Measures – Sectoral guidelines for retail banks
Measures – Sectoral guidelines for retail banks
EBA has published the final Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on simplified and enhanced customer due diligence. The Risk Factors guidelines give an overview on the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions.
Where banks use automated systems to identify ML/TF risk associated with individual business relationships or occasional transactions and to identify suspicious transactions, they should ensure that these systems are fit for purpose in line with the criteria set out in Title II. The use of automated IT systems should never be considered a substitute for staff vigilance. Enhanced customer due diligence.
Where the risk associated with a business relationship or occasional transaction is increased, banks must apply EDD measures. These may include:
- Verifying the customer’s and the beneficial owner’s identity on the basis of more than one reliable and independent source.
• Identifying, and verifying the identity of, other shareholders who are not the customer’s beneficial owner or any natural persons who have authority to operate an account or give instructions concerning the transfer of funds or the transfer of securities.
- Obtaining more information about the customer and the nature and purpose of the business relationship to build a more complete customer profile, for example by carrying out open source or adverse media searches or commissioning a third party intelligence report. Examples of the type of information banks may seek include:
the nature of the customer’s business or employment;
the source of the customer’s wealth and the source of the customer’s funds that are involved in the business relationship, to be reasonably satisfied that these are legitimate;
the purpose of the transaction, including, where appropriate, the destination of the customer’s funds;
information on any associations the customer might have with other jurisdictions (headquarters, operating facilities, branches, etc.) and the individuals who may influence its operations; or
where the customer is based in another country, why they seek retail banking services outside their home jurisdiction.
- Increasing the frequency of transaction monitoring.
- Reviewing and, where necessary, updating information and documentation held more frequently. Where the risk associated with the relationship is particularly high, banks should review the business relationship annually.
Simplified customer due diligence – Sectoral guidelines for retail banks – Measures – Sectoral guidelines for retail banks
In low-risk situations, and to the extent permitted by national legislation, banks may apply SDD measures, which may include:
- for customers that are subject to a statutory licensing and regulatory regime, verifying identity based on evidence of the customer being subject to that regime, for example through a search of the regulator’s public register;
- verifying the customer’s and, where applicable, the beneficial owner’s identities during the establishment of the business relationship in accordance with Article 14(2) of Directive (EU) 2015/849;
- assuming that a payment drawn on an account in the sole or joint name of the customer at a regulated credit or financial institution in an EEA country satisfies the requirements stipulated by Article 13(1)(a) and (b) of Directive (EU) 2015/849;
- accepting alternative forms of identity that meet the independent and reliable source criterion in Article 13(1)(a) of Directive (EU) 2015/849, such as a letter from a government agency or other reliable public body to the customer, where there are reasonable grounds for the customer not to be able to provide standard evidence of identity and provided that there are no grounds for suspicion;
- updating CDD information only in case of specific trigger events, such as the customer requesting a new or higher risk product, or changes in the customer’s behaviour or transaction profile that suggest that the risk associated with the relationship is no longer low.
Where a bank’s customer opens a ‘pooled account’ in order to administer funds that belong to the customer’s own clients, the bank should apply full CDD measures, including treating the customer’s clients as the beneficial owners of funds held in the pooled account and verifying their identities.
Where there are indications that the risk associated with the business relationship is high, banks must apply EDD measures as appropriate.25
However, to the extent permitted by national legislation, where the risk associated with the business relationship is low and subject to the conditions set out below, a bank may apply SDD measures provided that:
- The customer is a firm that is subject to AML/CFT obligations in an EEA state or a third country with an AML/CFT regime that is not less robust than that required by Directive (EU) 2015/849, and is supervised effectively for compliance with these requirements.
- The customer is not a firm but another obliged entity that is subject to AML/CFT obligations in an EEA state and is supervised effectively for compliance with these requirements.
- The ML/TF risk associated with the business relationship is low, based on the bank’s assessment of its customer’s business, the types of clients the customer’s business serves and the jurisdictions the customer’s business is exposed to, among other considerations;
- the bank is satisfied that the customer applies robust and risk-sensitive CDD measures to its own clients and its clients’ beneficial owners (it may be appropriate for the bank to take risk-sensitive measures to assess the adequacy of its customer’s CDD policies and procedures, for example by liaising directly with the customer); and
- the bank has taken risk-sensitive steps to be satisfied that the customer will provide CDD information and documents on its underlying clients that are the beneficial owners of funds held in the pooled account immediately upon request, for example by including relevant provisions in a contract with the customer or by sample-testing the customer’s ability to provide CDD information upon request.
Where the conditions for the application of SDD to pooled accounts are met, SDD measures may consist of the bank:
- identifying and verifying the identity of the customer, including the customer’s beneficial owners (but not the customer’s underlying clients);
- assessing the purpose and intended nature of the business relationship; and
- conducting ongoing monitoring of the business relationship.
Unsere Praxisseminare Geldwäsche und Fraud – Basisseminar, Geldwäsche und Fraud – Aufbauseminar, Geldwäsche & Fraud – Update und Geldwäsche & Fraud – Forum verschaffen Ihnen einen umfassenden Überblick zu den aktuellen gesetzlichen Neuerungen und unterstützen Sie dabei, Geldwäsche- und Betrugsstrukturen zu erkennen, zu bewerten und rechtzeitig zu verhindern. In den Compliance-Seminaren wie Compliance, Compliance für Vertriebsbeauftragte, Neue Compliance-Funktion gemäß MaRisk oder auch Compliance im Fokus der Bankenaufsicht werden Ihnen die Ausgestaltung der Schnittstellen zwischen Compliance, Datenschutz, IT, Zentrale Stelle und Interner Revision näher gebracht. Auch die Mindestanforderungen zum Aufbau eines Gesamt-IKS werden hier beispielsweise näher erläutert.
Zudem haben Sie die Chance, nach Teilnahme der Seminare die Zertifizierungslehrgänge zum Compliance Officer, zum AML & Fraud Officer oder zum Geldwäsche-Beauftragter zu absolvieren.