22 March 2021
The European Banking Authority (EBA) published this month three regulatory instruments to address de-risking practices based on evidence gathered in its call for input. The instruments clarify that compliance with anti-money and countering terrorist financing (AML/CTF) obligations in EU law does not require financial institutions to refuse, or terminate, business relationships with entire categories of customers that they consider to present a higher ML/TF risk. In these documents the EBA also set out steps that financial institutions and competent authorities should take to manage risks associated with individual business relationships in an effective manner.
De-risking refers to decisions taken by financial institutions not to provide services to customers in certain risk categories. This can leave customers without access to the financial system. De-risking can be a legitimate risk management tool in some cases but it can also be a sign of ineffective ML/TF risk management, with severe consequences.
The EBA referred to particular aspects of de-risking in its previous work, such as in the Opinion in 2016 to mitigate risks of financial exclusion of asylum seekers in situations where they were unable to provide the standard Customer Due Diligence documentation. However, it has become apparent that more comprehensive action is needed to address unwarranted de-risking, given its impact on consumers and competition in the single market. In May 2020, the EBA therefore launched a Call for Input to the wider public so as to better understand the drivers, scale and the impact of de-risking across the EU. The EBA subsequently assessed the extensive feedback received and, issued three legal instruments this month to address this issue.
First, the EBA published its 2021 Opinion on ML/TF risks in the EU financial sector, in which it observes that de-risking is a continuing trend that has implications from an ML/TF risk, consumer protection and financial stability point of view and sets out a number of actions the competent authorities should take to understand the drivers, scale and impact of de-risking in their sectors.
Secondly, the EBA issued its revised ML/TF Risk Factors Guidelines, which clarify that the application of a risk-based approach to AML/CFT does not require financial institutions to refuse, or terminate, business relationships with entire categories of customers that are considered to present higher ML/TF risk. Instead, the Guidelines provide guidance on the steps financial institutions should take effectively to manage ML/TF risks associated with individual business relationships.
Finally, the EBA launched a public consultation on changes to its existing Guidelines on risk-based AML/CFT supervision. The proposed Guidelines require competent authorities to take stock of the extent of de-risking in their jurisdiction and address de-risking in their ML/TF risk assessments. The proposed Guidelines also require competent authorities to pay particular attention to the way financial institutions manage ML/TF risks and encourage them to engage with their sectors to ensure that financial institutions have a good understanding of the regulatory expectations of how ML/TF risks should be managed.
Throughout the remainder of this year, the EBA will continue to monitor and assess the scale and impact of, as well as the reasons for, de-risking, and consider the extent to which the current legal and regulatory framework is sufficient to address the issues associated with de-risking.
The EBA is carrying out its work on de-risking to fulfil its mandates to lead, coordinate and monitor the EU financial sector’s fight against ML/TF, to contribute to the protection of consumers across the EU, and to bring about supervisory convergence in the implementation of the competition enhancing objective of PSD2.