Yes, this is an important principle. Too much prescription in regulation is unnecessary and expensive. A one size fits all approach is not appropriate; a risk-based approach is. Even then, we find some of the minimum requirements in the Draft RTS to be unduly onerous, as set out below.
AFME agrees that the minimum action in Article 3 is appropriate, except article 3(c), which requires senior management approval for risk assessment and article 3(d), which deals with training.
On article 3(c), group or head office senior management approval for the risk assessment should be necessary only as decided internally on a risk-based approach (which the relevant credit or financial institution should be able to justify to its home State regulator).
On article 3(d), AFME agrees that training of relevant staff members is essential, but would like to note that no amount of training can ensure that staff are able to effectively identify ML/TF risk indicators and this obligation to ensure should therefore be removed and be replaced by reasonable efforts to ensure.
Article 4(1)(a) requires credit and financial institutions to inform the competent authority of their home Member State without delay (i) of the third country concerned, and (ii) how the implementation of the third country law prohibits or restricts the application of adequate ML/TF procedures. AFME does not understand the need for (ii), as the home Member State will be able to ascertain this information itself.
The rest of article 4 we find acceptable, if over-prescriptive, and we would hope and expect that national competent authorities supervise this in a proportionate manner.
Our answer is the same as for article 4, mutatis mutandis.
In relation to the provision in article 6(1)(a) requiring the branch or majority-owned subsidiary to provide relevant information to senior management, AFME believes senior management involvement should only be required where appropriate. It must also be clear that the examples given at article 6(1)(a)(i) and (ii) are only examples and omitting these will not be seen as a breach.
In relation to article 6(1)(b)(ii) we have the same comment on the ability of the home Member State regulator to be able to inform itself of third country laws.
The remaining minimum action and additional measures are appropriate.
In relation to article 7(1)(b), credit and financial institutions should only be required to carry out enhanced reviews in accordance with existing group policy (which they should be prepared to justify to their home State regulator).
In relation to the provision in article 7(1)(d) requiring the branch or majority-owned subsidiary to provide relevant information to senior management, AFME believes senior management involvement should only be required where appropriate. It must also be clear that the examples given at article 7(1)(d)(i), (ii) and (iii) are only examples and omitting these will not be seen as a breach.
In relation to article 8(1)(a)(ii) we have the same comment on the ability of the home Member State regulator to be able to inform itself of third country laws.
The consultation indicates preference for Option 3 because in spite of appearing more complex than Options 1 and 2, it is both risk-based and proportionate and most likely to lead to effective outcomes”.
AFME agrees with Option 3 as preferable to Options 1 or 2. However Option 3 is indeed complex, and some of the actions required are onerous. This is particularly the case for those AFME members who will have operations in the UK after that country ceases to be a member of the EU. We would be happy to work with you to devise a more simple (but not more risky) approach."