Exhaustive list of measures undertaken by financial sector operator in paragraph 46:
Paragraph 46 is a fixed (exhaustive) list of controls which can be used by financial sector operators in case it is appropriate to the ML/TF risk presented by the business relationship. Taking into account the principle of technology neutrality, the list of measures should remain non-exhaustive.
Paragraph 46.a should be extended with the possibility to use the account information service (AIS) which enables the financial sector operator to obtain necessary data from the payment account of the customer (e.g. customer’s name, address).
Outsourcing of CDD – paragraph 58.c – consent of the financial sector operator:
Paragraph 58.c requires the outsourcing provider to obtain consent (agreement) of the financial sector operator to any proposed changes of the remote customer onboarding process or to any modification made to the solution provided by the outsourcing provider. This requirement should be limited only to such changes or modifications which jeopardise proper performance of the outsourcing provider obligations specified in the agreement. It should be noted that many financial sector operators use solutions which are provided in SaaS model and previous consent to any modification in such solution would be simply impossible.