In order to ensure the highest quality of our services, we use small files called cookies. When using our website, the cookie files are downloaded onto your device. You can change the settings of your browser at any time. In addition, your use of our website is tantamount to your consent to the processing of your personal data provided by electronic means.
Public Information Bulletin Logo

Back

Communication No. 91 on the practical aspects of the application of CDD measures and the transmission of notifications referred to in Article 74, Article 86 and Article 90 of the Act of 1 March 2018 on counteracting money laundering and financing of terrorism, including payment schemes that are not payment card schemes, mobile payment systems (e.g. BLIK, Google Pay, Apple Pay) and prepaid cards

I. Introduction and reference to Communication No 22

This Communication is addressed to all obligated institutions referred to in the Act of 1 March 2018 on counteracting money laundering and financing of terrorism (Journal of Laws 2023, item 1124, as amended, hereinafter ‘the Act’), and in particular to obligated institutions operating in the banking sector, as well as entities referred to in Article 2 of the Act, acting as national payment institutions and as institutions offering prepaid cards.

In Communication No 22 issued on 7 April 2020, the General Inspector outlined the practical aspects of the application of CDD measures and the transmission of the notifications referred to in Articles 74 and 86 of the Act. Despite this, notifications are still sent to the General Inspector, the content of which raises doubts as to the completeness of the data transmitted, such as insufficiently substantiated suspicions or incomplete transaction data.

This Communication complements and specifies Communication No. 22 and aims to clarify recurring problems by indicating additional elements that should be included in notifications submitted pursuant to Article 74, Article 86 and Article 90 of the Act, as well as to take into account the specificity of transactions carried out through payment schemes that are not a payment card scheme (e.g. BLIK), mobile payment systems (Google Pay, Apple Pay) and prepaid cards.

Notifications to the GIFI indicated in the above paragraph should be sent only through the GIFI IT System, in particular they should not be sent to the e-mail addresses available in the Public Information Bulletin of the Ministry of Finance.

II. Personal scope and selection of the appropriate method of submitting notifications

In accordance with the Act, the obligated institution shall immediately notify the General Inspector of Financial Information of:

  1. Circumstances that may indicate a suspicion of money laundering or terrorist financing – Article 74 of the Act.
  2. Reasonable suspicion that a specific transaction or assets may be related to money laundering or financing of terrorism – Article 86 of the Act.
  3. Situations where the notification could not be made before the transaction was carried out – Article 90 of the Act (then the notification should explain why the notification was not made earlier).

Before sending a notification, the obligated institution should carefully assess which article of the Act is applicable in a given factual situation.

III. Elements of notifications submitted pursuant to Articles 74, 86 and 90 of the Act

The relevant elements of notifications submitted pursuant to Article 86 of the Act are identical to the elements of notifications submitted pursuant to Article 74 of the Act (Article 86 para. 2 in conjunction with Art. 3 of the Act). This also applies to the notifications referred to in Article 90 of the Act, where the lack of prior notification must be additionally justified.

The notification shall contain in particular:

  • Identification data of the client of the obligated institution, in accordance with Article 36 of the Act.
  • Possessed identification data of other persons and entities associated with the suspicious transaction or assets (in accordance with Article 36 of the Act).
  • Information on the type and size of assets and where they are stored.
  • Customer account number (IBAN or other identifier, including country code).
  • Information referred to in Art. 72.6 of the Act relating to transactions or attempts to carry them out.
  • Information about the country of the European Economic Area to which the transaction may be related (in the case of cross-border activity).
  • Information on the identified risk of money laundering or terrorist financing and on the criminal act (predicate offence) from which the assets may derive.
  • Justification for the notification (Article 74.3.8) of the Act and in connection with Article 86.2 and Article 90 of the Act), including, inter alia: 
    • Description of the CDD measures applied (Article 34 et seq. of the Act), including an assessment of the business relationship, information on its purpose and intended nature,
    • Information on the source of property values at the disposal of the client,
    • A description of the analysis of transactions within the business relationship to determine whether they are consistent with the knowledge of the customer, the nature and scope of its activities and the risks identified;
    • A detailed description of the circumstances giving rise to suspicion of money laundering or terrorist financing;
    • Information on where and how to open an account (including online accounts),
    • Data obtained from other organisational units of the obligated institution (e.g. anti-money laundering units, units dealing with fraud and extortion or units dealing with the IT system of the clearing house) and possible documents from external sources (e.g. requests from law enforcement authorities, SWIFT, OGNIVO messages), justifying suspicions,
    • Copies of relevant contracts, identification documents, notifications to the prosecutor's office, decisions of the prosecutor's office, etc.

If the reason for the notification is information obtained from external sources (e.g. law enforcement authorities) or a notification sent by an obligated institution to the prosecutor's office, a copy of the relevant documents should be attached.

It should be remembered that sending a notification to the General Inspector does not exempt the obligated institution from continuing to apply CDD measures, monitoring business relations on an ongoing basis or considering taking other actions, such as not carrying out transactions, terminating business relations or continuing to intensively apply enhanced CDD measures.

IV. Specificity of transactions carried out through non-payment card schemes, mobile payment systems (BLIK, Google Pay, Apple Pay) and prepaid cards

The dynamic development of mobile and alternative forms of payment means that in addition to traditional card transactions, transactions carried out through:

  • Payment schemes that are not payment card schemes (e.g. BLIK),
  • Mobile payment systems (e.g. Google Pay and Apple Pay).
  • Prepaid cards issued by various types of obligated institutions, including national payment institutions.

The growing popularity of these payment methods gives the opportunity to collect additional data about users and their operations, constituting a potential additional source of identification. Data obtained as part of these services should be identical to data obtained through traditional card-based payment schemes, so that notifications to the General Inspector meet the statutory requirements and are complete and useful.

If the obligated institution does not have complete data, it should use all channels and powers available to it to obtain a set of data, and if it is not possible to obtain complete data, indicate the reason for not obtaining them before sending the notification as part of the analysis carried out to confirm or exclude suspicions of money laundering or terrorist financing. The obligated institution that is a financial institution should have this data at its disposal in order to properly identify the risk factors set out in the EBA Guidelines on Money Laundering and Terrorist Financing Risk Factors1.

 
The scope of data that should be reported each time the circumstances of transactions carried out using the above schemes and payment systems are important to justify the notification is presented below.

  1. Scope of data in the case of payment transactions for goods in online / stationary stores (debit transaction of the account):
  • Transaction amount, currency,
  • Date and time of the transaction,
  • Title of the transaction (e.g. online purchase),
  • Descriptive transaction data (e.g. order number at merchant),
  • Merchant URL (if available to the obligated institution),
  • The address of the merchant,
  • Reference number of the acquirer,
  • Name of the billing agent,
  • Transaction identifier (e.g. in BLIK - 11-digit code placed in the account history),
  • The target bank of the payment and the target account of the transaction executed through a payment scheme that is not a payment card scheme,
  • Name of the merchant (merchant),
  • Identification data of the customer (transaction sender), including account number and data required in accordance with Article 36 of the Act,
  • When using Google Pay or Apple Pay, information about the owner of the card associated with the application, as in the case of card transactions.

2. Scope of data in the case of acceptance of payment for goods in stationary/online stores (merchant's account):

  • Transaction amount, currency,
  • Date and time of the transaction,
  • Title of the transaction,
  • Reference number of the acquirer,
  • Name of the billing agent,
  • Transaction identifier (e.g. in BLIK – 11-digit code),
  • Bank of the entity executing the transaction through a payment scheme that is not a payment card system (including BLIK, Google Pay, Apple Pay).

3. The scope of data in the case of withdrawals from ATMs and P2P transactions made using BLIK and other mobile services:

  • Transaction amount, currency,
  • Date and time of the transaction,
  • ATM number and location (if available) in case of cash withdrawal,
  • Transaction identifier (e.g. BLIK code),
  • Account number and customer identification data (in accordance with Article 36 of the Act),
  • For P2P transactions, the recipient’s telephone number (if it is part of the transaction identification),
  • If you use Google Pay or Apple Pay, information about the owner of the card associated with the app.

V. Follow-up of the notification

Notification to the General Inspector of Financial Information is not a prerequisite for reducing the level of risk assigned to the client or exempting from the obligation to apply CDD measures. The obligated institution is still obliged to apply CDD measures and to analyse a situation in which it is not possible to apply one of the CDD measures referred to in Article 34 of the Act. In such a situation, consideration should be given to applying the measures set out in Art.41.1 of the Act, i.e. refusal to establish business relations, failure to carry out an occasional transaction, failure to carry out a transaction through a bank account, or even termination of business relations with a client.

Repeated circumstances indicating suspicion of money laundering or terrorist financing should be taken into account in internal documentation (procedures, risk assessment) and form the basis for further improvement of AML/CFT processes.

{"register":{"columns":[]}}