2016 were made to implement the Order. These Isle of Man Regulations contain enforcement provisions and sanctions for non-compliance, and came into force on 26 June 2017. Certain terms used in this guidance are defined in these Isle of Man regulations. References to the British Islands in this guidance are to an area that comprises the United Kingdom, the Bailiwick of Guernsey, the Bailiwick of Jersey and the Isle of Man. To ensure that the data protection position is beyond any doubt, it may be advisable for a payer Payment Services Provider (“PSP”) to ensure that terms and conditions of business include reference to the information that will be provided. The Regulation requires the ordering financial institution to ensure that all wire transfers carry specified information about the originator (Payer) who gives the instruction for the payment to be made and the Payee who receives the payment. The core requirement is that the Payer information consists of name, address, account number, official personal document number, customer identification number or date and place of birth; and that the Payee information consists of name and account number. There are also requirements imposed on any intermediary PSP. However, there are a number of permitted variations and concessions which are set out in this guidance.

Isle of Man Financial Services Authority Version 01 Page 4 of 8 Last updated November 2021 Despite the UK’s withdrawal from the EU, the situation between the UK and the Crown Dependencies remains unaltered, therefore the Manx legislation has not needed to be amended or replaced. 2. Scope of the regulation The Regulation is widely drawn and intended to cover all types of funds transfer falling within its definition as made “by electronic means” other than those specifically exempted wholly or partially by the Regulation. For PSPs based in the British Islands it therefore includes, but is not necessarily limited to, international payment transfers made via SWIFT, including various Euro payment systems, and domestic transfers via CHAPS and BACS. The Regulation specifically exempts transfers where both Payer and Payee are PSPs acting on their own behalf, i.e. this will apply to MT 200 series payments via SWIFT. This exemption will include MT 400 and MT 700 series messages when they are used to settle trade finance obligations between banks. The UK credit clearing system is out of scope of the Regulation as it is paper based and hence transfers are not carried out “by electronic means”. Cash and cheque deposits over the counter via bank giro credits are not therefore affected by the Regulation. 3. Pre-conditions for making payments Relevant persons must ensure that the Payer information conveyed in the payment relating to account holding customers is accurate and has been verified. The verification requirement is deemed to be met for account holding customers of the relevant person whose identity has been appropriately verified in accordance with the Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 (“the Code”). No further verification of such account holders is required, although relevant persons may wish to exercise discretion to do so in individual cases. Before undertaking one-off payments in excess of €1,000 on the instructions of individuals whose identity have not been appropriately verified in accordance with the Code a relevant person must verify identity and either date of birth or address in accordance with Article 4.4 of the Regulation. Evidence of verification undertaken in accordance with Article 4.4 must be retained with the customer information in accordance with record keeping requirements under part 8 of the Code, guidance regarding these requirements can be found in chapter 6 of the Anti-Money Laundering and Countering the Financing of Terrorism Handbook. For transfers of €1,000 and under by individuals whose identity has not been appropriately verified in accordance with the Code relevant persons are not required by the Regulation to verify the Payer’s identification, except when several transactions are carried out which appear to be linked and exceed €1,000. N.B., even in cases where the Regulation does not require verification, the customer information must be obtained and it may be advisable for the relevant person to verify the identity of the Payer in all cases.

Isle of Man Financial Services Authority Version 01 Page 5 of 8 Last updated November 2021 4. Information requirements 4.1 Complete payer information Except as permitted below, complete Payer information must accompany all wire transfers. Effectively, the complete requirement applies where the destination PSP is located in a jurisdiction outside the British Islands. Complete Payer information consists of: name, address and account number.  Where the payment is not made from a payment account, the requirement for an account number must be substituted by a unique transaction identifier which permits the payment to be traced back to the Payer. The Regulation defines a unique transaction identifier as “a combination of letters, numbers or symbols, determined by the PSP, in accordance with the protocols of the payment and settlement systems or messaging systems used for the transfer of funds, which permits the traceability of the transaction back to the payer and the payee.”  The extent of the information supplied in each field will be subject to the conventions of the messaging system in question and is not prescribed in detail in the Regulation.  The account number could be, but is not required to be, expressed as the IBAN (International Bank Account Number).  Where a bank is itself the Payer, as will sometimes be the case even for SWIFT MT 102 and 103 messages, this guidance considers that supplying the Bank Identifier Code (BIC) constitutes complete Payer information for the purposes of the Regulation, although it is also preferable for the account number to be included where available. The same applies to Business Entity Identifiers (BEIs), although in that case the account number should always be included. As the use of BICs and BEIs is not specified in the Regulation, there may be requests from Payee PSPs for address information. Where suspicious activity is identified an internal disclosure must be made to the MLRO. Please refer to chapter 5 of the Handbook for further details of the Island’s suspicious activity reporting regime. A table showing the information needed for different types of payment can be found at 4.3 of this document. 4.2 Reduced Payer Information Where the PSPs of both the Payer and Payee are located within the British Islands, wire transfers need be accompanied only by the Payer’s account number or by a unique transaction identifier which permits the transaction to be traced back to the Payer.

Isle of Man Financial Services Authority Version 01 Page 6 of 8 Last updated November 2021 However, if requested by the Payee’s PSP, complete information must be provided by the Payer’s PSP within 3 working days, starting the day after the request is received by the Payer’s PSP. (“Working days” is as defined in the jurisdiction of the Payer’s PSP). A table showing the information needed for different types of payment can be found at 4.3 of this document. 4.3 Complete Payee Information Except as permitted below, complete Payee information must accompany all wire transfers. Effectively, the complete requirement applies where the destination PSP is located in a jurisdiction outside the British Islands. Complete Payee information consists of: name and account number. Where the payment is not made from a payment account, the requirement for an account number must be substituted by a unique transaction identifier which permits the payment to be traced back to the Payee. A table detailing the information needed for different types of payment is below: Payment type Payer Payee Outside the British Islands, over €1,000 Name Account number/transaction ID Address* Name Account number/transaction ID Outside the British Islands, under €1,000 Name Account number/transaction ID Name Account number/transaction ID Inside the British Islands Account number/transaction ID Account number/transaction ID *Or official personal document number, customer identification number of date and place of birth. 4.4 Batch File Transfers A hybrid complete/reduced requirement applies to batch file transfers from a single Payer to multiple Payees outside the British Islands in that the individual transfers within the batch need carry only the Payer’s account number or a unique identifier along with complete Payee information, provided that the batch file itself contains complete Payer information. 4.5 Payments via Intermediaries Intermediary PSPs must ensure that all information received on the Payer and the Payee which accompanies a wire transfer is retained with the transfer. A requirement to detect “missing information” (see Checking Incoming Payments) applies in the same way as for transfers of funds received direct by the Payee PSP.

Isle of Man Financial Services Authority Version 01 Page 7 of 8 Last updated November 2021 5. Checking Incoming Payments Relevant persons must have effective risk based procedures for checking that incoming wire transfers are compliant with the relevant information requirement. These procedures must include, where appropriate, post event monitoring or real time monitoring in order to detect whether the required information on the payer or payee is missing. Additionally, the Regulation requires PSPs to take remedial action when they become aware that an incoming payment is not compliant. Relevant persons must therefore subject incoming payment traffic to an appropriate level of random sampling to detect non-compliant payments. This sampling should be risk based, for example:  the sampling could be restricted to payments emanating from PSPs outside the British Islands where the complete information requirement applies;  the sampling could be weighted towards non FATF member jurisdictions, particularly those deemed higher risk under a PSP’s own country risk assessment, or by reference to external sources such as Transparency International, or FATF or IMF country reviews;  it may be prudent to focus more heavily on transfers from those Payer PSPs who are identified by such sampling as having previously failed to comply with the relevant information requirement;  other specific measures might be considered, e.g. checking, at the point of payment delivery, that Payer information is compliant and meaningful on all transfers that are collected in cash by Payees on a “Pay on application and identification” basis. If a relevant person becomes aware in the course of processing a payment that it contains meaningless or incomplete information, under the terms of Article 8(1) of the Regulation it should either reject the transfer or ask for complete information on the Payer. In addition, in such cases, a relevant person is required to take any necessary action to comply with any applicable law or provisions relating to money laundering and terrorist financing. As per paragraph 4 of the Code, relevant persons must also comply with their own internal procedures and controls. This includes considering whether this meaningless or incomplete information constitutes unusual or suspicious activity, and if so making a report to the MLRO. Please refer to chapter 5 of the Handbook for further details of the Island’s suspicious activity reporting regime. Where a relevant person becomes aware subsequent to processing the payment that it contains meaningless or incomplete information either as a result of random checking or other monitoring mechanisms under its risk based approach, it must:  seek the necessary information on the Payer and/or Payee; and/or,  take any necessary action under any applicable law, regulation or administrative provisions relating to money laundering or terrorist financing.

Isle of Man Financial Services Authority Version 01 Page 8 of 8 Last updated November 2021 Where a PSP is identified as having regularly failed to comply with the information requirements, a relevant person must take steps, which may initially include issuing warnings and setting deadlines, prior to either refusing to accept further transfers from that PSP or deciding whether to terminate its relationship with that PSP either completely or in respect of funds transfers. A relevant person must also report that failure, and the steps taken, to the Authority. A relevant person must consider whether incomplete or meaningless information of which it becomes aware on a funds transfer constitutes suspicious or unusual activity. Please refer to chapter 5 of the Handbook for further details of the Island’s suspicious activity reporting regime. With regard to transfers from PSPs located in non-member countries of FATF, relevant persons should endeavour to transact only with those PSPs with whom they have a relationship that has been subject to a satisfactory risk-based assessment of their internal AML/CFT framework and who accept the standards set out in the Interpretative Note to FATF Recommendation 16. It should be borne in mind when querying incomplete payments that some FATF member countries outside the EU may have framed their own regulations to incorporate a threshold of Euro or US Dollars 1000 below which the provision of complete information on outgoing payments is not required. This is permitted by the Interpretative Note to FATF Recommendation 16. This does not preclude Isle of Man PSPs from calling for the complete information where it has not been provided, but it is reasonable for a risk-based view to be taken on whether, or how far, to press the point.