EBA takes action to address ‘de-risking’ practices

In March 2021 the EBA published three regulatory instruments to address de-risking practices based on evidence gathered in its call for input on de-risking in May 2020 (Call for Input): (i) 2021 Opinion on ML/TF risks in the EU’s financial sector, (ii)  revised ML/TF Risk Factors Guidelines and (iii) public consultation on amendments to existing Guidelines on risk-based AML/CFT supervision. These instruments clarify that compliance with anti-money laundering (AML) and countering terrorist financing (CTF) obligations in EU law does not require financial institutions to refuse, or terminate, business relationships with entire categories of customers that they consider to present a higher money laundering (ML) and terrorist financing (TF) risk. In these documents the EBA also set out actions that competent authorities and financial institutions should take to effectively manage risks associated with individual business relationships.   

De-risking refers to decisions taken by financial institutions to refuse to provide services or to terminate business relationship with certain categories of customers that they associate with higher ML/TF risk. Based on the responses received from competent authorities and the input received by EBA in response to its Call for Input, the EBA notes that de-risking continues to pose ML/TF risks, because customers affected by de-risking may resort to alternative payment channels in the EU and outside EU to meet their financial needs. As a result, transactions may no longer be monitored, making the detection and reporting of suspicious transactions challenging and ultimately resulting in prevention of ML/TF becoming more difficult.

2021 Opinion on ML/TF risks 

Firstly, in the 2021 Opinion on ML/TF risks in the EU’s financial sector published on 3 March 2021¹, the EBA notes that a number of respondents of EBA’s Call for Input suggested that de-risking is a practice that may be caused by financial institutions “failing to develop a sufficiently robust and comprehensive business-wide risk assessment and implement controls that effectively manage these risks”. The respondents also suggested that financial institutions may choose not to manage the risk associated with individual business relationships and instead discontinue business relationships with entire categories of customers. As a result of this practice, certain individuals or entities may be excluded from the financial system. 

Considering the feedback received, the EBA proposes in its 2021 Opinion on ML/TF risks that competent authorities should remind the financial institutions under their supervision that EBA’s Risk Factors Guidelines ² are clear that the application of a risk-based approach does not require financial institutions to refuse or terminate business relationships with entire categories of customers that are considered to present high ML/TF risk, as the risk associated with individual business relationships may vary, even within one category. The guidelines set out factors that financial institutions should consider when assessing the ML/TF risk associated with a business relationship and explain the need to carefully balance financial inclusion with the need to mitigate ML/TF risk. As de-risking of certain sectors is often caused by the lack of trust in the quality of AML/CFT systems and controls implemented by the financial institutions in that sector, the EBA proposes that competent authorities should consider how the level of control could be improved. This may include increased supervisory activities in the sector or additional guidance to the sector. In addition, the EBA’s risk-based AML/CFT supervision Guidelines ³ , which are currently being revised by EBA, will require competent authorities to communicate their risk assessment and regulatory expectations in terms of management of the ML/TF risk to the sectors to ensure that the risk is managed properly, instead of customers being de-risked.

Revised ML/TF Risk Factors Guidelines

Secondly, the EBA issued its revised ML/TF Risk Factors Guidelines⁴ , in which it introduced three new guidelines relating to financial institutions and de-risking. Below we summarise the key points of these three new guidelines:

1. The application of a risk-based approach does not require financial institutions to refuse, or terminate, business relationships with entire categories of customers that are considered to present higher ML/TF risk.
   
   
2. Financial institutions should put in place appropriate and risk-sensitive policies and procedures to ensure that their approach to applying customer due diligence measures does not result in unduly denying legitimate customers access to financial services. Where a customer has legitimate reasons for being unable to provide traditional forms of identity documentation, financial institutions should consider mitigating ML/TF risk in other ways, including by:
   
   
1. adjusting the level and intensity of monitoring in a way that is proportionate to the ML/TF risk associated with the customer; and
   
   
2. offering only basic financial products and services, which restrict the ability of users to abuse these products and services for financial crime purposes.

3. Financial institutions may wish to refer to the EBA’s Opinion on the application of customer due diligence measures to customers who are asylum seekers from higher-risk third countries or territories (EBA-OP-2016-07)⁵

Consultation paper on revised Guidelines on risk-based supervision

Thirdly, the EBA launched a public consultation on changes to its existing Guidelines on risk-based AML/CFT supervision⁶ . The revised guidelines aim to address the concerns raised in the EBA’s Call for Input by explaining what competent authorities should do to reduce the risk of de-risking. For starters, the revised guidelines propose that competent authorities should assess the need for further guidance in the sector and concludes that “evidence of de-risking” or “evidence that subjects of assessment avoid risks rather than manage ML/TF risk effectively” may indicate that further guidance in the sector is needed. In addition to this, the competent authorities should ensure that their guidance does not directly or indirectly lead to de-risking of entire categories of customers. 

EBA is currently welcoming comments on the draft Guidelines on risk-based AML/CFT supervision, which must be submitted to EBA by 17 June 2021. EBA will also continue to monitor and assess the scale and impact of de-risking throughout the remainder of this year and will consider the extent to which the current legal and regulatory framework is sufficient to address the issues associated with de-risking. 

^{1 https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Opinions/2021/963685/Opinion%20on%20MLTF%20risks.pdf}

^{2 https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/963637/Final%20Report%20on%20Guidelines%20on%20revised%20ML%20TF%20Risk%20Factors.pdf}

^{3 https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-countering-financing-terrorism/guidelines-risk-based-supervision-revised}

^{4https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/963637/Final%20Report%20on%20Guidelines%20on%20revised%20ML%20TF%20Risk%20Factors.pdf}

^{5https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1359456/4d12c223-105f-4cf0-a533-a8dae1f6047e/EBA-Op-2016-07%20%28Opinion%20on%20Customer%20Due%20Diligence%20on%20Asylum%20Seekers%29.pdf}

^{6https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Consultations/2021/Consultation%20on%20revised%20Guidelines%20on%20risk-based%20AML-CFT%20supervision%20/964006/CP%20on%20the%20revised%20Guidelines%20on%20Risk-Based%20Supervision.pdf}