Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates
Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Article 1 of the RTS:
Paragraph 1: The collection of the full first names and last names of the primary contact and legal representatives as per their identity card, passport or equivalent is relevant when these documents are collected. However, extending this requirement to low-risk customer’s beneficial owners will be extremely complicated as identity document collection is not required in this use case. We would recommend being satisfied with the information as it appears on external sources reliable documents such as register of beneficial owner or company registration documents.
Paragraph 3: The notion of commercial name is not covered by the AMLR. The obligation to collect the commercial name on top of the registered name is disproportionate and counterproductive for the following reasons:
- This is not a legal information, and it will be very difficult to make sure this information is captured;
- With regards to filtering, it may lead to an excessive burden in monitoring sanctions with a high number of false positive alerts requiring extra resources to treat these alerts.
We would therefore also suggest removing the mention of aliases and tradename from article 29 of the RTS.
Article 4 of the RTS:
The collection of multiple nationalities is not something that the obliged entities will be able to verify on independent sources and will only be self-declaratory. It will create an extra burden to adapt the information system which are not designed to collect and store multiple nationalities.
We would recommend at the minimum to provide an exception for natural persons with simplified due diligences measures.
Article 5 of the RTS:
To avoid any ambiguity, we would highly recommend clarifying that article 5 applies to cases where identify verification must be obtained and does not create new requirements to verify identity. In particular there is no legal requirement to verify the identity of all beneficial owners as level of verification is based on a risk analysis approach.
We would like to point out that certain information required for identity documents by art 5.1 is not included in some states’ official identity documents. For instance, Chinese or Romanian identity documents do not contain the place of birth. Also Chinese identity documents are not signed by the document holder. Moreover, very few people have a passport in China.
Therefore, this provision will be impossible to comply with for entities dealing with nationals of these states. We would highly recommend introducing exemptions in Art 5.1 , not to ask the entities to collect documents with features that do not exist and that these informations remain collected based on client declaration.
Article 22(1)(b)(iv) of Regulation (EU) 2024/1624 requires obliged entities to collect the names of persons holding shares or a directorship position in nominee form, including reference to their status as nominee shareholders or directors for all customers with the exception of lower risks. This requirement adds an excessive burden on obliged entities which will complexify significantly the KYC process. We would recommend specifying in the RTS that this obligation applies to Beneficial Owners and legal representative only.
Article 9 of the RTS:
As per our comment on article 5, we would recommend specification that measures taken should be commensurate with the nature of the activity, the size and the exposure to ML/FT risks of each obliged entity.
Article 10 of the RTS:
The AMLR provides for the identification of beneficial owners and an understanding of the ownership structure, but without going into excessive formalism. The requirements of Article 10 should be rewritten to align with the text of the AMLR.
At the very least we would require that it specifies that the detailed requirements (identification of all intermediate levels, exact percentage of voting rights, information on partial listing, etc.) apply only to customers classified as high risk according to the obliged entities’ risk classification methodology.
Article 11 of the RTS:
We believe that paragraph b of section 1 would benefit from clarifications.
The definition of complex structure is very broad (starting from 2 layers between customers and beneficial owners) and the obligation to collect an organization chart seems redundant with the provision of article 10.
Article 12 of the RTS:
We strongly recommend that the notion of senior managing officials is clarified to be limited to legal representatives when there is no beneficial owner. It will indeed be impossible to obtain a reliable information (other than managing Directors mentioned in the Certificate of Registration of the company and disproportionate to collect the information of all senior managing officials.
Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.
Simplified due-diligence: we would strongly recommend clarifying that the provision of article 22(6) of the AMLR applies only to cases where identity verification is legally required and does not impact simplified due diligence where such verification is not required, such as for low risk products (e.g : BNPL, split payments, credit transactions with a repayment period of no more than three months).
See Answer to Question 7.
The current proposition will be very difficult and costly to implement for small obliged entities with a significant number of customers outside EU for whom the solution described in paragraph 1 of the article 6 could not be applied.
Currently, the RTS necessitates the implementation of two distinct remote solutions, which seems disproportionately complicated.
Until e-IDAS compliant solutions are made available to identify any customer regardless of its nationality, we advocate for providing flexibility and proportionality, such as the current provision of article R561-562 of the French Monetary and Financial Code. This article provides that obliged entities can verify the customer’s identity by choosing two out of six measures.
In particular, for legal entities, identity verification can be done through the combination of (i) obtaining a copy of an official identify document (such as the company registration certificate) and (ii) requiring that the first payment of the transactions be made from or to an account opened in the customer's name with credit/financial institution which is established in a Member State of the European Union or in a State party to the Agreement on the European Economic Area or in a third country that imposes equivalent obligations in terms of the fight against money laundering and terrorist financing.
This makes sure that the customer has already gone through a KYC with a financial institution applying equivalent obligations in terms of AML/FT.
It would also be useful to clarify that the use of electronic identification means is contained to primary contact and legal representatives. It will indeed be very difficult, if not impossible, in some cases for a customer to get hold of its beneficial owner to go through the electronic identification.
Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Article 18 of the RTS:
As specified in our comment to article 4 of the RTS, the collection of multiple nationalities is not something that the obliged entities will be able to verify on independent sources and can only be self-declaratory. It will create an extra burden to adapt the information system which are not designed to collect and store multiple nationalities.
We would recommend at the minimum to provide an exception for natural persons with simplified due diligences measures.
Question 7: What are the specific sectors or financial products or services which, because they are associated with lower ML/TF risks, should benefit from specific sectoral simplified due diligence measures to be explicitly spelled out under Section 4 of the daft RTS? Please explain your rationale and provide evidence.
We strongly advocate for credit with a repayment period of less than three months that are not subject to any interest or charges or only to negligeable interests and charges (also known as Buy Now Pay Later: BNPL) to benefit from specific sectoral simplified due diligence measures.
Obliged entities offering BNPL products currently benefit from simplified due diligence measures and notably they must identify their customers but do not have to verify their identity when certain conditions are met. This is proportionate to the low level of ML/FT risk associated with consumer goods assigned credit.
It is paramount that BNPL products retain this simplified due diligence measures as a systematic identity check, even for very small amount of credit would be totally disproportionate to the ML/FT risk of these credit and it would be highly counterproductive on several levels:
- keep a smooth customer experience within the e-commerce industry. Adding identity verification would have a massive impact on payment conversion rate and therefore jeopardize e-commerce activity
- The obligation to systematically check the identity of customers would increase the operating costs of obliged entities, penalizing a business model that is already highly competitive. These additional constraints could lead to higher costs or a reduction in supply for consumers, particularly those with limited financial resources or limited access to traditional credit solutions.
- it would be a major obstacle for vulnerable consumers for whom BNPL represents a simple and rapid alternative to traditional credit. Vulnerable customers are a fair proportion of Cdiscount customers who we are helping manage their budget and have access to essential consumer goods thanks to BNPL.
It should be noted that the simplified due diligence measures still include key AML/CFT factors such as checking every customer against asset freezing lists or constant vigilance such as transactions filtering.
Question 9: Do you agree with the proposals as set out in Section 6 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Article 29 of the RTS:
As mentioned in our comment to Article 1, the notion of commercial name is not mentioned by the AMLR. The obligation to collect the commercial name on top of the registered name is overreaching and disproportionate for the following reasons:
- This is not a legal information, and it will be very difficult to make sure this information is captured
- With regards to filtering, it may lead to an excessive burden in monitoring sanctions with a high number of false positive alerts requiring extra resources to treat these alerts.
We would therefore also suggest removing the mention of aliases and tradename from article 29 of the RTS.
Question 11: Do you agree with the proposals as set out in Section 8 of the draft RTS (and in Annex I linked to it)? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
At this stage we do not have sufficient knowledge of existing technical solutions to determine how they can be factored into our existing KYC information system. Therefore, we are not able to provide informed comments on this matter.