Response to consultation on Guidelines on risk factors and simplified and enhanced customer due diligence
Go back
- page 5 second paragraph : “Neither these guidelines, nor the Directive’s risk-based approach require firms to refuse to enter into, or terminate, business relationships with entire categories of customers that are associated with higher ML/FT risk”
- page 7 third paragraph : “Neither these guidelines, nor the Directive’s risk-based approach require the wholesale exiting of entire categories of customers irrespective of the money laundering or terrorist financing risk associated with individual business relationships or occasional transaction”.
and article 45.5 of the Directive 2015/849 witch states : “…the competent authorities of the home Member State shall exercise additional supervisory actions, including requiring that the group doez not establish or that it terminates business relationships, and does not undertake transactions and, where necessary, requesting the group to close down its operations in the third country.”
Therefore, FBF considers that the two sentences page 5 and 7 shall be amended in accordance with the Directive.
Page 13 Risk assessments : methodology and risk factors
Despite the title of the paragraphe, points 11 to 37 describe essentially risk factors. Point 31 to 37 try to give some tools but are clearly insufficient to help firms to comply with efficiency to the regulation. As a matter of example,
- points 36 and 37 on categorization should give tools and operational contribution to the best way to built categorization and cartography. Firms, mainly smaller one, are looking forward to receiving operational help from the authorities in such a complicated matter.
- For risky entities, it might be provided by firm’s internal procedures that information shall be collected from the respondent itself. What is the right attitude if the respondent refuse to provide some information ?
Points 18 to 21 : customer risk factors’ : the guidelines make no difference between the customer and the customer’s beneficial owners’ risk factors’. However, Annex II and Annex III of the Directive 2015/849 state that risks are linked to the customer and where appropriate specified the situation of the beneficial ownership. Article 15, 16, 17 and 18 of the Directive do not impose to collect the same information on client and on beneficial owner. Information on the latter shall be based on the risk based approach and cannot be compulsory and risk factors listed in the proposed Guidelines cannot be checked and analysed one by one. It must be clearly stated that those risk factors are examples that firms do not need to justify why any of them has not been considered associated with beneficial owner’s. Othewise, firms will have to collect all informations needed to assess all those factors. The Guidelines shall be modulated to differenciate information that shall be collected on customer and on customer’s beneficial owners’.
Point 19 third bullet ( corruption) and point 23 bullet 3 (terrorist activities), 5 (tax and secrecy haven) and 7 ( judicial system) : FBF feels that those information should be made available by the national authorities. Efficiency in AML/CFT matter relies on efficient information.
Point 23 bullet 8 and 9 : how do we articulate those points with FATF black list ?
Point 34: FBF does not agree with the statement “weighting does not lead to a situation where it is impossible for business relationships to be classified as high risk”. Firms do business with many very average account holders that will never be classified as high risk.
Point 42: the guidelines describe average customer due diligence as simplified one. For example:
• “Adjusting the quantity of information obtained for identification, verification or monitoring purposes, such as: verifying identity on the basis of one document only “. This measure is not a simplified due diligence but a normal one.
• “Accepting information obtained from the customer rather than an independent source when verifying the beneficial owner’s identity”: This measure is not a simplified due diligence but a normal one. Besides, it may contradict the 4th AML directive which promote beneficial owners’ register.
Point 51 and chapter 1 in Title III: We feel that about the correspondent relationships, the guidelines do not meet the FBF’ expectation of clarity and raise concerns related to practical implementation requirements.
Point 64: Risk related to new product is only cited without any further explanation. As this is a high concern for firms, in particular product linked with digital and new technologies, FBF suggests that ESAs consider better support to banks to manage that new product’s risk and the risk borne by new actors.
Point 25: It states that when identifying risks associated with their products, services or transactions, firms should consider the risk related to:
b) The complexity of the product, service or transaction. However, article 18.2 of the Directive spotted only “the background and purpose of all complex and unusually large transactions, and all unusual patterns of transactions », ie focus on transaction. We do not see how the complexity of a product or a service, usually given by the entity, can be a factor of risk, despite point 27.
c) “The value or size of the product, service or transaction”. Despite point 28, we do not see the link between the value or the size of a product, a service or a transaction, and the AML/FT risk.
Point 49: FBF agrees on the ESAs position that PEP must also be treated on a risk based approach, and that measures taken “depend on the degree of high risk associated with the business relationship”. But, in no way the customers’ relationship shall be classified in high risk only because the beneficial owner is a PEP. Measures taken by firms to identify customer PEP and beneficial owners’ PEP might not be equivalent. The Directive 2015/849, article 20 is very clear on the fact that the risk base approach is the way to determine the risk. The FBF request the ESAs to modify points 47i, 48i and the mention of beneficial owner in point 49.
The proposed guidelines on correspondent relationships do not meet the FBF’ expectations on clarity and raise concerns related to practical implementation requirements.
Point 76 : It is not clear that all relationships limited to SWIFT RMA may be considered as lower risk and that simplified due diligence will apply to all of them. It seems that the wording “SWIFT RMA plus capability” is limiting the application of simplified due diligence, only in certain circonstances, which is from an operational perspective a very challenging process. A clarification is therefore needed.
Point 77 : The proposes guidelines consider that a correspondent bank shall be informed on supervisory/ regulatory inadequate applications or breaches of AML/CFT obligations which is very intrusive. The FBF considers that only public disciplinary or penal measure shall be disclosed.
Last bullet point is not realistic. Expected functioning of a correspondent account cannot be as precise as knowing the amount of transactions a priori, and might be very difficult even based on an history of the business.
Point 84 : The FBF do not share ESAs opinion that CDD questionnaire provided by international organisations are no help to facilitate Due diligence obligation. Those questionnaires are not imposed by law, but an international practice. However because each bank is requesting a different questionnaire, it is a longlasting job for compliance to populate each of them.
The FBF suggested that in the Guidelines ESAs consider :
- that questionnaire drafted by international organization shall be sufficient for entities located in EEA or equivalent countries and in any case as an element in the process to comply with the term of the Directive in other countries ;
- drafting a common questionnaire that will satisfy entities and authorities.
Point 88: The qualitative assessment of the respondent’s AML/CFT control framework, mainly when it comes to on-site visits is burdersome for correspondant banks and go beyong the current process of mainy firms. Actually, firms are used to check the respondent’s AML policies and procedures, based on documentation and certification given by the respondent bank, but the insertion of “a qualitative assessment” goes far beyong the Directive 2015/849. On-site visits shall be considered as exceptional measure.
The FBF request the ESAs to modulate those obligations.
Chapter 2 : sectoral guidelines for retail banks
Point 102 : how do we evaluate “jurisdictions with higher levels of predicated offences” ? Shall we refer to the list to be published by the Commission as provided by article 9-2 of the Directive 2015/849 ?
Chapter 5 : sectoral guidelines for wealth management
Point 146 is not very clear. How do we evaluate “privacy havens” or “culture of banking secrecy” ?
a) Do you consider that these guidelines are conducive to firms adopting risk-based, proportionate and effective AML/CFT policies and procedures in line with the requirements set out in Directive (EU) 2015/849?
It seems that there is a discrepancy between the two following paragraphs :- page 5 second paragraph : “Neither these guidelines, nor the Directive’s risk-based approach require firms to refuse to enter into, or terminate, business relationships with entire categories of customers that are associated with higher ML/FT risk”
- page 7 third paragraph : “Neither these guidelines, nor the Directive’s risk-based approach require the wholesale exiting of entire categories of customers irrespective of the money laundering or terrorist financing risk associated with individual business relationships or occasional transaction”.
and article 45.5 of the Directive 2015/849 witch states : “…the competent authorities of the home Member State shall exercise additional supervisory actions, including requiring that the group doez not establish or that it terminates business relationships, and does not undertake transactions and, where necessary, requesting the group to close down its operations in the third country.”
Therefore, FBF considers that the two sentences page 5 and 7 shall be amended in accordance with the Directive.
Page 13 Risk assessments : methodology and risk factors
Despite the title of the paragraphe, points 11 to 37 describe essentially risk factors. Point 31 to 37 try to give some tools but are clearly insufficient to help firms to comply with efficiency to the regulation. As a matter of example,
- points 36 and 37 on categorization should give tools and operational contribution to the best way to built categorization and cartography. Firms, mainly smaller one, are looking forward to receiving operational help from the authorities in such a complicated matter.
- For risky entities, it might be provided by firm’s internal procedures that information shall be collected from the respondent itself. What is the right attitude if the respondent refuse to provide some information ?
Points 18 to 21 : customer risk factors’ : the guidelines make no difference between the customer and the customer’s beneficial owners’ risk factors’. However, Annex II and Annex III of the Directive 2015/849 state that risks are linked to the customer and where appropriate specified the situation of the beneficial ownership. Article 15, 16, 17 and 18 of the Directive do not impose to collect the same information on client and on beneficial owner. Information on the latter shall be based on the risk based approach and cannot be compulsory and risk factors listed in the proposed Guidelines cannot be checked and analysed one by one. It must be clearly stated that those risk factors are examples that firms do not need to justify why any of them has not been considered associated with beneficial owner’s. Othewise, firms will have to collect all informations needed to assess all those factors. The Guidelines shall be modulated to differenciate information that shall be collected on customer and on customer’s beneficial owners’.
Point 19 third bullet ( corruption) and point 23 bullet 3 (terrorist activities), 5 (tax and secrecy haven) and 7 ( judicial system) : FBF feels that those information should be made available by the national authorities. Efficiency in AML/CFT matter relies on efficient information.
Point 23 bullet 8 and 9 : how do we articulate those points with FATF black list ?
Point 34: FBF does not agree with the statement “weighting does not lead to a situation where it is impossible for business relationships to be classified as high risk”. Firms do business with many very average account holders that will never be classified as high risk.
Point 42: the guidelines describe average customer due diligence as simplified one. For example:
• “Adjusting the quantity of information obtained for identification, verification or monitoring purposes, such as: verifying identity on the basis of one document only “. This measure is not a simplified due diligence but a normal one.
• “Accepting information obtained from the customer rather than an independent source when verifying the beneficial owner’s identity”: This measure is not a simplified due diligence but a normal one. Besides, it may contradict the 4th AML directive which promote beneficial owners’ register.
Point 51 and chapter 1 in Title III: We feel that about the correspondent relationships, the guidelines do not meet the FBF’ expectation of clarity and raise concerns related to practical implementation requirements.
Point 64: Risk related to new product is only cited without any further explanation. As this is a high concern for firms, in particular product linked with digital and new technologies, FBF suggests that ESAs consider better support to banks to manage that new product’s risk and the risk borne by new actors.
b) Do you consider that these guidelines are conducive to competent authorities effectively monitoring firms’ compliance with applicable AML/CFT requirements in relation to individual risk assessments and the application of both simplified and enhanced customer due diligence measures?
FBF feared that Title II, by giving examples of questions that firms should consider, might lead the supervisor to expect, when controlling an entity, that all questions set out in ESAs guidelines should have been answered. Therefore, we feel that, unless the contrary is clearly stated in the Guidelines, firms will have to consider all questions and will have to keep track of every answers to all questions. This burdensome task does not seem to be adequate in every situations, and FBF feels that each firm should be authorized to evaluate the advisability to answer or not the question.Point 25: It states that when identifying risks associated with their products, services or transactions, firms should consider the risk related to:
b) The complexity of the product, service or transaction. However, article 18.2 of the Directive spotted only “the background and purpose of all complex and unusually large transactions, and all unusual patterns of transactions », ie focus on transaction. We do not see how the complexity of a product or a service, usually given by the entity, can be a factor of risk, despite point 27.
c) “The value or size of the product, service or transaction”. Despite point 28, we do not see the link between the value or the size of a product, a service or a transaction, and the AML/FT risk.
Point 49: FBF agrees on the ESAs position that PEP must also be treated on a risk based approach, and that measures taken “depend on the degree of high risk associated with the business relationship”. But, in no way the customers’ relationship shall be classified in high risk only because the beneficial owner is a PEP. Measures taken by firms to identify customer PEP and beneficial owners’ PEP might not be equivalent. The Directive 2015/849, article 20 is very clear on the fact that the risk base approach is the way to determine the risk. The FBF request the ESAs to modify points 47i, 48i and the mention of beneficial owner in point 49.
c) The guidelines in Title III of this consultation paper are organised by types of business. Respondents to this consultation paper are invited to express their views on whether such an approach gives sufficient clarity on the scope of application of the AMLD to the various entities subject to its requirements or whether it would be preferable to follow a legally-driven classification of the various sectors; for example, for the asset management sector, this would mean referring to entities covered by Directive 2009/65/EC and Directive 2011/61/EU and for the individual portfolio management or investment advice activities, or entities providing other investment services or activities, to entities covered by Directive 2014/65/EU.
Chapter 1 Sectoral guidelines for correspondent banksThe proposed guidelines on correspondent relationships do not meet the FBF’ expectations on clarity and raise concerns related to practical implementation requirements.
Point 76 : It is not clear that all relationships limited to SWIFT RMA may be considered as lower risk and that simplified due diligence will apply to all of them. It seems that the wording “SWIFT RMA plus capability” is limiting the application of simplified due diligence, only in certain circonstances, which is from an operational perspective a very challenging process. A clarification is therefore needed.
Point 77 : The proposes guidelines consider that a correspondent bank shall be informed on supervisory/ regulatory inadequate applications or breaches of AML/CFT obligations which is very intrusive. The FBF considers that only public disciplinary or penal measure shall be disclosed.
Last bullet point is not realistic. Expected functioning of a correspondent account cannot be as precise as knowing the amount of transactions a priori, and might be very difficult even based on an history of the business.
Point 84 : The FBF do not share ESAs opinion that CDD questionnaire provided by international organisations are no help to facilitate Due diligence obligation. Those questionnaires are not imposed by law, but an international practice. However because each bank is requesting a different questionnaire, it is a longlasting job for compliance to populate each of them.
The FBF suggested that in the Guidelines ESAs consider :
- that questionnaire drafted by international organization shall be sufficient for entities located in EEA or equivalent countries and in any case as an element in the process to comply with the term of the Directive in other countries ;
- drafting a common questionnaire that will satisfy entities and authorities.
Point 88: The qualitative assessment of the respondent’s AML/CFT control framework, mainly when it comes to on-site visits is burdersome for correspondant banks and go beyong the current process of mainy firms. Actually, firms are used to check the respondent’s AML policies and procedures, based on documentation and certification given by the respondent bank, but the insertion of “a qualitative assessment” goes far beyong the Directive 2015/849. On-site visits shall be considered as exceptional measure.
The FBF request the ESAs to modulate those obligations.
Chapter 2 : sectoral guidelines for retail banks
Point 102 : how do we evaluate “jurisdictions with higher levels of predicated offences” ? Shall we refer to the list to be published by the Commission as provided by article 9-2 of the Directive 2015/849 ?
Chapter 5 : sectoral guidelines for wealth management
Point 146 is not very clear. How do we evaluate “privacy havens” or “culture of banking secrecy” ?