Source: OJ L 150, 9.6.2023, pp. 1–39

Current language: EN

Article 29 Specific provisions


Summary What does Article 29 of the Transfer of funds regulation (TFR) say?

Article 29 works in conjunction with Article 28, which establishes the general framework for administrative sanctions.

This article drills down into the specific breaches that must trigger sanctions, setting the minimum categories of conduct that Member States are required to cover.

It spans both payment service providers and crypto-asset service providers, as well as intermediary actors in both spaces, ensuring that the sanctioning regime applies across the full chain of transfer activity.

Important points:

  • Member States must ensure their sanctions regimes cover at minimum the four categories of breach defined in this article, which cover failures around accompanying transfers with required information, record retention, risk-based procedures, and serious failures by intermediaries.
  • Sanctions apply to payment service providers, crypto-asset service providers, and their respective intermediaries, meaning all actors in a transfer chain face exposure.
  • The threshold for a sanctionable breach varies by type: some require repeated or systematic failure, while others require only a single serious failure.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

Member States shall ensure that their administrative sanctions and measures include at least those laid down in Article 59(2) and (3) of Directive (EU) 2015/849 in the event of the following breaches of this Regulation:

  1. repeated or systematic failure by a payment service provider to accompany the transfer of funds with the required information on the payer or the payee, in breach of Article 4, 5 or 6, or by a crypto-asset service provider to accompany the transfer of crypto-assets with the required information on the originator and beneficiary, in breach of Article 14 or 15;

  2. repeated, systematic or serious failure by a payment service provider or crypto-asset service provider to retain records, in breach of Article 26;

  3. failure by a payment service provider to implement effective risk-based procedures, in breach of Article 8 or 12, or by a crypto-asset service provider to implement effective risk-based procedures, in breach of Article 17;

  4. serious failure by an intermediary payment service provider to comply with Article 11 or 12 or by an intermediary crypto-asset service provider to comply with Article 19, 20 or 21.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod