Response to consultation on effective management of ML/TF risks when providing access to financial services
Go back
We welcome the guidance provided by the EBA and its objectives, in particular the distinction between ML/TF risk associated with an individual customer and those associated with a category of customers, notwithstanding our comments above in relation to the need to include consideration of PF risks. The lack of distinction between individual customer risk and the risk associated with a category of customer has previously led to derisking behaviours which have had a hugely detrimental impact on particularly categories of customers, notably Non-Profit Organisations (NPOs) but also on geographical areas, such as the Caribbean. The emphasis in paragraphs 11 and 12 of the draft guidance on ensuring that institutions have considered all possible mitigating measures before refusing or terminating a business relationship is line with the position taken by FATF that the risk-based approach requires that institutions should seek to manage their ML/TF/PF risks rather than avoid them.
Paragraph 14 requires that credit and financial institutions document the decision to refuse or terminate a business relationship and that this documentation should be available to supervisors. It is important that supervisors are encouraged to consider the extent to which their supervised population has followed this guidance and whether exit decisions are appropriately risk-based. Our research has shown that more effective financial inclusion could be encouraged by including consideration of it within the FATF Mutual Evaluation (ME) process, “By capturing financial inclusion in the measurement of the effectiveness of a country’s anti-financial crime framework, the FATF would cement the ethos that a financial system cannot be fully effective from an anti-financial crime perspective if people face financial exclusion.” Likewise, supervisors could encourage more effective financial inclusion measures if they considered how institutions effected financial inclusion within their policies and procedures as part of their supervisory activities.
Paragraphs 15 and 16 of the guidance refer to the right of access to a payment account with basic features and that the limited functionality of this type of account may mitigate the ML/TF risk. What the guidance does not explicitly state is that institutions should be encouraged to apply Simplified Due Diligence (SDD) for customers where it is assessed that there is a lower ML/TF/PF risk, as per FATF Recommendation 1. SDD is optional but it allows institutions to perform less-resource intensive checks on potential customers. It also allows institutions to apply some flexibility to the requirements for opening an account, for example the type of identity documents needed. This is an approach encouraged by FATF through guidance on using alternate forms of identification and assisting jurisdictions seeking to make their regulations more flexible by providing guidance for situations where SDD could be applied to make services more accessible.
Despite the potential benefits of SDD, our research has shown that there are several barriers to its use including a lack of understanding of ML/TF/PF risks, a lack of support for SDD from supervisors and regulators, and a lack of incentives for the private sector to use it. It would therefore be beneficial for the guidance to provide some additional clarity as to circumstances in which SDD can be used and to use language which proactively encourages credit and financial institutions to apply SDD where appropriate. The EBA’s guidance on the use of flexibility within the regulatory regime when opening accounts for Ukrainian refugees following the Russian invasion of Ukraine in 2022 was a welcome example of where specific guidance on the use of SDD can be hugely beneficial.
We note that paragraph 19, in the section on adjusted monitoring, references some examples of situations where individuals may not have access to traditional forms of identity and recommends the steps that credit and financial institutions should take. This is, in effect, SDD and we would suggest that this section is moved to a new section titled ‘Application of SDD’ (or similar) to make it clear that the application of SDD is an essential part of financial inclusion and managing ML/TF/PF risks.
Many institutions have implemented automated transaction monitoring systems to help them carry out ongoing monitoring of customer accounts. Automated transaction monitoring systems will generate alerts based on pre-defined rules that may be indicate of unusual and/or suspicious behaviour. While automated transaction monitoring systems have many advantages, it is important to note that the underlying rules may be calibrated in a way that may impact disadvantaged customer segments and consequently limit their financial inclusion. It is important, therefore, that a system’s rules and the underlying data are regularly reviewed to ensure that they are free from bias and do not disproportionately impact any groups of disadvantaged customers. For example, a transaction monitoring rule might be calibrated so that transactions associated with or made by customers from a particular disadvantaged group might be subject to excessive scrutiny. This may prevent those customers from being able to fully use their accounts. It is important to note that financial inclusion does not just depend on customers being able to access financial products and services but being able to use those products and services. We, therefore, recommend that the guidance provides further detail on how credit and financial institutions should ensure that their ongoing monitoring procedures do not adversely impact on financial inclusion.
It is also important that, as noted in the section on applying restrictions to services of products, such restrictions may be an important part of managing ML/TF/PF risks and therefore it is important that ongoing monitoring systems are able to identify any unpermitted usage. Ongoing monitoring may also indicate when a basic product or services is no longer meeting the needs of a customer and they may require a more sophisticated product or services (which, in turn, may require a further level of customer due diligence).
Our work has also shown that there are cases where politically motivated attempts are made to freeze or block accounts, typically citing some kind of financial crime investigation. The complaint mechanism might therefore benefit from being expanded to include asset freezes that are seemingly unjustified or where the account holder is given no explanation as to why their access to their account has been blocked.
1. Do you have any comments on the annex that covers NPO customers?
Not applicable2. Do you have any comments on the section ‘Subject matter, scope and definitions’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.
We note that the definitions refer only to Money Laundering (ML) and Terrorist Financing (TF) risk and ML/TF risk factors. In October 2020, the FATF’s Recommendations 1 and 2 were updated to include the requirement for countries and the private sector to identify and mitigate risks related to Proliferation Financing (PF). Given that some of the actions taken by countries and institutions to mitigate the risks of PF may have an impact on financial inclusion, it would therefore seem appropriate that the ‘Subject matter, scope and definitions’ section also includes reference to PF and PF risk factors.3. Do you have any comments on the section titled ‘General requirements’?
The ‘General requirements’ section sets out the overall approach that credit and financial institutions should take to mitigating higher ML/TF risks and the measures that should be considered prior to taking a decision to reject or terminate a business relationship. These include adjusted monitoring and applying restrictions to services or products, explored further in the following sections.We welcome the guidance provided by the EBA and its objectives, in particular the distinction between ML/TF risk associated with an individual customer and those associated with a category of customers, notwithstanding our comments above in relation to the need to include consideration of PF risks. The lack of distinction between individual customer risk and the risk associated with a category of customer has previously led to derisking behaviours which have had a hugely detrimental impact on particularly categories of customers, notably Non-Profit Organisations (NPOs) but also on geographical areas, such as the Caribbean. The emphasis in paragraphs 11 and 12 of the draft guidance on ensuring that institutions have considered all possible mitigating measures before refusing or terminating a business relationship is line with the position taken by FATF that the risk-based approach requires that institutions should seek to manage their ML/TF/PF risks rather than avoid them.
Paragraph 14 requires that credit and financial institutions document the decision to refuse or terminate a business relationship and that this documentation should be available to supervisors. It is important that supervisors are encouraged to consider the extent to which their supervised population has followed this guidance and whether exit decisions are appropriately risk-based. Our research has shown that more effective financial inclusion could be encouraged by including consideration of it within the FATF Mutual Evaluation (ME) process, “By capturing financial inclusion in the measurement of the effectiveness of a country’s anti-financial crime framework, the FATF would cement the ethos that a financial system cannot be fully effective from an anti-financial crime perspective if people face financial exclusion.” Likewise, supervisors could encourage more effective financial inclusion measures if they considered how institutions effected financial inclusion within their policies and procedures as part of their supervisory activities.
Paragraphs 15 and 16 of the guidance refer to the right of access to a payment account with basic features and that the limited functionality of this type of account may mitigate the ML/TF risk. What the guidance does not explicitly state is that institutions should be encouraged to apply Simplified Due Diligence (SDD) for customers where it is assessed that there is a lower ML/TF/PF risk, as per FATF Recommendation 1. SDD is optional but it allows institutions to perform less-resource intensive checks on potential customers. It also allows institutions to apply some flexibility to the requirements for opening an account, for example the type of identity documents needed. This is an approach encouraged by FATF through guidance on using alternate forms of identification and assisting jurisdictions seeking to make their regulations more flexible by providing guidance for situations where SDD could be applied to make services more accessible.
Despite the potential benefits of SDD, our research has shown that there are several barriers to its use including a lack of understanding of ML/TF/PF risks, a lack of support for SDD from supervisors and regulators, and a lack of incentives for the private sector to use it. It would therefore be beneficial for the guidance to provide some additional clarity as to circumstances in which SDD can be used and to use language which proactively encourages credit and financial institutions to apply SDD where appropriate. The EBA’s guidance on the use of flexibility within the regulatory regime when opening accounts for Ukrainian refugees following the Russian invasion of Ukraine in 2022 was a welcome example of where specific guidance on the use of SDD can be hugely beneficial.
We note that paragraph 19, in the section on adjusted monitoring, references some examples of situations where individuals may not have access to traditional forms of identity and recommends the steps that credit and financial institutions should take. This is, in effect, SDD and we would suggest that this section is moved to a new section titled ‘Application of SDD’ (or similar) to make it clear that the application of SDD is an essential part of financial inclusion and managing ML/TF/PF risks.
4. Do you have any comments on the section titled ‘adjusting monitoring’?
As noted above, we suggest that paragraph 19 is moved to a new section on the use of SDD and that this section focuses on the use of monitoring. Ongoing monitoring, whether manual or automated, is particularly important in the context of financial inclusion as it may help to mitigate and manage ML/TF/PF risks associated with customers, particularly where they may have been limited KYC information collected.Many institutions have implemented automated transaction monitoring systems to help them carry out ongoing monitoring of customer accounts. Automated transaction monitoring systems will generate alerts based on pre-defined rules that may be indicate of unusual and/or suspicious behaviour. While automated transaction monitoring systems have many advantages, it is important to note that the underlying rules may be calibrated in a way that may impact disadvantaged customer segments and consequently limit their financial inclusion. It is important, therefore, that a system’s rules and the underlying data are regularly reviewed to ensure that they are free from bias and do not disproportionately impact any groups of disadvantaged customers. For example, a transaction monitoring rule might be calibrated so that transactions associated with or made by customers from a particular disadvantaged group might be subject to excessive scrutiny. This may prevent those customers from being able to fully use their accounts. It is important to note that financial inclusion does not just depend on customers being able to access financial products and services but being able to use those products and services. We, therefore, recommend that the guidance provides further detail on how credit and financial institutions should ensure that their ongoing monitoring procedures do not adversely impact on financial inclusion.
It is also important that, as noted in the section on applying restrictions to services of products, such restrictions may be an important part of managing ML/TF/PF risks and therefore it is important that ongoing monitoring systems are able to identify any unpermitted usage. Ongoing monitoring may also indicate when a basic product or services is no longer meeting the needs of a customer and they may require a more sophisticated product or services (which, in turn, may require a further level of customer due diligence).
5. Do you have any comments on the section titled ‘applying restrictions to services or products’?
As we note above, financial inclusion depends both on access and usage of services and products. There is also a third dimension to financial inclusion, that of quality. Services and products should be useful and affordable. While the restrictions identified by the EBA may be appropriate ways of managing ML/TF/PF risks, it is also important that the restrictions do not, in and of themselves, hinder financial inclusion for example by reducing the utility of a service or product to the extent that it does not provide any benefits to the consumer. The guidance, therefore, should make it clear that restrictions should be proportionate to the ML/TF/PF risk and should not be overly onerous.6. Do you have any comments on the section titled ‘Complaint mechanisms’?
It is essential that a complaint mechanism exists for those that feel that they have been unfairly financially excluded and we welcome the provision in the guidance. We note, however, that many of those that are more vulnerable to financial exclusion may not have the capacity or capability to make a formal complaint. There may, for example, be language or cultural barriers. The EBA should therefore try to ensure that the complaint mechanisms are accessible to all.Our work has also shown that there are cases where politically motivated attempts are made to freeze or block accounts, typically citing some kind of financial crime investigation. The complaint mechanism might therefore benefit from being expanded to include asset freezes that are seemingly unjustified or where the account holder is given no explanation as to why their access to their account has been blocked.
Upload files
RUSI_EBA_Consultation_Derisking.pdf
(922.08 KB)