Response to consultation on draft RTS on the implementation of group wide AML-CFT policies in third countries
Go back
For example, the following measures could be taken by way of a statistical reporting:
a. Number of PEPs
b. Number of high risk customers
c. Number of suspicious transactions
d. Number of ‘’true hits’’
e. Number of STRs filed
f. Number of blocked accounts
g. Number of blocked transactions
We wouldn’t recommend any further minimum actions under article 4.
As an additional remark, we would like to underline that in certain countries the on-going screening of the employees may be abusive under privacy law whereas the measure can be acceptable during the recruitment process. Therefore it is not certain that constantly monitoring the employees is necessarily admitted. It could eventually be perceived as an intrusive procedure even with the employee consent which in that case has not been given freely.
Question 1: Do you agree with the scope of the draft RTS as described in Article 1?
ALFI agrees with the scope of the draft RTS.Question 2: Do you agree that while minimum action must always be taken, credit and financial institutions can adjust the nature and extent of the remaining additional measures on a risk-sensitive basis?
ALFI agrees with the abovementioned statement, which is in line with the 4th Anti-money laundering directive and the FATF Recommendations.Question 3: Do you agree that the minimum action in Article 3 is appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions you think Article 3 should include? If so, please explain and provide evidence where possible.
ALFI is of the view that the minimum action in Article 3 is appropriate. However it might be useful to suggest that the entity located in the third-country also identifies and perform a gap analysis of the group policies and procedures against the third-country legal requirements and report on the outcome. This may be contained in Article 4 1b). Finally the compliance of third countries with the FATF Recommendations could also be assessed with a review of the latest FATF or regional body-like report concerning the jurisdiction concerned.Question 4: Do you agree that the minimum action and additional measures in Article 4 are appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions or additional measures you think Article 4 should include? If so, please explain and provide evidence where possible.
ALFI doesn’t agree with the minimum action in article 4. Some doubts could indeed be raised concerning the inclusion of such an article in the guidelines. The compliance officers employed by a branch or majority-owned subsidiary in a third country should always be able to perform individual ML-TF risk assessments locally by taking into account the standards of the group policies. These local compliance officers should then be able to report at least metrics of these individual ML-TF risks assessments to their global headquarters.For example, the following measures could be taken by way of a statistical reporting:
a. Number of PEPs
b. Number of high risk customers
c. Number of suspicious transactions
d. Number of ‘’true hits’’
e. Number of STRs filed
f. Number of blocked accounts
g. Number of blocked transactions
We wouldn’t recommend any further minimum actions under article 4.
Question 5: Do you agree: that the minimum action and additional measures in Article 5 are appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions or additional measures you think Article 5 should include? If so, please explain and provide evidence where possible.
ALFI agrees with the minimum actions and additional measures under article 5. We would like to underline that following the consents granted by the customer and the beneficial owner, the branch or majority-owned subsidiary in the third-country could also be in a position to leverage the KYC due diligences performed by another entity of the group located in another jurisdiction, when this entity does already have a business relationship with the same customer.Question 6: Do you agree that the minimum action and additional measures in Article 6 are appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions or additional measures you think Article 6 should include? If so, please explain and provide evidence where possible.
ALFI agrees with the minimum action mentioned in article 6. We would request in addition a monthly reporting in the number of clients and/or beneficial owners who refused to provide their KYC documentation. Finally one could also assess whether the FIU of the third country can share intelligence with foreign FIUS via networks such as FIU.NET (Europol), GoAML (UN Office on Drugs and Crime) or the Egmont Group.Question 7: Do you agree that the minimum action in Article 7 is appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions or additional measures you think Article 7 should include? If so, please explain and provide evidence where possible.
We agree with the minimum action proposed. However we would ask for an AML/CTF risk assessment of the customer to be performed on an annual basis since customers in a third country with limitations of data transfer possibilities cannot reasonably be classified as low risk. It is important to have a risk identification and assessment framework and a proper setup for mitigating the identified risk.Question 8: Are there any other scenarios these RTS should address? In particular, are there any policies and procedures in Article 8 of Directive (EU) 2015/849 where the implementation of a third country’s law might prevent the application of group-wide policies and procedures? Please explain and provide examples where possible.
In our view there are no additional scenarios to address. The consultation is exhaustive.As an additional remark, we would like to underline that in certain countries the on-going screening of the employees may be abusive under privacy law whereas the measure can be acceptable during the recruitment process. Therefore it is not certain that constantly monitoring the employees is necessarily admitted. It could eventually be perceived as an intrusive procedure even with the employee consent which in that case has not been given freely.