This regulation establishes rules for the information that must accompany transfers of funds to ensure traceability and support the prevention, detection, and investigation of money laundering and terrorist financing. It applies to transfers in any currency where at least one of the payment service providers involved is established in the EU.

Obligations on Payment Service Providers

Payment service providers (PSPs) must ensure that transfers of funds are accompanied by accurate information on both the payer and the payee. This includes the payer’s name, account number, and either their address, official identification number, customer ID number, or date and place of birth. The payee’s name and account number must also be included. In cases where no payment account is used, a unique transaction identifier must be provided.

Before executing a transfer, the PSP of the payer must verify the accuracy of the payer information using reliable, independent sources. The regulation prohibits execution of the transfer until all information obligations are fulfilled.

Intra-EU & Cross-Border Transfers

For transfers within the EU, simplified information requirements apply, provided all PSPs involved are EU-based. These typically include the payment account numbers of both payer and payee. However, additional information must be made available upon request for transfers over EUR 1,000.

For transfers to payees outside the EU, the full payer and payee information must accompany each transfer, especially for higher-value or linked transactions.

Obligations on Payee & Intermediary PSPs

Payee PSPs must implement procedures to detect missing or incomplete information and assess whether to process, reject, or suspend the transfer based on the risk. Verification of the payee identity is required for transfers above EUR 1,000 unless exemptions apply. Intermediary PSPs must retain and pass on the full set of received information and similarly implement detection and monitoring controls.

Monitoring, Record-Keeping & Reporting

All PSPs must retain the required information for five years. This information must be made available without delay to national authorities combating money laundering and terrorist financing. Transfers lacking complete information must be evaluated for suspicious activity and potentially reported to the Financial Intelligence Unit (FIU).

Risk-Based Approach

The regulation promotes a risk-sensitive framework. Higher-risk transfers, such as those involving anonymous payment instruments, cash funding, or high-value linked transactions, require enhanced due diligence. Conversely, low-risk, domestic, low-value transactions such as retail payments may be exempt under strict conditions.

Exemptions

The regulation excludes certain types of transactions, including ATM withdrawals, tax or fine payments to public authorities, cheque image exchanges, and transfers between PSPs acting on their own behalf. Member States may also exempt specific domestic transfers used exclusively for goods or services under defined thresholds and traceability requirements.

Sanctions & Enforcement

Each Member State must establish effective, proportionate, and dissuasive sanctions for non-compliance. These include administrative and criminal penalties, and may be applied to individuals in positions of responsibility within the PSP. Authorities are required to cooperate closely across borders for enforcement and supervision.

Data Protection

Processing of personal data under this regulation is restricted to AML and CTF purposes. Data may not be used for commercial purposes and must be safeguarded in line with EU privacy laws. Data must be deleted after five years unless extended retention is justified by national law.

Entry into Force

The regulation became applicable on 26 June 2017, replacing Regulation (EC) No 1781/2006.