SEPA transfer fields need to follow a standard. I think it's fine, we shouldn't put more control and censorship there (try to put Daesh membership fee if you want to get your account locked...)

However a chatbot should absolutely not be able to display arbitrary and clickable links outside a pretty tight whitelist (like, the bank FAQ).