Response to consultation on draft Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on customer due diligence and ML/TF risk factors
Go back
BIPAR also endorses the guidance that firms should adjust the extent of initial customer due diligence (CDD) measures on a risk-sensitive basis. Where the risk associated with a business relationship is low, firms may be able to apply simplified customer due diligence measures (SDD). Where the risk associated with a business relationship is increased, firms must apply enhanced customer due diligence measures (EDD).
Furthermore, with regards to Guideline 1.17(c) whereby senior management should be informed about the results of their business-wide risk assessment, BIPAR suggests that more clarity should be provided on how sole traders can comply with this requirement.
Finally, BIPAR has some concerns regarding Guideline 1.9, and Guideline 1.31. Concerning the former, for firms to ensure that they regularly review “media reports that are relevant to the sectors or jurisdictions in which the firm is active” and “law enforcement alerts and reports”, they will need to have their own forensic department which may be particularly burdensome for small entities. Concerning the latter, BIPAR wonders how can “reputable newspapers” be defined (1.31 (e)). In addition, regarding information coming from “intelligent reports” (1.31 (f)) and academia (1.31 (g)), BIPAR believes that further clarification is needed to specify that this refers only to published and publicly accessible reports and information.
BIPAR furthermore wishes to clarify the following points:
• Guideline 2.4 (e) on Politically Exposed Person (PEP). What does EBA mean by “political connections”? This wording gives the impression that identifying risks associated to political connections contains something more in addition to identifying a PEP. Moreover, do firms need to look into and confirm the background of all the customers’ directors, even in the case that these people are in no business relationship with the firms?
• Guideline 2.5 (a) on allegations of criminality or terrorism against the customer or beneficial owner. Requiring firms to determine the “credibility of allegations on the basis of the quality and independence of the source of the data“ might go too far in many cases, which may have as unwanted side effects liability and reputation risks for the obliged entities.
• Guideline 2.5 (c) on whether the customer has been the subject of a suspicious transactions report in the past. This kind of information is very difficult (if not impossible) for the obliged entities to gather, having in mind the confidentiality obligation.
• Guideline 2.18 (b) on third party payments and the third party’s identity. Requiring firms to prove the third party’s identity goes too far. This is a very burdensome requirement for firms who usually buy relevant lists to gather such information and for this reason they cannot always guarantee that such lists are up to date.
Furthermore, BIPAR endorses the risk-sensitive approach followed also in the context of the CDD measures to be taken and the need to have a balance between financial inclusion and ML/TF risk mitigation. In case it is considered necessary, firms should offer “only basic financial products and services, which restrict the ability of users to abuse these products and services for financial crime purposes”. However, BIPAR shares the view that such practices should be proportionate and not unreasonably or unnecessarily limit customers’ access to financial products and services. In addition, BIPAR finds very useful the guidance on the simplified customer due diligence and on the enhanced due diligence.
Finally, BIPAR welcomes the guidance on the CDD expectations for business transactions in non-face to face situations. Likewise, BIPAR welcomes the guidance on the expectations from obliged entities when they outsource to an external provider of identity verification operations using innovative technological means.
BIPAR agrees that the guidance in Guideline 14 can be useful for intermediaries in combination with the general guidance provided under Title 1 of the EBA Guidelines.
BIPAR agrees with Guideline 14.11 that ML risk may be reduced when intermediaries are well known to the insurer, who is satisfied that they duly comply with the CDD requirements.
BIPAR agrees with Guideline 15.9 whereby information obtained for MiFID and EMIR compliance purposes can be used also to meet CDD obligations in standard situations.
Question 1: Do you have any comments with the proposed changes to the Definitions section of the Guidelines?
No objection.Question 2: Do you have any comments on the proposed amendments to Guideline 1 on risk assessment?
BIPAR welcomes the guidance on proportionality where it provides clarity for small firms that do not offer complex products or services and that have limited, or purely domestic exposure and therefore they may not need a complex or sophisticated risk assessment.BIPAR also endorses the guidance that firms should adjust the extent of initial customer due diligence (CDD) measures on a risk-sensitive basis. Where the risk associated with a business relationship is low, firms may be able to apply simplified customer due diligence measures (SDD). Where the risk associated with a business relationship is increased, firms must apply enhanced customer due diligence measures (EDD).
Furthermore, with regards to Guideline 1.17(c) whereby senior management should be informed about the results of their business-wide risk assessment, BIPAR suggests that more clarity should be provided on how sole traders can comply with this requirement.
Finally, BIPAR has some concerns regarding Guideline 1.9, and Guideline 1.31. Concerning the former, for firms to ensure that they regularly review “media reports that are relevant to the sectors or jurisdictions in which the firm is active” and “law enforcement alerts and reports”, they will need to have their own forensic department which may be particularly burdensome for small entities. Concerning the latter, BIPAR wonders how can “reputable newspapers” be defined (1.31 (e)). In addition, regarding information coming from “intelligent reports” (1.31 (f)) and academia (1.31 (g)), BIPAR believes that further clarification is needed to specify that this refers only to published and publicly accessible reports and information.
Question 3: Do you have any comments on the proposed amendments to Guideline 2 on identifying ML/TF risk factors?
BIPAR welcomes the clarification that firms are not expected to consider all risk factors laid down in the Guidelines in all cases (Guideline 2.2).BIPAR furthermore wishes to clarify the following points:
• Guideline 2.4 (e) on Politically Exposed Person (PEP). What does EBA mean by “political connections”? This wording gives the impression that identifying risks associated to political connections contains something more in addition to identifying a PEP. Moreover, do firms need to look into and confirm the background of all the customers’ directors, even in the case that these people are in no business relationship with the firms?
• Guideline 2.5 (a) on allegations of criminality or terrorism against the customer or beneficial owner. Requiring firms to determine the “credibility of allegations on the basis of the quality and independence of the source of the data“ might go too far in many cases, which may have as unwanted side effects liability and reputation risks for the obliged entities.
• Guideline 2.5 (c) on whether the customer has been the subject of a suspicious transactions report in the past. This kind of information is very difficult (if not impossible) for the obliged entities to gather, having in mind the confidentiality obligation.
• Guideline 2.18 (b) on third party payments and the third party’s identity. Requiring firms to prove the third party’s identity goes too far. This is a very burdensome requirement for firms who usually buy relevant lists to gather such information and for this reason they cannot always guarantee that such lists are up to date.
Question 4: Do you have any comments on the proposed amendments and additions in Guideline 4 on CCD measures to be applied by all firms?
BIPAR welcomes the clarification brought by EBA to the 2017 Guidelines. As a general comment with respect to Guideline 4, BIPAR would like to mention the senior management approval that is a reoccurring requirement in the text. BIPAR suggests that more clarity should be provided on how sole traders can comply with such requirements.Furthermore, BIPAR endorses the risk-sensitive approach followed also in the context of the CDD measures to be taken and the need to have a balance between financial inclusion and ML/TF risk mitigation. In case it is considered necessary, firms should offer “only basic financial products and services, which restrict the ability of users to abuse these products and services for financial crime purposes”. However, BIPAR shares the view that such practices should be proportionate and not unreasonably or unnecessarily limit customers’ access to financial products and services. In addition, BIPAR finds very useful the guidance on the simplified customer due diligence and on the enhanced due diligence.
Finally, BIPAR welcomes the guidance on the CDD expectations for business transactions in non-face to face situations. Likewise, BIPAR welcomes the guidance on the expectations from obliged entities when they outsource to an external provider of identity verification operations using innovative technological means.
Question 5: Do you have any comments on the amendments to Guideline 5 on record keeping?
No objection.Question 6: Do you have any comments on Guideline 6 on training?
No objection. BIPAR endorses the high-level approach and the principle that training should be relevant to the firm concerned and its businessQuestion 7: Do you have any comments on the amendments to Guideline 7 on reviewing effectiveness?
BIPAR have concerns over provision 7.2. Some firms due to the nature, size and complexity of the firm may not require an independent review of their approach. This should be included in this Guideline.Question 14: Do you have any comments on the proposed amendments to Guideline 14 for life insurance undertakings?
BIPAR welcomes the updated guidance for life insurers on the factors that may contribute to increasing the risk and factors that may contribute to reducing the risk. BIPAR shares the view that it is necessary to adapt the AML/CFT regulatory framework to the specificities of the insurance sector.BIPAR agrees that the guidance in Guideline 14 can be useful for intermediaries in combination with the general guidance provided under Title 1 of the EBA Guidelines.
BIPAR agrees with Guideline 14.11 that ML risk may be reduced when intermediaries are well known to the insurer, who is satisfied that they duly comply with the CDD requirements.
Question 15: Do you have any comments on the proposed amendments to Guideline 15 for investment firms?
BIPAR welcomes the updated guidance for investment firms on the factors that may contribute to increasing the risk and factors that may contribute to reducing the risk. BIPAR shares the view that it is necessary to adapt the AML/CFT regulatory framework to the specificities of the investment services sector.BIPAR agrees with Guideline 15.9 whereby information obtained for MiFID and EMIR compliance purposes can be used also to meet CDD obligations in standard situations.