Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates

Go back

Question 1: Do you have any comments on the approach proposed by the EBA to assess and classify the risk profile of obliged entities?

Preliminary comments

CNCEF PATRIMOINE supports the approach adopted by the EBA in the development of the various RTS projects, according to 5 main principles:
- A proportionate and risk-based approach;
- A focus on effective and achievable outcomes;
- Technological neutrality;
- Maximum harmonization between supervisory authorities, Member States, and sectors;
- Limiting disruptions by relying on existing standards as far as possible while aligning with global standards.
Except in exceptional cases, CNCEF members should not fall within the scope of AMLA’s direct supervision. For this reason, we do not comment on the RTS Draft developed on the basis of Article 12(7) of AMLAR.
As the vast majority of our members are individuals or modest-sized firms, we insist on the need to apply the principle of proportionality, which does not seem to be sufficiently taken into account in the draft RTS, or not as much as level 1 allows. In particular, the proposed simplified due diligence measures appear to be stricter than what is currently required. Proportionality should benefit all these firms, because of their size: all those that employ less than 5 FTEs.

We hope that EBA will be able to take our proposals into account, and finalize the delegated acts well before the date of application of the 1st level texts, in order to allow our members to organise themselves, but also to exchange with the national competent authorities to resolve in good understanding the theoretical (need for clarification) and practical (need for tools not yet available/labelled) difficulties identified.

We understand the three-step approach proposed by the EBA, the use of automated devices (in order to avoid subjective assessments) and the refusal of any self-assessment, but express the major reservations about the concrete implementation of these assessments in the existing French framework of supervision of the 7000 CIFs and more, which is based on:

Direct supervision by the French AMF, but limited to a very small number of FIAs (7 inspections carried out per year);
Indirect supervision by professional associations (including CNCEF PATRIMOINE), which are required to control 1/5 of their members every year.

Thus, the French AMF should not further entrust professional associations, whose material and human resources are even more limited, with the risk assessment mission as set out in the draft RTS.

This is one of the reasons why:

The frequency of evaluations must be absolutely extended (see question 4),
The European authorities should strictly regulate any delegation made by national competent authorities to professional associations. If the national supervisor were allowed to entrust professional associations with this new risk assessment mission, then enhanced cooperation would have to be imposed, in particular with the provision by the public authorities of financial resources, methodologies and technologies in line with European requirements.

Question 2: Do you agree with the proposed relationship between inherent risk and residual risk, whereby residual risk can be lower, but never be higher, than inherent risk? Would you favour another approach instead, whereby the obliged entity’s residual risk score can be worse than its inherent risk score? If so, please set out your rationale and provide evidence of the impact the EBA’s proposal would have.

CNCEF agrees with the EBA's proposal that the residual risk may be lower, but never higher, than the inherent risk.

3a: What will be the impact, in terms of cost, for credit and financial institutions to provide this new set of data in the short, medium and long term?

It is essential to pay attention to :

The proportionality of the number of data points requested, depending on the size of the company (number of FTEs)
Their relevance, depending on the national activity/market: FIAs only operate in a national framework,
The consistency at the European level, and in particular the definition of the status of "client" for CIFs, going beyond the advised client.
The consistency of the data points compared to those already required by other reporting obligations.

It is also essential that this collection can be anticipated so that the players can prepare for it, and stabilized over time (to allow the amortization of costs over several years).

3b: Among the data points listed in the Annex I to this consultation paper, what are those that are not currently available to most credit and financial institutions?

For the assessment of the inherent risk, CIF are only concerned by data relating to customers, to the RTO service, when it concerns collective investment units. The main activity of CIF, namely the provision of financial advice, is therefore not captured here.

For the assessment of AML controls put in place, very little data will be available, as these are often one-person firms that do not have a multi-level internal control system.

Finally, explanations are required to understand the logic behind the collection of some of the data points listed in the proposed RTS.

3c: To what extent could the data points listed in Annex I to this Consultation Paper be provided by the non-financial sector?

N/A

Question 4: Do you have any comments on the proposed frequency at which risk profiles would be reviewed (once per year for the normal frequency and once every three years for the reduced frequency)? What would be the difference in the cost of compliance between the normal and reduced frequency? Please provide evidence.

CNCEF proposes to align the reduced frequency of risk assessment of CIF with the frequency of inspections carried out by professional associations approved by the AMF: once every 5 years. This frequency already represents a challenge, in terms of costs and resources to be mobilized on the side of the associations.

Question 5: Do you agree with the proposed criteria for the application of the reduced frequency? What alternative criteria would you propose? Please provide evidence.

We agree with the size criterion set at less than 5 FTEs: most of these members will be concerned.

With regard to the criterion related to the activity, it should be ensured that the exercise of several of the activities listed in (b) does not result in the loss of the benefit of the reduced frequency. Here again, most of the members of CNCEF are in this case.

Question 6: When assessing the geographical risks to which obliged entities are exposed, should crossborder transactions linked with EEA jurisdictions be assessed differently than transactions linked with third countries? Please set out your rationale and provide evidence.

N/A

Question 1: Do you agree with the thresholds and provided in Article 1 of the draft RTS and their value? If you do not agree, which thresholds to assess the materiality of the activities exercised under the freedom to provide services should the EBA propose instead? Please explain your rationale and provide evidence of the impact the EBA’s proposal and your proposal would have.

Except in exceptional cases, CNCEF members should not fall within the scope of AMLA’s direct supervision. For this reason, we do not respond on the RTS Draft developed on the basis of Article 12(7) of AMLAR.

Question 2: What is your view on the possibility to lower the value of the thresholds that are set in article 1 of the draft RTS? What would be the possible impact of doing so? Please provide evidence.

Question 3: Do you agree on having a single threshold on the number of customers, irrespective of whether they are retail or institutional customers? Alternatively, do you think a distinction should be made between these two categories? Please explain the rationale and provide evidence to support your view.

Question 4: Do you agree that the methodology for selection provided in this RTS builds on the methodology laid down in the RTS under article 40(2)? If you do not agree, please provide your rationale and evidence of the impact the EBA’s proposal and your proposal would have.

Question 5: Do you agree that the selection methodology should not allow the adjustment of the inherent risk score provided in article 2 of draft under article 40(2) AMLD6? If you do not agree, please provide the rationale and evidence of the impact the EBA’s proposal would have.

Question 6: Do you agree with the methodology for the calculation of the group-wide score that is laid down in article 5 of the RTS? If you do not agree, please provide the rationale for it and provide evidence of the impact the EBA’s proposal and your proposal would have.

Question 7: Do you have any concern with the identification of the group-wide perimeter? Please provide the rationale and the evidence to support your view on this.

Question 8: Do you agree to give the same consideration to the parent company and the other entities of the group for the determination of the group-wide risk profile? Do you agree this would reliably assess the group-wide controls effectiveness even if the parent company has a low-relevant activity compared to the other entities?

Question 9: Do you agree with the transitional rules set out in Article 6 of this RTS? In case you don’t, please provide the rationale for it and provide evidence of the impact the EBA’s proposal and your proposal would have.

Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

We note that some of the proposals in section 1 go beyond the current national framework, which is in line with international standards. As such, they represent an unjustified additional cost.

Contrary to what is provided for in the draft RTS (and in particular recital 8), the consultation of central registers to obtain beneficial ownership information for all customers who are not natural persons should be sufficient, to satisfy the verification requirements (unless there is suspicion or high risk): this is the primary purpose of such registers and the reason for their establishment. Section 9 should therefore be amended as follows:

“The reasonable measures referred to in Article 22(7)(b) of Regulation (EU) 2024/1624 include:

consulting public registers, including the central registers, and other reliable national systems that contain the information necessary to verify the identity of the person, such as the residence register, tax register, passport database and the land register; to the extent that these are accessible to obliged entities; or
collecting information from other sources, which may include (..)”

In these circumstances, access to public registers must be facilitated and generalised to all Member States and to all types of customers. For example, there is no register of beneficial owners for collective investments funds that do not have legal personality.

Finally, on the obligation to understand the client's control structure (Articles 10 and 11), the information-gathering exercise must not be excessive and be limited to relevant information:

In accordance with national law, the draft RTS should include the possibility of easing its obligations in respect of companies already subject to transparency obligations (such as listed companies referred to in Article 10(1)(c)) or to the supervision of a supervisor (authorised regulated entities whose shareholding is supervised);
It should not be required to know the number of shares held by class or type of shares for each flow-through entity: this would be tantamount to requiring the register of shareholders (a document that may be difficult to obtain in some cases ;
It is not really possible to require obliged entities to assess the economic interest of their client's capital structure.

These measures should be reserved for cases of AML suspicious activities.

Regarding information required about the "senior managing official(s)" (Article 12), the draft RTS requires the same due diligence as for beneficial owners: from an economic point of view, this is not justified. Again, the use of public registers, when available, should be sufficient.

Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.

Professionals are not equipped with e-IDAS compliant electronic identification means : they represent an exorbitant cost and an obstacle to entering into a relationship for customers who are not familiar with technological tools.

As long as these solutions are not more widely available, alternatives must be offered to taxable professionals, other than the use of technological tools, such as those provided for by French positive law, namely the possibility of choosing two measures from the following (non-exhaustive list):

Obtain a copy of an identity document;
Implement measures for the verification and certification of a copy of an official document or an extract from the official register by a third party independent of the person to be identified;
Require that the first payment for transactions be made to or from an account opened in the customer's name with a European financial institution;
Obtain direct confirmation of the client's identity from a third party obligated to the client for whom the client is also a client.

Following the risk-based approach, verification requirements should be simplified for professional clients within the meaning of MiFID (especially in the context of an extensive approach to the concept of client).

Finally, we would like to emphasize that it is not realistic to require CIF to be able to demonstrate that the remote entry solution, which does not comply with the e-IDAS regulation, nevertheless meets the requirements of §4 of Article 6. We therefore propose to delete §6 of Article 6.

The same reservation applies to the assessment of the reliability and independence of the sources of information used (art. 7). Registers made available by public authorities, at national and European level, should, as a matter of principle, be regarded as reliable and independent sources of information.

Question 3: Do you have any comments regarding Article 8 on virtual IBANS? If so, please explain your reasoning.

N/A

Question 4: Do you agree with the proposals as set out in Section 2 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

On the knowledge of the object and the business relationship, the RTS project seems to go further than the level 1 text.

According to Article 25 of AML Regulation, which requires an understanding of the purpose and nature of the relationship, the search for information on the subject matter of the transaction, the estimated amount, the origin and destination of the funds and the client's activity is necessary "where necessary";
Article 16 of the draft RTS does not include this nuance, when it details the very precise information to be obtained for each of the items, thus requiring the collection of each of them.

It is the purpose of the relationship that should determine the pieces of information to be collected, and the risk-based approach the intensity of the due diligence carried out (use of questionnaire, research, collection of evidence, etc.).

It should be amended as follows:

“When obtaining information in accordance with Article 25 of Regulation (EU) 2024/1624, obliged entities shall take risk-sensitive measures to obtain all or part of the following information:

a. in relation to the purpose and economic rationale of the occasional transaction or business relationship, obtain information on why the customer has chosen the obliged entities’ products or services, and/or the value and benefits expected from the occasional transactions or business relationship or why the transaction will be conducted.

b. in relation to the estimated amount of the envisaged activities, obtain information on the estimated amount of funds to be deposited and/or understand the anticipated number, size, volume and frequency of incoming and outgoing transactions that are likely to be executed during the business relationship or occasional transactions as well as and where necessary the category of funds that such transactions relate to.

c. in relation to the source of funds, information on the activity that generated the funds and the means through which the customer’s funds were transferred, which may includes employment income, pension or retirement funds and government benefits including social benefits and grants, business revenue, savings, or whether funds come from loans and investments income, inheritance and gifts, sales of assets and legal settlements.

d. in relation to the destination of funds, information on the expected types of recipient(s), including information about the jurisdiction where the transactions are to be received, and intermediaries used, as far as the client may be aware of ;

e. in relation to the business activity or the occupation of the customer, information on the customer’s sector, such as the industry, operations, products and services, including whether they are a regulated or an obliged entity , geographical presence, revenue streams and, where applicable, information on their employment status whether employed, unemployed, self-employed or retired.

As regards relations between supervised professionals in the financial sector, it does not seem necessary to require such detailed information.

Question 5: Do you agree with the proposals as set out in Section 3 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

It is essential to allow small structures to carry out manual checks. Today's tools are very expensive with no guarantee of compliance. In the absence of a public register, it remains very difficult to identify a PEP, and especially a family member or partner, who does not identify him/herself as such.

Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Proposed measures regarding beneficial owners requiring to go beyond consulting the central register are not "simplified" measures. As mentioned above, consultation by the professional of the central register should be a sufficient measure unless there is suspicion or high risk. Where the risk is low, the professional could also call on other alternative (and non-complementary) sources. Reference to other sources is essential when the client resides in a State for which access to the central register is not facilitated.

It is proposed to amend Article 19 as follows:

“In situations of lower risk, the obliged entity may consult one of the following sources for the identification of and the verification of the beneficial owner or the senior managing officials:

a. the information registered in the central register or in the company register;

b. the statement or explanation provided by the customer, including their confirmation that the data is adequate, accurate and up-to-date, for the purpose of the verification of the identity of the beneficial owner or the senior managing officials;

c. any publicly available, reliable sources of information including internet research.”

Question 7: What are the specific sectors or financial products or services which, because they are associated with lower ML/TF risks, should benefit from specific sectoral simplified due diligence measures to be explicitly spelled out under Section 4 of the daft RTS? Please explain your rationale and provide evidence.

We consider that the asset management industry should benefit from sector-specific measures: Section 4 of the draft RTS should cover not only collective investment funds but also portfolio management companies authorised under the UCITS and AIFM Directives, which are the entities that make the decisions for collective investment funds. As these are regulated and duly supervised entities, CIF that have a business relationship with them, and in a weak situation, should be able to lighten their due diligence towards them.

Question 8: Do you agree with the proposals as set out in Section 5 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

We consider that the draft RTS goes beyond what is required by level 1: the draft should not impose the minimum additional information to be obtained, and especially in such vague terms:

The concept of reputation (Article 24b) is too imprecise: the scope of this diligence should be reduced to the risk of money laundering and terrorist financing, depending on the information available to the public at the time of entering the relationship;
It should never be mandatory to obtain information about family members and persons known to be close to the client or his beneficial owner (Article 24c).

Question 9: Do you agree with the proposals as set out in Section 6 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

No comment.

Question 10: Do you agree with the proposals as set out in Section 7 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

N/A

Question 11: Do you agree with the proposals as set out in Section 8 of the draft RTS (and in Annex I linked to it)? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

No comment.

Please note CNCEF also represents other professionals:

Insurance intermediaries and brokers, brought together within the CNCEF ASSURANCE association, approved by the French Prudential Supervision and Resolution Authority (ACPR).
Credit intermediaries and brokers brought together within the CNCEF CREDIT association, also approved by the French Prudential Supervision and Resolution Authority (ACPR),
Real estate brokers brought together within the CNCEF IMMOBILIER association.

These professionals will be also impacted by these regulatory changes, facing the same challenges as CIF. We would therefore like to stress that, as individuals or small firms there are also very much in need for proportionality.