The implications for instant payment customer screening
Under the new rules, PSPs need to verify that the beneficiary’s IBAN and name match in order to alert the payer to possible mistakes or fraud before a transaction is made.
PSPs should periodically, and at least daily, verify whether their Payment Service Users (PSUs) are persons or entities subject to targeted financial restrictive measures, and should no longer apply transaction-based screening in that specific context.
The critical importance of robust customer screening in the era of Instant Payments: Discover more here
The obligation of PSPs to periodically verify their PSUs is related only to persons or entities subject to targeted financial restrictive measures. Other types of restrictive measures adopted in accordance with Article 215 TFEU (Treaty on the Functioning of the European Union) or restrictive measures that are not adopted in accordance with Article 215 TFEU fall outside the scope of that obligation. The obligation of PSPs to periodically verify whether their PSUs are persons or entities subject to targeted financial restrictive measures does not interfere with actions that PSPs should be able to take to comply with EU law on the prevention of money laundering and terrorist financing.
Financial institutions operating in multiple countries or regions, decide which payments to examine depending on the regulatory context and their risk appetite. Relevant factors here include the type of payment (domestic vs. international), unusual patterns (e.g. pass-through transactions), transaction value and the payment’s origin/destination (e.g. country/region, recipient type).
Transaction based screening has to be conducted before the payment is executed. But since sanctions lists screening comprises just one part of the payment process, only a limited timeframe – between 500 milliseconds and one second – is available. A window this tight requires efficient IT infrastructure and bringing all available technical solutions into play, such as interface adjustments, storage of hits and clarifications, cache optimisation and workflow and GUI adaptations.