Response to consultation on draft Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on customer due diligence and ML/TF risk factors

Go back

Question 3: Do you have any comments on the proposed amendments to Guideline 2 on identifying ML/TF risk factors?

(1) Guidelines 2.7 letter a) states that “When identifying the risk associated with a customer’s or beneficial owner’s nature and behavior, firms should pay particular attention to risk factors that, although not specific to terrorist financing, could point to increased TF risk, in particular in situations where other TF risk factors are also present. To this end, firms should consider at least the following risk factors: Is the customer or the beneficial owner a person included in the lists of persons, groups and entities involved in terrorist acts and subject to restrictive measures, or are they known to have close personal or professional links to persons registered on such lists (for example, because they are in a relationship or otherwise live with such a person)”
With reference to this proposal, we recommend providing that the firms should take into consideration this information exclusively if it is “publicly known”, since a client spontaneously may not reveal that kind of risky relations.
(2) Guideline 2.7 letter d) - when identifying a risk associated with a customer - requests to pay particular attention in case the customer is a non-profit organization, if its activities or leadership are publicly known to be associated with extremism or terrorist sympathies, or if its transaction behaviour is characterized by bulk transfers of large amounts of funds to jurisdictions associated with higher ML/TF risks and high-risk third countries. Also, Guideline 2.7 letter e) asks to pay attention if the customer carries out transactions characterized by large flows of money in a short period of time, involving non-profit organizations with unclear links (e.g. they are domiciled at the same physical location or they share the same representatives or employees or they hold multiple accounts under the same names).
EBA should clarify in concrete how to better develop the requirements stated above e.g. the concept of “publicly known” providing us with some examples of public sources to be considered as reliable or explanations with regard to what is it meant by “unclear link”.
(3) Guideline 2.7 letter f) states that when identifying the risk associated with a customer’s or beneficial owner’s nature and behaviour, firms should pay particular attention to risk factors that, although not specific to terrorist financing, could point to increased TF risk, in particular in situations where other TF risk factors are also present. To this end, firms should consider at least the following risk factors: Does the customer transfer or intend to transfer funds to persons referred to in (a) and (b)?
Among the Risk factors, there’s also the case in which the client transfers or intends to transfer funds to persons (clients or beneficial owners) present in the terrorist lists or having close ties (personal and professional) with subjects present in those lists and to persons (customers or beneficial owners) for whom it is known that they are under investigation / convicted of terrorist activities or known to have close ties (personal and professional) with these people.
Therefore, EBA should clarify whether there’s a need to carry out checks not only on customers / executors / legal representatives / beneficial owners, but also on the "non-customer beneficiaries" regarding subjects not specifically identifiable in the terrorist lists. Furthermore, it should be understood how to identify the beneficial owner who is not a customer.

With regard to countries and geographical areas, Guideline 2.9(c) has been amended to specify that, when identifying the risks associated with countries and geographical areas, firms should also consider the risk related to which the customer or the beneficial owner has ‘financial or legal interest’.
(1) With regard to the proposed changing we highlight that first of all there’s a need for a better definition of legal interest. Moreover, the risk related to countries where the “beneficial owner” has ‘financial or legal interest’ cannot be properly assessed since the beneficial owner is not the client nor the firm may reach easily this information through the customer, unless publicly known, on behalf of the beneficial owner.
Taking this into consideration, we propose to amend the proposed Guideline 2.9 (c) in order to consider the risk associated with countries where the beneficial owner has a legal interest only to the extent that they are “publicly known.”

Question 4: Do you have any comments on the proposed amendments and additions in Guideline 4 on CCD measures to be applied by all firms?

(1) Guidelines 4.13 states that: “Firms should be mindful that using information contained in beneficial ownership registers does not, of itself, fulfil their duty to take adequate and risk-sensitive measures to identity the beneficial owner and verify their identity. Firms may have to take additional steps to identify and verify the beneficial owner, in particular where the risk associated with the business relationship is increased or where the firms has doubts that the person listed in the register is not the ultimate beneficial owner”.
With reference to Beneficial Owner register, most of the EU Countries have not implemented the Registry yet. Nevertheless, we propose to clarify in the Guideline that the information contained in the abovementioned register is prevalent when there are doubts or inconsistencies between the information contained in the Register and the ones taken by the intermediary and these discrepancies cannot be resolved with other available tools.

Question 8: Do you have any comments on the proposed amendments to Guideline 8 for correspondent banks?

The CP proposes to amend the sectoral Guideline 8 for correspondent banks as follows: the measure in Guideline 8.17 about correspondents being required to take risk-sensitive measures has been clarified to require correspondents to ask respondents about their customers if necessary (a), to obtain senior management approval also where new risks emerge (d), to conclude an agreement setting out specific content (e).
(1) EBA should clarify what is meant by stating that specific restrictions or limitations to the relationship with the respondent bank must be agreed in a specific agreement and if the current practice of communicating such restrictions via Swift message is allowed under the new regulation.

Name of the organization

UniCredit