Response to consultation on proposed RTS in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates
Question 2: Do you have any comments regarding Article 6 on the verification of the customer in a non face-to-face context? Do you think that the remote solutions, as described under Article 6 paragraphs 2-6 would provide the same level of protection against identity fraud as the electronic identification means described under Article 6 paragraph 1 (i.e. e-IDAS compliant solutions)? Do you think that the use of such remote solutions should be considered only temporary, until such time when e-IDAS-compliant solutions are made available? Please explain your reasoning.
We fear that imposing video chats in article 6, paragraphs 2-6 would unduly reduce the scope of alternative, back-up, customer verification methods in a non face to face context.
Because eIDAS compliant solutions may not always be available, or there may be a (temporarily) technical malfunction in the eIDAS trust service provider : It is important to provide explicitly for alternative identity verification methods. Banks should not be forced to halt all operations in such circumstances.
Paragraph 3 or Article 6 could use some clarification : in which form should customer's "consent" be expressed ? The following paragraphs seem to suggest the verification must take the form of an "audiovisual communication" (encrypted video chat).
However, existing French law provides for other alternative, non-eIDAS, methods of verification, which do not involve any audiovisual communication : French law allows collecting a copy of the ID document and requesting that the first transfer into the newly open account comes from an account in the name of the same client, held by a EU-regulated PSP (article R 561-5-2-3, combination of points 1° and 3°, in Code monétaire et financier). Such a back-up solution is valuable, it should be preserved, in line with the single market.
Question 3: Do you have any comments regarding Article 8 on virtual IBANS? If so, please explain your reasoning.
We fully support the objective to make vIBAN secure and prevent mis-use.
But we fail to understand what "providing a natural or legal person a virtual IBAN for their use" means when the credit institution is neither "the issuer of the virtual IBAN" and nor "the credit institution servicing the account". What concrete situation is this article meant to capture ?
Question 6: Do you agree with the proposals as set out in Section 4 of the draft RTS? If you do not agree, please explain your rationale and provide evidence of the impact this section would have, including the cost of compliance, if adopted as such?
Article 20 on pooled accounts is welcome. But we believe it may be too narrow : there exists many types of "pooled accounts" where the main customer is not supervised under AML/TF rules.
In France, for example, pooled accounts are used by :
- building managers (syndic de copropriété, which manage shared expenses in any building that is co-owned by several landlords). Each building managers has hundreds of underlying clients.
- organismes concentrateurs de tiers payant (which manage cash flows between the Social Security system and health professionals that enroll in the organisme concentrateur) . Each organisme has hundreds of underlying clients.
None of these types of customers is subject to AML-TF supervision. We agree the situation may not be low risk but standard risk.
Still, it is practically impossible for banks to identify and verify each of the landlords, or each of the healthprofessionals. It does not have any business relation with them : even brick and mortar banks, which manage customer relation face to face, never meet their customers' own customers.
Therefore, a workable solution for pooled accounts should be provided, even in limited to situations where the banks' customer is itself supervised under AML-TF.
One possible way forward would be to require the bank to identify all of the underlying customer's own customers, without veryfing their identity.
Question 7: What are the specific sectors or financial products or services which, because they are associated with lower ML/TF risks, should benefit from specific sectoral simplified due diligence measures to be explicitly spelled out under Section 4 of the daft RTS? Please explain your rationale and provide evidence.
see our reply to question 6 : there exists many types of "pooled accounts" where the main customer is not supervised under AML/TF rules.
We agree the situation may not be low risk but standard risk. Still, it is practially impossible for banks to identify and verify each of the underlying customers of its own customer.
Examples are :
- building managers (syndic de copropriété, which manage shared expenses in any building that is co-owned by several landlords). Each building managers has hundreds of underlying clients.
- organismes concentrateurs de tiers payant (which manage cash flows between the Social Security system and health professionals that enroll in the organisme concentrateur) . Each organisme has hundreds of underlying clients.
This situation must be catered for.