The FIAU has recently published a Q&A clarifying how AML/CFT obligations interact with Regulation (EU) 2024/886 on instant credit transfers (the Instant Payments Regulation – “IPR”). These clarifications provide important guidance for payment service providers (“PSPs”) navigating the tension between real-time payments and robust financial crime controls.
A central message from the FIAU is that instant payment obligations do not override AML/CFT requirements. PSPs are required to offer instant credit transfers to all payment service users without blanket exclusions, including customers classified as high risk. However, this obligation does not translate into an automatic approval of every transaction. The decision to reject or suspend a specific instant payment must always be assessed on a case-by-case basis, grounded in a risk-based approach.
Importantly, the FIAU makes it clear that a customer’s historic involvement in a suspicious transaction report cannot, by itself, justify the systematic rejection of future instant payments. While institutions remain obligated to refrain from executing transactions that are suspected to involve money laundering or terrorist financing, prior reporting does not warrant default restrictions. Instead, enhanced due diligence and ongoing monitoring should be applied, with additional STRs submitted where new suspicions arise.
One of the most operationally significant clarifications concerns transaction monitoring within the ten-second execution timeframe mandated by the IPR. According to the FIAU, pre-transaction monitoring cannot be dismissed in favour of purely post-transaction controls. While the nature of instant payments inevitably increases reliance on post transaction monitoring, PSPs must still maintain sufficient pre-execution checks to identify transactions that present clear and immediate ML/TF risks. Failing to do so would undermine the institution’s ability to comply with its legal obligation to refrain from executing suspicious transactions.
The FIAU also addresses common mitigation strategies proposed by PSPs, such as suspending instant payment services for high-risk customers or imposing transaction limits through terms and conditions. Both approaches are deemed incompatible with the IPR’s framework. Suspension or exclusion clauses contradict the requirement to offer instant payments universally, while unilateral transaction caps conflict with the regulation’s provisions allowing limits only at the customer’s request. Instead, PSPs are expected to rely on targeted monitoring, and, where legally permissible, temporary blocking of funds pending AML/CFT checks.
Of particular interest is the guidance on handling suspected transactions from the payer’s versus the payee’s perspective. The FIAU outlines multiple compliant scenarios, including rejection prior to execution, non-availability of credited funds, and subsequent reporting to the FIAU, all while carefully managing tipping-off risks. Crucially, the chosen approach must respect both AML/CFT obligations and payment services law, including the prohibition on requalifying payment orders without the payer’s consent.
Overall, the FIAU’s clarifications reinforce the notion that instant payments demand faster decision-making, not weaker controls. PSPs must embed AML/CFT compliance into their operations, ensuring that speed and integrity of the financial system advance together. For institutions, this highlights the importance of robust risk assessments, calibrated monitoring systems, and clear internal procedures aligned with both the IPR and the AML legal framework.
