Riga (Financial and Capital Market Commission, Minutes No. 38.2.P

1

22 August 2017 Regulation No.121

Riga (Financial and Capital Market Commission, minutes No. 38.2.p.

of the Council’s meeting)

Regulations on the Due Diligence of Payment Service Providers and

Monitoring of the Transactions Thereof

Issued pursuant to Section 47, Paragraph two, Clause 13 of the Law on the Prevention of Money

Laundering and Terrorism Financing

1. General Provisions

1. “Regulations on the Due Diligence of Payment Service Providers and Monitoring of the Transactions Thereof” (hereinafter referred to as “Regulations”) lays down the minimum requirements for credit institutions, the branches of the credit institutions of Member States as well as third countries, licensed payment institutions and electronic money institutions, and the branches of the payment institutions and electronic money institutions of Member States, as well as the branches of third-country electronic money institutions (hereinafter all collectively referred to as “the institution”) for carrying out due diligence and monitoring of the transactions of such payment institutions and electronic money institutions, which pursuant to the procedure prescribed in Section 31 of The Law on Payment Services and Electronic Money Law have launched their activity in the Republic of Latvia as well as of third-country payment service providers (hereinafter all collectively referred to as “the payment service provider”).

2. The purpose of these Regulations is to ensure that the institution takes appropriate due diligence measures of the payment service provider before establishing business relations and throughout the term thereof, taking into consideration the payment service provider’s inherent level of money laundering and terrorism financing (hereinafter referred to as – ML/TF) risk.

3. The requirements of the Regulations do not apply in cases when the institution establishes business relations with the payment service provider for the provision of certain services, subject to meeting the following conditions:

3.1. The funds referred to in Section 38, Paragraph one of The Law on Payment Services and Electronic Money are not used within the scope of the service;

3.2. The service is necessary for such business activity of the payment service provider, which has low ML/TF risk as established by the institution having assessed the ML/TF risk for the particular business relations (e.g., the opening of an account is necessary only for the payment of taxes or employees’ salaries), and the institution’s internal control mechanisms ensure that the payment service provider is only able to make payments pursuant to the originally defined purpose.

4. The institution shall apply the requirements of these Regulations in addition to the requirements and procedure laid down in Regulation No. 234 “Regulations regarding Enhanced Customer Due Diligence for Credit Institutions and Licensed Payment and Electronic Money Institutions” of 23 December 2015 (hereinafter referred to as “Regulation No. 234”);

2. Due Diligence of Payment Service Providers

2.1. Preliminary Due Diligence of Payment Service Providers

5. Within the scope of the preliminary due diligence of the payment service provider carried out before establishing business relations, in addition to the requirements laid down in other laws and regulations, the institution shall take the following due diligence measures of the payment service provider:

5.1. Assess the ML/TF requirements laid down by the payment service provider, among other things, obtain the relevant policies and procedures on the grounds of a risk-based approach. In assessing the ML/TF requirements laid down by the payment service provider, the institution shall ascertain whether they include at least the following:

5.1.1. Requirements and procedure for identifying the customers of payment service providers and the representatives thereof, carrying out the due diligence thereof, monitoring of transactions, and reporting of suspicious and unusual transactions to the relevant competent authority;

5.1.2. The ML/TF risk groups determined by the payment service provider and the criteria for the formation thereof;

5.1.3. Requirements for the measures aimed to minimise and manage ML/TF risks;

5.1.4. Requirements to comply with international sanctions as well as national sanctions imposed by the Republic of Latvia;

5.1.5. Requirements and procedure for setting transaction limits and other restrictions for the customers of payment service providers;

5.1.6. Requirements for the assessment of the efficiency and control of the internal control system (internal or external audit resources);

5.1.7. The ban to cooperate with shell banks and to open and maintain anonymous accounts;

5.1.8. Requirements for the assessment of anti-ML/TF policies and procedures of the payment service provider’s customer that is another payment institution or electronic money institution;

5.2. If the payment service provider is based in a third country, it shall be ascertained whether the payment service provider uses appropriate IT systems aimed at managing the LML/TF risk, which corresponds to the ML/TF risk profile of its business activity;

5.3. Obtain information about the accounts opened by the payment service provider in other credit institutions, including such which have been opened for carrying on a trade and for making payments by customers;

5.4. It shall be ascertained whether the payment service provider has registered branches and representatives, what related companies (such as the parent company, subsidiary or sister companies) it has, carrying out the due diligence thereof, using a risk-based approach;

5.5. Assess the financial statements regarding the business activity of the payment service provider.

6. In all cases the institution’s decision to establish business relations with the payment service provider shall be subject to the written confirmation of the executive management of the institution or the collegial body set up by the institution.

2.2. The factors increasing the ML/TF risk inherent to the payment service provider, obtaining of additional information and the assessment thereof

7. Within the scope of carrying out the preliminary due diligence and monitoring of transactions, the institution shall carry out the due diligence of such payment service provider, which has an increased ML/TF risk, including any of the following factors that increase the ML/TF risk:

7.1. The payment service provider provides or intends to provide a payment service to another payment institution or the electronic payment institution;

7.2. The business activity of the payment service provider is related to providing services to such customers which are subject to the requirements of enhanced due diligence, and the total intended or actual credit turnover of such customers exceeds 30 per cent of the total monthly credit turnover of the customer base;

7.3. The payment service provider, another payment institution and electronic money institution make mutual settlements, thus rendering it difficult for the institution to determine the legal and economic purpose of the transactions carried out by the customers of the payment service provider;

7.4. The payment service provider establishes or intends to establish business relations with a person that has registered its business or personal activities in the country where no licence or registration is required, however a licence or registration is required under the requirements of the laws and regulations of the Republic of Latvia or another Member State.

8. Having identified an increased ML/TF risk, the institution shall take the following measures in addition to those referred to in Paragraph 5 hereof, obtaining:

8.1. the risk assessment approved by the management board or another appropriate executive decision-making body as well as a plan of how to minimise the enhanced ML/TF risk inherent to the payment service provider if that payment service provider is based in a third country;

8.2.the internal or external audit report on the assessment of the efficiency of the internal control system of the payment service provider, if such is at the disposal of the payment service provider.

9. Upon identifying a factor increasing the ML/TF risk as referred to in Paragraph 7.1 hereof, in addition to taking the measures referred to in Paragraphs 5 and 8 hereof, the institution shall obtain a graphical representation of the business relations of the payment service provider with other payment institutions and electronic money institutions as well as ascertain the legal and economic objectives of the business activity type of the payment service provider, documenting the due diligence and the conclusions drawn therefrom.

10. Upon obtaining the information referred to in Paragraphs 5, 8, and 9 hereof, the institution, based on the risk assessment and the institution’s ability to assume and manage ML/TF risks, shall assess it, documenting the conclusions of the preliminary due diligence, and decide to establish or not to establish business relations.

3. Supervising Payment Service Providers

3.1. Supervising Payment Service Providers Throughout the Term of Business Relations

11. Before establishing business relations or throughout the term thereof, upon identifying an increased ML/TF risk, the institution shall set a supervision period of six calendar months (hereinafter referred to as “the supervision period”) for the payment service provider.

12. During the supervision period of the payment service provider, the institution shall ascertain the following:

12.1. The nature of the transactions carried out by the payment service provider’s customers;

12.2. The sufficiency of the information obtained during carrying out the enhanced due diligence referred to in Paragraphs 50 and 53.1 to 53.3 hereof;

12.3. The origin of the financial means of the payment service provider, if the payment service provider has business relations with the financial institution and there are doubts as to whether the payment service provider has ascertained the origin of the financial means of its customer and the economic purpose of the transaction;

12.4. The sufficiency of the measures of the due diligence referred to in Paragraphs 5, 8 and 9 hereof in terms of the ML/TF risks inherent to it.

13. In assessing the information referred to in Paragraph 12 hereof, the institution shall use a risk-based approach and, if necessary, request additional information to clarify the circumstances, documenting the conclusions.

14. Upon expiry of the supervision period of the payment service provider, based on the risk assessment, the institution shall decide either:

14.1. to terminate the supervision period of the payment service provider and carry on the business relations, if the institution has sufficient information at its disposal enabling conclusions about the ML/TF risks inherent to the payment service provider, and they are consistent with the institution’s ML/TF risk management policy; or

14.2. to limit the business relations (including termination of the business relations) with the payment service provider if the institution is unable to reduce, using the due diligence measures, and adequately manage the ML/TF risks inherent to the payment service provider, or if they are inconsistent with the institution’s ML/TF risk management policy. If limiting the business relations affects the funds of the payment service provider’s customer, the institution shall promptly notify the Financial and Capital Market Commission thereof, specifying the particulars of the basis of the action thereof.

15. The institution has the right to continue the supervision period pursuant to the institution’s policies and procedures, if it has identified changes in the payment service provider’s risk profile as the ML/TF risk increases.

16. Upon the expiry of the supervision period, the institution shall carry out further due diligence of the payment service provider exposed to a higher MT/LF risk at least once in every six calendar months, ensuring the assessment of the information about the payment service provider at the disposal of the institution in terms of the inherent ML/TF risks and shall update the information characterising the payment service provider about the business activity thereof.

3.2. Limitations to Carry Out Transactions Imposed on the Payment Service Provider and the Related Decision-Making

17. During the supervision period, based on the risk assessment, the institution shall decide on the
limitations to carry out the transaction referred to in Paragraphs 20.4 to 20.7 of Regulation No. 234 to be imposed on the payment service provider as well as on the term of the applicability of the limitations, which shall not be shorter that specified in Paragraph 11 hereof.

18. Upon the expiry of the term of the limitations for the carrying out of transactions, which is specified in Paragraph 17 hereof, shall take one of the following decisions:

18.1. Remove the limitations if the objective for which the limitation was imposed has been met, and the institution is able to manage the ML/TF risks inherent to the payment service provider;

18.2. Keep the imposed limitations or establish further limitations for a specified term or throughout the term of the business relationship.

4. Final Provisions

19. The institution shall take all measures necessary to be able to fully apply the requirements hereof on or before 1 December 2017.

20. In respect of the payment service providers with which business relations have been established before the entry into force hereof, the institution shall ensure the fulfilment of the requirements on or before 1 March 2018.

Financial and Capital Market Commission

Deputy ChairpersonG. Razāne

THIS DOCUMENT HAS BEEN SIGNED IN ELECTRONIC FORM

WITH A SECURE ELECTRONIC SIGNATURE AND CONTAINS A TIME-STAMP