Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates

Go back

Question 1: Do you have any comments on the approach proposed by the EBA to assess and classify the risk profile of obliged entities?

NA

Question 2: Do you agree with the proposed relationship between inherent risk and residual risk, whereby residual risk can be lower, but never be higher, than inherent risk? Would you favour another approach instead, whereby the obliged entity’s residual risk score can be worse than its inherent risk score? If so, please set out your rationale and provide evidence of the impact the EBA’s proposal would have.

NA

3a: What will be the impact, in terms of cost, for credit and financial institutions to provide this new set of data in the short, medium and long term?

NA

3b: Among the data points listed in the Annex I to this consultation paper, what are those that are not currently available to most credit and financial institutions?

NA

3c: To what extent could the data points listed in Annex I to this Consultation Paper be provided by the non-financial sector?

NA

Question 4: Do you have any comments on the proposed frequency at which risk profiles would be reviewed (once per year for the normal frequency and once every three years for the reduced frequency)? What would be the difference in the cost of compliance between the normal and reduced frequency? Please provide evidence.

NA

Question 5: Do you agree with the proposed criteria for the application of the reduced frequency? What alternative criteria would you propose? Please provide evidence.

NA

Question 6: When assessing the geographical risks to which obliged entities are exposed, should crossborder transactions linked with EEA jurisdictions be assessed differently than transactions linked with third countries? Please set out your rationale and provide evidence.

NA

Question 1: Do you agree with the thresholds and provided in Article 1 of the draft RTS and their value? If you do not agree, which thresholds to assess the materiality of the activities exercised under the freedom to provide services should the EBA propose instead? Please explain your rationale and provide evidence of the impact the EBA’s proposal and your proposal would have.

We recommend that the thresholds proposed in Article 1 be interpreted or recalibrated when applied to PE/VC/infra managers. These sectors do not operate high-volume, continuous financial services; instead, they manage long-term, closed-end investment vehicles with a relatively limited number of professional or institutional investors and low-frequency capital flows. 

In this context, we also emphasise that the definition of "customer" under Article 22 of AMLR should be narrowly understood. For PE/VC/infra managers, only the fund and its investors should potentially be treated as customers. Other transaction parties — such as portfolio companies, sellers, or acquirers — are counterparties, not customers, and should not be included in customer-based thresholds or customer count metrics.

We therefore propose that:

  • Thresholds be adjusted upward or supplemented with qualitative criteria where firms operate closed-end funds with long lock-up periods, no redemptions, and a professional investor base.
  • Customer thresholds should align with the narrower PE/VC-specific interpretation of "customer" to avoid inflated metrics that do not reflect actual risk or service relationships.

Question 2: What is your view on the possibility to lower the value of the thresholds that are set in article 1 of the draft RTS? What would be the possible impact of doing so? Please provide evidence.

We strongly caution against lowering thresholds without explicit differentiation between sectors. For PE/VC/infra, a lower customer or transaction threshold would capture firms whose risk profile does not warrant classification as “material,” especially given:

  • the low frequency of capital flows,
  • the long-term, illiquid nature of investments,
  • and the highly vetted, professional investor base.

Reducing thresholds in a way that ignores business model diversity would misalign risk categorisation and dilute supervisory focus.

Question 3: Do you agree on having a single threshold on the number of customers, irrespective of whether they are retail or institutional customers? Alternatively, do you think a distinction should be made between these two categories? Please explain the rationale and provide evidence to support your view.

A single threshold that does not differentiate between retail and institutional customers is not appropriate for PE/VC/infra firms, whose clients are almost exclusively institutional, regulated, and subject to their own AML/CFT obligations.

Furthermore, as already outlined above and in our response to the CDD RTS, only the fund and its investors should potentially be treated as “customers” of a PE/VC manager, not the portfolio company or other parties to a transaction.

We recommend:

  • The RTS explicitly acknowledge that, for PE/VC/infra firms, only fund investors (and not portfolio companies or co-investors) are customers for AML purposes.
  • Customer thresholds be adapted to exclude professional institutional clients from customer counts or apply higher thresholds when such clients are the only investor type.
  • If a split is retained, only retail clients should count toward thresholds set at lower levels of materiality, while a higher or separate threshold should apply for firms serving professional clients exclusively.

This would better reflect the true materiality and ML/TF risk posed by firms in our sectors.

Question 4: Do you agree that the methodology for selection provided in this RTS builds on the methodology laid down in the RTS under article 40(2)? If you do not agree, please provide your rationale and evidence of the impact the EBA’s proposal and your proposal would have.

We recognise the similarities, but stress that the same methodology is not appropriate for PE/VC/infra firms. These sectors:

  • Do not operate transactional accounts;
  • Do not have continuous cash flows or payment activities;
  • Involve layered governance and pre-investment due diligence; and
  • Hold investments for multiple years before exit.

A sector-specific scoring approach is needed. We suggest creating an adjusted risk scoring model within Annex I that reflects:

  • Fund structure (AIF vs UCITS),
  • Investor type,
  • Investment horizon,
  • Transaction frequency, and
  • Exposure to high-risk jurisdictions.

This would avoid distorted residual risk scores and improve proportionality in supervision.

Question 5: Do you agree that the selection methodology should not allow the adjustment of the inherent risk score provided in article 2 of draft under article 40(2) AMLD6? If you do not agree, please provide the rationale and evidence of the impact the EBA’s proposal would have.

We suggest a few additions to the scope of information requested from PE/VC managers by EU supervisors, specifically to the data points collected from asset managers under Section A (Inherent risks) of Annex 1. 

PE/VC firms regularly carry out voluntary, risk-based due diligence on non-customer parties such as co-investors, acquirers, or senior management of target companies. These checks — including sanctions screening and beneficial ownership verification — go beyond legal requirements and reflect the sector’s strong internal governance and reputational risk management standards. We encourage the EBA to recognise such measures as relevant mitigation factors in residual risk assessments.

Proposed Additions to Annex I – Section A (Inherent Risks):

Products, Services and Transactions > Management of AIFs:

  • Average term of commitment period
  • Availability of redemptions, withdrawals and transfers
  • Number of retail investor customers
  • Number of professional investor customers
  • Total assets under management
  • Total AUM in unlisted financial instruments

Geographies:

  • Aggregate number of investments
  • Number of investments in high-risk third countries for AML/CFT purposes by reference to assessments published by the Financial Action Task Force (FATF)
  • Aggregate number of investors
  • Number of investors in high-risk third countries for AML/CFT purposes by reference to assessments published by the FATF

These additions would help ensure that PE/VC-specific business models are adequately captured in risk scoring and allow for proportionate supervisory treatment.

Question 6: Do you agree with the methodology for the calculation of the group-wide score that is laid down in article 5 of the RTS? If you do not agree, please provide the rationale for it and provide evidence of the impact the EBA’s proposal and your proposal would have.

We agree with the need for a structured approach but caution that group-level scoring should not obscure firm-level distinctions. PE/VC managers may belong to groups that also include banking, lending, or fintech entities. The calculation of the group-wide score should:

  • Clearly isolate low-risk entities (like PE/VC managers);
  • Allow for differentiated weighting based on risk type;
  • Avoid overestimating group risk due to unrelated subsidiaries with different risk profiles.

Question 7: Do you have any concern with the identification of the group-wide perimeter? Please provide the rationale and the evidence to support your view on this.

Yes. PE/VC/infra managers are sometimes part of larger financial groups, but they usually operate very differently from banks, lenders, or payment institutions within the same group. Their business models are distinct, with long-term capital commitments, institutional investors, and low transaction frequency — resulting in lower inherent AML/CTF risk.

We recommend that the EBA allow firms like PE/VC/infrastructure managers to be treated separately within a group where they have a different business model and operate independently. Where a PE/VC/infra manager is operationally independent from other higher-risk group entities, this should be reflected in both group composition and the aggregation of residual risk.

Question 8: Do you agree to give the same consideration to the parent company and the other entities of the group for the determination of the group-wide risk profile? Do you agree this would reliably assess the group-wide controls effectiveness even if the parent company has a low-relevant activity compared to the other entities?

Not necessarily. In PE/VC/infra groups, the parent company is often a non-operational holding entity or licensing vehicle. Treating it as equally relevant as the AIFM or regulated investment adviser would distort the analysis. Risk relevance should depend on:

  • Regulatory responsibility for AML/CFT compliance;
  • Customer-facing activity; and
  • Actual risk exposure in terms of fund flows and investor interface.

Question 9: Do you agree with the transitional rules set out in Article 6 of this RTS? In case you don’t, please provide the rationale for it and provide evidence of the impact the EBA’s proposal and your proposal would have.

We agree with the transitional flexibility, but reiterate that any interim classification of PE/VC/infra managers must be based on a correct understanding of the sector’s risk profile. Initial supervisory rounds should allow for firm-specific contextual information, including the mitigating impact of investor vetting, multi-year investment horizons, and voluntary due diligence practices.

Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Private equity (PE), venture capital (VC), and infrastructure managers operate under a model setting that is distinctly apart from deposit-taking or high-frequency transactional institutions. As such, many of the more granular provisions in the RTS — including those concerning customers’ transactional behaviour, real-time remote identification, and direct engagement with natural persons — are of very limited applicability for the entire PE-, Infrastructure investment and VC industry. We encourage EBA to recognise these distinctions in application and guidance, in line with the proportionality principle.

We broadly agree with the structure and goals of Section 1. However, the interpretation of "customer" must be clarified and adapted to sectoral contexts. For PE/VC firms, the relationship with the underlying portfolio company is typically transactional and not service-based. These portfolio entities are counterparties—not customers and should in regulatory contexts be treated as such. The CDD obligations should therefore only apply to investors in the fund and, where relevant, co-investors receiving services from the fund manager.

  • Article 4 (nationalities): The requirement to ensure knowledge of any nationalities held by the customer could force firms into trying to prove a negative. We recommend this be reframed as an obligation to collect nationalities declared by the customer, based on best efforts.
  • Articles 10–11 (ownership structures): The scope of information required, including classes of shares, nominee shareholders, and control mechanisms, risks being disproportionate and unclear in its application. In complex structures, it could significantly expand the CDD burden and therefore we recommend narrowing this to require obliged entities to obtain a reference to any intermediary entities only, unless there are risk indicators warranting deeper due diligence. Further, the obligation to assess whether an organigram is “accurate and complete” should be revised to whether it “appears accurate and complete based on available information” as this is not necessarily something that can be definitely confirmed.
  • Article 12 (senior managing officials): This provision goes beyond AMLR Article 22(2) by equating the due diligence for senior managing officials (SMOs) with that of beneficial owners. The AML/CFT risk regarding SMO is not comparable to AML/CFT risk of “real economic or controlling” UBOs. A distinction is therefore appropriate between a senior managing official identified in the absence of “real” beneficial owners (identified based on control or ownership), and stricto sensu beneficial owners. SMOs are very often employees of an entity who often act in a fiduciary capacity without ownership and have therefore generally no personal financial interest in the investment. On the other hand, a beneficial owner who may have a personal financial interest and may control the entity by other means has a different risk. SMOs should therefore be identified and verified by using risk sensitive measures.

Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.

We recognise the importance of strong remote onboarding safeguards. However, Article 6 imposes requirements that may be impractical or impose disproportionate burdens:

  • The requirement to obtain explicit recorded consent is impractical and disproportionately burdensome, especially where fund managers rely on intermediaries or pooled distribution platforms. This is more appropriately governed by data protection rules (e.g., GDPR) rather than AML regulation, and should therefore be addressed in that context.
  • Obliged entities may not have systems that support end-to-end encrypted video or real-time checks, and smaller firms may lack the resources to implement these technologies.
  • The cumulative effect of the criteria could exclude otherwise reliable onboarding mechanisms. We therefore recommend:
    • Treating these criteria as non-binding examples for remote verification.
    • Reframing the requirement to adopt solutions based on a firm’s risk exposure, size, and complexity.
    • Removing the recorded consent obligation altogether or relocating it to data protection legislation.

While these recommendations are applicable more broadly, they are particularly relevant to PE/VC firms whose low-risk profiles and reliance on intermediated onboarding make rigid compliance with these provisions impractical.

Question 3: Do you have any comments regarding Article 8 on virtual IBANS? If so, please explain your reasoning.

NA

Question 4: Do you agree with the proposals as set out in Section 2 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

NA

Question 5: Do you agree with the proposals as set out in Section 3 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

NA

Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

We welcome the clarification that low-risk scenarios can benefit from simplified due diligence. Section 4 should be revised to explicitly identify sectors like PE/VC and infrastructure investors as suitable for simplified due diligence (SDD), due to their structural risk-mitigation features—such as long-term capital lock-up, lack of redemption rights, and institutional investor bases. Recognising these features in the RTS would improve regulatory clarity and consistency. However, we also raise the following concerns:

  • Article 21: The proposed wording aims to clarify the SDD measures that collective investment undertakings must implement in relation to intermediaries investing on behalf of their customers. The proposed wording can be misleading as it suggests that the collective investment undertaking acts through another intermediary, which is not the case. It should be revised to specify that an entity acting as an intermediary by subscribing for shares, units or other ownership interests of a collective investment undertaking in its own name, but on behalf of its customers, must adhere to certain conditions such CDD specifically on natural persons who own or control 25% or more of the intermediary's investments and might be considered ultimate beneficial owners. The conditions that must be met should also be simplified: the intermediary must be subject to AML/CFT obligations that are comparable (instead of not less robust) to those required by AMLR, and the risk associated with the business relationship must not be high (instead of “low”).
  • Article 22 (up-to-date data “at all times”): This wording introduces a de facto obligation for continuous monitoring. We recommend deleting or aligning this with Article 22(1) AMLR by focusing on periodic, risk-based reviews and trigger events, recognising the specificities of the PE/VC industry.

Question 7: What are the specific sectors or financial products or services which, because they are associated with lower ML/TF risks, should benefit from specific sectoral simplified due diligence measures to be explicitly spelled out under Section 4 of the daft RTS? Please explain your rationale and provide evidence.

We believe private equity, venture capital, and infrastructure investment sectors meet the criteria for explicit simplified due diligence treatment. Key justifications include:

  • Predominantly professional/institutional investor bases
  • Long holding periods with limited liquidity events
  • Comprehensive investor onboarding processes
  • Active involvement in investee governance, allowing early detection of irregularities

The targeted nature of PE investment with the involvement of largely institutional investors (such as pension funds, insurance groups and sovereign wealth funds etc) and, critically, the time horizon over which investments take place also means that the risk of money laundering and terrorist financing in the sector is generally low with little opportunity for "placement" or "layering" of dirty money. Acknowledging these characteristics would enable supervisory focus on genuinely higher-risk sectors.

In addition, the requirement to maintain continuously up-to-date CDD records, even for low-risk relationships, may be unworkable. A more practical obligation would be to refresh identification data upon trigger events (e.g., changes in control, fund restructuring) or at reasonable intervals. This would reduce compliance burdens while maintaining data integrity.

Question 8: Do you agree with the proposals as set out in Section 5 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

While we appreciate the need for enhanced due diligence in higher-risk cases, the RTS should clarify that measures such as identifying key clients and business partners are optional indicators rather than mandatory steps. This is especially important for firms investing passively in entities without day-to-day operational involvement.

  • Article 27: The obligation to verify the accuracy of transaction justifications should be revised to an obligation to assess their plausibility. Where many parties are involved in a transaction, due diligence should be limited to key parties to maintain proportionality.

Question 9: Do you agree with the proposals as set out in Section 6 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

NA

Question 10: Do you agree with the proposals as set out in Section 7 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

NA

Question 11: Do you agree with the proposals as set out in Section 8 of the draft RTS (and in Annex I linked to it)? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

NA

Question 1: Do you any have comments or suggestions regarding the proposed list of indicators to classify the level of gravity of breaches sets out in Article 1 of the draft RTS? If so, please explain your reasoning.

NA

Question 2: Do you have any comments or suggestions on the proposed classification of the level of gravity of breaches sets out in Article 2 of the draft RTS? If so, please explain your reasoning.

NA

Question 3: Do you have any comments or suggestions regarding the proposed list of criteria to be taken into account when setting up the level of pecuniary sanctions of Article 4 of the draft RTS? If so, please explain your reasoning.

NA

Question 4: Do you have any comments or suggestions of addition regarding what needs to be taken into account as regards the financial strength of the legal or natural person held responsible (Article 4(5) and Article 4(6) of the draft RTS)? If so, please explain.

NA

5a: restrict or limit the business, operations or network of institutions comprising the obliged entity, or to require the divestment of activities as referred to in Article 56 (2) (e) of Directive (EU) 2024/1640?

NA

5b: withdrawal or suspension of an authorisation as referred to in Article 56 (2) (f) of Directive (EU) 2024/1640?

NA

5c: require changes in governance structure as referred to in Article 56 (2) (g) of Directive (EU) 2024/1640?

NA

Question 6: Which of these indicators and criteria could apply also to the non-financial sector? Which ones should not apply? Please explain your reasoning.

NA

Question 7: Do you think that the indicators and criteria set out in the draft RTS should be more detailed as regards the naturals persons that are not themselves obliged entities and in particular as regards the senior management as defined in AMLR? If so, please provide your suggestions.

NA

Question 8: Do you think that the draft RTS should be more granular and develop more specific rules on factors and on the calculation of the amount of the periodic penalty payments and if yes, which factors should be included into the EU legislation and why?

NA

Question 9: Do you think that the draft RTS should create a more harmonised set of administrative rules for the imposition of periodic penalty payments, and if yes, which provisions of administrative rules would you prefer to be included into EU legislation compared to national legislation and why?

NA

Name of the organization

Invest Europe