Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates
Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Agree with the proposals but would like to make the following suggestions/comments:
Article 1 Information to be obtained in relation to names - We suggest including for individuals the requirement to provide previous legal surnames as they can still be present in older sources or support screening for previous time periods and can uncover important risks which are not linked necessarily to present names. This information is equally important, and it is a standard practice for financial entities to ask their potential clients for this information for credit and due diligence purposes. If names are provided with a clear name type (e.g., maiden name or formerly known as), that would allow the calibration of screening tools to avoid false positives while retaining rich information.
Article 2 - Information to be obtained in relation to addresses - we would emphasise that full physical residential address should be provided. For companies, postal address alone would not be enough to determine the legitimacy of a business. A physical address is important to ensure the organization is headquartered/operating where they are registered and to confirm the address is not a shell company.
Article 3 – Specification on the provision of the place of birth - We suggest including province/region when available. Place of birth is a legitimate secondary identifier to ensure accuracy, completeness and minimise false identification. The availability of all the information will vary across Member States but the requirement should be drafted in a flexible manner to require ‘at least’ city, the country name and allow for the gathering of additional data where possible.
Article 4 – Specification on nationalities - We agree that multiple nationalities should be provided as this is a strong secondary identifying information. Associated ID numbers/passport numbers for these nationalities should also be provided by the customer for precision.
Article 7– Reliable and independent sources of information - we strongly support requiring obliged entities to take risk-sensitive measures to assess the credibility of information sources. This includes assessing data inclusion criteria and processes to ensure data accuracy. LSEG Risk Intelligence’s World-Check service has worked over the past 25 years to create a primary and secondary source repository of reputable and credible sources, to be used in research, as well as a list of non-reputable and extreme sources that should not be used given lack of credibility and accuracy. In addition, as a best practice we follow the 2-source rule for all negative risk information. Whenever possible, more than one source should be used to corroborate information, instead of relying on a single point. For non-risk information (e.g. secondary identifiers), a broader approach (for example use of social media) is also very effective in verifying the reliability of information. The RTS proposals should more clearly acknowledge and support the use of data and technology service providers which have significant expertise and resources to check and provide a consistent use of independent sources of information and associated data typologies. Obliged entities significantly rely on third party service providers in order to verify and complete key controls such as KYC due diligence, screening, monitoring, investigation and reporting activities. These data providers offer easier and faster access to information about high risk entities and individuals, allowing due dilligence checks to be cleared at speed and flagging potentially high risk activity for further investigation.
Article 9 – Reasonable measures for the verification of the beneficial owner - we support the requirement to corroborate additional sources of data to identify beneficial ownership (BO) as well as facilitating access to public registers, central registers and other reliable national systems that contain the information necessary to verify BO. Where obliged entities are legally required to gather more information and public registry does not provide enough identifying information, additional due diligence will be required according to a risk-based approach.
Article 10 – Understanding the ownership and control structure of the customer - Understanding of ownership and control structures between a legal entity and its customer are essential parts of due diligence to ensure the public and the private sector organisations do not facilitate predicate offences. Ownership structures are, in many cases, constructed to be complex and multilayered to hide for tax evasion purposes or other predicate crimes, such as money laundering, human trafficking and fraud and tax evasion.
Article 12 – Information on senior managing officials - Agree with the proposed article. For anti-money laundering compliance purposes, there are clear benefits of verifying identities of senior management as they control the entity or influence financial decisions, and may be used as proxies in money laundering, terrorist financing, or sanctions evasion schemes. Additionally, from a risk mitigation perspective, there are situations when a company may not raise risks, but senior management could be on a sanctions list, which could lead to major legal and reputational risks and penalties.
Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.
NA
Question 3: Do you have any comments regarding Article 8 on virtual IBANS? If so, please explain your reasoning.
Agree with the proposed draft. Where a natural or legal person is issued a virtual IBAN, the information for identifying and verifying that natural or legal person should be made available to credit and financial institutions servicing the account in real-time. This should be done to ensure immediate identification of owners or beneficiaries, for financial institutions of the relevant account owners, to make instant decisions to process or not process fund transfers. Allowing immediate identification and verification of virtual IBAN ownership will allow financial institutions to meet AML/CTF regulations, and to avoid the misuse of virtual IBANs via a Payment Service Provider or Electronic Money Institutions to hide sources or recipients of funds and other fraudulent activities.
Question 4: Do you agree with the proposals as set out in Section 2 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
NA
Question 5: Do you agree with the proposals as set out in Section 3 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Agree with the proposal with the following suggestions/comments:
Article 17– Identification of Politically Exposed Persons - We suggest a stronger recognition of the use of automated screening processes as these have proven to be an effective way to comply with AML compliance while ensuring open-access and financial inclusion. The capabilities oft 3rd party screening platforms include:
- Advanced name-matching algorithms and configurable filters to reduce false positives and improve match accuracy.
- Secondary identifiers and enhanced due diligence tools to provide deeper insights into PEP relationships and networks.
- Embed the work of hundreds of analysts worldwide who follow strict research guidelines to ensure data accuracy and relevance
- Global reach ensures that users can screen individuals and entities across jurisdictions effectively.
Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Mostly agree with the proposal with the following suggestions/comments:
Article 18 – Minimum requirement for the customer identification in situations of lower risk - we would recommend that ‘full legal name’ is required more clearly in the text. Depending on customers’ nationality names might include two or more names, and surnames. Requiring ALL names might differ from just including Legal Names which is actually required per regular due diligence processes. Same for businesses, legal name could differ from commercial name and variations a client wants to use and broadening the scope would benefit the effectiveness of checks and identification.
Article 20 – Sectoral simplified measures: Pooled accounts - We do not agree that pooled accounts are lower risk for AML/CFT purposes. In fact, they could be higher risk, since tracing the origin of the funds (source of funds) can become complicated and obscured. Pooled accounts allow individuals or entities to collectively manage and invest funds, which can make it harder to trace the source of the money and identify any illicit activities. Simplified due diligence measures in this case would not be warranted. FINCEN in the US provided guidance on this topic: “The mechanisms for laundering illicit proceeds through investment advisers and private funds vary but generally consist of obscuring the illicit origins of funds and pooling them with legitimate funds to invest in U.S. securities, real estate, or other assets.” (source: Federal Register :: Financial Crimes Enforcement Network: Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers).
Article 22 - Customer identification data updates in low-risk situations - it is necessary to consider that every risk ranking varies from entity to entity, and it is common practice to set account revision (periodic reviews) depending on risk ranking every 12/18/24/+ months. This is in line with the risk-based approach necessary for customer due diligence. However, when a material change occurs, such as detection of suspicious transactions, name / address change, ownership change occurs, risk ranking needs to be reassessed and measures taken appropriately.
Article 23 – Minimum information to identify the purpose and intended nature of the business relationship or occasional transaction in low-risk situations - determining the source of wealth, transaction corroboration and periodic review is necessary for determining changes in low-risk situations. 'Source of Wealth' or 'Sources of Funds' determine the risk rating over a profile.
Question 7: What are the specific sectors or financial products or services which, because they are associated with lower ML/TF risks, should benefit from specific sectoral simplified due diligence measures to be explicitly spelled out under Section 4 of the daft RTS? Please explain your rationale and provide evidence.
The financial products or services which are considered a lower risk for ML/TF and could benefit from specific sectoral simplified due diligence are those which reduce the ability for criminals to disguise the origins for illicit funds and don’t have an inflow and outflow of funds driven by the accountholder. Products and services such as credit cards, school/car loans, payroll, term life, health insurance, government bonds, public utilities, and telecom services are examples. In most instances, for the above products and services, CIP, Sanctions, and source of wealth due diligence are sufficient for onboarding the accountholder. If a product or service referenced above includes a payout, due diligence such as Sanctions screening and other risk-based due diligence in line with internal policy (PEP, adverse media review, etc) should be conducted on the recipient/beneficiary.
Question 8: Do you agree with the proposals as set out in Section 5 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Agree with the proposal with the following suggestions/comments:
Article 24 - Additional information on the customer and the beneficial owners - Conducting Enhanced Due Diligence on a customer’s close associates and /or beneficial owners is an important safeguard against financial crime and reputational risk. This deeper layer of diligence uncovers hidden connections that could be linked to sanctioned parties, fraud, or scandals. Doing due diligence on them helps obligated entities reduce the risk of inadvertently dealing with restricted parties. The proposed RTS should acknowledge and support the use in practice of third party EDD service providers as these provide a more granular level of scrutiny, especially for high-risk clients, transactions, or jurisdictions. It helps uncover hidden connections—such as links to sanctioned individuals, politically exposed persons (PEPs), or opaque ownership structures—that may not be visible via obliged entities own in-house due diligence processes. Modern EDD platforms, such as those provided by LSEG Risk Intelligence, offer, among others, automated risk scoring, fast turnaround times and comprehensive data analysis with global coverage.
Article 25 – Additional information on the intended nature of the business relationship and Article 26 – Additional information on the source of funds, and source of wealth of the customer and of the beneficial owners - The benefits of this information for financial crime risk mitigation are multiple: detect potential signs of a shell company or front business; demonstrate evidence of operations and revenue source; Trace the source of capital raised for establishing a business. This additional information also helps making informed business decisions and understanding the accumulation of value, not just its current value.
Question 9: Do you agree with the proposals as set out in Section 6 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Agree with the proposal with the following suggestions/comments:
Article 28 – Screening of customers - The screening of beneficial owners / controllers is essential to avoid sanctions evasion and ensure that financial institutions are not providing services to sanctioned entities, even if indirectly. Achieving this level of screening requires access to a robust, global data set, in a structured format and updated frequently. Sourcing the data from a third party that provides consolidated records will also help to achieve this screening in an efficient way. For example, obliged entities could face fines for non-compliance, which could be avoided if they use a screening tool such as LSEG World-Check.
Article 29 – Screening requirements - Partly agree with the following suggestions:
1) Place of birth is also necessary for point a; i), and country of registration for a; ii).
2) In a. iii), would be useful to include ‘digital wallets’. Authorities adopting sanctions currently identify these as digital currency addresses on their sanction lists as opposed to digital wallets.
3) Would be also useful to include details on the expectations for how often databases need to be refreshed
Due to the number of customers that require screening, coupled with the need for efficient screening to avoid false positives, the more identifiers are available, the more accurate the results will be. Therefore, a consolidated and structured data source to support automated screening is essential to deliver results that support an effective screening program.
Question 10: Do you agree with the proposals as set out in Section 7 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Agree - A risk based approach is sensible and in practice evidence to procedural controls and monitoring should be reflected as means to evidence a risk bases approach is being adopted.
Question 11: Do you agree with the proposals as set out in Section 8 of the draft RTS (and in Annex I linked to it)? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
NA