The European Association of Co-operative Banks (EACB) notes that it might be appropriate for the EBA to clarify whether the guidelines may also be applicable to customer’s beneficial owner(s), authorised representative(s), or potential other third parties.
Secondly, it must be ensured that the glossary of the EBA guidelines and other EU legislation dealing with digitalisation (e.g., eIDAS and the Proposal for a Regulation amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity) are aligned. In particular, the eIDAS proposal does not include the definition of digital identity but rather refers to electronic identification. Similarly, the definition of digital identity issuer should be replaced in favour of a definition for trusted service according to both the eIDAS and the new proposal amending the eIDAS.
We propose that an approval of the respective policy by the management body should not be mandatory. From our perspective, it is sufficient that the Customer Due Diligence (CDD) requirements, as an integral part of an AML manual, are approved by the management body.
Furthermore, in accordance with paragraph 12 “the AML/CFT compliance officer should, as part of their general duty to prepare policies and procedures to comply with the CDD requirements, prepare remote customer onboarding policies and procedures and ensure that those remote customer onboarding policies and procedures are implemented effectively, reviewed regularly and amended where necessary.” While it is clear that all these tasks should be faithfully executed, is it really necessary to determine that the beforementioned tasks are the responsibility of the AML/CFT compliance officer or would it be possible to leave it to the company to decide to which organisation these tasks belong to.