top of page


ESA Joint Guidelines (JC/GL/2017/16)

These Guidelines were issued under Article 25 of Regulation (EU) 2015/847 to clarify what payment service providers (PSPs) and intermediary PSPs (IPSPs) must do to detect missing or incomplete information on the payer or payee, and how to manage such cases. The Guidelines aim to ensure effective application of the regulation through risk-based procedures, supervisory consistency, and improved compliance outcomes.


Applicability

The Guidelines apply to all PSPs and IPSPs operating within the EU and to the competent authorities that supervise them. They focus on transfers of funds that are partly or wholly carried out by electronic means. Specific exemptions under the regulation are addressed, but the core requirements apply to most routine and cross-border electronic payments.


Detection of Missing or Incomplete Information

Firms must implement systems to detect if any of the required information is missing or meaningless. This includes ensuring that characters and data formats used comply with system standards and identifying placeholder or nonsensical entries such as “xxxxx” or “An Other.” Monitoring should be both real-time and post-event, with alerts triggered for high-risk indicators such as large-value transactions, transactions involving high-risk countries, or repeat failures by specific PSPs.


Managing Deficient Transfers

When a transfer is found to lack required information, PSPs and IPSPs must determine whether to execute, suspend, or reject the payment using a risk-based approach. Suspended transfers should prompt a request for the missing data, with reasonable deadlines for response. If no correction is received, firms must reassess the transaction’s risk and consider future treatment of the sending PSP.


Policies, Risk Factors & Record-Keeping

Institutions are required to have formal policies covering which services are in scope, monitoring criteria, response protocols, and record-keeping obligations. Risk assessments must take into account business models, customer types, jurisdictions served, and previous compliance history of counterparties. Staff must be trained on these procedures and the policies must be approved by senior management and updated regularly.


Treatment of Repeated Failures

The Guidelines define how firms should identify and respond to PSPs or IPSPs that repeatedly fail to provide complete or accurate information. Criteria include the percentage of faulty transfers and cooperation with information requests. Firms must keep records and notify competent authorities of repeated non-compliance. Enforcement options include issuing warnings, applying enhanced monitoring, or ultimately restricting or terminating the business relationship.


Obligations for Intermediary PSPs

Intermediary PSPs must ensure that all information accompanying a transfer is preserved throughout the chain, even when messages are reformatted. Where data cannot be transmitted using the existing messaging infrastructure, alternative short-term mechanisms should be used until full compliance is feasible.


Obligations for Receiving PSPs

PSPs receiving transfers must verify the payee’s identity when required and retain all transaction data in line with the regulation. If a business relationship exists with the payee, they must comply with broader customer due diligence and record-keeping obligations under applicable AML laws.


Conclusion: WTR Compliance Integration

These Guidelines provide detailed operational direction for PSPs and IPSPs in ensuring the integrity of information accompanying transfers of funds. They promote a risk-based, proportionate response framework and support consistent supervisory oversight across the EU. Effective implementation is central to preventing the misuse of wire transfer systems for financial crime.

bottom of page