Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates
Question 1: Do you have any comments on the approach proposed by the EBA to assess and classify the risk profile of obliged entities?
NA
Question 2: Do you agree with the proposed relationship between inherent risk and residual risk, whereby residual risk can be lower, but never be higher, than inherent risk? Would you favour another approach instead, whereby the obliged entity’s residual risk score can be worse than its inherent risk score? If so, please set out your rationale and provide evidence of the impact the EBA’s proposal would have.
NA
3a: What will be the impact, in terms of cost, for credit and financial institutions to provide this new set of data in the short, medium and long term?
NA
3b: Among the data points listed in the Annex I to this consultation paper, what are those that are not currently available to most credit and financial institutions?
NA
3c: To what extent could the data points listed in Annex I to this Consultation Paper be provided by the non-financial sector?
NA
Question 4: Do you have any comments on the proposed frequency at which risk profiles would be reviewed (once per year for the normal frequency and once every three years for the reduced frequency)? What would be the difference in the cost of compliance between the normal and reduced frequency? Please provide evidence.
NA
Question 5: Do you agree with the proposed criteria for the application of the reduced frequency? What alternative criteria would you propose? Please provide evidence.
NA
Question 6: When assessing the geographical risks to which obliged entities are exposed, should crossborder transactions linked with EEA jurisdictions be assessed differently than transactions linked with third countries? Please set out your rationale and provide evidence.
NA
Question 1: Do you agree with the thresholds and provided in Article 1 of the draft RTS and their value? If you do not agree, which thresholds to assess the materiality of the activities exercised under the freedom to provide services should the EBA propose instead? Please explain your rationale and provide evidence of the impact the EBA’s proposal and your proposal would have.
NA
Question 2: What is your view on the possibility to lower the value of the thresholds that are set in article 1 of the draft RTS? What would be the possible impact of doing so? Please provide evidence.
NA
Question 3: Do you agree on having a single threshold on the number of customers, irrespective of whether they are retail or institutional customers? Alternatively, do you think a distinction should be made between these two categories? Please explain the rationale and provide evidence to support your view.
NA
Question 4: Do you agree that the methodology for selection provided in this RTS builds on the methodology laid down in the RTS under article 40(2)? If you do not agree, please provide your rationale and evidence of the impact the EBA’s proposal and your proposal would have.
NA
Question 5: Do you agree that the selection methodology should not allow the adjustment of the inherent risk score provided in article 2 of draft under article 40(2) AMLD6? If you do not agree, please provide the rationale and evidence of the impact the EBA’s proposal would have.
NA
Question 6: Do you agree with the methodology for the calculation of the group-wide score that is laid down in article 5 of the RTS? If you do not agree, please provide the rationale for it and provide evidence of the impact the EBA’s proposal and your proposal would have.
NA
Question 7: Do you have any concern with the identification of the group-wide perimeter? Please provide the rationale and the evidence to support your view on this.
NA
Question 8: Do you agree to give the same consideration to the parent company and the other entities of the group for the determination of the group-wide risk profile? Do you agree this would reliably assess the group-wide controls effectiveness even if the parent company has a low-relevant activity compared to the other entities?
NA
Question 9: Do you agree with the transitional rules set out in Article 6 of this RTS? In case you don’t, please provide the rationale for it and provide evidence of the impact the EBA’s proposal and your proposal would have.
NA
Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Art1 (1): No comment; (2) is missing - numbering should be adjusted (3); no comment
Art 2:
Art 3: No comment
Art 4: How, what kind of information/documentation, other than a confirmation from the (representative of) the customer, can satisfy that the provided nationality information is complete (disclosing all nationalities)?
Art 5: (1) No comment; (2) Why exclude validity, document number and signature?
Art 6: See question 2.
Art 7: No comment.
Art 8: See question 3.
Art 9: (a) and (b): is our assumption correct that a copy passport is not mandatory? AMLR 22(7)
Art 10: No comment.
Art 11: No comment.
Art 12: No comment.
Art 13: No comment.
Art 14: No comment.
Art 13 and 14: We could not establish if AMLR article 58 applies to an “express trust” in its capacity as customer only, or if it applies as well in case the “express trust” is the direct or indirect owner of the customer with at least 25% ownership?
Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.
Art 6: (1) No comment.
(2) refers to using remote solutions that meet conditions set out in paragraphs 3-6 of this Article. Such solutions shall be commensurate to the size, nature and complexity of the obliged entity’s business however, (3) is a sine qua non condition (4) it seems these points are always relevant and apply to SDD as well - ?
(5) and (6) No comment.
Question 3: Do you have any comments regarding Article 8 on virtual IBANS? If so, please explain your reasoning.
No comment
Question 4: Do you agree with the proposals as set out in Section 2 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Art 15: No comment
Art 16: No comment
Question 5: Do you agree with the proposals as set out in Section 3 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Art 17: (1)(b) We suggest putting the last sentence under a subparagraph (c); (2) No comment.
Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Art 18: No comment
Art 19: No comment
Art 20: No comment
Art 21: No comment
Art 22: No comment
Art 23: No comment
Question 7: What are the specific sectors or financial products or services which, because they are associated with lower ML/TF risks, should benefit from specific sectoral simplified due diligence measures to be explicitly spelled out under Section 4 of the daft RTS? Please explain your rationale and provide evidence.
The Dutch Trust Supervision Act (Wtt 2018) does not allow simplified due diligence measures restraining to apply a proper risk-based approach i.e. all products are considered high risk.
As the AMLR should lead to optimized harmonization amongst the EU member states, as well as provide a level playing field for all obliged entities and that a risk-based approach should be central throughout the application of the AMLR, we would like to establish if EBA agrees with us that there is no room for more stringent regulation in a Member State. Does EBA agree that Wtt 2018 in the current form cannot be upheld?
As a further explanation we note the following. The Wtt 2018 currently in place is very stringent and prescriptive on the CDD rules that have to be adhered to. There is an emphasis on not only transaction monitoring but also and foremost on the Source of Wealth (SoW) and Source of Funds (SoF) of the client’s UBOs. The concerning articles in Chapter 4 (CDD) of the Wtt 2018, leave no room for a risk-based approach as they demand the highest level of certainty regarding the SoW and SoF which goes further than the related articles on CDD in the AMLR. The Dutch regulator (Dutch Central Bank) applies the named chapter in a rigid rule-based manner putting the bar to adhere so high, that it is almost impossible to get it right. In our opinion, this is not in alignment with the AMLR of which the main goal is to harmonize the AML/CFT field so that the same rules apply to all 27 member states of the EU, leading to combating ML/TF more effectively. In the meantime, in the AMLR, a level playing field is an explicit goal. At this moment, there are no indications that the Wtt2018 will be rescinded to match the AMLR, hence we ask your attention for this dynamic.
Question 8: Do you agree with the proposals as set out in Section 5 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Art 24/25/27: Comment -AMLR article 34(4) uses the wording: “..proportionate to the higher risks identified, which may include the following measures: ....”. The RTS lists certain requirements a, b, c. and d as a minimum by stating “at least”. The latter seems rule based as opposed to proportionate. With the RTS requirements as set in the articles 24/25/27, there is no room for the obliges entity to apply a risk-based approach based on their understanding of the risks that their client poses. This is contradictory to the main principle of the AMLR to harmonize and set a level playing field for the obliged entities across the board not only focusing on financial institutions.
Art 24 (a) (b) and (c); we suggest that wording as the following could be used: “at least the obliged entities should make a proportionate effort resulting in additional information enabling the obliged entity to verify ... or to assess... “. This could be an alternative to the prescriptive wording that is being used in the draft RTS and leave room for the obliged entities to adhere to the AMLR as it is intended to.
Art 24 (d) : How does the ‘holistic view on ML/TF risks’ as stated in the article work in practice? What are the requirements and on what basis can the required information be obtained?
Art 25: Comment as above for article 24 RTS
Art 26: this article is not meant for the Source of Wealth and Source of Funds regarding senior managing officials (SMOs). We urge the EBA to reaffirm that SMOs are not the same as UBOs. The rationale in this case is that there are legitimate situations whereby the obliged entity may be unable to identify a natural person as the beneficial owner of its customer. In these situations, Regulation (EU) 2024/1624 requires the identification of senior managing officials (SMO), instead. While SMOs are not beneficial owners, for the purposes of identification and verification measures, obliged entities should collect the same level of information for SMOs as they do for the beneficial owners. However there is no rationale to submit SMOs to the requirements of article 26.
Art 27: We miss the definition of transaction and what is to be deemed as an intended transaction. We assume that this is up to the obliged entity to assess. We urge the EBA to affirm this assumption.
We urge the EBA to reaffirm the central role of the risk-based approach throughout the RTS on CDD. In our view, the current draft RTS leans too much towards a rule-based approach, which is not appropriate in the context of AML/CFT measures. This is especially the case where the RTS details specific CDD and EDD measures in a prescriptive manner, even though the AMLR allows for proportionality through terms such as “where necessary”. For example, Articles 15 and 16 on the purpose and nature of the business relationship are overly rigid and do not allow for risk-sensitive implementation. Here we see the same issues as described in the paragraph above (ad question 7) about the Wtt 2018. Overly perspective articles in chapter 4 (CDD) in the Wtt 2018, lead to a rule-based approach in which there is no room for risk-based approach in the context of AML/CFT measures. This hinders effective and proportionate AML/CFT compliance in execution and is not in line with the risk-based spirit of the AMLR.
Question 9: Do you agree with the proposals as set out in Section 6 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Art 28: No comment
Art 29: We assume the transliteration requirement is a minimum.
Question 10: Do you agree with the proposals as set out in Section 7 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Art 30: No comment
Question 11: Do you agree with the proposals as set out in Section 8 of the draft RTS (and in Annex I linked to it)? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
We interpret Article 32 of the RTS on CDD to introduce a five-year period within which all customer identification data must be updated for existing customers, in accordance with Article 22(1) of this RTS. In our view, customer identification data includes all CDD elements, such as the identification of the customer (name and date of birth), ownership and control structure, UBO, SMO, and legal representatives. This reading is consistent with recital 16 of the RTS and consideration 43 of the broader EBA consultation document.
Although Article 32 refers to the entry into force of this Regulation (being this RTS on CDD), we consider that the five-year period is intended to begin from the application date of Regulation (EU) 2024/1624 (the AMLR), as confirmed in Article 90 AMLR, which sets this date as 10 July 2027. Consideration 16 of the RTS supports this interpretation by explicitly referring to the “application date” as the moment from which the update obligation should be calculated. Accordingly, we interpret Article 32 to mean that all existing customer information must be updated, in a risk-based manner, by no later than 10 July 2032.
As regards Article 32 we note that in your consideration 43 you state the following: ‘Finally, in relation to the date at which obliged entities are expected to comply with the new CDD measures, the AMLR could be read as suggesting that obliged entities will have to comply with it from 10 July 2027. This would mean that obliged entities would have to apply the new CDD standards to all existing customers at that date. The EBA acknowledges that it may not be possible for obliged entities to apply the new CDD standards to all of their existing clients at that date and therefore proposes that the draft RTS clarifies that obliged entities apply a risk-based approach. Specifically, when updating CDD information for existing customers, obliged entities would prioritize higher ML/TF risk business relationships in the first instance. CDD information for other business relationships, which are not high- ML/TF risk, could be completed at a later date, provided that obliged entities do not exceed a 5-year transition period.’ We are pleased that EBA acknowledges that it will be very difficult to comply with the CDD measures at once on 10 July 2027 and to this we fully agree. Updating the relevant information for existing clients in a risk-based manner but no later than 5 years after entry into force of this Regulation is therefore strongly supported. Please confirm that - even if an obliged entity mainly serves high risk clients - Article 32 still provides for this grace period, meaning that updating said information should be carried out for the highest ML/TF risk business relationships first. As such, obliged entities (e.g. trust offices) whose client portfolios mainly consist of high risk clients, also will be enabled to timely apply new CDD standards in a risk-based manner.
We assume that the five-year period will extend to 10 July 2032 (if and) when adopted by the European Commission.
Question 1: Do you any have comments or suggestions regarding the proposed list of indicators to classify the level of gravity of breaches sets out in Article 1 of the draft RTS? If so, please explain your reasoning.
NA
Question 2: Do you have any comments or suggestions on the proposed classification of the level of gravity of breaches sets out in Article 2 of the draft RTS? If so, please explain your reasoning.
NA
Question 3: Do you have any comments or suggestions regarding the proposed list of criteria to be taken into account when setting up the level of pecuniary sanctions of Article 4 of the draft RTS? If so, please explain your reasoning.
NA
Question 4: Do you have any comments or suggestions of addition regarding what needs to be taken into account as regards the financial strength of the legal or natural person held responsible (Article 4(5) and Article 4(6) of the draft RTS)? If so, please explain.
NA
5a: restrict or limit the business, operations or network of institutions comprising the obliged entity, or to require the divestment of activities as referred to in Article 56 (2) (e) of Directive (EU) 2024/1640?
NA
5b: withdrawal or suspension of an authorisation as referred to in Article 56 (2) (f) of Directive (EU) 2024/1640?
NA
5c: require changes in governance structure as referred to in Article 56 (2) (g) of Directive (EU) 2024/1640?
NA
Question 6: Which of these indicators and criteria could apply also to the non-financial sector? Which ones should not apply? Please explain your reasoning.
NA
Question 7: Do you think that the indicators and criteria set out in the draft RTS should be more detailed as regards the naturals persons that are not themselves obliged entities and in particular as regards the senior management as defined in AMLR? If so, please provide your suggestions.
NA
Question 8: Do you think that the draft RTS should be more granular and develop more specific rules on factors and on the calculation of the amount of the periodic penalty payments and if yes, which factors should be included into the EU legislation and why?
NA
Question 9: Do you think that the draft RTS should create a more harmonised set of administrative rules for the imposition of periodic penalty payments, and if yes, which provisions of administrative rules would you prefer to be included into EU legislation compared to national legislation and why?
NA