Source: OJ L 150, 9.6.2023, pp. 1–39Current language: EN
- Anti-money laundering
Basic legislative acts
- Transfer of funds regulation (TFR)
Article 26 Record retention
Information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; or on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; shall not be retained for longer than strictly necessary. Payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; of the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and of the payeemeans a person that is the intended recipient of the transfer of funds; shall retain records of the information referred to in Articles 4 to 7, and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; shall retain records of the information referred to in Articles 14 to 16, for a period of five years.
Upon expiry of the retention period referred to in paragraph 1, payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; shall ensure that the personal data is deleted, unless otherwise provided for by national law which determines under which circumstances payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; may or shall further retain such data. Member States may allow or require further retention only after they have carried out a thorough assessment of the necessity and proportionality of such further retention, and where they consider it to be justified as necessary for the prevention, detection or investigation of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;. That further retention period shall not exceed five years.
Where, on 25 June 2015, legal proceedings concerned with the prevention, detection, investigation or prosecution of suspected money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; are pending in a Member State, and a payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; holds information or documents relating to those pending proceedings, the payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; may retain that information or those documents in accordance with national law for a period of five years from 25 June 2015. Member States may, without prejudice to national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings, allow or require the retention of such information or documents for a further period of five years where the necessity and proportionality of such further retention has been established for the prevention, detection, investigation or prosecution of suspected money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.
Relevant recitals
Recital 54 Five-year retention period and conditions for extension
As it may not be possible in criminal investigations to identify the data required or the individuals involved in a transaction until many months, or even years, after the original transfer of fundsmeans any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:a credit transfer as defined in Article 4, point (24), of Directive (EU) 2015/2366;a direct debit as defined in Article 4, point (23), of Directive (EU) 2015/2366;a money remittance as defined in Article 4, point (22), of Directive (EU) 2015/2366, whether national or cross-border;a transfer carried out using a payment card, an electronic money instrument, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics; or transfer of crypto-assetsmeans any transaction with the aim of moving crypto-assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same;, and in order to be able to have access to essential evidence in the context of investigations, it is appropriate to require payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; or crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; to keep records of information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; or the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and the beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; for a period of time for the purposes of preventing, detecting and investigating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; and terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;. That period should be limited to five years, after which all personal data should be deleted unless national law provides otherwise. If necessary for the purposes of preventing, detecting or investigating money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;, and after carrying out an assessment of the necessity and proportionality of the measure, Member States should be able to allow or require retention of records for a further period of no more than five years, without prejudice to national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings and in full compliance with Directive (EU) 2016/680 of the European Parliament and of the Council(21)Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).. Those measures could be reviewed in light of the adoption of a Regulation of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.