Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates

Go back

Question 1: Do you have any comments on the approach proposed by the EBA to assess and classify the risk profile of obliged entities?

France Invest would like to thank the EBA for the opportunity to contribute to its consultation on RTS in the context of the EBA’s response to the EC’s call for advice on new AMLA mandates.

France Invest’s members are regulated entities authorised by the French financial markets authority (AMF) and subject to AML-FT obligations with regards both their clients, in the context of their fundraising activity, and their investment and divestment operations, in the context of their transactional activity.

As far as their fundraising activity is concerned, they perform due diligence on their investors, which in particular includes the identification of politically exposed persons and beneficial owners.

In general, institutional fund investors are considered as lower risk customers who tend to undergo thorough due diligence processes, including AML-related know your customer, before being accepted as investors. On the other hand, non-institutional investors (such as family offices) might pose a greater risk from an AML perspective due to their more complicated ownership structures and the presence of trust arrangements. 

As for their transactional activity, risks may arise not only at the time of an original investment, but also throughout its ongoing ownership and its exit.

France Invest is very active in the field of AML-FT, in particular through its Compliance Committee and provides its members with tools to enhance their capacities in this respect (e.g. training sessions & e-learning tools (some of them are also available in English)¹). France Invest welcomes the legislative package which strengthens the EU’s anti-money laundering and countering the financing of terrorism (AML/CFT) rules.

From a general perspective:

We support the approach adopted by the EBA in drafting the draft RTS, following 5 main principles:
A proportionate and risk-based approach;
A focus on effective and achievable outcomes;
Technological neutrality;
Maximum harmonization between supervisory authorities, Member States, and sectors;
Limiting disruptions by relying on existing standards as far as possible while aligning with global standards.
We would like to highlight that our members may be impacted by both the direct and indirect supervision of the AMLA and that we expect our national supervisors ACPR and AMF to perform stricter checks on our members. In order to do so, it should be ensured that these authorities have adequate resources in particular in terms of staff. If only larger market players, such as large banks, will be placed under the direct supervision of the AMLA, they might operate in groups including depositories or asset managers, thus placing their subsidiaries and potentially our members in their compliance chain.

We insist on the need for the application of the proportionality principle, which does not seem sufficiently taken into account in the draft RTS, especially as the proposed simplified customer due diligence measures appear more stringent than what is currently required. We would like to kindly remind the EBA that the new legislative package will apply not only to large credit institutions but also to smaller asset management companies. Therefore, we propose implementing proportionality with respect to the size of the obliged entity (20 full time employees or equivalent).
Last, we underline the merit of the delegated acts being finalised well in advance of the application date of the legislative texts and of organising interactive meetings between regulators and our members ahead of the application of the rules and the filing of reports, such as the webinars we organized on the implementation of DORA. We would very much appreciate if the authorities could plan such exchanges ahead of the application of the AML-FT delegated acts.
We do not have any specific comments on the proposed approach adopted regarding the RTS under article 40(2) of the AMLD.

Question 2: Do you agree with the proposed relationship between inherent risk and residual risk, whereby residual risk can be lower, but never be higher, than inherent risk? Would you favour another approach instead, whereby the obliged entity’s residual risk score can be worse than its inherent risk score? If so, please set out your rationale and provide evidence of the impact the EBA’s proposal would have.

We generally agree with the proposed approach.

3a: What will be the impact, in terms of cost, for credit and financial institutions to provide this new set of data in the short, medium and long term?

First of all, we would like to highlight that the assessment of the data points listed in annex I will imply significant operational changes – and costs – for our members. In this context, we call for the delegated acts to be finalised well in advance of the application date of the legislative texts and of organising interactive meetings between regulators and market players ahead of the application of the rules and the filing of reports, such as the webinars we organized on the implementation of DORA. We would very much appreciate if the authorities could plan such exchanges ahead of the application of the AML-FT delegated acts.

Also, the quality of the data should be specified and harmonized at EU level.

In addition, considering the high number of data points and the burden their collection and update may represent for some obliged entities, we urge the EBA to apply the proportionality principle for entities depending on their size, their client base, their activities and the type of funds they manage: smaller firms employing less than 5 FTE (compared to larger firms), entities dealing with professional and semi professional customers (compared to entities dealing with retail customers), private equity firms (compared to credit institutions), private equity firms managing closed ended funds (compared to open-ended funds) should benefit from greater proportionality.

3b: Among the data points listed in the Annex I to this consultation paper, what are those that are not currently available to most credit and financial institutions?

Furthermore, Annex 1 provides a list of data points, some of which are specific to banking activities and not appropriate for asset management. And some of the data points may not be applicable in all situations. It should be specified that they apply if they are relevant to the specific situation under consideration. In particular, information on the internal control and management of the asset management company may already be included in other AML-FT reports and should not have to be repeated in the context of this exercice.

Last, we would like to understand the purpose of some of the data points listed in the proposed RTS and whether fulfilling them would imply higher/lower risk. For instance, we do not understand the aim of distinguishing customers in the EEA from customers outside the EEA. Indeed, some countries in the EEA may not be considered as implying lower risk if they show on the FAFT list.

Comment on data points 3A

Regarding data points 3A relating to customer due diligence, it should be clarified that the relevant customers are the customers of the asset management company and not the customers of the investee company.

Question 4: Do you have any comments on the proposed frequency at which risk profiles would be reviewed (once per year for the normal frequency and once every three years for the reduced frequency)? What would be the difference in the cost of compliance between the normal and reduced frequency? Please provide evidence.

Considering the high number of data points and the burden their update may represent for some obliged entities, we urge the EBA to apply the proportionality principle for entities depending on their size, their client base, their activities and the type of tunds they manage: smaller firms employing less than 5 FTE (compared to larger firms), entities dealing with professional and semi professional customers (compared to entities dealing with retail customers), private equity firms (compared to credit institutions), private equity firms managing closed ended funds (compared to open-ended funds) should benefit from greater proportionality with regards the review of risk profiles.

Question 5: Do you agree with the proposed criteria for the application of the reduced frequency? What alternative criteria would you propose? Please provide evidence.

The application of the reduced frequency should be implemented depending on the size of the entities, their client base, their activities and the type of funds they manage: smaller firms employing less than 5 FTE (compared to larger firms), entities dealing with professional and semi professional customers (compared to entities dealing with retail customers), private equity firms (compared to credit institutions), private equity firms managing closed ended funds (compared to open-ended funds) should benefit from greater proportionality with regards the review of risk profiles.

Question 6: When assessing the geographical risks to which obliged entities are exposed, should crossborder transactions linked with EEA jurisdictions be assessed differently than transactions linked with third countries? Please set out your rationale and provide evidence.

As explained previously, the purpose of data points regarding cross border transactions linked with EEA jurisdictions should be clarified. Indeed, some countries in the EEA may not be considered as implying lower risk if they show on the FAFT list.

Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

France Invest would like to thank the EBA for the opportunity to contribute to its consultation on RTS in the context of the EBA’s response to the EC’s call for advice on new AMLA mandates.

As far as their fundraising activity is concerned, they perform due diligence on their investors, which in particular includes the identification of politically exposed persons and beneficial owners.

As for their transactional activity, risks may arise not only at the time of an original investment, but also throughout its ongoing ownership and its exit.

From a general perspective:

We support the approach adopted by the EBA in drafting the draft RTS, following 5 main principles:
A proportionate and risk-based approach;
A focus on effective and achievable outcomes;
Technological neutrality;
Maximum harmonization between supervisory authorities, Member States, and sectors;
Limiting disruptions by relying on existing standards as far as possible while aligning with global standards.
We would like to highlight that our members may be impacted by both the direct and indirect supervision of the AMLA and that we expect our national supervisors ACPR and AMF to perform stricter checks on our members. In order to do so, it should be ensured that these authorities have adequate resources in particular in terms of staff. If only larger market players, such as large banks, will be placed under the direct supervision of the AMLA, they might operate in groups including depositories or asset managers, thus placing their subsidiaries and potentially our members in their compliance chain.

We insist on the need for the application of the proportionality principle, which does not seem sufficiently taken into account in the draft RTS, especially as the proposed simplified customer due diligence measures appear more stringent than what is currently required. We would like to kindly remind the EBA that the new legislative package will apply not only to large credit institutions but also to smaller asset management companies. Therefore, we propose implementing proportionality with respect to the size of the obliged entity (20 full time employees or equivalent).
Last, we underline the merit of the delegated acts being finalised well in advance of the application date of the legislative texts and of organising interactive meetings between regulators and our members ahead of the application of the rules and the filing of reports, such as the webinars we organized on the implementation of DORA. We would very much appreciate if the authorities could plan such exchanges ahead of the application of the AML-FT delegated acts.

We strongly support the EBA’s taking into account the time required to update information systems in particular in the context of client onboarding. We agree that requiring obligated entities to comply with the new customer due diligence requirements from July 10, 2027 would be too burdensome and welcome the EBA’s proposals to prioritize business relationships that present a high risk when updating CDD information for existing customers, obligated entities should and to allow obliged entities to complete CDD information for other business relationships at a later stage, provided they do not exceed a transition period of 5 years.

This being said, our members think that the proposed regime is too prescriptive and that it should follow a risk-based approach taking into account the specificities of their activities. They also believe that some of the required data is not relevant for management companies of investment funds. Furthermore, they underline that some of the data, if it may be available in the EU, may not be available in third countries.

We believe that proportionality should be introduced with respect to information to be collected for identification and verification purposes, taking into account the nature of the client base in terms of geography, type (professional vs non professional) and nature (regulated vs non regulated) of investors.

Comments on article 3

Regarding information on the place of birth, we think that the city of birth is not relevant as long as the country name is provided. The city does not bring any value in term of AML-FT checks. In addition, this piece of information may prove difficult to collect as it is not always shown on ID documents.

We suggest rewording article 3 as follows:

The information on the place of birth as referred to in Article 22(1) (a) point (ii) of Regulation (EU) 2024/1624 shall consist of both the city if available and the country name.

Comments on article 5

Certified translations of documents may be costly and imply additional costs for investors. Therefore, we agree that they should not be systematically required. In particular, we suggest clarifying that no translation is required when documents are in an official language of the EU.

We suggest adding the following clarification in paragraph 4 of article 5:

No translation shall be required when documents are in an official language of the EU.

In addition, paragraph 5 of Art. 5, which requires that the obliged entity is provided with “original identity document, passport or equivalent, or a certified copy thereof (…)” appears excessive and does not leave room for the obliged entities to apply a risk-based approach. The obligation to provide an original document or certified copy will increase the costs borne by the customers, as they will be the ones who would have to acquire and provide such a copy for themselves, their beneficial owners or persons purporting to act on their behalf. This will be even more challenging for customers from third countries.

Therefore, we would propose the following changes in paragraph 5 of article 5 of the draft RTS:

“5. For the purpose of verifying the identity of the person referred to in Article 22(6) of Regulation 2024/1624, these persons shall provide the obliged entity, with the original an identity document, passport or equivalent, or a certified copy thereof, or in accordance with Article 6. In case of customers posing a higher risk of ML/TF such documents will be in the original or a certified copy.”

Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.

With the increased use of online services in the financial industry, non-face-to-face interactions have become a standard business practice in many countries. Such circumstances can potentially be an example of a higher risk scenario; however, not in cases where other mitigating factors or measures apply.

Our members report that, in practice, they currently do not widely use electronic identification means, as they are too cumbersome to implement.

Electronic identification means which are e-IDAS compliant may not be readily available or not available at all to clients in the EU (e.g. in Member States which are not yet equipped with such solutions which should meet with highly technical specifications) or in third countries.

We therefore welcome the provision of alternative options to the use of e-IDAS compliant solutions to verify the customer in a non face-to-face context. These alternative options, which should be available in all cases, will be particularly appreciated when dealing with third-country clients.

This being said, requiring the explicit consent of the person to be identified in the case of subscription in an investment fund is questionable, as customers which provide the requested information implicitly agree to do so. In addition, the management company should be able to rely on intermediaries when intermediaries have customers face-to-face.

Last, the requirement to use e-IDAS compliant solution should only relate to non-professional investors.

Comments on article 7

We would like to note that in France INPI and Infogreffe registers are considered as reliable and independent sources of information.

However, if the AMF’s database provides public information on authorised funds, it does not cover unauthorized funds. It is therefore difficult to find information on the latter.

We suggest that ESMA’s and national competent authorities’ registers should be considered as a reliable and independent source of information.

We suggest adding the following clarification to article 7:

ESMA’s and national competent authorities’ registers shall be considered as reliable and independent sources of information.

In third countries, access to public registers and means to verify their information may not be available or may prove costly, for example in case the services of a local lawyer have to be used. For instance, some public registers in third countries are not accessible unless searches are conducted through an IP address located within that country (e.g., China, certain US registers, etc.).

Obtaining a proof of address should be sufficient, in order to avoid requiring obligated companies to rely on service providers established in these countries to obtain public information, which would incur additional costs.

Question 3: Do you have any comments regarding Article 8 on virtual IBANS? If so, please explain your reasoning.

We acknowledge that the use of virtual IBANs may imply additional risks. Not mentioning that IBANs may take different formats in different countries. The use of virtual IBANs should be covered under regulations on payment service providers and credit institutions. The identification and verification of the identity of the natural or legal persons using a virtual IBAN should be performed by payment service providers.

Comments on article 9

While confidentiality of personal information and compliance with GDPR should be preserved, we believe that access to public registers should be facilitated.

A key challenge for our members lies in identifying the ultimate beneficial owners and in particular the beneficiaries of mutual fund trusts (“fonds communs de placement”) which are not legal persons. As of yet, no register of beneficiaries of these vehicles is available. We would like to take this opportunity to reiterate our call for its introduction.

In addition, registration on public registers may not be easy or costly in other Member States or third countries. For example, access for a transfer agent based in Luxembourg to French registers implies a lot of paperwork. Registers should be available freely for entities subject to this Regulation and processes should be simplified.

Regarding the collection of information from other sources, we welcome that information for the verification of the beneficial owner may be collected from bank account statements.

Comments on article 10

We are of the opinion that the approach taken in Article 10 appears excessive and we suggest following a risk-based approach. The information collection exercise should not be excessive and be limited to relevant information. Due diligence should be adapted to the type of investor: reinforced due diligence should not apply to all clients but should be limited to some of them. For instance, information required on regulated entities and companies listed on regulated markets should be alleviated.

In addition, it should not be necessary to know the number of shares held by class or type of shares for each intermediary entity. In practice, this would amount to requiring the shareholder register (a document that can be difficult to obtain in some cases), while other measures can be put in place to confirm the ownership and control chain, such as obtaining annual financial statements or an organizational chart signed by a regulated entity that details this information. Requiring information on all the legal entities and/or legal arrangements functioning as intermediary connections between the customer and their beneficial owner does not bring any value for AML-FT perspective. The only relevant information is the beneficial owners of the customer.

Comments on article 11

The proposed provisions of Article 11 would result in the vast majority of ownership structures being treated as complex, as multinational companies and medium/large financial entities typically have multiple layers of ownership, and in the majority of cases, in different jurisdictions. This would not be in line with the level of ML/TF risk posed by those structures It should be clarified that complex structures do not necessarily imply higher overall risk. Other factors should be considered to conclude as High Risk customer. For instance, the type of client, the type of investment and the type of distribution channel should be taken into account. A risk-based approach should be applied, and proportionality should be implemented depending on the relevant sector.

For instance, as far as private equity (including private debt and infrastructure financing) is concerned, the due diligence that our members should perform on their clients (in the context of their fund-raising activity) should be distinguished from the due diligence they should perform on their investments (in the context of their transactional activity). If complex structures in the context of their fundraising activity may attract attention, complex structures in the context of their transactional activity is quite common, whereby structures may include several intermediary holdings.

In any case, the proposed number of “two or more layers between the customer and the beneficial owner” is disproportionately low. In the case of our industry, there can be multiple layers of entities in the intermediary chain; however, as they would all be regulated financial entities, the ML/TF risk posed would remain low. Therefore, not only the number of layers should be significantly higher, but also the fact that those are regulated financial entities should exempt the structure from being treated as complex.

The proposed conditions do not justify treating such structures as complex. In particular, the mere fact of registration in different jurisdictions does not justify such classification in today's world where markets and businesses are very interconnected. These jurisdictions could include different Member States of the EU or other countries that uphold the same AML/CFT standards. Immediate classification of such structures as complex could disincentivize further integration and international collaboration.

Furthermore, an AML letter confirming the ownership chain as reflected in the organizational chart should be considered sufficient to meet the obligation to verify the accuracy of the organizational chart (particularly given the difficulty in obtaining shareholder registers described previously).

Comments on article 12

The draft RTS requires obtaining the same information for senior managing officials of legal entities as for the beneficial owners – even though it may be questioned whether the level of risk association with senior managing officials should be the same as that attached to beneficial owners and therefore justified to require the same set of information and verification rules for both. For instance, requiring the CEO of a big company to provide his ID would be disproportionate, as his/her data and identity may be easily asserted through the relevant companys’ registers. Moreover, acquiring information about his/her residential address may meet a strong and justified objection. This is data is not necessary nor commensurate to the limited ML/TF risk that he/she would pose.

In practice, some clients may refuse to provide this information (due to legal constraints, for example, or when dealing with public entities). Alternative methods of identification or verification should be possible when reliable public sources are available (including for politically exposed persons).

Most non-EU asset managers only agree to provide copies of identity documents for beneficial owners and authorized signatories who sign documentation as part of the business relationship. This requirement should be modified in order to avoid harming the competitiveness of EU asset managers and, when the ID card of a senior managing official is not available, it should be possible to instead use a certificate on its content.

Question 4: Do you agree with the proposals as set out in Section 2 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

It should be noted that most customers in private equity investment funds make occasional transactions and should not be considered as additional risk. In particular, the purpose and economic rationale on why the customer has chosen the obliged entities’ products or services is not relevant.

Comment on article 15 letters a & b

The reasoning behind a customer selecting an investment fund is generally difficult to challenge (track record, management team, investment strategy, etc.). As a consequence, requiring obliged entities to take risk-sensitive measures to determine why a customer chose the obliged entities’ products and services, does not bring added value in terms of AML-FT for investment funds. In the same vein, the use of products or services is not relevant for investment funds (article 15 points a & b).

A simplified understanding of the purpose and intended nature of the business relationship should apply to cases subject to simplified due diligence. Less detailed information on the client's business sector should be sufficient, especially if it involves a regulated sector.

Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Some of the requested information goes beyond what is required under Article 1.

There may be difficulties in accessing central registers, even for companies with a legitimate interest. Measures should be implemented to ensure that all obligated companies can request and obtain access to the central registers of all European countries.

Furthermore, a list of countries that have AML-CFT requirements that are not less robust than those required by Regulation (EU) 2024/1624 should be made available. Indeed, a country-by-country analysis by each individual obliged entity would be burdensome and inefficient. It would in particular be quite challenging if the relevant countries do not have a prescriptive approach such as the approach now adopted at the EU level and instead allow for greater professional judgment.

Such a list could be established and updated by the AMLA, following the example of the list that used to be made in France:

https://www.legifrance.gouv.fr/loda/id/JORFTEXT000024414854#:~:text=Les%20pays%20tiers%20%C3%A9quivalents%20mentionn%C3%A9s,Mexique%2C%20Singapour%20et%20la%20Suisse.

We propose clarifying letter a of article 21 as follows:

The intermediary is subject to AML-CFT obligations in an EU Member State or in a third country that has AML-CFT requirements that are not less robust than those required by Regulation (EU) 2024/1624 and shows on the list established by the AMLA.

Question 7: What are the specific sectors or financial products or services which, because they are associated with lower ML/TF risks, should benefit from specific sectoral simplified due diligence measures to be explicitly spelled out under Section 4 of the daft RTS? Please explain your rationale and provide evidence.

We fully support simplified measures for specific sectors or financial products or services which are associated with lower AML/TF risks such as collective investment undertakings, including private equity (including venture capital, private debt and infrastructure funds).

Question 8: Do you agree with the proposals as set out in Section 5 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

First of all, we would like to note that intermediaries in a chain whereby an entity is subject to enhanced due diligence measures will also be subject to these measures, thus potentially increasing significantly their obligations in terms of AML-FT.

It should not be necessary to obtain information about family members and individuals known to be close to the client or their beneficial owner in all cases of enhanced due diligence. For instance, for clients such as investment funds or situations whereby the managers of the company are the beneficial owners, this approach does not really make sense. Enhanced due diligence can sometimes be seen as intrusive, and gathering information about the families of managers in companies invested in by private equity funds may present significant challenges.

It would therefore be appropriate to reconsider the level of requirements for enhanced due diligence when a regulated intermediary in an equivalent country, such as an asset manager, is involved in the business relationship.

In the same way, verifications regarding the source of funds and the source of wealth of the beneficial owners do not make sense when the managers themselves are the beneficial owners.

Comment on article 24 letter b

The proposed rule requires obliged entities to assess the reputation of the customer and the beneficial owner. This requirement should be clarified and limited to their reputation in terms of AML-FT. It should also be clarified that the assessment of the reputation is based on information available at the time of the transaction.

We therefore suggest the following wording:

Enable the obliged entity to assess the reputation of the customer and the beneficial owner in terms of AML-FT, based on information available at the time of the transaction.

Comment on article 25 letter c

The requirement set out in letter c of article 25 is too vague. It should be clarified, in particular in respect of the situations where it is necessary to understand the nature of the beneficial owner’s business. The period of time it covers should also be clarified and limited. Last, this requirement could be considered intrusive and potentially compromise business confidentiality.

Question 9: Do you agree with the proposals as set out in Section 6 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

In practice, it is very challenging to ensure that all aliases of a client or beneficial owner are subject to screening. Meeting the obligation to screen "wallet addresses" is also very difficult.

In addition, we recommend defining an appropriate timeframe for sanctions lists to be updated by the authorities in the screening tool.

Name of the organization

France Invest

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting

Data

Publications

Media centre