EC ¦ FAQs on Sanctions Against Russia and Belarus, Focusing on the Provision of Payments Services

Sanctions and Payment Services: Practical Guidance on Article 5b(2) of Regulation (EU) No 833/2014

Article 5b(2) of Regulation (EU) No 833/2014, as amended by Regulation (EU) 2025/2033, imposes targeted prohibitions on a narrow set of payment-related activities when provided to Russian nationals, natural persons residing in Russia and legal persons, entities or bodies established in Russia. The measure covers three distinct categories: crypto-asset services, the issuing of payment instruments together with the acquiring of payment transactions and provision of payment initiation services, and the issuing of electronic money. Each category is defined by the relevant EU directives: PSD2 for payment instruments, acquiring and payment initiation; and the EMD2 definition of electronic money. These prohibitions are service-specific – they do not amount to a blanket ban on all forms of banking or payments activity vis‑à‑vis persons in scope.

Exemptions and residency considerations

Article 5b(3) provides important exemptions. Nationals of EU Member States, EEA countries and Switzerland, as well as persons holding temporary or permanent residence permits in the EU, EEA or Switzerland, fall outside the scope of the prohibition. Practically, holders of long‑stay Type D visas who have completed national registration formalities are typically treated as legally resident for the purpose of this exemption, although exact treatment can depend on domestic rules. Payment service providers must verify and document the residency or nationality status of customers claiming exemption, bearing in mind that a residence permit must remain valid for the entire validity period of any newly issued payment instrument under the exemption.

Ownership, control and the risk of circumvention

The prohibitions apply to persons and entities legally established in Russia – they do not automatically extend to non‑Russian legal entities simply because they are owned or controlled by Russian persons. Services may continue to be provided to entities established in the EU or third countries even where Russian ownership exists. That said, the Regulation’s anti‑circumvention rule in Article 12 makes it clear that arrangements designed knowingly and intentionally to channel prohibited services around the sanctions are forbidden. Payment service providers should therefore assess whether third‑country entities or complex ownership structures are being used as conduits and take reasonable steps to identify and mitigate circumvention risks.

Bastian Schwind-Wagner _Follow

"Article 5b(2) of Regulation 833/2014 targets specific payment and crypto‑asset services when provided to Russian nationals, residents in Russia and entities established in Russia, while allowing continued use of existing instruments and access to accounts under limited conditions. Payment service providers must therefore focus on accurately identifying in‑scope customers, preventing prohibited issuance or initiation services, and guarding against circumvention through intermediaries.

Operational compliance requires timely processes to stop prohibited services when a customer’s status changes and careful documentation of residency or nationality-based exemptions. Coordination between legal, compliance and operations teams, together with proportionate due diligence, will reduce legal and reputational risk."

Existing relationships and transitional questions

Article 5b(2) does not require PSPs to close accounts or terminate existing contractual relationships with customers who fall within scope. PSPs may continue to maintain accounts and provide services that are not expressly prohibited. However, the prohibition applies equally to existing customers and new ones: when a customer falls within scope – for example because a Russian national ceases to be legally resident in the EU – the provider must immediately stop offering the specific services prohibited by Article 5b(2). That duty to discontinue prohibited services applies to renewals and replacements as well as the issuance of entirely new instruments. Providers should have processes to detect status changes and act promptly once they become aware that a customer has entered the measure’s scope.

Operational responsibilities and who bears primary compliance duties

All PSPs must ensure they do not provide the prohibited services to persons within the scope of Article 5b(2). For payment transactions, recital 19 of Regulation (EU) 2025/2033 clarifies that primary responsibility for sanctions compliance in relation to contracts connected to the prohibited services lies with the account‑servicing payment service provider (ASPSP ). Payment initiation service providers (PISPs ) are not expected to perform full transaction screening at the moment of initiation, but they must ensure they do not provide prohibited initiation services to in‑scope persons. Acquirers likewise must ensure they do not accept transactions that would involve a prohibited acquiring service. PSPs must also remain mindful of other sanctions obligations that may arise under different EU instruments.

Using existing payment instruments and e‑banking access

The measure does not require cancellation or freezing of existing payment instruments such as debit or credit cards, nor does it prevent continued access to online and mobile banking where only personalised security credentials are required. Article 5c(1a) allows continued provision of personalised credentials necessary to access an existing account. The key distinction is between continuing non‑prohibited functionality for instruments issued before the sanctions and issuing, renewing or replacing instruments for persons in scope – the latter is prohibited. If execution of a transaction using an otherwise valid existing instrument requires a service that itself is prohibited (for example, acquiring services used by digital wallets), that particular transaction should be blocked on the grounds that the enabling service is prohibited, not because the instrument has been retroactively invalidated.

Additional and commercial cards – personalisation matters

Issuing additional cards in the name of a Russian national or person residing in Russia is prohibited, even where the additional cardholder is not the primary account holder. The same applies to commercial cards personalised for in‑scope natural persons – issuance, renewal or replacement is not permitted. Provision of non‑prohibited services via existing additional or commercial cards remains allowed, subject to any applicable derogations such as those set out in Article 5c for basic needs, legitimate cross‑border trade or exclusive use by subsidiaries in Russia.

Payment initiation routes – redirection versus third‑party initiation

A common operational question concerns so‑called bank‑link redirections. If a user is redirected to their own bank’s secure interface and initiates a payment directly without third‑party participation, that flow is not a payment initiation service under PSD2 and thus not caught by the Article 5b(2)(b) prohibition. However, if a third‑party PSP initiates the payment on the user’s behalf via open banking APIs or similar mechanisms, that qualifies as a payment initiation service and must not be provided to persons in scope. PSPs and merchants should therefore map payment flows carefully and ensure that redirection models do not inadvertently involve third‑party initiation that would breach the prohibition.

Practical compliance steps

To meet their obligations, PSPs should implement proportionate customer due diligence and monitoring to identify nationality and residency status changes, record and verify the validity period of residence permits when relying on the exemption, and apply enhanced scrutiny to transactions or relationships involving third‑country entities that could be used to circumvent the measures. Legal and operational teams must align on processes for stopping prohibited services immediately when a customer enters scope, and for distinguishing between permitted uses of existing instruments and prohibited issuing or enabling services. Finally, PSPs should document decision‑making and risk assessments relating to circumvention indicators and maintain clear communication channels between onboarding, compliance and transaction processing teams.

Conclusion

Article 5b(2) introduces narrowly targeted but operationally significant prohibitions on specific payment and crypto‑asset services when directed at Russian nationals, residents in Russia and entities established in Russia. The measure balances targeted restrictions with practical exemptions and does not mandate wholesale closure of accounts. For PSPs, the critical tasks are accurate identification of persons in scope, sensible controls to prevent issuance or facilitating of prohibited services, vigilance for circumvention attempts and prompt action when a customer’s status changes. Close coordination between compliance, operations and legal functions will be essential to apply these rules consistently and defensibly.

Dive deeper

• EC ¦ Provision of payments services ¦ Link
• EUR-Lex ¦ Regulation (EU) No 833/2014 ¦ Link
• EUR-Lex ¦ Regulation (EU) 2025/2033 ¦ Link