• These Guidelines are central to the EBA’s work to lead, coordinate and monitor the fight against money laundering and terrorist financing (ML/TF).
• The amendments to the revised Guidelines aim at strengthening the EU’s AML/CFT defences by aligning the requirements with recent changes in the legal framework in the EU, and addressing new ML/TF risks.
• They also support effective and consistent supervision by competent authorities of financial institutions’ risk-based approaches to AML/CFT.

The EBA published today its final revised Guidelines on ML/TF risk factors. The revisions take into account changes to the EU Anti Money Laundering and Counter Terrorism Financing (AML/CFT) legal framework and address new ML/TF risks, including those identified by the EBA’s implementation reviews. In addition to strengthening financial institutions’ risk-based approaches to AML/CFT, the revision supports the development of more effective and consistent supervisory approaches where evidence suggested that divergent approaches continue to exist. The Guidelines are central to the EBA’s work to lead, coordinate and monitor the fight against money laundering and terrorist financing.

The Guidelines are addressed to both financial institutions and supervisory authorities. They set out factors that firms should consider when assessing the ML/TF risk associated with a business relationship or occasional transaction. In addition, they provide guidance on how financial institutions can adjust their customer due diligence measures to mitigate the ML/TF risk they have identified so as to make them more appropriate and proportionate. Finally, they support competent authorities’ AML/CFT supervision efforts when assessing the adequacy of firms’ risk assessments and AML/CFT policies and procedures.

In this revised version, the EBA strengthens the requirements on individual and business-wide risk assessments and customer due diligence (CDD) measures, adding new guidance on the identification of beneficial owners, the use of innovative solutions to identify and verify customers’ identities, and how financial institutions should comply with legal provisions on enhanced customer due diligence related to high-risk third countries. In addition, the EBA included new sectoral guidelines for crowdfunding platforms, corporate finance, account information service providers (AISPs) and payment initiation services providers (PISPs), and firms providing activities of currency exchanges offices. The revised Guidelines also provide more details on terrorist financing risk factors. Together, these changes will be conducive to the implementation by financial institutions of a more effective, risk-based approach to AML/CFT.

The EBA reiterates that there is no requirement for financial institutions to discontinue services to entire categories of customers that they associate with higher ML/TF risk (so-called ‘de-risking’): Instead, financial institutions should balance the need for financial inclusion with the need to mitigate and manage ML/TF risk. The guidelines can help financial institutions to achieve this balance.

The EBA also stresses the need for supervisory authorities and financial institutions to enhance their understanding of tax crimes, as set out last year in the EBA’s Report on competent authorities’ approaches to tackling market integrity risks associated with dividend arbitrage schemes (EBA/REP/2020/15).

Legal Basis, background and next steps

Articles 17 and 18(4) of Directive (EU) 2015/849, mandate the EBA to issue Guidelines addressed to both Competent Authorities and to credit and financial institutions on the risk factors to be considered and the measures to be taken in situations where simplified customer due diligence and enhanced customer due diligence are appropriate.

In June 2017, the three ESAs issued Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risks associated with individual business relationships and occasional transactions (JC 2017 37). Since then, the applicable legislative framework in the EU has changed. On 9 July 2018, Directive (EU) 2018/843 (AMLD5) entered into force and has been applicable from 10 January 2020. Moreover, new risks have emerged and have been identified in the ESAs’ 2019 Joint Opinion. The European Commission’s post mortem report and the EBA’s implementation reviews have highlighted widespread challenges in the operationalisation and supervision of the risk-based approach to AML/CFT. Therefore, a review of the original Risk Factors Guidelines was warranted.

The original risk factors Guidelines will be repealed and replaced with the revised Guidelines.

The Guidelines will be translated into the official EU languages and published on the EBA website. The deadline for competent authorities to report whether they comply with the guidelines will be two months after the publication of the translations. The guidelines will apply three months after publication in all EU official languages.

The EBA’s role and mandate on AML/CFT is explained in a factsheet. The EBA regularly informs its stakeholders on its work and deliverables with a dedicated AML/CFT newsletter; all editions can be accessed via the EBA’s website.