AAnti Money Laundering

The interplay of CCD2 and AMLR: AML obligations for merchants offering invoice or instalment payments

The interplay of CCD2 and AMLR: AML obligations for merchants offering invoice or instalment payments 1
0
Shares
0
0
0
0
0
0

The Anti-Money Laundering Regulation (EU) 2024/1624 (AMLR) includes creditors of consumer credits in the list of obliged entities, while (EU) 2023/2225 (“CCD2”) significantly broadens the definition of consumer credit. In practice, this creates a notable distinction: if a consumer buys an item with a credit card, the merchant is not subject to AML obligations. However, if a merchant allows payment in instalments or upon invoice via a sales platform, the merchant is subject to AML obligations and may need to identify the consumer. The rationale behind this? Unclear.

From 10 July 2027, Article 3 AMLR defines obliged entities subject to anti-money laundering obligations to include financial institutions. The definition of financial institutions in Article 2 para. 6 lit g AMLR in turn includes creditors a creditor as defined in Article 3, point (b), of Directive 2008/48/EC. The latter is the “old” consumer credit directive. The term creditor is defined therein as a natural or legal person who grants or promises to grant credit in the course of his trade, business or profession.

Under German law, merchants may grant credit for the financing of the purchases of their own goods and services. Until now, merchants did not need a license for this but “purchase upon instalment” has been a regular feature for German merchants including in online stores.  Where such purchase upon instalment is granted at no cost (0% financing), it may not fall within the definition of credit, otherwise it is a credit and the merchant granting it a creditor.

Consequently, merchants granting instalment purchases will become obliged entities under AMLR, subject to AML obligations such as customer due diligence. By contrast, if a customer pays by credit card, PayPal, or similar methods, the merchant is not obliged to identify the customer. Why the AML risk is considered higher for instalment payments compared to immediate payment remains unexplained.

CCD2 goes even further: Article 2 para. 2 lit. h CCD2 states that even a no-cost deferred payment (e.g. instalment plan) qualifies as credit if the payment term exceeds 50 days.

Most critically, certain invoice payments may also fall within the credit definition. This is the case, if

  • the merchant is not a micro enterprise or SMB, and
  • offers the sale of goods and services online, and
  • there are additional costs or interest, or
  • the payment term exceeds 14 days, or
  • a third party is offering or purchasing the credit.

Practice Test

Most merchants will not be affected if they offer invoice payments with terms not exceeding 14 days and without additional costs – standard in German e-commerce. However, merchants most often sell the purchase price receivable to BNPL providers because they cannot afford nor manage credit default risk themselves. In this case, not only will the consumer be subject to a creditworthiness check, but the merchant also needs to carry out customer due diligence measures unless the sale is deemed an occasional transaction (with a value of lower than 10,000 EUR) and not a business relationship.

For purchase in instalments, it will be more difficult to argue that it is an occasional transaction only, since the arrangement is inherently designed to be long-term.

Beyond customer due diligence requirements, merchants will face all AML obligations required of obliged entities under AMLR, and will need to register as creditors, the latter a new requirement introduced under CCD2.

Again, the rationale for AML obligations being triggered simply because a merchant sells a receivable to a (licensed!) third-party provider remains elusive.

Outlook

Looking ahead, it is likely that merchants will reconsider offering instalment and invoice payments, weighing the compliance burden against the potential sales uplift from deferred payment options. The result could be a market dominated by credit cards and bank loans, which arguably may not benefit consumers. This may be another instance where EU legislative efforts, driven ostensibly by concerns over specific market practices, overlook the broader consequences for the market as a whole.

0
0

Susanne started her legal career at Linklaters. Most recently, she headed the legal department of PayPal for the DACH region. Before that, she worked at eBay mainly on payment related topics. Her focus are regulatory issues and product advice in the payment and ecommerce industry. Susanne dealt with completely different legal topics as head of legal director for the Bundesdruckerei (federal printing office).

Niklas Olschewski advises companies from the payment services, blockchain & DLT and credit and finance sectors at the Berlin office. In his advisory practice, he focusses primarily on banking & banking supervisory law, money laundering law and payment services supervisory law.



By continuing, you accept our privacy policy.
You May Also Like
AAnti Money Laundering
AMLA konsultiert Leitlinien zur laufenden Überwachung von Geschäftsbeziehungen – Was auf Verpflichtete zukommt AMLA Consults on Guidelines for the Ongoing Monitoring of Business Relationships – What You Should Expect
Read More
  • 5 minute read

AMLA Consults on Guidelines for the Ongoing Monitoring of Business Relationships – What You Should Expect

Continuous monitoring is already one of the core obligations in anti-money laundering compliance today. However, the AMLR elevates this principle to a new level. Obliged entities must not only review individual transactions but continuously analyse and assess the entire business relationship throughout its lifecycle.
Read More
DData Protection
Datenschutz im Zahlungsverkehr – Rechtliche Grundlagen und Besonderheiten Data Protection in Payment Services – Legal Framework and Key Particularities
Read More
  • 10 minute read

Data Protection in Payment Services – Legal Framework and Key Particularities

Data protection in payment services operates within the complex interplay of the GDPR, PSD2 and the German ZAG. A key challenge lies in the legal classification of payment data, as transaction data may reveal highly sensitive insights into individuals’ private lives. This article analyses the principal legal bases for data processing as well as the allocation of data protection responsibilities among payment service providers, PISPs and AISPs.
Read More
RRegulatory
Der Bafin-Jahresbericht 2025: Zwischen Cyber-Resilienz, Geldwäscheprävention und dem Blick nach Europa The BaFin Annual Report 2025: Between Cyber Resilience, Anti-Money Laundering and a European Perspective
Read More
  • 5 minute read

The BaFin Annual Report 2025: Between Cyber Resilience, Anti-Money Laundering and a European Perspective

The BaFin Annual Report 2025 highlights a profound transformation of financial supervision. Alongside cyber resilience, DORA and ESG regulation, data-driven supervision, anti-money laundering and stronger European harmonisation are moving centre stage. At the same time, requirements for governance, IT structures and management accountability are increasing significantly.
Read More
PPayment
Ist bei E-Geld ein Vertrag zwischen dem E-Geld-Herausgeber und der Akzeptanzstelle erforderlich? Is a contract between the e-money issuer and the merchant required for e-money?
Read More
  • 9 minute read

Is a contract between the e-money issuer and the merchant required for e-money?

This article examines the European Commission’s controversial interpretation of Article 11(7) EMD2 regarding the definition of electronic money. It focuses on whether a contractual relationship between the e-money issuer and the accepting merchant is required for electronic money acceptance. The article concludes that Article 11(7) EMD2 does not establish a general contractual requirement for the acceptance of e-money.
Read More