Risk assessment methodologies:

• AMLA must set out how supervisors will assess and clarify the residual risk profile of each obliged entity and the frequency at which such risk profile must be reviewed.
• The EBA proposes its own methodology for the calculation of residual risk recommending single, standardised and unified data points to use as risk indicators and that quantitative and objective data must be used where possible.
• The EBA adopted a proportionate approach by cutting data collection requirements by 15 per cent following stakeholder feedback and new transitional measures will give both institutions and supervisors time to adjust.
• Importantly, as risks vary and evolve, specific scoring thresholds and weights are not included in the draft RTS. Instead, it would be the role of AMLA to define the specific scoring thresholds and weights for each review cycle and to monitor the effective application of these indicators by supervisors in all Member States.

Customer Due Diligence (CDD):

• AMLA must harmonise customer due diligence requirements by specifying, by means of draft RTS, which information obliged entities must collect to perform standard CDD, simplified due diligence (SDD) and enhanced due diligence (EDD).
• Even more AMLA is required to set out in the draft RTS which reliable and independent sources of information obliged entities may use to verify the identities of relevant natural or legal persons.
• The scale of change introduced by the Anti-Money Laundering Regulation (AMLR) could create vulnerabilities. To mitigate such risk, where possible the EBA decides to build on and align with pre-existing EBA works and standards.

Enforcement and sanctions:

• EBA provides guidelines on classifying breaches by severity and setting criteria for pecuniary sanctions, administrative measures and periodic penalty payments. This ensures consistent and proportionate enforcement across Member States.
• The draft RTS contain specific provisions for natural persons, including senior management and the management body in its supervisory function. Holding individuals accountable for AML/CFT failures is an important deterrent and an essential part of effective enforcement.

Group-wide policies and procedures:

• AMLA must prepare a draft RTS defining the minimum standards for information-sharing within groups, criteria for identifying parent undertakings and conditions for applying group-wide obligations to entities with shared ownership, management or compliance control.

Next steps:

Once adopted by AMLA and endorsed by the European Commission, these instruments will aim to form the backbone of a comprehensive and resilient EU AML/CFT system.

For further details EBA’s press release can be found here