Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates
Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
In Section 1, the assessment of "complexity" of the ownership and control structure provided by Article 11 of the RTS should be reconsidered.
Paragraph 1 of the article, entitled "Understanding of the Ownership and Control Structure of the Client in the Case of Complex Structures", sets out the criteria for determining whether a client's structure can be classified as "complex". These criteria assume that there are at least two levels between the client and the beneficial owner. Where this condition is met (simultaneously with one of the other criteria listed in subparagraphs (a) to (d) of the same Paragraph), the obligated persons (“OPs”) are required to categorize the client's structure as "complex".
From this qualification, OPs are obliged to obtain further information and documents in addition to the data referred to in Article 10(1) of the RTS: in particular, OPs must obtain an organizational chart describing the client's ownership and control structure and ensure that such document is accurate and clear.
Initially, the circumstance under subparagraph a) (i.e. “presence of a legal arrangement in any of the layers”) is not deemed to be independently representative of higher risk situation.
In addition, while concurring with the notion that the organigram is a suitable tool to better understand the ownership and control structures of articulated chains, AIPB believes that this need arises only when such structures are made by articulated configurations, for which graphical representation is of effective help. On the contrary, when only two levels are involved, the practical usefulness of the organizational chart seems to be irrelevant.
Moreover, the presence of one or more intermediary entities between the client and the Ultimate Beneficial Owners (UBOs) is frequently observed in standard ownership structures and it is therefore likely that such new obligation is almost always required in the case of relationship with legal entities.
In addition, the information required cannot be obtained through automated control systems, making the correct application and ongoing maintenance of the measure particularly complex.
Conclusively, the required fulfilment significantly expands the scope of checks, leaves room for divergent interpretations, and imposes further substantial burdens on intermediaries and their clients, without appreciable improvements in terms of control effectiveness, especially where only two layers exist between the client and the beneficial owner.
Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.
Firstly, we appreciate for the effort made to clarify and overcome apparent rigidities in Article 22, Paragraph 6, of Regulation 2024/1624, which could have led to the conclusion that the only possible means of fulfilling remote identification obligations were the solutions provided for in the eIDAS Regulation.
However, it is worth remembering that Private Banking intermediaries, like other credit and financial institutions targeted by AML regulations, have adhered to the EBA guidelines on recommended measures to adopt or review remote customer onboarding solutions, to varying degrees depending on their respective operational practices and size.
This adjustment entailed significant investment, in terms of money and resources, which it is believed should be preserved, without unjustified cost overruns, given the high standards of safety and transparency outlined by the EBA.
Moreover, solutions consistent with the EBA Guidelines have proven, in practice, to be more secure and efficient than eIDAS-compliant solutions in managing cyber fraud risks.
In this context, we suggest establishing equivalence, for the purpose of proper fulfillment of remote identification obligations, between eIDAS-compliant solutions and those provided for in the EBA Guidelines.
Alternatively, should the path just suggested not being deemed feasible, we request clarification on the cases in which eIDAS-compliant solutions “cannot reasonably be expected to be provided”, including instances where they are not legally mandatory (e.g., relationships with consumer clients not registered in a professional roll).
Anyway, in the case of transition to new IDAS protocols, it is desirable to provide a transition period of sufficient magnitude (not less than [48] months) and a prior impact analysis, respecting the principle of regulatory continuity to minimize the adjustments imposed on already compliant solutions and systems.
Question 4: Do you agree with the proposals as set out in Section 2 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
As part of the identification of the purpose and intended nature of the business relationship or occasional transactions, Article 15 of the RTS requires obligated persons to take risk-sensitive measures to determine, among other things, the source of funds credited to the accounts (Article 15(b)) and whether any business relationships with the OP or its group companies may influence the understanding of the origin of the funds.
It is believed that the above provision does not consider that under Regulation 2024/1624 the investigation of the origin of funds constitutes enhanced due diligence measures and, therefore, is only due in the presence of higher risks of money laundering and terrorist financing. It is suggested that this provision is clarified to avoid application uncertainties.
The same considerations apply in relation to paragraph (c) of Article 16, which requires the acquisition of a range of information regarding the origin of funds.
Lastly, under Article 16(b), it is required that the OPs collect from the client and assess estimates regarding the expected activities, the estimated amount of funds to be deposited, as well as the expected number, size, volume, and frequency of incoming and outgoing transactions that are likely to be executed during the course of the relationship.
It is believed that, especially in the private banking sector, the adoption of generalist predictive models might be misleading, given the multiple sources of inflows and outflows of financial resources that are typical among HNW clients. Forecasting of such estimates --to be structured in operational models—would require a massive expenditure of energy and resources with results of low reliability and potentially misleading for monitoring purposes.
Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
With respect to Section 4, the Association has no particular comments other than a suggestion to specify that the cases of simplified due diligence indicated in Articles 20 and 21 are specific cases of indicative low-risk factors for the listing of which should refer to Annex II to Regulation 2024/1624.
Question 8: Do you agree with the proposals as set out in Section 5 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
In Section V, Article 26 describes the information and evidentiary documentation required with reference to the source of client funds and assets and beneficial owners in enhanced due diligence assumptions.
In this context, it is believed that the requirement for certification and/or authentication of all documents mentioned in subparagraphs (a) to (g) of Paragraph 1 should be eliminated.
This provision results in a consistent burdening of onboarding processes, with a significant increase in bureaucratic formalities (necessarily borne by the client) that is entirely unnecessary in the context of existing protections, potentially deterring the client from establishing the relationship and unjustified slowdowns in relationship activation processes.
Moreover, traditional certification or authentication requirements seem inconsistent with the simplification and digitization guidelines promoted at the EU level.
Finally, we believe that the verification of the source of funds should be conducted, particularly in the private banking sector where clients’ assets have diverse origins, regarding the client’s overall wealth, focusing on the prevalent sources, rather than requiring an investigation into the provenance of every single monetary unit comprising the client’s assets.
Question 9: Do you agree with the proposals as set out in Section 6 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
It is believed that Section 6 of the RTS should be coordinated with EBA guidelines on financial sanctions to pursue uniform and technically homogeneous requirements at the European level.