Source: OJ L 150, 9.6.2023, pp. 1–39

Current language: EN

Article 26 Record retention

    1. Information on the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and the payeemeans a person that is the intended recipient of the transfer of funds; or on the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; shall not be retained for longer than strictly necessary. Payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; of the payermeans a person that holds a payment account and allows a transfer of funds from that payment account or, where there is no payment account, that gives a transfer of funds order; and of the payeemeans a person that is the intended recipient of the transfer of funds; shall retain records of the information referred to in Articles 4 to 7, and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; of the originatormeans a person that holds a crypto-asset account with a crypto-asset service provider, a distributed ledger address or a device allowing the storage of crypto-assets, and allows a transfer of crypto-assets from that account, distributed ledger address, or device, or, where there is no such account, distributed ledger address, or device, a person that orders or initiates a transfer of crypto-assets; and beneficiarymeans a person that is the intended recipient of the transfer of crypto-assets; shall retain records of the information referred to in Articles 14 to 16, for a period of five years.

    1. Upon expiry of the retention period referred to in paragraph 1, payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; shall ensure that the personal data is deleted, unless otherwise provided for by national law which determines under which circumstances payment service providersmeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; and crypto-asset service providersmeans a crypto-asset service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where performing one or more crypto-asset services as defined in Article 3(1), point (16), of that Regulation; may or shall further retain such data. Member States may allow or require further retention only after they have carried out a thorough assessment of the necessity and proportionality of such further retention, and where they consider it to be justified as necessary for the prevention, detection or investigation of money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;. That further retention period shall not exceed five years.

    1. Where, on 25 June 2015, legal proceedings concerned with the prevention, detection, investigation or prosecution of suspected money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849; are pending in a Member State, and a payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; holds information or documents relating to those pending proceedings, the payment service providermeans the categories of payment service provider referred to in Article 1(1) of Directive (EU) 2015/2366, natural or legal persons benefiting from a waiver pursuant to Article 32 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC, providing transfer of funds services; may retain that information or those documents in accordance with national law for a period of five years from 25 June 2015. Member States may, without prejudice to national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings, allow or require the retention of such information or documents for a further period of five years where the necessity and proportionality of such further retention has been established for the prevention, detection, investigation or prosecution of suspected money launderingmeans the money laundering activities referred to in Article 1(3) and (4) of Directive (EU) 2015/849; or terrorist financingmeans terrorist financing as defined in Article 1(5) of Directive (EU) 2015/849;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod