Response to consultation on draft RTS on a central database on AML/CFT in the EU
Go back
• ‘Breach’ & ‘Potential Breach’ – The definition of breach or potential breach does not appear to delineate the severity of breaches, e.g. findings in an AML inspection report in comparison with a penalty notice or an enforcement action. We therefore call for adopting a risk-based approach to focus on serious breaches. Similarly to obligations of financial institutions to employ a risk-based approach in the context of their AML/CFT programmes, competent authorities should also rely on it in respect of carrying out supervisory activities, as well as in relation to cooperation and information exchange with other competent authorities. On the other hand, if breaches on the less severe end of the spectrum were in scope of this proposal, this would result in entities challenging inspection findings and would likely lead to an increase in regulatory appeals, diverting resources of the supervisory body.
• ‘Ineffective application’ – We recommend that materiality considerations are applied to adequately contextualise ‘ineffective application’ of AML/CFT requirements to ensure consistent application by competent authorities given variations in regulatory expectations across competent authorities in the EU. In addition, we suggest that the drafting clarifies the degree of likelihood of ineffective application to lead to a breach.
• The definition states that all of the criteria listed would be considered, thus suggesting equal consideration of all the factors. The proposal should more clearly indicate that while the presence of any one factor suggests materiality, the absence of any factor suggests immateriality. Currently there is scope for one or more factors to be considered as making a weakness material without considering the absence of others suggesting immateriality.
• In addition, the criteria largely reflect a list of aggravating indicators, suggesting an outcome. We would recommend a balanced list of aggravating and mitigating factors to promote consistency in the designation of materiality.
• Further clarification should be provided as to whether this is an exhaustive list or whether there is further scope to consider other factors not included in the criteria.
• The criteria in (a) and (b) require further guidance to ensure consistent application by competent authorities.
• The criteria in (c) should be linked to the measures taken by the competent authority. It should not be open for the competent authorities to suggest a weakness is serious or egregious in gravity when it has not pursued or been successful in enforcement action at the national level. This designation of weakness should not be able to be used by competent authorities to impose quasi-punishment on firms (given the potential effect of designation in this database) by circumventing the national process for enforcement and corollary rights of the obliged entity to contest/appear national enforcement actions.
• The criteria in (e) requires a gravity qualifier as any weakness could be suggested to increase the risk exposure of a firm. We suggest only “substantial” or “significant” increases in ML/TF risk exposure should be considered as material. This is consistent with (c), (f) and (g) which all consider the significance of the impact of a weakness in similar terms.
• The criteria reflected in (f) and (g) assume that an obliged entity could have requisite insight into factors which have “significant impact on the integrity, transparency and security of the financial system” or “financial stability of the member state”. Without a knowledge test, it would be difficult to establish that the firm was aware of the impact on the financial system or financial stability of the member state at the time of the conduct.
Therefore, a clear burden and standard of proof should be stated, i.e. that the competent authority must prove on the balance of probabilities that the weakness exists and that it is a material weakness. The competent authority must provide documentary evidence to support its conclusion to the EBA (as per above comment). The EBA should then conduct its analysis to concur with such a two-factor conclusion on the balance of probabilities and provide a written rationale for its conclusive analysis. This written analysis must be provided to the competent authority and the firm in order for the firm to exercise its due process rights under Union law.
If the proposal is that the EBA is not required to make such determinations, then there is a risk that competent authorities will use this database in lieu of national enforcement procedures in order to circumvent due process rights of firms.
It thus seems that greater consideration should be given to due process rights throughout this proposal.
Question 1: Do you have any comments on the definitions proposed in Articles 3 and 4? If so, please explain your reasoning?
In relation to Articles 3 and 4, the EBF recommends that the proposals clearly state that the scope of breaches considered are ‘serious’ and ‘very serious’ breaches only, with some additional guidance and definitions along these lines. On the definitions laid down in Article 3, we propose the following:• ‘Breach’ & ‘Potential Breach’ – The definition of breach or potential breach does not appear to delineate the severity of breaches, e.g. findings in an AML inspection report in comparison with a penalty notice or an enforcement action. We therefore call for adopting a risk-based approach to focus on serious breaches. Similarly to obligations of financial institutions to employ a risk-based approach in the context of their AML/CFT programmes, competent authorities should also rely on it in respect of carrying out supervisory activities, as well as in relation to cooperation and information exchange with other competent authorities. On the other hand, if breaches on the less severe end of the spectrum were in scope of this proposal, this would result in entities challenging inspection findings and would likely lead to an increase in regulatory appeals, diverting resources of the supervisory body.
• ‘Ineffective application’ – We recommend that materiality considerations are applied to adequately contextualise ‘ineffective application’ of AML/CFT requirements to ensure consistent application by competent authorities given variations in regulatory expectations across competent authorities in the EU. In addition, we suggest that the drafting clarifies the degree of likelihood of ineffective application to lead to a breach.
Question 2: Do you have any comments on the corresponding situations identified and proposed in Article 4 and Annex 1 for each type of competent authority in the scope of the draft RTS? If so, please explain your reasoning.
The proposal acknowledges that the relevant activities overseen by national competent authorities (NCAs) are diverse, necessitating the need to specify the corresponding situations in line with the various supervisory activities performed by NCAs. However, Annex 1 includes ‘any other situations where the weakness is material’. This seems to widen the scope infinitely to account for any material weakness outside the stated supervisory authorities of NCAs listed in Annex 1.Question 3: Do you have any comments on the definition of the materiality of a weakness proposed in Article 5? If so, please provide your reasoning.
In relation to the assessment of materiality of a weakness, the EBF welcomes the wide-ranging criteria reflected in the proposals. However, the following recommendations are made to provide additional clarity around materiality of weakness:• The definition states that all of the criteria listed would be considered, thus suggesting equal consideration of all the factors. The proposal should more clearly indicate that while the presence of any one factor suggests materiality, the absence of any factor suggests immateriality. Currently there is scope for one or more factors to be considered as making a weakness material without considering the absence of others suggesting immateriality.
• In addition, the criteria largely reflect a list of aggravating indicators, suggesting an outcome. We would recommend a balanced list of aggravating and mitigating factors to promote consistency in the designation of materiality.
• Further clarification should be provided as to whether this is an exhaustive list or whether there is further scope to consider other factors not included in the criteria.
• The criteria in (a) and (b) require further guidance to ensure consistent application by competent authorities.
• The criteria in (c) should be linked to the measures taken by the competent authority. It should not be open for the competent authorities to suggest a weakness is serious or egregious in gravity when it has not pursued or been successful in enforcement action at the national level. This designation of weakness should not be able to be used by competent authorities to impose quasi-punishment on firms (given the potential effect of designation in this database) by circumventing the national process for enforcement and corollary rights of the obliged entity to contest/appear national enforcement actions.
• The criteria in (e) requires a gravity qualifier as any weakness could be suggested to increase the risk exposure of a firm. We suggest only “substantial” or “significant” increases in ML/TF risk exposure should be considered as material. This is consistent with (c), (f) and (g) which all consider the significance of the impact of a weakness in similar terms.
• The criteria reflected in (f) and (g) assume that an obliged entity could have requisite insight into factors which have “significant impact on the integrity, transparency and security of the financial system” or “financial stability of the member state”. Without a knowledge test, it would be difficult to establish that the firm was aware of the impact on the financial system or financial stability of the member state at the time of the conduct.
Question 4: Do you have any comments on the type of information-as specified in Articles 6, 7 and 8 and Annex 3? If so, please provide your reasoning.
The information to be submitted for material weakness under Article 7 does not include evidence to demonstrate: (i) the existence of any weakness and (ii) the severity, gravity or seriousness of that weakness. The competent authority should be required to demonstrate by way of reasoned explanation that a weakness does in fact exist, and furthermore the analysis conducted to suggest it is a material weakness per Article 4. Both elements (i) and (ii) should be supported by documentary evidence to justify and verify the rationale and analysis suggested by the competent authority.Question 5: Do you have any comments on the proposed approach with regard to the EBA’s analysis and dissemination of the information contained in the database, as proposed in Articles 10 and 11 of the draft RTS? If you do, please provide your reasoning.
The EBF believes that the proposal in its current form does not sufficiently make clear how (i) the EBA will make a determination whether a weakness has been properly identified and has also been considered material following the analysis in Art 10(1), (ii) if obliged entities are notified of the EBAs assessment process, (iii) what opportunity the obliged entity has to make representations to the EBA that either the weakness does not exist or is not material, and (iv) whether obliged entities have a right of appeal against the EBA’s conclusive determination before inclusion in the database.Therefore, a clear burden and standard of proof should be stated, i.e. that the competent authority must prove on the balance of probabilities that the weakness exists and that it is a material weakness. The competent authority must provide documentary evidence to support its conclusion to the EBA (as per above comment). The EBA should then conduct its analysis to concur with such a two-factor conclusion on the balance of probabilities and provide a written rationale for its conclusive analysis. This written analysis must be provided to the competent authority and the firm in order for the firm to exercise its due process rights under Union law.
If the proposal is that the EBA is not required to make such determinations, then there is a risk that competent authorities will use this database in lieu of national enforcement procedures in order to circumvent due process rights of firms.
It thus seems that greater consideration should be given to due process rights throughout this proposal.