Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates
Question 1: Do you have any comments on the approach proposed by the EBA to assess and classify the risk profile of obliged entities?
In general, PLANETE CSCA regrets that the level of risk is not sufficiently taken into consideration in the proposed approach.
3a: What will be the impact, in terms of cost, for credit and financial institutions to provide this new set of data in the short, medium and long term?
Considering the volume of data points required—particularly in Section B on AML Controls—it is entirely unrealistic to expect smaller entities to complete this new questionnaire, even on a triennial basis. This requirement appears to be wholly inconsistent with the principle of a proportionate and risk-based approach.
Question 4: Do you have any comments on the proposed frequency at which risk profiles would be reviewed (once per year for the normal frequency and once every three years for the reduced frequency)? What would be the difference in the cost of compliance between the normal and reduced frequency? Please provide evidence.
PLANETE CSCA is particularly concerned about Article 5(3), which addresses the assessment and classification of AML controls put in place by obliged entities.
This type of assessment is entirely new for insurance brokers, and PLANETE CSCA questions whether an RTS (Level II measure) is legally entitled to impose such a burdensome requirement on obliged entities when it is not foreseen under Level I legislation.
Furthermore, all information concerning clients and contracts is already provided by insurance companies.
In addition, in France, insurance brokers are regularly asked by the supervisory authority to complete a detailed questionnaire about their business activities in order to assess the risks of money laundering and terrorist financing to which they may be exposed. In our view, these regular questionnaires are both sufficient and proportionate for small insurance brokers.
Therefore, insurance intermediaries with a total number of full-time equivalent employees equal to or fewer than fifty should be entirely excluded from the assessment.
As for insurance intermediaries with more than fifty full-time equivalent employees, we fully support the derogation concerning the assessment of the inherent and residual risk profile of obliged entities. A three-year interval appears to be an appropriate frequency.
Finally, as previously stated, from a legal perspective, insurance intermediaries whose activities are not covered by Article 2(1)(6)(c) of Regulation (EU) 2024/1624 (i.e., non-life insurance) should not be subject to the mandatory assessment and classification process.
Therefore, we propose to amend the article 5 as follow:
“Article 5 – Timelines and updates of the assessment and classification of the inherent and residual risk profile of obliged entities
1.Supervisors shall carry out the first assessment and classification of the inherent and residual risk profile of obliged entities pursuant to Articles 2, 3 and 4 of this Regulation at the latest twenty four (24 months) after the date of entry into force of this Regulation.
1a. By way of derogation from paragraph 1 above, supervisors shall not have to assess and classify the inherent and residual risk profile of obliged entities with less than or equal to fifty (50) full-time employees, exercising an activity as referred to in Article 2, paragraph 1, point 6(c), of Regulation (EU) 2024/1624. Random and non-compulsory surveys could be sent every 3 years to these entities.”
Question 5: Do you agree with the proposed criteria for the application of the reduced frequency? What alternative criteria would you propose? Please provide evidence.
We fully support the application of a reduced frequency for insurance intermediaries. However, we regret that the RTS did not consider a criterion based on the level of risk. Not all life insurance policies present the same level of AML risk, and this important distinction should have been reflected in the criteria.
Question 1: Do you agree with the thresholds and provided in Article 1 of the draft RTS and their value? If you do not agree, which thresholds to assess the materiality of the activities exercised under the freedom to provide services should the EBA propose instead? Please explain your rationale and provide evidence of the impact the EBA’s proposal and your proposal would have.
Article 1, concerning materiality thresholds for operations under the freedom to provide services (FOS), lacks precision and does not adequately reflect the diversity and specific characteristics of the various types of financial institutions.
Question 2: What is your view on the possibility to lower the value of the thresholds that are set in article 1 of the draft RTS? What would be the possible impact of doing so? Please provide evidence.
We are not in favour of lowering the thresholds established in Article 1. As currently defined, these thresholds appear to be proportionate, provided that they are appropriately adapted to the specific context and characteristics of each type of financial institution.
Question 3: Do you agree on having a single threshold on the number of customers, irrespective of whether they are retail or institutional customers? Alternatively, do you think a distinction should be made between these two categories? Please explain the rationale and provide evidence to support your view.
In our view, Article 1 should be amended to focus specifically on legal or institutional customers. Retail customers should not be taken into account. In practice, large insurance brokers that could fall under AMLA's direct supervision do not typically engage in FOS (freedom to provide services) activities with retail customers.
Regarding the total value in euros of incoming and outgoing transactions generated by customers, this criterion should be tailored to the nature of each financial institution. For example, an insurance undertaking would need to consider the level of insurance premiums, whereas the transactions of insurance intermediaries would be better assessed based on the level of commissions received.
Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
No, the proposals set out in Section 1 of the draft RTS appear to be disproportionate and legally questionable.
In particular, Article 3—concerning the specification of the place of birth—is unrealistic, as in most cases intermediaries will not have access to this information. We propose the following amendment to Article 3:
“Article 3 – Specification on the provision of the place of birth
The information on the place of birth as referred to in Article 22(1) (a) point (ii) of Regulation (EU) 2024/1624 shall consist of the country name.”
Furthermore, Article 22(6) of Regulation 2024/1624 states that, for the purpose of verifying a customer’s identity, the submission of an identity document (such as a passport or equivalent) is considered sufficient. Despite this provision, Article 6 of the draft RTS introduces very strict requirements that are practically impossible for small operators to implement and are not aligned with Level I obligations. From a legal standpoint, Level II measures should never go beyond what is established in Level I legislation.
Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.
Article 6, concerning the verification of the customer in a non-face-to-face context, requires the use of electronic identification means that comply with eIDAS standards. Paragraph 2 of Article 6 provides that, if such a solution is not available, obliged entities must obtain the customer’s identity document using remote solutions that meet a number of strict and detailed conditions (see paragraphs 4 to 6).
For PLANETE CSCA, these conditions are unrealistic—especially for small brokers. Such demanding requirements risk discouraging the use of remote or distance selling channels. A more proportionate and practical approach, aligned with the capacities of small operators, is necessary.
The remote solutions described in Article 6, paragraphs 2–6, appear entirely unworkable and, as already noted, are not consistent with Article 22(6) of Regulation 2024/1624.
Moreover, the identity verification process should be reserved for higher-risk situations.
Finally, Article 6 should apply only to natural persons and not to legal entities.
Therefore, we propose the following amendment to Article 6:
“Article 6. Verification of the customer who is a natural person in a non face-to-face context in cases of higher risk
[…]
2. In cases where the solution described in paragraph 1 is not available, or cannot reasonably be expected to be provided, obliged entities shall acquire the customer’s identity document (or equivalent) using remote solutions that meets common security and confidentiality standards.
Paragraphs 3 and 4 should be deleted