EBA launches a central database for AML/CFT

A central database to strengthen the anti-money laundering and counter-terrorist financing (AML/CFT) framework was launched by the European Banking Authority (EBA) on 31 January 2022. Called EuReCA, the new database will be essential to coordinate efforts by national competent authorities and the EBA to prevent and fight money laundering and terrorist financing (ML/TF) risks throughout the European Union.

Given the implementation of this new database, the EBA has published Regulatory Technical Standards* (RTS), which provide all the details for implementing this new tool. In particular, the RTS will outline how to define a material weakness, what type of information competent authorities will have to report, the process for collecting the information, and how the EBA will analyse and disseminate the information contained in EuReCa. Once approved by the European Commission, the RTS will be directly applicable in all member states.

The benefits of this new database

  1. The database will contain information on the significant weaknesses of individual financial institutions that make them vulnerable to ML/TF. Competent authorities across the EU will be required to report these weaknesses and the measures they have taken to address them with a dual purpose of supporting the supervisory process and risk prevention. In supporting the supervisory process, the EBA will use EuReCA to provide information on ML/TF risk affecting the European financial sector. Where appropriate, the EBA will also share information from the database with the competent authorities to support them at all stages of the supervisory process, particularly if specific risks or trends emerge.
  2. To address risk prevention, the database will act as an early warning tool to help the competent authorities to respond before the threat of ML/TF materialises. As a result, this new tool will be essential for strengthening AML/CFT monitoring and coordinating efforts to prevent and counter AML/CFT.

Recognising the significance of weaknesses

Weaknesses are understood as violations, potential violations or ineffective and inappropriate applications. To facilitate early intervention, even before risks become apparent, weaknesses are defined as encompassing not only breaches or suspected breaches but also situations in which a financial sector operator’s implementation of AML/CFT requirements or policies falls short of expectations.

The significance of these weaknesses is characterised when they reveal or may lead to material deficiencies in the AML/CFT obligations of the reporting entity. When a weakness is considered material, this triggers a duty to report this information to the EBA.

The EBA recognises that the significance of the weakness depends on the context. It is in this sense that the importance will be determined by definition but also by a non-exhaustive list of criteria to make it more operational. These criteria may include:

  • repetition,
  • severity,
  • persistence over a significant time period,
  • impact on the orderly functioning of financial markets, and
  • impact on the integrity, transparency and security of the financial system of member states.

The type of information provided by national competent authorities

The RTS requires three different types of information to be transmitted:

  1. General information must serve to identify the competent authority transmitting the information and also the taxpayer’s financial sector to which the information relates. In particular, the information must contain:
    • identification of the competent authority,
    • identification of the operator’s financial sector, its branch of activity, respective size,
    • identification of the parent company if the company is part of a group.
  2. Information relating to the identified material weaknesses should facilitate a full assessment of the weakness and its impact, or potential impact, as well as the factors that contributed to it. This information should therefore contain:
    • the type of weakness,
    • description of the weakness,
    • the origin of the weakness;
    • the chronology of events leading to the weakness, and
    • the type of products or services that are impacted by the weakness.
  3. Information on the measures taken by the competent authorities against the weaknesses should reflect the existing reporting requirements. This information is important as it will allow the EBA to clearly understand how competent authorities have responded to a material weakness that they have identified. This information should include:
    • the date the measures were put in place,
    • the type of measure,
    • description of the measures,
    • the status of the measures, and
    • the presence of any challenges to the measures.

Information gathering

Competent authorities submitting or requesting information must declare to the EBA a person of appropriate seniority who will represent the authority to the EBA when transmitting information to the new database. Authorities must also appoint one or more persons as contact(s) to transmit and receive information.

In addition, the competent authorities will have to prove that they have adequate resources to carry out these operations. Indeed, given the sensitivity of the information in question, it is essential to ensure that the transmission of information is effective and sufficiently secure.

To guarantee the efficiency of this database, the quality, the time of transmission and the completeness of the information in question are essential. As a result, competent authorities should transmit the information as soon as possible to avoid the risk of ML/TF materialising.

Furthermore, the competent authorities are obliged to ensure that the information provided remains accurate, complete, appropriate and up-to-date.

Finally, the RTS specify that transmissions and requests for information must be made in English and electronically.

Use and analysis of the information contained in EuReCA

The EBA will have to analyse the information received using a risk-based approach of ML/TF. It will also, where necessary, cross-check the information collected with other sources of information, in particular from the European Commission or European Securities and Markets Authority (ESMA). The information will then be available to the EBA in two different ways:

  • First, reactively follow a request from a competent authority;
  • Second, proactively whereby the EBA may transmit, on its own initiative, relevant information to national competent authorities in the context of their supervisory activity.

*You can find the full RTS on the EBA website: RTS on AML CFT central data base.pdf (europa.eu)