BACS allows some specific characters in the coding of BACS transactions, used for payer name, beneficiary reference, etc. It is A-Z, 0-9, . (dot), - (hyphen), / (slash), space, and & (ampersand).
The catch is that & is special in HTML. So needs escaping, obviously.
So I sent a 1p payment to a customer for fun. I sent from AA®
This is what he saw:-
Naughty Bank of Scotland.
Oddly, on the CSV download this is "AA AND REG" which is even stranger.
FYI Barclays seemed to escape stuff properly.
Banks still have a lot to learn!