Nordic Financial Unions (NFU) fully support the work against money laundering and terrorist financing and recognises the significant role of employees at financial institutions in discovering possible money laundering, given the scope of employees’ daily operations and insights. The regulation created at EU level and implemented at the national level must therefore include an employee perspective.
Clear guidelines can help employees to carry out their work in a good way. The suggested Annex to the Guidelines is a good example of clarity. This work will be carried out by employees, so it is important that employees are provided with training, competence development and time and resources.
Continuous training and competence development for employees is essential both for compliance with legislation, company policies and procedures, as well as to take up the role of ‘watchdog’ that has wider implications for society as a whole.
Training initiatives should be updated continuously in accordance with legal and regulatory changes. Connected to training, it is essential that employees are given enough time and resources to implement the gained knowledge in an appropriate carryout of their tasks.
NFU would also like raise the important and sad reality that finance employees working with AML/CTF are overrepresented when it comes to harassment and violence at work. NFU affiliates report that finance employees are subject of harassments and violence and here employees working with AML/KYC are extra exposed. It is therefore key that regulators consider and include an employee perspective when developing AML legislation. At the same time, companies/employers have the responsibility to protect employees and make sure that they can work in safe and secure way.
Under heading 7 (definitions): the definition of de-risking would be clearer if the sentence:
“… or to refuse to carry out higher ML/TF risk transactions”
Is replaced by:
“… or to refuse to carry out transactions entailing higher ML/TF risks”
Reason: The original text is unclear, regarding whether the word “higher” refers to the transactions or to the ML/TF risks.
A risk-based approach is a good way to handle and assess AML activities. However, and connected to the points raised in point 1, it is important that the “controls and procedures” used to identify the risks are clear and precise for employees to use. Again, any new regulation/guidelines/procedures implemented must come with training and competence development for finance employees, and they must be provided time and resources to carry out these new tasks.
See point 1 and 3. Importance of clarity in new measures must be highlighted. NFU supports clarification from EBA on what steps financial institutions should consider in their policies and procedures when doing risk-based monitoring of their customers. It is important to have focus on risk mitigation and monitoring while ensuring access to financial services to those who are in a more vulnerable position.
Seen from a customer point of view, the monitoring measures doubtlessly seem very cumbersome. It will require extra focus by the employees and resources to provide adequate help and advice to the customers.
Specifically in relation to these supplementary restriction measures, it is important also to focus on the need for clear customer guidance and advice.
For many of the customers it could be unexpected or even surprising not to be able to perform the usual banking transactions they may have been used to, such as credit or overdraft facility. This requires structured and clear guidelines.
NFU welcome that vulnerable people are granted access to financial services and that the rules and procedures on AML/CTF are adopted. It is key that also vulnerable people can get access to at least basic financial services such as payment accounts. Further, it is important that limitations to services and products to the more vulnerable customers is done on an individual basis with a risk-based approach. The criteria for making assessments regarding this type of limitation of services need to be clear and proportionate. It is however important that the assessments are in line with clear measures and that the data handling is in line with GDPR.
Member states already have comprehensive, obligatory rules for financial institutions on complaints handling, including the duty to give customers advice on filing complaints.
Normally, a precondition for sending a complaint to a national Complaints Board or Authority is that the customer has made an unsuccessful complaint directly to the financial institution in question. As a part of good conduct in such cases, the financial institution shall clearly inform the customer about the possibility to file a complaint to the relevant national Authority or Complaints Board, including relevant contact details.
This should be reflected in the section, rather than suggesting a seemingly new procedure for specific cases encompassed by these guidelines.