AMLD5 and prepaid cards: what has changed?
her name. The directive was due to be transposed by the Member States in early 2020. Among the various changes is the reduced possibility of anonymous prepaid card transactions. In this contribution, we will explore these changes and what they mean for obliged entities in practice.
What the law says?
The European framework for the fight against money laundering and the financing of terrorism (AML / CFT) is set by a series of anti-money laundering directives. These are regularly updated to reflect developments in the field and recommendations such as those of the Financial Action Task Force (FATF). The main text is currently the Fourth Anti-Money Laundering Directive (AMLD4), adopted in 2015.
Article 12 AMLD4 provides for an exception to the principal obligation of customer due diligence (CDD). Member States may allow obliged entities not to perform CVD under the following conditions:
1. It must be a non-reloadable payment instrument or a maximum monthly payment transaction limit of EUR 250 which can only be used in that Member State.
2. The maximum amount stored electronically does not exceed 250 EUR.
3. The payment instrument is used exclusively to purchase goods or services.
4. The payment instrument cannot be funded with anonymous electronic money.
5. The issuer exercises sufficient supervision of the transactions or the business relationship to allow the detection of unusual or suspicious transactions.
Member States may increase the limit from EUR 250 to EUR 500 for payment instruments which can only be used in that Member State. It is important to note that this exception does not apply in the event of a cash refund or cash withdrawal of the monetary value of electronic money when the refunded amount exceeds 100 EUR.
As indicated in the introduction, a fifth anti-money laundering directive (AMLD5) was adopted in 2018. This directive makes a number of changes to AMLD4. For example, it adds a number of new entities subject to existing money laundering legislation, including exchange services and wallet providers for virtual currencies. AMLD5 also limits the possibilities of anonymous prepaid cards and gives financial intelligence units wider access to information through closer cooperation between member states. Relations with high-risk third countries are subject to harmonized rules for enhanced customer due diligence. The register of beneficial owners and access to it are being extended, mainly with regard to trusts and similar arrangements.
Regarding prepaid cards in particular, AMLD5 lowers the limit from 250 EUR to 150 EUR. For redemptions and cash withdrawals, the limit is lowered from EUR 100 to EUR 50. This limit of EUR 50 now also applies to remote payment transactions where the amount paid exceeds EUR 50 per transaction. Member States can no longer increase these limits for national instruments. Member States must also ensure that credit institutions and financial institutions acting as acquirers only accept payments made with anonymous prepaid cards issued in third countries where these cards meet requirements equivalent to those stated here. Member States may also decide not to accept in their territory payments made using anonymous prepaid cards.
In the recitals of AMLD5, the European legislator justifies these changes by confirming that prepaid cards have legitimate uses and constitute an instrument contributing to social and financial inclusion. Nevertheless, they could be easily used to finance terrorist attacks and logistics. To curb such use, the legislator considered it essential to reduce the limits below which no fixed-term contract would be necessary. It therefore does not prohibit the use of prepaid cards, but only limits the threshold for their anonymous use. In addition, cards issued outside the EU must comply with equivalent requirements.
So what does this mean in practice?
For obliged entities, this means that each time a customer wishes to pay using a prepaid electronic money card – even in the event of remote payment – the obliged entities will more likely than before to proceed to the CDD. This is due to the lower limits, the inclusion of distance payments and the removal of the exemption for national payment options. In addition, it should be noted that Member States may even impose lower thresholds. More fixed-term contracts obviously mean more administrative work for the obliged entities. For example, they will have to perform more KYC assessments and deal with the increased burden of identity checks required as part of it. In addition, appropriate actions must be taken in response to the client’s risk profile.
In addition, obliged entities will need to be particularly careful when accepting prepaid electronic money cards issued outside the EU. Either they must confirm that the issuing country imposes equivalent AML / CFT legislation, or they must refuse the card. This will likely require some changes in their processes, as it may not always be clear initially where a card was issued. This problem could be solved by accepting only specific types of prepaid cards issued only in Europe, but this of course comes at the cost of limiting payment options for non-European customers. It is therefore up to the obliged entities to assess their clientele and make the appropriate decision on how to go ahead with this.
For customers, the increased application of CDD when using prepaid e-money cards means, of course, less anonymity. This is because, as stated, any CDD will inevitably result in a KYC assessment. While with cash payments anonymity was rather the default, anonymous electronic payments are becoming increasingly rare.
While prepaid card fraud is indeed a significant problem worldwide, the AMLD4 limits have already significantly reduced the potential scope of such fraud in the EU. The even stricter limits under AMLD5 will of course reduce this a little more, but will also come at the cost of an increased compliance burden for obliged entities and less anonymity for customers.
About Niels Vandezande
Niels Vandezande specializes in fintech law, including virtual currencies, electronic payments and blockchain. Niels also has extensive experience in privacy and data protection law (GDPR), security and trust services, identity management, digital archiving, e-government, e-commerce, e-health and availability and reuse of public information.