On 31 March 2023, the European Banking Authority (EBA) published Guidelines to tackle ‘unwarranted’ de-risking and ensure that customers have access to the financial services they need to participate in society.
‘De-risking refers to decisions made by credit and financial institutions to refuse to enter into, or to terminate, business relationships with individual customers or categories of customers associated with higher money laundering and terrorist financing (ML/TF) risk.’
To address this issue, the EBA has issued two new sets of Guidelines. These Guidelines will contribute to fostering a common understanding by institutions and AML/CFT supervisors of effective money laundering and terrorist financing risk management practices in situations where access by customers to financial products and services should be safeguarded.
Do not miss the AME Roundtable on financial inclusion and de-risking at the European Parliament on 30 May, 12:30-14:00
1. Amendment to the Customer Due Diligence and Risk Factors Guidelines
In its Opinion on de-risking (January 2022), the EBA found that these practices affect a variety of (potential) customers, including Non-for-Profit Organisations (NPOs), and stressed that unwarranted de-risking may lead to significant negative consequences. In particular, NPOs facing difficulties in accessing financial services may suffer programme delivery delays and, eventually, the end of their programmes. The EBA found that the main drivers of decisions to de-risk on NPOs are related to the links to jurisdictions associated with higher ML/TF risks as well as the complexities in obtaining customer due diligence (CDD) information.
The Annex amending the Guidelines on customer due diligence and risk factors (2021) establishes that, when assessing a NPO profile, financial institutions should ensure a good understanding of the NPO’s governance, financing, activities, areas of operation and beneficiaries. More specifically, the EBA underlines that risk factors should be assessed on a risk-sensitive basis and provides a set of questions that should be taken into consideration and answered during the evaluation process.
2. Guidelines on policies and controls for the effective management of ML/TF risks
The second set delves into the effective management of ML/TF risks by financial institutions when providing access to financial services. Notably, the Guidelines clarify the interaction between the access to financial services and AML/CTF obligations. Furthermore, the document lays down the steps financial institutions should follow when considering refusing or terminating a relationship with a customer based on AML/CFT compliance reasons as well as policies, procedures and controls that credit and financial institutions should carry out to facilitate access to financial services by those categories of customers that the EBA highlighted as vulnerable to unwarranted de-risking.
Among other things, the Guidelines specify that credit and financial institutions should:
Differentiate between the risks associated with a particular category of customers and those associated with individual customers belonging to such category;
Set out the criteria they will use to determine on which grounds they decide that a business relationship may be rejected or terminated;
Specify all options for mitigating ML/TF risks, including adjusting the level and intensity of monitoring, that will be taken in consideration before rejecting a customer on ML/TF risk grounds;
Document any decision to refuse or terminate a business relationship and the reason for doing so. Besides, they shall submit this documentation to competent authorities upon request;
Develop options allowing for a targeted and limited access to products or services, such as the amount, number or type of transaction to and from third countries;
Establish procedures to manage applications from individuals that may have legitimate reason to be unable to provide traditional forms of identity documentation.
Both sets of Guidelines will apply three months after the publication in all EU official languages. Competent authorities will have to report whether they comply with the Guidelines two months after their publication.
Want to know more? Please get in touch by email.