Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates

Go back

Question 1: Do you have any comments on the approach proposed by the EBA to assess and classify the risk profile of obliged entities?

Article 40, paragraph 2, of the AMLD requires AMLA to develop a common methodology that all supervisors will use to assess the level of ML/TF risks to which obliged under their supervision are exposed.

This methodology project is based on the assessment of inherent risk, the quality of AML/CFT controls, and the residual risk of the entities subject to supervision. This assessment will be based on a set of indicators that are not included in the draft RTS.

The draft RTS also introduces a unique set of data points that all supervisors would be required to use to establish the above-mentioned indicators. These data are detailed in Annexes 1 and 2 of the draft RTS.

AMAFI thanks the EBA for giving it the opportunity to comment on this draft methodology.

GENERAL COMMENTS

Cost of IT developments and mobilisation of human resources

AMAFI draws the EBA's attention to the significant cost of collecting and processing the data referred to in Annex I of the draft RTS.

In France, the entities subject to the draft RTS have recently adapted their tools to comply with new national requirements, including a very detailed questionnaire (approximately 300 questions) designed to assess their AML/CFT arrangements. Therefore, the introduction of these new European requirements, without taking into account the efforts already made at the national level, will inevitably lead to additional costs.

Compliance will require the development of IT tools and the allocation of significant human resources, in particular to reprocess existing clients data. These types of addition burden increase the cost of doing business in Europe, which contributes to undermining the competitiveness of European players, without necessarily improving the effectiveness of the fight against money laundering and terrorist financing.

AMAFI therefore recommends that the EBA rely as much as possible on data collection requirements already in force at national level, in order to avoid duplication of effort and limit compliance costs.

Need for coordination in the collection of data

AMAFI expresses its concern about the volume of data required in Annex I of the draft.

It is essential that national authorities coordinate reporting requirements in order to avoid duplication. As it stands, there is a risk of overlap between national requirements and those introduced by the draft RTS.

AMAFI therefore invites the authorities to conduct a gap analysis between the data already collected at national level and that required under this draft, with a view to streamlining reporting requirements.

In order to avoid duplication of effort and limit compliance cost, National authorities responsible for AML supervision should collect the data listed in Annex I from other national authorities, FIUs and bodies so as not to place an additional burden on the entities subject to supervision.

Adaptation of indicators to the investment services sector

AMAFI supports the position expressed in Recital 7 of the draft, according to which the risk assessment methodology must be adjusted to the specific characteristics of the activities of the obliged entities. The investment services sector has specific characteristics, particularly in terms of the nature of its activities, types of clients and marketing channels, which may influence exposure to the risk of money laundering and terrorist financing.

However, at this stage, the indicators envisaged do not appear to take full account of these specific characteristics (see detailed comment: client typology,…).

As a result, some of the quantitative data required appear to be of little relevance for assessing risk in investment services, particularly when they do not take into account the business model or the complexity of operations.

It is imperative that the proposed methodology incorporate sectoral differences, both in the selection of indicators and in their weighting.

Clarification of concepts and methodological transparency

a. Clarification of concepts

Assessing the relevance of the data in Annex I is made difficult:

by the interpretative note accompanying Annex I to the draft RTS, which has not been communicated at this stage, making uncertain the scope of certain concepts (e.g., “high-risk activity,” “professional clients”);
by some of the concepts that refer to definitions that are provided in the draft RTS on CDD and are still under discussion (e.g., “complex structure”).

This lack of definition could lead to inconsistent interpretations at the national level, thereby compromising the harmonisation and comparability of risk assessments.

b. Transparency in the determination of indicators

The lack of transparency on how the data collected will be combined to form risk indicators makes it difficult to assess the relevance of the data referred to in Annex I.

AMAFI recommends that the ABE publish an explanatory note detailing the concepts used, the criteria for selecting indicators, and the method for combining and weighting them. Such transparency is essential to ensure the relevance of the assessment framework for supervised entities.

Question 2: Do you agree with the proposed relationship between inherent risk and residual risk, whereby residual risk can be lower, but never be higher, than inherent risk? Would you favour another approach instead, whereby the obliged entity’s residual risk score can be worse than its inherent risk score? If so, please set out your rationale and provide evidence of the impact the EBA’s proposal would have.

3a: What will be the impact, in terms of cost, for credit and financial institutions to provide this new set of data in the short, medium and long term?

Do you have any comments on the proposed list of data points in Annex I to this Consultation Paper?

AMAFI would like to make the following comments on the data points listed in Annex 1 of the draft RTS:

Customer Category :

Number of PEPs related business relationships (including family members and close associates)

Clarification required whether this is for facing customers that are individuals and are PEPs (including family members/close associates), or non-individual customers with related parties that are PEPs (including family members/close associates).

Number of PEPs related business relationships (including family members and close associates) by country

As above – and clarification on which data point the country assessment should be made – i.e. country of residence, nationality/citizenship or PEP position.

Number of customers with at least one transaction in the previous year

Clarification/definition of transaction will be helpful (would this data point include transfer of assets across sub-funds within the same umbrella fund or just subscriptions and redemptions).

Number of NPOs with cross border transactions to/from non-EEA countries

"Non-EEA" is not necessarily an AML/CTF risk factor
Suggest focussing on EU HRTC.
Should this assessment focus on the transactions with the obliged entity, or is the data point general about the customer?
Challenge to extract this data as it would require combining customer and transactional data (manual treatment exposing to potential data errors)

Number of legal entities with complex structure

See feedback on definition of complex ownership structure in CDD RTS. For most of the financial institutions, a "complex structure" indicator may not be available nor reportable data in KYC system.

Number of customers with high-risk activities

Definition of high-risk activities needed.

Number of legal entities with at least 1 UBOs located in non-EEA countries (residence)

Non-EEA" is not necessarily an AML/CTF risk factor. Suggest focusing on EU HRTC. Clarity also on whether this should include SMOs or just “true” UBOs.

Number of customers with cross border transactions involving non-EEA countries

"Non-EEA" is not an AML/CTF risk criteria.
Suggest focussing on cross border transactions involving EU HRTC.
Should this assessment focus on the transactions with the obliged entity, or is the data point general about the customer?
Challenge to extract this data as it would require combining customer and transactional data (manual treatment exposing to potential data errors)

Products Services and Transactions Category > Invest. Services and Activities reception and transmission of orders

Number of retail clients & Number of professional clients

Required clarification "retail and professional clients" (i.e. MIF definition)
Add a line for eligible counterparty clients

% of amounts of orders transmitted involving unlisted financial instruments, other than financial instruments issued by the obliged entity or its group

Required clarification of unlisted financial instruments

Number of AML/CFT regulated customers outside the EEA

"Non-EEA" is not an AML/CTF risk factor. Suggest focussing on EU HRTC.

Products Services and Transactions > Invest. Services and Activities – custody account keeping

Whole section

Required clarification “custody account keeping”

Number of retail clients & Number of professional clients

Required clarification "retail and professional clients" (i.e. MIF definition)
Add a line for eligible counterparty clients

Products Services and Transactions > Correspondent services

Whole section

Suggest restricting to Correspondent Banking transactions

Geographies

Number of incoming transactions in the previous year by country

Clarification/definition of transaction will be helpful (would this data point include transfer of assets across sub-funds within the same umbrella fund or just subscriptions and redemptions).

Number of institutions established in foreign countries to whom you provide correspondent services (by country)

Suggest adding in the word “banking” to read “correspondent banking services”

Distribution Channels

Number of new customers onboarded remotely in the previous year

For investment management business, if “remotely” refers to non face-to-face, this will mean almost all investors will fall into this group.

Number of new customers onboarded in the previous year by 3rd parties

Clarification/definition of 3rd parties will be helpful (i.e., is this referring to Transfer agents (service providers) and/or distributors). If the data point is focused on distributors, it will require outreach to all distributors as we don’t maintain access to this info and there will potentially be double counting without obtaining a list of underlying customers from each distributor (and distributors are typically reluctant to provide this).

Number of agents by country

Clarification/definition of agents will be helpful. In addition, does “country” refer to country of incorporation of the agent or countries where the agent conduct business in?

Number of distributors by country

Clarification/definition of agents will be helpful. In addition, does “country” refer to country of incorporation of the agent or countries where the agent conduct business in?

AML/CFT governance structures

Section 1D - All questions

Clarification if the information is to be provided at group level or individual entity/branch level.

Section 1E - AML/CFT training (employees, officers, agents and distributors)

Agents and distributors do not / unlikely to share these data points.

Section 1E - Average number of hours of AML training in the last calendar year attended by (per person) : a) AML specialist staff ; b) Non-AML specialist staff (including management, 1st line of defence) ; c) Board members / non-executive directors

Clarification required: Does this refer to AML training delivered across the organisation by 2nd line e.g. does not include for instance operational training onboarding teams may hold internally for KYC Programs

Risk Assessment > 2B: Customer ML/TF risk assessment and classification (CRA)

Number of customers per ML/TF risk category (low risk, medium-low risk, medium-high risk, high-risk)

Suggest removing the categories of risk – institutions will have their own terminology (e.g. 3 or 4 tier of risk ranks)

AML/CFT Policies and procedures > 3A: Customer Due Diligence

Number of customers that are legal entities/trusts whose beneficial owners have not been identified

Clarification required: are we asked to provide the number of legal entities with no UBO (i.e. with proxy UBO/SMO) ? Supervised entities cannot onboard legal entity clients without identifying UBO (except for listed companies which benefit of an UBO ID exemption).

Number of high-risk customers that are legal entities

Shouldn’t this be in the Customer section, not the AML/CTF Policies and procedures section?

Number of high-risk customers that are legal entities/trusts whose beneficial ownership has been identified, but the identity of whom has not been verified

Clarification required: what verification means are referred to here? UBO's VID is a requirement following a RBA.

Number of customers without identification and verification documentation/ information

Clarification required: In what instances would this be appliable? For example, does this refer to instances where we have applied waivers/dispensations to not obtain ID&V information/requirements? In instances where the above is not applicable and we haven’t been able to fulfil our KYC obligations we wouldn’t proceed with onboarding.

Number of customers with incomplete identification and verification documentation/ information

Number of high-risk customers with missing or incomplete CDD data or information

Clarification required: Does this relate to post KYC completion and information has been identified as missing from the KYC file?

3b: Among the data points listed in the Annex I to this consultation paper, what are those that are not currently available to most credit and financial institutions?

3c: To what extent could the data points listed in Annex I to this Consultation Paper be provided by the non-financial sector?

Question 4: Do you have any comments on the proposed frequency at which risk profiles would be reviewed (once per year for the normal frequency and once every three years for the reduced frequency)? What would be the difference in the cost of compliance between the normal and reduced frequency? Please provide evidence.

Question 5: Do you agree with the proposed criteria for the application of the reduced frequency? What alternative criteria would you propose? Please provide evidence.

Question 6: When assessing the geographical risks to which obliged entities are exposed, should crossborder transactions linked with EEA jurisdictions be assessed differently than transactions linked with third countries? Please set out your rationale and provide evidence.

Question 1: Do you agree with the thresholds and provided in Article 1 of the draft RTS and their value? If you do not agree, which thresholds to assess the materiality of the activities exercised under the freedom to provide services should the EBA propose instead? Please explain your rationale and provide evidence of the impact the EBA’s proposal and your proposal would have.

Question 2: What is your view on the possibility to lower the value of the thresholds that are set in article 1 of the draft RTS? What would be the possible impact of doing so? Please provide evidence.

Question 3: Do you agree on having a single threshold on the number of customers, irrespective of whether they are retail or institutional customers? Alternatively, do you think a distinction should be made between these two categories? Please explain the rationale and provide evidence to support your view.

Question 4: Do you agree that the methodology for selection provided in this RTS builds on the methodology laid down in the RTS under article 40(2)? If you do not agree, please provide your rationale and evidence of the impact the EBA’s proposal and your proposal would have.

Question 5: Do you agree that the selection methodology should not allow the adjustment of the inherent risk score provided in article 2 of draft under article 40(2) AMLD6? If you do not agree, please provide the rationale and evidence of the impact the EBA’s proposal would have.

Question 6: Do you agree with the methodology for the calculation of the group-wide score that is laid down in article 5 of the RTS? If you do not agree, please provide the rationale for it and provide evidence of the impact the EBA’s proposal and your proposal would have.

Question 7: Do you have any concern with the identification of the group-wide perimeter? Please provide the rationale and the evidence to support your view on this.

Question 8: Do you agree to give the same consideration to the parent company and the other entities of the group for the determination of the group-wide risk profile? Do you agree this would reliably assess the group-wide controls effectiveness even if the parent company has a low-relevant activity compared to the other entities?

Question 9: Do you agree with the transitional rules set out in Article 6 of this RTS? In case you don’t, please provide the rationale for it and provide evidence of the impact the EBA’s proposal and your proposal would have.

Question 1: Do you agree with the proposals as set out in Section 1 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

General comments on the draft RTS

AMAFI thanks the EBA for the opportunity to respond to this consultation on the draft RTS on customer due diligence, as per the mandate provided under the AMLR.

We strongly support the harmonisation of customer due diligence measures at the European level, as this will foster a consistent application of the provisions across the European Union and help ensure fairer competition, including by preventing forum shopping by foreign institutions seeking to establish themselves in the Union. This harmonisation presents also an opportunity to achieve much-needed consistency of requirements applicable within financial groups and to reduce compliance costs, although such reduction will probably be negligible given the additional burden resulting from the strengthened requirements introduced by the AMLR.

While combating money laundering and terrorist financing (ML/TF) is essential to safeguarding the integrity of the European economy and society, this fight must remain aligned with the European Commission’s objectives of reducing unnecessary burdens and promoting simplification. Harmonisation should not mean defaulting to the most restrictive approaches, but rather should involve streamlining requirement and selecting the most relevant and effective.

AMAFI is particularly concerned that several of the proposals set out in this draft RTS risk undermining the risk-based approach, a key pillar of the AML/TF framework for many years, which remains central to the AMLR (AMLR, recital 52, & see below) and is recognised as essential by the FATF. The risk-based approach is critical to the overall effectiveness of AML/TF efforts and should be more explicitly reflected in the draft RTS proposals.

The need to take the risk-based approach into account

The harmonisation of customer due diligence measures at the European level must not compromise the risk-based approach adopted by the obliged entities, which is recognised as essential by the FATF (FATF, Recommendation n°1, “Assessing risks and applying a risk-based approach”) and the European legislator (AMLR, recital 52).

Such an approach allows for the proportionate and targeted allocation of resources to the activities and customers most exposed to risk. This risk-based approach is even more important given that anti-money laundering regulations apply to a wide range of entities with specific characteristics related to their sector of activity and exposed to different levels of ML/TF risk.

Therefore, AMAFI is concerned that the provisions of the current draft RTS are primarily focused on considerations related to retail banking activities, without taking into account the specific characteristics of capital markets activities, which are are vital for the EU financing and its economy. Its main components as follows:

In many cases, financial market participants have no direct relationship with the originator or ultimate beneficiary of a transaction, but interact only with another financial institution;
Their involvement is often limited to executing a transaction or transmitting an order, without hosting the account on which the transaction is ultimately settled;
Furthermore, in a significant number of cases, neither the cash flows nor the securities flows related to the transaction pass through their systems.

In this context, the French Prudential Supervision and Resolution Authority (ACPR) concluded in its sectoral risk analysis for 2023 that financial market activities present a low to moderate overall risk of money laundering and terrorist financing.

Consequently, AMAFI does not support the draft RTS being overly prescriptive, providing for an excessive level of granularity in the rules or relying on considerations almost exclusively related to retail banking.

AMAFI believes that several provisions in the draft RTS lack sufficient proportionality and risk-based nuance. If adopted as currently drafted, the lack of flexibility will lead to disproportionate compliance costs, unnecessary customer outreach, and delays in onboarding, with limited corresponding risk-mitigating effect.

AMAFI therefore recommends incorporating clearer references to the risk-based approach, allowing institutions to tailor measures to actual risk exposure (see the proposed amendments below).

In its response to the consultation, AMAFI therefore wishes to ensure that the draft RTS effectively takes this risk-based approach into account and is thus tailored to the financial activities and operational specificities of capital markets, thereby ensuring both the effectiveness of AML/CFT arrangements and the proportionality of the obligations imposed on regulated entities.

Section 1: Information to be collected for identification and verification purposes

I. General Comment

Article 22 (1) of the Anti-Money Laundering Regulation (‘AMLR’) requires obliged entities to obtain specific information to identify ‘the customer, any person purporting to act on behalf of the customer, and the natural persons on whose behalf or for the benefit of whom a transaction or activity is being conducted’.

Article 1 (1) of the draft RTS cites Article 22 (1) AMLR but then sets out requirements citing only ‘the customer’, with no mention of the additional classes of persons set out in Article 22 (1) AMLR. It is unclear whether this is an oversight, or whether the EBA intends to target measures at a more limited population than that identified in the AMLR.

AMAFI therefore request that the EBA clarify :

whether the reference in Article 1 (1) draft RTS to a more limited population (of ‘customer[s]’) than that cited in Article 22 (1) AMLR is an oversight, or a deliberate choice,
the scope of the information to be obtained with regard to the identification of persons purporting to act on behalf of the customer, and of natural persons on whose behalf or for the benefit of whom a transaction or activity is being conducted, and
whether the requirements set out for ‘customers’ similarly apply to the identification of o natural person trustees of an express trust or persons holding an equivalent position in a similar legal arrangement, pursuant to Article 22 (1) (c) AMLR, and o beneficial owners pursuant to Article 22 (2) AMLR, in combination with Article 62 (1) AMLR and/or also, where appropriate, to the identification of individuals as per Article 22 (1) (c) AMLR, in combination with Articles 57 to 60 AMLR. These questions apply mutatis mutandis to Articles 1 to 6 draft RTS.

II. Request for the clarification of certain aspects of article 22 of the AMLR

The draft RTS remains silent on certain aspects of Article 22 of the AMLR. AMAFI therefore recommends that clarifications be provided on the points identified hereafter.

A. Concept of “any person purporting to act on behalf of the customer” (AMLR, art. 22(1))

Article 22(1) of the AML Regulation imposes an obligation to collect certain information not only on the customer, but also on any person purporting to act on behalf of the customer. However, this latter concept not being defined in either the AML Regulation or the draft RTS, AMAFI considers it essential to provide further clarification when it is applied to legal entities clients. Such clarification will help mitigate the risk of divergent interpretations and to ensure that the provision is applied when relevant.

This concept encompasses both cases where the person is lawfully authorised to act and where it is not. Wholesale capital markets exclusively involve professional clients within the meaning of MiFID II (regulated and authorised entities, large companies, institutional investors). The individuals acting on behalf of the customer are strictly those who are duly authorised to do so. This is actually verified by investment firms, not primarily for AML/TF purposes, but as a safeguard against legal risks and fraud. Several safeguards are in place to this effect such as the legal entity client provides an official list of authorised signatories empowered to place orders on its behalf, and access to trading systems is secured through strong technical and procedural safeguards. Investment firms are moreover subject to stringent security obligations under various regulatory frameworks, notably MiFID II/MiFIR, IFR/IFD, and DORA. Article 22 should therefore not be used to add another layer of information collection on individuals not operationally involved in the business relationships, as further explained below.

AMAFI therefore considers that this concept should be further specified to ensure it is applied when relevant.

Exclusion of legal representatives of legal entities

AMAFI considers that it should be made clear that a “person purporting to act on behalf of the client” does not include the legal representatives of client legal entities when they have delegated their power to enter into a business relationship or to trade to an employee. Legal representatives of entities must in any case be identified during the identification phase (AMLR, Art. 22(1)(b)). The collection of information mandated under Art. 22(1) for person purporting to act on behalf of the client should therefore not apply to legal representatives when they are not effectively engaged in the business relationships with the investment firm.

It is necessary to limit the concept to those persons who not only have the power to act vis-à-vis third parties, but also actually use it vis-à-vis the obliged entity. The mere mention of a person on a contract or a delegation of authority should not in itself justify identification measures. The means and resources allocated by obliged entities should be focused solely on those persons acting on behalf of the customer.

Exclusion of employees acting within the scope of their duties

AMAFI considers that the following clarifications should be included in the draft RTS: “Obliged entities should not be required to verify the identity of individuals "purporting to act on behalf of the customer" when such individuals are acting solely in their capacity as employees of a legal person customer, and within the ordinary scope of their employment duties”.

These individuals do not act independently but under the authority and control of the legal person customer, who remains the principal in the business relationship.

Requiring obliged entities to identify and verify every employee interacting on behalf of a corporate customer is disproportionate, operationally burdensome, and misaligned with the risk-based approach underpinning AML frameworks, particularly in the context of a business relationship with a professional client or an eligible counterparty within the meaning of MiFID II.

B. Identification of the beneficial owner (AMLR, art. 22(2))

AMAFI therefore recommends that clarifications be provided on the following paragraphs:

“Where, after having exhausted all possible means of identification, no natural persons are identified as beneficial owners, or where there are doubts that the persons identified are the beneficial owners, obliged entities shall record that no beneficial owner was identified and identify all the natural persons holding the positions of senior managing officials in the legal entity and shall verify their identity” (AMLR, art. 22(2))

Reading Article 22(2) of the AMLR, senior managing officials (SMO) do not appear to be considered beneficial owners. What vigilance measures are expected for these individuals beyond their identification?

“Where the performance of identity verification referred to in the second subparagraph may tip off the customer that the obliged entity has doubts regarding the beneficial ownership of the legal entity, the obliged entity shall abstain from verifying the senior managing officials’ identity and shall instead record the steps taken to ascertain the identity of the beneficial owners and senior managing officials. Obliged entities shall keep records of the actions taken as well as of the difficulties encountered during the identification process, which led to resorting to the identification of a senior managing official” (AMLR, art. 22(2)).

What situations does this paragraph cover? Is the aim here to address the risk of informing the customer about the possible suspicious transaction report that could be filed by the reporting entity?

What indicators might alert a client to the fact that the entity is subject to doubts regarding its beneficial owner?

Moreover, AMAFI considers that the relationship between this provision and Article 12 of the draft RTS is unclear. The fact that obliged entities request the same extensive information on SMOs (as required by article 12) compared to beneficial owner could be such an indicator.

Finally, this provision could be inconsistent with the intention not to provide regulated services/products if the regulated entity is unable to understand its ownership. This appears to be an authorisation to accept opaque entities in the EU.

III. Proposed amendment and expected clarification

*The elements that should be deleted are underlined and the proposed replacements or addition are marked in bold.

**For each proposed amendment, a justification is provided.

Amendment No.1 - Article 1 – Information to be obtained in relation to name

Text :

In relation to the names and surnames of a natural person as referred to in Article 22(1)(a) point (i) of Regulation (EU) 2024/1624, obliged entities shall obtain all of the customer's full names and surnames. Obliged entities (shall) ask obtain the customer to provide at least those names that feature on their identity document, passport or equivalent.
In relation to the name of a legal entity as referred to in Article 22(1)(b) point (i) of Regulation (EU) 2024/1624 obliged entities shall obtain the registered name, and the commercial name where it differs from the registered name, but only if this information is available in the commercial register"

Justification :

Replace the term “ask” by “obtain”: The identification and verification of the customer's identity can be conducted concurrently based on the official ID documents. The obliged entity will directly request the customer's identification document. So a questionnaire is not systematically sent to the client to ask this information. It all depends on the activity of the obliged entity. Consequently, the term “obtain” seems more appropriate in this context.
Add “but only if this information is available in the commercial register “: The commercial name does not always appear in the commercial register, depending on the country. Moreover, customers may hold multiple commercial names depending on their geographical location. Therefore, AMAFI considers that this information should be collected when it appears in the commercial register.

Amendment No.2 - Article 2 – Information to be obtained in relation to addresses

Text :

"The information on the address relating to the customer's address as referred to in Article 22(1) (a) point (iv) and 22(1) (b) point (ii) of Regulation (EU) 2024/1624 shall consist of the following information: the full country name or the abbreviation in accordance with the International Standard for country codes (ISO 3166) (alpha-2 or alpha-3), postal code, city, street name, and where available, postal code, street name, building number and the apartment number."

Justification :

AMAFI propose flexibility in situations where no postal code or street name exists. In such cases, institutions should be allowed to record the address as provided by the customer, consistent with Article 22(1)(a)(iv).

Moreover, the requirement to collect full residential addresses appears to be drafted from a retail perspective. It may not be necessary or appropriate for related parties in a wholesale context, where only the country of residence might suffice. The RTS should consider this distinction and provide flexibility accordingly. It is also important to note that full residential information for UBOs and SMOs are sensitive data points for corporate customers and would increase the personal risk (e.g., kidnap risk, risk of other violence against the person) faced by certain UBOs and SMOs to an unacceptable level, in particular in high-risk jurisdictions. In these cases, these individuals may prefer that their firms decline to enter into a business relationship, rather than provide the details requested. For screening purposes, it should be sufficient to obtain the country of residence and – only to the extent where available when taking reasonable risk-based measures – the name of the city.

Amendment No.3 - Article 3 – Specification on the provision of the place of birth

Text :

"The information on the place of birth as referred to in Article 22(1) (a) point (ii) of Regulation (EU) 2024/1624 shall consist of both the city and the country name and, where available, the city".

Justification

In order to verify this information, it is necessary to obtain an identity document (or equivalent document) in accordance with Article 5 of the draft RTS.

But, In practice, not all official identity documents include both the city and country of birth. In any case, the obliged entities should be able to accept any official identity document even if the city of birth is not mentioned.

AMAFI therefore propose that it should be sufficient to obtain at least the country name, unless both are demonstrably required for risk mitigation purposes.

Amendment No. 4 - Article 4 – Specification on nationalities

Text :

"For the purposes of Article 22 (1) (a) point (iii) of Regulation (EU) 2024/1624 obliged entities shall obtain necessary information concerning at least one of the nationalities of the customer to satisfy themselves that they know of any other nationalities their customers may hold".

Justification :

To identify a natural person, the text proposed by the EBA provides that the obliged entities “shall obtain necessary information to satisfy themselves that they know of any other nationalities their customers may hold”.

In order to verify this information, it is necessary to obtain an identity document (or equivalent document) in accordance with Article 5 of the draft RTS. However, it has been observed that these identity documents do not always contain information indicating that the holder of the document has dual nationality. Moreover, it appears to be disproportionate to demand that the customer submit all their identity documents to verify this information. Consequently, AMAFI puts forward the aforementioned proposal for deletion.

In the event that this proposed amendment is not adopted, AMAFI considers that the obliged entities obligation should be able to rely on the information provided by the customer for nationalities not listed on the identity document. It would therefore be appropriate for the draft RTS to specify in such circumstances that institutions may rely on the information provided by customers, unless there are risk factors or warning signs that justify further verification. This would promote proportionate and risk-based application.

Amendment No. 5 - Article 5 (1.) – Documents for the verification of the identity

Text :

For the purposes of verifying the identity of the person in accordance with Article 22(6) (a) and Article 22(7)(a) of Regulation (EU) 2024/1624 a document, in the case of natural persons, shall be considered to be equivalent to an identity document or passport where all three the following conditions are met:
a. it is issued by a state or public authority,
b. it contains at least all names and surnames (and if available all names and surnames), the holder’s date and place of birth and their nationality,

Justification

Some identity documents do not contain all of the holder's first names.

AMAFI strongly emphasise the need for flexibility in accepting identity documents for customers from jurisdictions where standardised identity documentation is not widely available. In such cases, AMAFI consider that institutions must retain the discretion to determine equivalence on a case-by-case basis, based on its source, reliability and the specific context.

Consequently, the AMAFI proposes the above amendments.

Amendment No. 6 - Article 5 (3.) – Documents for the verification of the identity

Text :

Obliged entities shall take reasonable steps to ensure that all documents obtained for the verification of the identity of the person pursuant to Article 22(6)(a) and Article 22(7)(a) of Regulation (EU) 2024/1624, as referred to in paragraph 1 and 2 of this Article, are authentic and have not been forged or tampered with. Obliged entities shall take reasonable steps and apply appropriate measures, in accordance with the risk-based approach, to verify the apparent authenticity of the documents obtained for the purposes of identity verification pursuant to Article 22(6)(a) and Article 22(7)(a) of Regulation (EU) 2024/1624, as referred to in paragraphs 1 and 2 of this Article. Such steps shall aim to detect any manifest indications of forgery or tampering.

Justification

Obliged entities cannot replace sovereign authorities in formally authenticating identity documents. They do not have the powers or competence of these authorities to carry out such authentication.

Consequently, obliged entities should only be required to make reasonable efforts to verify the apparent, but not the formal, authenticity of identity documents provided by customers.

Furthermore, this verification requirement should be implemented using a risk-based approach to ensure that resources are allocated in a way that is effective in combating money laundering and terrorist financing.

As a reminder, with regard to market activities and investment banking, customers are legal persons or regulated entities for which the risk of fraud or document falsification is lower than in the retail banking sector. Consequently, the implementation of these measures should be left to the discretion of the entities subject to the law, based on a risk-based approach.

Consequently, AMAFI proposes the above amendments

Amendment No. 7 - Article 5 (4.) – Documents for the verification of the identity

Text :

"Obliged entities shall take reasonable steps to understand, when original documents are in a foreign language, their content, including through a certified translation, when deemed necessary. Obliged entities shall take reasonable steps to understand, when original documents are in a foreign language, their content, including through a translation, or, when deemed necessary a certified translation"

Justification

The obliged entities should not be required to use a certified translation, particularly if they possess in-house expertise or an appropriate translation tool.

AMAFI therefore proposes the aforementioned modification.

Clarification No.1 - Article 9 – Reasonable measures for the verification of the beneficial owner

Text :

The reasonable measures referred to in Article 22(7)(b) of Regulation (EU) 2024/1624 include : (b) collecting information from other sources, which may include: third-party sources such as utility bills in name of the customer or the beneficial owner, up-to-date information from credit or financial institutions as defined in Article 3(1) and (2) of Regulation (EU) 2024/1624, which confirm that the beneficial owner has been identified and verified by the respective institution, documents from the legal entity or the legal arrangement where the beneficial owner is named, and where the identity of the named person is certified by an independent professional or sources using a combination of public and private records.

Expected clarification

1. To verify the identity of beneficial owners and collect up-to-date information from other financial institutions (Draft RTS, art. 9 (b))

The RTS draft offers the possibility to verify the identity of beneficial owners and collect up-to-date information from other financial institutions. AMAFI questions the legal framework governing the sharing of information between obliged entities concerning beneficial owners.

Additionally, how can banking secrecy requirements be aligned with the practice of sharing information?

AMAFI considers that the EBA should provide clarifications on this matter (RTS, art.9 (b)).

2. To verify the identity of beneficial owner using bills in name of the customer (RTS, art.9 (b)).

Why refer to a bill in name of the customer when this section deals with verifying the identity of the beneficial owner? What situation is being referred to here? AMAFI considers that the EBA should provide clarifications on this matter.

3. To verify the identity of beneficial owner using documents from the legal entity or the legal arrangement where the beneficial owner is named, and where the identity of the named person is certified by an independent professional or sources using a combination of public and private records.

AMAFI considers that it would be appropriate for the EBA to clarify the term ‘certification’.

Moreover, if must be certified, the RTS should allow a risk-based approach by allowing obliged entities to adapt their DD depending on the client’s risk (e.g. only for high risk clients).

4. The level of detail expected when verifying information on the beneficial owner (excluding consultation of central registers)

The information required to identify the BO is set out in Article 22(2) of the AML Regulation, which refers to Article 62(1)(a) of the same regulation, namely:

all first names and surnames,
the place of birth and full date of birth,
the residential address,
the country of residence,
and the nationality or nationalities of the beneficial owner,
the identity document number, for example passport or national identity document,
and, where available, the unique personal identification number assigned to the person by their country of habitual residence, as well as a general description of the type of document concerned;

This information, provided for in Article 62(1)(a), must be included in the central register of BEs (except for listed companies or companies established in a country where no such register exists).

Furthermore, Articles 1/2/3/4 of the draft RTS specify what is meant by name/address/place of birth/nationality when collecting customer information and, for certain articles, the persons referred to in Article 22(1) of the AML Regulation. However, the beneficial owner is not mentioned.

Consequently, this level of detail (provided for in Articles 1/2/3/4) concerning information on beneficial owners does not appear to be expected by the authorities.

This issue seems important, not at the stage of verifying information on the beneficial owner via central registers (mandatory), but for the procedures for verifying the identity of the beneficial owner as provided for in Article 22(7) of the AML Regulation and specified in Article 9 of the draft RTS.

In any event, the level of detail required for the verification of the BE's identity should not exceed the level of detail of the information contained in the beneficial owner register.

Amendment No. 8 - Article 10 (1) – Understanding the ownership and control structure of the customer

Text :

For the purposes of understanding the ownership and control structure of the customer in accordance with Article 20(1) (b) of Regulation (EU) 2024/1624 and in situations where the customer’s ownership and control structure contains more than one legal entity or legal arrangement, obliged entities shall obtain [the following information] a reference to all the legal entities and/or legal arrangements functioning as intermediary connections between the customer and their beneficial owners, if any;

In cases where the client presents a high risk of ML/TF, the entities subject to these rules must also obtain the following information:

[a reference to all the legal entities and/or legal arrangements functioning as intermediary connections between the customer and their beneficial owners, if any];

a. with respect to each legal entity or legal arrangement within the referred intermediary connections, the legal form of each legal entity or legal arrangement, and reference to the existence of any nominee shareholders; the jurisdiction of incorporation or registration of the legal person or legal arrangement, or, in the case of a trust, the jurisdiction of its governing law and; where applicable, the shares of interest held by each legal entity or legal arrangement, its sub-division, by class or type of shares and/or voting rights expressed as a percentage of the respective total, where beneficial ownership is determined on the basis of control, understanding how this is expressed and exercised.

b. information on the regulated market on which the securities are listed, in case a legal entity in an intermediate level of the ownership and control structure has its securities listed on a regulated market, and the extent of the listing if not all the legal entity’s securities are listed on a regulated market.

Justification

Article 10(1) of the draft regulation supplements Article 20(1)(b) of Regulation (EU) 2024/1624 on customer ownership and control structure. It aims to strengthen transparency requirements by requiring investment service providers (ISPs) to map in detail all legal entities and arrangements interposed between the client and the beneficial owners.

In addition, paragraph (b) requires the collection of a number of very detailed pieces of information (concerning “the legal form of each legal entity or legal arrangement, and reference to the existence of any nominee shareholders; the jurisdiction of incorporation or registration of the legal person or legal arrangement, or, in the case of a trust, the jurisdiction of its governing law and; where applicable, the shares of interest held by each legal entity or legal arrangement, its sub-division, by class or type of shares and/or voting rights expressed as a percentage of the respective total, where beneficial ownership is determined on the basis of control, understanding how this is expressed and exercised”).

The obligation to list “all legal entities and/or arrangements” (point a) ensures a comprehensive view of the chain and may be useful in certain cases, such as for high-risk customers.

However, exposes investment service providers to the risk of disproportionately collecting information that is not particularly relevant to ML/TF risk, especially in the context of market activities where the regulated entity deals with professional clients or eligible counterparties within the meaning of MiFID II (regulated and authorized entities, large companies, institutional investors).

Furthermore, this disproportionate collection could lead to a reduction in the attention paid to clients most exposed to ML/TF risks, due to the volume of information to be processed.

In addition, the obliged entity has no business relationship with the intermediary entities in its customer's chain of ownership. It may therefore be difficult in practice to obtain the requested information.

The level of detail requested does not appear to be relevant when apply to all the entities, therefore AMAFI considers that the collection of this information should be limited to clients at high risk of ML/TF.

Amendment No.9 : Article 10 (2) – Understanding the ownership and control structure of the customer

Text :

Where appropriate, the Obliged entities shall assess whether the information included in the description, as referred to in Article 62(1)d of Regulation (EU) 2024/1624, is plausible, [there is economic rationale behind the structure, and it explains how the overall structure affects the ML/TF risk associated with the customer]

Justification

The draft RTS requires obliged entities to assess whether the structure is based on economic rationale and explains how the overall structure affects the customer's ML/TF risk. These requirements exceed those of the AMLR and does not seem relevant for customers classified as low or standard risk.

Furthermore, it is expected that regulated entities will obtain, on a risk-sensitive basis, information on the economic rationale for transactions (AMLR, art. 25(a)).

Consequently, AMAFI proposes the above amendments

Amendment No.10 : Article 11 – Understanding the ownership and control structure of the customer in case of complex structures

Text :

To understand the ownership and control structure of the customer in accordance with Article 20(1)(b) of Regulation (EU) 2024/1624, obliged entities, may use, in accordance with the risk-based approach, the following criteria to consider an ownership and control structure to be complex [shall treat an ownership and control structure as complex where at least two of the following conditions are met:there are two or more layers between the customer and the beneficial owner and in addition, one of the following conditions is met]:
1. there are two or more layers between the customer and the beneficial owner
2. there is a legal arrangement in any of the layers;
3. the customer and any legal entities present at any of these layers are registered in different jurisdictions considered to be high risk;
4. there are nominee shareholders and/or directors involved in the structure; or
5. there are indications of non-transparent ownership with no legitimate economic rationale or justification.
6. any other relevant criteria depending on its activity

Justification

This article of the RTS defines complex ownership and control structures of the customer.

The definition of a complex structure as one which has ‘two or more layers’ - even when qualified by the conditions set out in Article 11 (1) draft RTS – is too broad, noting that multinational companies and large financial entities typically have multiple layers of ownership. Indeed, AMAFI members consider that more than 50% of their clients could fall within this definition, even though their activities present only a low or moderate risk of money laundering and terrorist financing.

A structure comprising more than two layers and the registration of entities in different jurisdictions may be justified and does not appear complex in business life. In practice, these different levels of ownership or control may be justified by certain legitimate economic or legal objectives (risk compartmentalization, compliance with local regulations), and registration in different jurisdictions may be justified by the size of the company, its presence in different markets, or legitimate economic or legal objectives.

The complexity of a detention structure stems more from its opacity than from the number of layers it comprises. AMAFI recommend the assessment of complexity relies on the responsibility of obliged entities, as this would allow obliged entities to apply specialist knowledge and experience to identify (and allocate resources to) cases which involve genuinely higher risk structures. This would also allow most efficient use of scarce resources, the better to advance the fight against financial crime.

Furthermore, in order for the criterion relating to registration in different jurisdictions to be relevant, it should be limited to cases of registration in high-risk countries.

Consequently, AMAFI proposes the above amendments.

Amendment No.11 : Article 12 – Understanding the ownership and control structure of the customer in case of complex structures

Text :

[In relation to senior managing officials as referred to in Article 22(2) second paragraph of Regulation (EU) 2024/1624, obliged entities shall:

a) collect the same information as for beneficial owners; and

b) verify the identity of senior managing officials in the same way as for beneficial owners].

Justification

Since SMOs are not beneficial owners, they cannot act as such; SMOs manage the legal entity, but do not personally own or control it. Article 12 of the draft RTS does not however recognise this distinction, requiring obliged entities to ‘collect the same information as for beneficial owners’ pursuant to Article 22 (2) AMLR.

Given the disparity in roles, responsibilities, benefits and degree of control, this is disproportionate. AMAFI request that the data elements to be collected for SMOs be tailored to the extent that they may exercise control over the entity, in keeping with the risk-based approach. AMAFI request to remove the obligation to collect ID documents and home addresses from SMOs and use entity’s registered address instead.

Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.

Question 3: Do you have any comments regarding Article 8 on virtual IBANS? If so, please explain your reasoning.

Question 4: Do you agree with the proposals as set out in Section 2 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Question 5: Do you agree with the proposals as set out in Section 3 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Section 4: Simplified Due Diligence measures

General Comments

The objective of the AML package provisions is clear: to strengthen the effectiveness of institutions' AML/CFT arrangements.

However, to achieve this, authorities should continue to promote, in accordance with FATF Recommendation No. 1, a risk-based approach. Therefore, in a low ML/TF risk environment, it seems appropriate to reduce customer due diligence measures.

This allows financial security teams to focus their efforts on more thorough checks on clients who are not low risk.

This is why AMAFI considers that the level of requirements in the draft RTS for simplified due diligence measures is too high and too close to the standard regime.

Proposed amendment and expected clarification

*The elements that should be deleted are underlined and the proposed replacements or addition are marked in bold.

**For each proposed amendment, a justification is provided.

*** The numbering of amendments takes into account those proposed in previous sections.

Amendment No. 12 : Article 19 – Minimum requirements for the identification and verification of the beneficial owner or senior managing officials in low-risk situations

Text :

1. In situations of lower risk, the obliged entity may consult one of the following sources for the identification of, and use another sources from the same list under b. or c. for the purposes of verification of the beneficial owner or the senior managing officials:

a. the information registered in the central register or in the company register;

b. the statement or explanation provided by the customer, including their confirmation that the data is adequate, accurate and up-to-date, for the purpose of the verification of the identity of the beneficial owner or the senior managing officials;

c. any publicly available, reliable sources of information including internet research.

2. The obliged entity are not required to identify the beneficial owner of the business relationship where their customer is a company whose securities are admitted to trading on a regulated market in Member State of the European Union, in another State party to the Agreement on the European Economic Area or which is subject to disclosure requirements in accordance with EU law or which is subject to equivalent international standards ensuring adequate transparency of information on the ownership of capital, which the obliged entity is able to prove to the supervisory authority.

Justification

AMAFI considers that entities subject to the obligation should not be required to identify the beneficial owners of clients that are listed companies and subject to disclosure requirements (under stock exchange rules, law or other binding means) that ensure sufficient transparency of beneficial owners.

Indeed, obliged entities do not have the possibility of consulting the register to identify and verify the identity of the beneficial owner. This is because these companies are not subject to the obligation to identify their beneficial owner (AMLR, Art. 65).

Furthermore, due to the transparency requirements imposed on them, these listed companies present a lower risk of money laundering (AMLR, Annex II).

Consequently, the AMAFI proposes the above amendment.

Clarification No. 2 - Article 20 – Sectoral simplified measures: Pooled accounts

Expected clarification : AMAFI considers that it would be welcome for the EBA to clarify the concept of “pooled accounts” and specify the situations referred to in this article.

Clarification No. 3 - Article 21 – Sectoral simplified measures: Collective investment undertakings

Expected clarification : AMAFI considers that it would be welcome for the EBA to clarify the situation covered by this article.

Amendment No.13 & Clarification n°4 - Article 22 – Customer identification data updates in low-risk situations

Text :

Where, in cases of low ML/TF risk, obliged entities reduce the frequency of customer identification updates as referred to in Article 33(1) point (b) of Regulation (EU) 2024/1624, obliged entities shall monitor the relationship to be satisfied that:
1. there is no change in the relevant circumstances of the natural person customer;

Justification & Expected clarification

AMAFI considers that it would be welcome for the EBA to clarify the concept of “there is no change in the relevant circumstances of the customer” (Draft RTS, art. 22. (1) (a)).

Furthermore, AMAFI considers that it may be particularly difficult to assess this change in the situation of professional clients (institutions, large companies, etc.). Therefore, this requirement should be limited to retail customers.

Consequently, AMAFI proposes the above amendment.

Amendment No.14 - Article 23 – Minimum information to identify the purpose and intended nature of the business relationship or occasional transaction in low-risk situations

Text :

To identify the purpose and intended nature of the business relationship or occasional transaction in line with Article 33(1) point © of Regulation (EU) 2024/1624, obliged entities shall, [at minimum], take risk-sensitive measures to understand why the customer has chosen the obliged entities’ products and services, [the source of the funds used in the business relationship or occasional transaction,] and how the customer plans to use the products or services provided, including where applicable the estimated amounts flowing through the account.

Justification

As mentioned above, the AMAFI considers that the level of requirements set out in the draft RTS for simplified due diligence measures is too high and too close to the standard regime.

Requiring obliged entities to identify the source of funds used in the course of the business relationship as part of simplified due diligence measures seems disproportionate and contrary to a risk-based approach. For example, if the client is a listed company or a regulated entity, AMAFI considers that obtaining this information is not relevant.

This information gathering should be limited to customers presenting a high risk of ML/TF.

Question 7: What are the specific sectors or financial products or services which, because they are associated with lower ML/TF risks, should benefit from specific sectoral simplified due diligence measures to be explicitly spelled out under Section 4 of the daft RTS? Please explain your rationale and provide evidence.

Question 8: Do you agree with the proposals as set out in Section 5 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Section 5: Enhanced Due Diligence measures

Proposed amendment and expected clarification

*The elements that should be deleted are underlined and the proposed replacements or addition are marked in bold.

**For each proposed amendment, a justification is provided.

*** The numbering of amendments takes into account those proposed in previous sections.

Amendment No. 15 : Article 24 - Additional information on the customer and the beneficial owners

text :

"The additional information obliged entities obtain on the customer and the beneficial owners to comply with the enhanced due diligence requirement in Article 34(4) point (a) of Regulation (EU) 2024/1624, shall, at least:

(a) enable the obliged entity to verify the authenticity and accuracy of the information on the customer and the beneficial owner or the ownership and control structure of the customer other than a natural person;

[(b) enable the obliged entity to assess the reputation of the customer and the beneficial owner; ]

[(c) enable the obliged entity to assess the ML/TF risk associated with the customer’s or beneficial owner’s past and present business activities; and/or ]

b) enable obliged entity to assess the reputation of the customer, in particular through information on its past business activities, and of the beneficial owner;

[(d)] (c) in case the obliged entity has reasonable grounds to suspect criminal activity, enable the obliged entity to obtain [a more holistic view on ML/TF risks by obtaining] information on family members, persons known to be a close associate or any other close business partners or associates of the customer or the beneficial owner"

Justification

Given the means and resources available, AMAFI considers it difficult to implement these obligations.

Consequently, AMAFI would like the text to specify that searches must be based on the availability of data, particularly for foreign companies. The sources that institutions should exploit should be explicitly identified.

AMAFI also believe it is necessary to delete the reference to the beneficial owner in paragraph c). The obliged entity has no connection with the beneficial owner, and it may therefore be very difficult to obtain information about its current or past activities.

Regarding (b) and (c), AMAFI propose merging points 2 and 3 to limit the obligation regarding the customer's past activity.

Regarding (d), AMAFI considers the «holistic view» is unclear. These requirements should be based on best effort.

AMAFI proposes the above amendment.

Amendment No. 16 & Clarification No.5 : Article 25 – Additional information on the intended nature of the business relationship

Text :

The additional information obliged entities obtain on the intended nature of the business relationship, in accordance with Article 34(4) point (b) of Regulation (EU) 2024/1624, shall, at least:

(a) enable the obliged entity to verify the [legitimacy] consistency of the destination of funds, which may include information from authorities and other obliged entities;

(b) enable the obliged entity to verify the [legitimacy] consistency of the expected number, size, volume and frequency of transactions that are likely to pass through the account, as well as their recipient(s); and/or,

[…]

Expected clarification :

Obliged entities are required to obtain additional information on the intended nature of the business relationship. To this end, the draft RTS provides that the obliged entity may verify the legitimacy of the destination of the funds, in particular through information obtained from authorities or other obliged entities (Draft RTS, art. 25(a)).

AMAFI considers that the term ‘consistency’ would be more appropriate and proposes the above amendment.

Moreover, AMAFI considers that the EBA should provide clarification to answer the following questions: which authorities may be concerned, and under what conditions? How are obliged entities supposed to share information? To what extent? AMAFI understand that it does not rely on partnerships for information sharing, as stated in Article 75 of the AMLR. How can bank secrecy and personal data protection be achieved in this context?

Amendment No. 17 - Article 26 – Additional information on the source of funds, and source of wealth of the customer and of the beneficial owners

text :

The additional information obliged entities obtain on the source of funds, and source of wealth of the customer and of the beneficial owners, in accordance with Article 34(4) point (c) of Regulation (EU) 2024/1624 shall enable obliged entities to verify that the source of funds or source of wealth is derived from lawful activities. This information shall consist of one or more of the following evidence:

(a) in relation to proof of income: tax returns or original or [certified copies of] recent pay slips or employment documentation, specifying at least the salary, [signed by the employer or other official income statements],

(b) [certified ]copies of audited accounts, investment documentation or loan agreements,

[…]

Justification

Regarding a), AMAFI considers it seems unrealistic in practice to obtain signed pay slips.

Regarding b), this measure seems disproportionate and irrelevant in the context of AML. This information is more likely to be collected in the fight against fraud. If the accounts are audited, why should obliged entities asked for certified copies?

Amendment No. 17 - Article 26 – Additional information on the source of funds, and source of wealth of the customer and of the beneficial owners

Text :

"The additional information obliged entities obtain on the reasons for the intended or performed transactions and their consistency with the business relationship, in accordance with Article 34(4) point (d) of Regulation (EU) 2024/1624 shall at least enable the obliged entity to:

a. verify the [accuracy] consistency of the information for why the transaction was intended or conducted including the legitimacy of its intended outcome; "

[…]

Justification

Regarding a), AMAFI suggest amending this paragraph to refer to transaction consistency rather than accuracy. This review should be conduct through transaction monitoring (not during KYC) and be proportionate to the risk associated with the customer and limited to the relevant transactions: It cannot be applied to all transactions because it is too complicated to implement, especially when the higher level of risk does not depend directly on the customer's activity, but rather on an external factor, such as a newly listed country of activity.

Question 9: Do you agree with the proposals as set out in Section 6 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Section 6: Targeted Financial Sanctions

Proposed amendment and expected clarification

Amendment No. 18 - Article 28 – Screening of customers

Text :

"To comply with Article 20(1)(d) of Regulation (EU) 2024/1624, obliged entities shall apply screening measures to their customers and [to all the entities or persons which own or control such customers] the beneficial owners, and, in the case of a customer or party to a legal arrangement who is a legal entity, whether natural or legal persons to control the legal entity or have more than 50 % of the proprietary rights of that legal entity or majority interest in it, whether individually or collectively;"

Justification

Article 28 draft RTS requires screening of customers and “all the entities or persons which own or control such customers”.

This concept is very broad and creates an additional obligation to that provided for in the AML Regulation. However, RTSs are normative texts that must specify the provisions of Level 1 texts. They are not supposed to create new obligations.

Therefore, the screening obligation should be limited to the persons referred to in Article 20(1)(d) of the AML Regulation, namely: customers, beneficial owners and, in the case of a customer or party to a legal arrangement who is a legal entity, whether natural or legal persons to control the legal entity or have more than 50 % of the proprietary rights of that legal entity or majority interest in it, whether individually or collectively.

Consequently, the AMAFI proposes the above amendment.

Amendment No. 19 & Clarification No. 6 - Article 29 – Screening requirements

Text :

"For the purposes of Article 28, obliged entities shall:

(a) screen, through automated screening tools or solutions, or a combination of automated screening tools and manual checks, unless the size, business model, complexity or nature of the business of the obliged entity allows for manual checks only, at least the following customer information:

(i) in the case of a natural person: all the first names and surnames, in the original and/or [transliteration] transcription of such data; [and date of birth];

(ii) in the case of a legal person: the name of the legal person, in the original and/or [transliteration] transcription of such data;

(iii) in the case of a natural person, legal person, body or entity: any other names, aliases, [trade names] commercial name or registered names, wallet addresses, where available in the lists of targeted financial sanctions;

(iv) in the case of a legal person: beneficial ownership information.

[…] "

Justification

Firstly, the AMAFI considers that the terms used in this RTS should be the same when referring to the same concepts in order to avoid confusion and ensure consistency throughout the text. For example:

Recital 3 draft RTS refers to the ‘transcription’ of names, and that Article 29 (a) draft RTS refers to the ‘transliteration’ of names.
Article 29 (a) draft RTS refers to ‘trade names’, whereas Articles 1 and 18 refer to ‘commercial name’ and ‘registered name’.

Moreover, Article 29 (a) draft RTS requires screening of first names, surnames, and date of birth for natural persons.

Noting that date of birth is not always included in listings of sanctioned persons, AMAFI considers that it may be preferable to remove date of birth from initial screening requirements. This information will in any case be used in alert management to confirm true hits.

Consequently, the AMAFI proposes the above amendments.

Clarification expected :

Article 29(a)(iv) refers to screening beneficial ownership information. The RTS should make clear whether this should extend to senior managing officers and other related parties as well.

Question 10: Do you agree with the proposals as set out in Section 7 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Question 11: Do you agree with the proposals as set out in Section 8 of the draft RTS (and in Annex I linked to it)? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?

Question 1: Do you any have comments or suggestions regarding the proposed list of indicators to classify the level of gravity of breaches sets out in Article 1 of the draft RTS? If so, please explain your reasoning.

Question 2: Do you have any comments or suggestions on the proposed classification of the level of gravity of breaches sets out in Article 2 of the draft RTS? If so, please explain your reasoning.

Question 3: Do you have any comments or suggestions regarding the proposed list of criteria to be taken into account when setting up the level of pecuniary sanctions of Article 4 of the draft RTS? If so, please explain your reasoning.

Question 4: Do you have any comments or suggestions of addition regarding what needs to be taken into account as regards the financial strength of the legal or natural person held responsible (Article 4(5) and Article 4(6) of the draft RTS)? If so, please explain.

5a: restrict or limit the business, operations or network of institutions comprising the obliged entity, or to require the divestment of activities as referred to in Article 56 (2) (e) of Directive (EU) 2024/1640?

5b: withdrawal or suspension of an authorisation as referred to in Article 56 (2) (f) of Directive (EU) 2024/1640?

5c: require changes in governance structure as referred to in Article 56 (2) (g) of Directive (EU) 2024/1640?

Question 6: Which of these indicators and criteria could apply also to the non-financial sector? Which ones should not apply? Please explain your reasoning.

Question 7: Do you think that the indicators and criteria set out in the draft RTS should be more detailed as regards the naturals persons that are not themselves obliged entities and in particular as regards the senior management as defined in AMLR? If so, please provide your suggestions.

Question 8: Do you think that the draft RTS should be more granular and develop more specific rules on factors and on the calculation of the amount of the periodic penalty payments and if yes, which factors should be included into the EU legislation and why?

Question 9: Do you think that the draft RTS should create a more harmonised set of administrative rules for the imposition of periodic penalty payments, and if yes, which provisions of administrative rules would you prefer to be included into EU legislation compared to national legislation and why?

Name of the organization

AMAFI