EBA consultation on changes to AML/CTF risk factors guidelines

The document contains 20 open consultation questions regarding the evaluation of proposed changes to the Guidelines.

Due to the ongoing situation around COVID-19, comments to the draft Guidelines may be submitted up until 6 July 2020 on the EBA’s consultation page.

What are the Guidelines?

The Guidelines were created by the 4th Anti-Money Laundering Directive (AMLD 4), and are addressed to both financial institutions and the supervisory authorities of EU Member States with the aim of significantly strengthening Europe’s AML/CFT defences, as well as fostering greater convergence of supervisory practices.

The Guidelines provide specific AML/CTF risk factors concerning distinct types of business activity, as well as measures to be applied in order to properly address these risks. The Guidelines cover the following sectors: (i) correspondent banks, (ii) retail banks, (iii) wealth management, (iv) trade finance providers, (v) life insurance undertakings, (vi) electronic money issuers, (vii) providers of investment funds, (viii) regulated crowdfunding platforms, (ix) payment initiation services providers (PISPs) and account information service providers (AISPs), (x) firms providing activities of currency exchange offices, (xi) corporate finance, (xii) money remitters and (xiii) investment firms.

What are the proposed changes to the Guidelines?

The EBA, as the European Supervisory Authority responsible for fighting money laundering and terrorist financing in the financial sector, considered updates to the Guidelines as necessary due to changes to the EU AML/CTF legal framework (notably the introduction of AMLD 5) and new risks identified in the area of AML/CTF.

In the proposed changes to the Guidelines, the EBA has updated the factors to be taken into account when assessing the level of risk of AML/CTF and when analysing the adequacy of risk assessments of financial institutions, applicable policies and procedures regarding the prevention of AML/CTF.

The proposed changes to the Guidelines also incorporate new sectoral guidance on crowdfunding platforms, financial consulting for enterprises, PISPs and AISPs, as well as entities operating currency exchange offices. The proposed Guidelines have a more precise approach to identifying the real beneficiary and to using innovative solutions to identify and verify the customer’s identity.

With regard to AISPs and PISPs (together known as TPPs), the EBA indicated that, despite TPPs being obliged entities under AMLD 4, the associated AML/CTF risk is limited due to the fact that (i) PISPs do not execute the payment transactions themselves and do not hold the payment service user’s funds, and (ii) AISPs are not involved in the payment chain and do not hold the payment service user’s funds. However, the EBA did provide certain risk factors that TPPs should take into account when assessing the AML/CTF risk, as well as certain measures that TPPs should apply depending on the level of the identified risk. The applicability of AMLD4 to TPPs has been subject to industry discussion, with some TPPs arguing that they should not be subject to the requirement to conduct customer due diligence (CDD) as they do not hold any funds. Whilst the proposed changes to the Guidelines provide clarification that TPPs are 'obliged entities' for the purposes of AMLD4, the changes may nevertheless be welcomed by TPPs, as they state that it may be appropriate for TPPs to only apply simplified due diligence (SDD), as opposed to standard CDD. Despite this, some TPPs may continue to take the view that, although they are obliged entities (and so potentially within the scope of AMLD4), they are not subject to the requirement to conduct CDD (whether simplified or standard customer due diligence) as there is no 'business relationship,' or because the thresholds in AMLD4 for 'occasional transactions' have not been exceeded.

As for e-money institutions, the EBA provided risk factors relating to the products, customers, distribution channels and country or geographical location, as well as measures concerning customer due diligence.

Further, the proposed Guidelines provide sectoral guideline for money remitters, indicating that due to the simplicity and speed of transactions, their worldwide reach and the fact that such transactions often use cash, they are potentially exposed to a higher level of AML/CTF risk. The types of risk factors are divided into the same categories as those concerning e-money institutions, as listed above. With regard to the recommended measures to be taken to mitigate these risks, the EBA indicated that money remitters should know the agents through which they act, and they should also establish and maintain appropriate and risk sensitive policies and procedures in relation to the risks posed by their agents.

Should you have any questions about the above, please do not hesitate to contact one of the members of the Bird & Bird global payments team.

If you would like to receive our regular Payments alerts in your inbox, click here.

If you would like to read Bird & Bird's previous alerts, please check out our Payments In Focus webpage here.