Response to consultation on draft Guidelines on the use of remote customer onboarding solutions

Go back

1. Do you have any comments on the section ‘Subject matter, scope and definitions’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.

In marginal number 7, the scope of application of the Guidelines comprises the execution of CDD measures according to Art. 13 para. 1 sent. 1 points (a) (b) and (c) of the Directive (EU) 2015/849 (hereafter: AMLD). This entails the identification of the customer (point a), the identification of the beneficial owner (point b) and the assessment on the purpose and intended nature of the business relationship (point c).

Although obliged entities are also obligated to verify that any person purporting to act on behalf of the customer is so authorised and must identify and verify the identity of that person when performing the measures referred to in points (a) and (b), the scope of application does not cover this mandatory task as set out in Art. 13 para. 1 sent. 2 AMLD. Nevertheless, in the course of the following contents of the Guidelines, in section 4.2.3, marginal number 31, of the draft Guidelines, it is stated that financial sector operators should apply the identification process described in the Section 4.2.2. for the natural persons who are acting on behalf of legal persons. Therefore, we recommend to amend marginal number 7 on the scope of application of the Guidelines with a hint on the identification of natural persons who are acting on behalf of legal persons according to Art. 13 para. 1 sent. 2 AMLD.

In addition, it should be assessed if the scope of application of the Guidelines should also be enlarged on the mandatory determination whether the customer or the beneficial owner of the customer is a politically exposed person according to Art. 20 point a AMLD. This determination is a key part of initial CDD measures as it can be the trigger for enhanced CDD measures.

Furthermore, in the virtual public hearing of EBA on the draft Guidelines on 24 February 2022, EBA confirmed that the Guidelines shall not apply to the execution of customer due diligence measures in existing business relationships, as in cases according to Art. 11 lit. e and f AMLD. As a consequence, remote identification measures in existing business relationships remain unregulated on EBA level and may (still) be subject to the supervisory expectations of NCAs. Additionally, EBA also stated that the Guidelines should only be applied when an obliged entity executes all CDD measures according to Art. 13 para. 1 sent. 1 points (a) (b) and (c) AMLD. In these regards, we ask EBA to re-evaluate the possible benefits if the Guidelines could not only be applied for initial CDD measures but also for CDD measures in existing business relationships; secondly, it should be re-evaluated if the remote CDD measures of the Guidelines could also be applied for single CDD measures.

2. Do you have any comments on Guideline 4.1 ‘Internal policies and procedures’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.

In contrast to the scope of application according to marginal number 7 of the draft Guidelines, marginal number 10 in section 4.1.1 only relates to the obligations under Art. 13 para. 1 sent. 1 points (a) and (c) AMLD when specifying which policies and procedures obliged financial sector operators should have in place; in consequence, EBA should clarify if the policies and procedures shall not comprise the obligations under Art. 13 para. 1 sent. 1 point (b) AMLD with regards to the identification of the beneficial owner.

3. Do you have any comments on the Guideline 4.2 ‘Acquisition of Information’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.

In the preceding section of the consultation paper elaborating on EBA’s rationale, it is stated in no. 11 that Guideline 4.2 shall not not define which information financial sector operators need to fulfil in their initial CDD obligations, but rather the conditions that need to be met when financial sector operators use innovative technologies to on-board customers remotely. In view of the initial communication of the European Commission of 24 September 2020 that commissioned EBA to develop the now presented guidelines, the Commission called for greater convergence on the elements related to identification and verification needed for on-boarding purposes. Therefore, obliged entities would appreciate any further and more concrete hints in the information financial sector operators need to obtain in order to fulfil in their initial CDD obligations.

4. Do you have any comments on the Guideline 4.3 ‘Document Authenticity & Integrity’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.

In marginal number 33, the draft Guidelines also hint to PRADO, the EU’s public register of authentic identity and travel documents online. Especially in cross-border and international business situations, obliged entities must often rely on other documents of countries other than those of countries participating in PRADO. We would appreciate if EBA would give more advise on databases of third country identification proof.

5. Do you have any comments on the Guideline 4.4 ‘Authenticity Checks’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.

No comments.

6. Do you have any comments on the Guideline 4.5 ‘Digital Identities’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.

No comments.

7. Do you have any comments on the Guideline 4.6 ‘Reliance on third parties and outsourcing’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.

In the context of section 4.6.1 regarding the reliance on third parties in accordance with Chapter II, Section 4 of AMLD, marginal number 56 does not directly hint to situations that are described in Art. 28 AMLD. According to this, the competent authorities of the home and the host Member State may consider an obliged entity to comply with the provisions adopted pursuant to Articles 26 and 27 through its group programme, when certain conditions are met. In the case of cross-border active financial sector operators or in the case of a group of financial sector operators domiciled in different Member States, such a group programme could also include CDD remote customer onboarding processes and procedure compliant with the presented Guidelines. It is very likely that remote onboarding solutions within a cross-border group of financial sector operators are used in many Member States of establishment; or that a cross-border active financial sector operator uses a remote onboarding solution in several Member States. Therefore, marginal number 56 should be amended with this possibility given that the criteria listed in Art. 28 points (a), (b) and (c) AMLD are met by this/these remote onboarding solution(s). This could lead to a further removement of fragmentation in the Digital Single Market, as envisaged by the European Commission in its communication of 24 September 2020, and would also answer more concretely the Commission’s call on more (supervisory) convergence on the manner and extent to which financial service providers are allowed to rely on CDD measures carried out by third parties, including other financial service providers.

8. Do you have any comments on the Guideline 4.7 ‘ICT and security risk management’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.

No comments.

Name of the organization

Association of Foreign Banks in Germany