The EBA publishes new report and guidelines in response to risk within the financial services sector

New report on AML/CFT risks in payment institutions

In accordance with the European Union regulations, the European Banking Authority (EBA) has been mandated to assess the management of the most significant risks in the fight against money laundering and terrorist financing (ML/FT).  The entity’s analysis is centred around the identification and management of ML-FT risks by payment institutions. Furthermore, the analysis illustrates the role of supervisors in mitigating such risks when an institution applies for authorisation.

The findings of the recent report will supplement information for ML-FT’s bi-annual risk assessment exercise.

What is at stake?

According to the findings of the report, the EBA illustrates, that despite the high exposure to ML-FT risks, payment institutions do not manage them appropriately. Notably, the implementation of internal controls is seldom not efficient, and the network of agents involved further accentuates the risk of ML-FT.

It is important to be noted, that the supervisory authorities do not systematically base the frequency and intensity of on-site and off-site controls on the money laundering and terrorist financing risk profile.

The study further reveals that requirements for obtaining authorisation are not consistent throughout the EU. As a result, this enables institutions to apply less stringent authorisation procedures which are then extended across the border. Thus, the AMF invites banks to follow its guidelines to reduce and manage their exposure to ML-FT risks.

IIF and Wolfsberg Group publishes response to the EBA consultation on de-risking  

In accordance with EBA’s public consultation on 6 December 2022, the Institute of International Finance (IIF) and Wolfsberg Group finally revealed their response to EBA’s new guidelines pertaining to effective management of money laundering and terrorist financing risks, particularly in the context of accessing financial services. 

What is at stake? 

This current response, in the form of a letter, contains recommendations on the guidelines proposed by the EBA. The letter propositions to acknowledge that financial Institutions may have legitimate reasons for disregarding a business relationship or rejecting work with individual customers, on a case-by-case basis, pertaining to risk management reasons. Furthermore, considering the cost of risk management remains an appropriate and prudent practice while determining a business association or product offering. 

To continue offering services or products, financial institutions must review the guidelines to ensure their alignment with Article 17 of the PSD2: Directive on the “Characteristics of a payment account with basic services”. In cases found contrary to the requirements, financial institutions can impose restrictions on such products or service offerings. 

Notably, in cases specific to non-profit organisations (NPOs), the financial institutions must deal with them differently and apply a risk-based approach by conducting their self-assessment. In this respect, the Wolfsberg Group invites the EBA to update the existing documentation and ensure it addresses all the AML/CFT risks associated with the different categories of NPOs. 

New guidelines aimed at reducing unjustified de-risking and preserving access for vulnerable customers

Having access to fundamental financial products and services is essential for individuals to have a sound economic and social life. This necessity becomes even more critical for the most marginalised and vulnerable individuals, including refugees and those experiencing homelessness. In fact, the absence of such access might prevent those who require it the most from receiving humanitarian aid.

What is at stake?

The EBA’s comprehensive assessment of the emphasis on the scope and impact of de-risking has underscored a critical observation. Although the decisions pertaining to engaging or refraining from establishing business relationships or not carrying out a transaction are consistent with the EU AML/CFT regulatory framework, but de-risking an entire category of customers, without careful consideration of each risk profile, may be unjustified and may signal towards ineffective AML/CFT risk management. To combat such situations the EBA has published new rules, foremost being providing guidance on ML-FT risk factors. This involves an addition of an appendix to the existing guidance, with the intent of helping financial institutions in the identification and assessment of customers when they are not-for-profit organisations (NGOs). These rules should enable a better understanding of how such organisations are formed, how they operate, and identifying the most risk categories associated with the specific structural type. This further aims at helping financial institutions better manage the risk associated with such organisations, rather than denying them access to financial services.

Furthermore, the EBA has also published rules regarding guidance on policies and controls to effectively manage ML-FT risks by providing access to financial services. These guidelines highlight the relationship between access to financial resources and obligations pertaining to AML/CFT, which also include customer cases having legitimate grounds for not being compliant with know-your-customer (KYC) requirements.