Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates

Go back

Question 1: Do you have any comments on the approach proposed by the EBA to assess and classify the risk profile of obliged entities?

Introduction: CIO is the representative of Christian and Jewish communities in the Netherlands to the Dutch government, representing 30 denominations.

As has been repeatedly stressed by non-profits and the Global NPO Coalition on FATF, meaningful engagement with non-profits is crucial. Sectoral risk assessment is crucial for the correct implementation of the AMLR respecting Recommendation 8 van de FATF. Therefor the EBA should give entities comfort to meaningfully involve NPO's participation in compliant and suitable measures. The sector usually can help jurisdictions understand the operating context of the sector. A participatory approach such as this will always be more robust and likely to prevent the forms of over-regulation that we regularly see today.

This contribution of CIO focuses on two approaches mentioned by the EBA on page 5 of the Consultation Paper. Namely: a) the 'proportionate, risk-based approach' and b) 'maximum harmonization'. 

Along the aforementioned principles, we provide four core recommendations regarding paragraph 4.3 Draft RTS under Article 28(1) of the AMLR on Customer Due Diligence:

  1. Section 1: Information to be collected for identification and verification purposes – proposal to supplement article 7
  2. Section 1: Information to be collected for identification and verification purposes – suggestion to change article 12.   
  3. Section 4: Simplified Due Diligence measures -request to clarify article 18 (2)
  4. Section 4: Simplified Due Diligence measures - proposal to supplement article 19. 


See below. 

Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Along the aforementioned principles, we provide four core recommendations regarding paragraph 4.3 Draft RTS under Article 28(1) of the AMLR on Customer Due Diligence:

  1. Section 1: Information to be collected for identification and verification purposes – proposal to supplement article 7.
  2. Section 1: Information to be collected for identification and verification purposes – suggestion to change article 12.
  3. Section 4: Simplified Due Diligence measures -request to clarify article 18 (2). - see below question 6.
  4. Section 4: Simplified Due Diligence measures - proposal to supplement article 19. - see below question 6.

Regarding 1: CIO asks the EBA to take into account that required CDD information on churches - or organizational parts thereof - is not available in public registers as referred to in this paragraph in many (but not all) Member States, due to the prohibition on processing special categories of personal data in public registers. In The Netherlands, for example, church information is registered in public registers at the highest organization level within the church’ denomination; not at every single local level for the reason of the privacy safeguards. This emphasizes in relation to this Consultation Paper to connect the level of the CDD to the level for churches to the level at which information is available in public registers. Without this connection there is in relation to churches no reasonable alternative source of reliable information. 

Proposal: 

Article 7– Reliable and independent sources of information 
When assessing whether a source of information is reliable and independent, obliged entities shall take risk-sensitive measures to assess the credibility of the source, including the reputation, official status and independence of the information source, the extent to which the information is up-to-date, the accuracy of the source, based on whether the information or data provided had to undergo certain checks before being provided or is consistent with other sources or over time, and the ease with which the identity information or data provided can be forged. To this end CDD should be performed at a level within the organization where access to such independent and reliable information is ensured. 

Regarding 2: CIO has concerns on the proportionality of obtaining the same information of senior managing officials as for beneficial owners. The risk relevancy of gathering more personal data of senior management officials eludes us and seems in conflict with privacy laws. In our view, it would be more proportional to limit the information to obtain of senior managing officials to the information required for legal representatives. 

Suggestion: 

  1. collect the same information as for legal representatives as mentioned in article 22 sub 1b under 3.

Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Regarding 3: Articel 18 Call for clarification: 18 (2): it is unclear what the concept of “the person on whose behalf or for the benefit of whom a transaction or activity is being conducted” would mean in the context of non-profit organizations and churches.

Regarding 4: Articel 19 The legal status of clients with the legal form of “churches or religious communities” varies significantly across Member States. In some countries, churches are recognized as public law entities, while in others they have a private legal status. This diversity is deeply rooted in national constitutional and legal traditions and is explicitly protected under Article 17 of the Treaty on the Functioning of the European Union (TFEU), which acknowledges the autonomy of Member States with regard to religious organizations.

This legal diversity complicates the uniform application of AML/CFT obligations to churches and religious communities within the European Union. A one-size-fits-all approach may result in disproportionate administrative burdens for institutions with a public law status, which are already subject to public oversight and transparency requirements. Such an approach would not only conflict with the principle of proportionality but could also undermine the effectiveness of the AML/CFT framework as a whole. 

This becomes apparent in the application of Article 9 : in principle, religious institutions fall within the scope of the CDD obligations but the availability of public registers in which they are recorded differs between Member States. This inequality highlights the need for a risk-based and context-sensitive approach that allows for the development of guidelines and protocols for customer due diligence at a national level (in our opinion led by the national supervisory authority) in a way that takes into account the appropriate level within the church organization at which public sources are available. 

In light of the core objectives of ‘risk-based approach’ and ‘maximum harmonization’ we observe that a suitable solution for churches and religious communities is only possible if the Consultation Paper – specifically in relation to Articles 9 and 19 – allows sufficient flexibility at the national level to elaborate the position of churches in a manner that fits within the respective national legal frameworks.

Proposal: To this end, such flexibility could be explicitly introduced under Article 19(c) by adding a clarification in an additional paragraph 2: 

Article 19– Minimum requirements for the identification and verification of the beneficial owner or senior managing officials in low-risk situations 

  1. In situations of lower risk, the obliged entity may consult one of the following sources for the identification of, and use another sources from the same list under b. or c. for the purposes of verification of the beneficial owner or the senior managing officials: 
    a. the information registered in the central register or in the company register; 
    b. the statement or explanation provided by the customer, including their confirmation that the data is adequate, accurate and up-to-date, for the purpose of the verification of the identity of the beneficial owner or the senior managing officials; 
    c. any publicly available, reliable sources of information including internet research.
     
  2. In establishing rules for the verification of the beneficial owner or the senior managing officials in organizations such as churches, public bodies or trade unions etc., reference should be made to national sector standards approved by the national Supervisor.

Name of the organization

Interkerkelijk Contact in Overheidszaken - CIO