We have received information from our bank in Norway about a new demand from the Anti Money Laundering act: The bank is obliged to verify that any individual that sign payments/payment files on behalf of a company has been assigned the role as power of attorney (PoA) by the company for this. Hence to this all the Norwegian banks are adjusting their systems in order to be compliant to this demand.
This requirement is mandatory for all payments in Norway from 12th of March 2022.
IFS has not yet considered this demand, so I am reaching out here to find additional customers having the same requirements. This should apply to all companies sending payment files in Norway.
If you have the same requirement, please comment with your feedback on this topic. IFS is informed about this topic (IFS case G2286441).
To fulfill the requirement we have filed a request to IFS to add processes for approval and sign-off of ISO20022 payment files, including the private identification number of the persons approving and sending the payment file, under the proper tags in the html files.
We are running IFS10, UPD8.
Please find the attached files with the request to IFS, BITS MIG clarification paper and the AML act.
Info from our bank about the payment file and implementation of how to verify who has signed and sent the file to the bank:
In order to keep straight through processing of the payment files, BITS (The standardization office for banks in Norway) has prepared and launched a new Message Implementation Guide (MIG) for Pain.001 (payment files from customer to bank). This MIG includes new fields that can be filled in by customer in order for the bank to identify and verify the individuals that have signed the payment file and their PoA rights. This is the new common standard for the Norwegian market that all the Norwegian banks will implement. Hence to this we are updating our Norwegian Pain.001 MIG accordingly. When these fields are filled in correctly and according to the PoA information given by customer to SEB then the Pain.001 files will be processed STP (Straight Through Processing) for our customers.
Technical implementation of BITS MIG:
To achieve STP processing and be compliant it is required that personal identification of users approving files in your ERP/TMS systems should be added to pain.001 file as showed
below:
"<"Attached file">"
Additionally, same private identification numbers need to be provided to the bank in separate Appendix in your current GCA or CAoS agreement.
In this way the bank will be able to verify that person who have signed the file have authority to debit such account.
