29 June 2023

EBA AML/CFT Newsletter

Follow us |

Latest News

EBA publishes EuReCA Factsheet

In January 2022, the EBA launched EuReCA, its central anti-money laundering and countering the financing of terrorism (AML/CFT) database.

The EBA has now published a factsheet that summarises what EuReCA is, who reports into it and how the EBA uses information from EuReCA to foster an effective approach by EU supervisors to tackling financial crime risks in their sector. It also provides some statistics and examples from EuReCA’s first year.

Material_weaknesses_by_sector_lWMZkeLXZGpDiwCTEbITBqGfs80_96895.jpg

EBA Guidelines on the use of Remote Customer Onboarding Solutions enter into force

In March, the EBA published the Guidelines on the use of Remote Customer Onboarding Solutions under Article 13(1) of Directive (EU) 2015/849 in all EU official languages, triggering the compliance notification period and their subsequent entry into force.

The Guidelines set out a common understanding by competent authorities of the steps financial sector operators should take to ensure safe and effective remote customer onboarding practices in line with applicable AML/CFT legislation and the EU’s data protection framework.

The deadline for competent authorities to provide their compliance notification with these Guidelines was 30 May 2023. The EBA published the compliance table on its website.

EBA consults on guidelines for AML/CFT supervisors of CASPs

In March, the EBA launched a consultation on its proposal to amend its Guidelines on risk-based supervision to extend them to AML/CFT supervisors of Crypto-Asset Services Providers (CASPs).

The proposed amendments include guidance on the sources of information competent authorities should consider when assessing money laundering and terrorism financing (ML/TF) risks associated with CASPs. They also highlight the importance of a consistent approach to setting supervisory expectations where multiple competent authorities are responsible for the supervision of the same institutions. Additionally, the amendments emphasise the significance of training to ensure that staff from competent authorities have the technical skills and expertise necessary for the execution of their functions.

The consultation closed on 29 June 2023.

EBA issues Guidelines to tackle de-risking and safeguard access to financial services to vulnerable customers

In March, the EBA issued guidelines amending the ML/TF risk factors guidelines on the effective management of ML/TF risks and access to financial services', following a three -month consultation and a public hearing.

The purpose of the new guidelines is to ensure that customers have access to the financial services they need to fully participate in society and that they are not denied such access on unsubstantiated AML/CFT grounds or without a valid reason. The guidelines set common expectations of effective money ML/TF risk management practices in those situations.

EBA publishes three AML/CFT Q&As

Earlier this year, the EBA published answers to three questions that were submitted through its Q&A process.

Q&A 5100, published in February, clarifies the relationship between the EBA’s guidelines on outsourcing and section 4 of the AMLD on reliance on a third party provider.

Q&A 6048, published in March clarifies the conditions under which Payment Initiation Service Provider (PISPs) should conduct customer due diligence.

Q&A 5818, also published in March, clarifies the conditions under which electronic money institutions and payment services providers having set up establishments in another Member State may be required to appoint a central contact point in that Member State.

EBA publishes report on convergence of supervisory practices

In May, the EBA published and submitted the European Parliament and the Council its annual report to on the degree of convergence between supervisory practices.

The latest Report on supervisory convergence for 2022 highlights the efforts made by prudential supervisors to take ML/TF risks into account when conducting the Supervisory Review and Evaluation Process (SREP) assessment and the synergies developed between AML/CFT and prudential supervisory colleges. The EBA found that prudential supervisors had incorporated AML/CFT into their supervisory priorities in 2022 and followed up on AML/CFT-related concerns.

EBA consults on draft RTS and ITS on supervisory colleges

In May the EBA launched a consultation on the draft regulatory technical standards (RTS) and implementing technical standards (ITS) on the functioning of supervisory colleges amending the RTS and ITS on colleges of supervisors published by the European Commission in January 2016.

Some of the proposed revisions aim to enhance cooperation and information exchange between AML/CFT colleges and prudential supervisory colleges. Notably, under the EBA’s proposals, lead supervisors of AML/CFT colleges would be requested to participate as observers in prudential colleges.

The consultation closes 30 August, and a public hearing took place on 28 June 2023.

EBA proposes to extend the ML/TF Risk Factors Guidelines to CASPs

In May, the EBA initiated a public consultation on amendments to the Guidelines on MLK/TF risk factors. The proposed amendments extend the scope of the Guidelines to include crypto-asset service providers (CASPs) and highlight the ML/TF risks these providers should considered when carrying out risk assessments of their business or customers. The proposed amendments also include the risks that other credit and financial institutions should consider when engaging in a business relationship with a CASP or when they are otherwise exposed to crypto assets.

The proposed amendments were necessary to fulfil the mandates given to the EBA under the recast Transfer of Funds Regulation. The deadline for submission of comments in response to the consultation is 31 August 2023.

EBA assesses ML/TF risk in payment institutions

In June the EBA published the findings from its assessment of the scale and nature of ML/TF risks associated with payment institutions. It considered how payment institutions identify and manage ML/TF risks and what supervisors do to mitigate those risks when considering an application for the authorisation of a payment institution and during the life of a payment institution.

The sector consists of a heterogenous set of institutions of different sizes and business models, each carrying different levels of ML/TF risk. Nevertheless, the EBA’s findings suggest that overall, the sector does not manage ML/TF risk adequately. AML/CFT internal controls in payment institutions are often insufficient to prevent or detect ML/TF.

The EBA’s findings also suggest that not all competent authorities are currently doing enough to supervise the sector effectively. As a result, payment institutions with weak AML/CFT controls can operate in the EU, for example by establishing themselves in Member States where authorisation and AML/CFT supervision processes are less stringent to passport their activities cross-border afterwards.

EBA Annual Report

In June the EBA published its latest Annual Report. The report highlights the EBA’s continued leading work to reduce the risk of financial crime within the EU.

In 2022, this included consolidating the regulatory framework and preparing to deliver ten new mandates under the recast Regulation on the transfer of funds and crypto-assets; launching the central database, EuReCA; continuing in-depth reviews of competent authorities’ approaches to tackling ML/TF risk; building supervisory capacity and fostering cooperation and information exchange in AML/CFT colleges.

Coming up

EBA reports on competent authorities’ approaches to the AML/CFT supervision of banks

The EBA will publish its third report competent authorities’ approaches to the AML/CFT supervision of banks. The report provides a summary of the main findings and recommendations from this third round of reviews.

During this third round of reviews, the EBA assessed twelve competent authorities from nine EU and EEA Member States that are responsible for the AML/CFT supervision of banks in the EU and in the EEA.

EBA Data Protection Impact Assessment

The EBA has been working on a revised version of the Data Protection Impact Assessment (DPIA) on EuReCA.

An update of the summary of the DPIA will be published once the RTS on the AML/CFT central database is approved by the European Commission.

Opinion on ML/TF risks affecting the EU financial sector

The EBA is working on the next Opinion on the ML/TF risks affecting the EU financial sector, which is issued every two years.

As was the case in previous years, the EBA identifies ML/TF risks that cut across all sectors and risks that are specific to each of the 11 sectors within the EBA’s AML/CFT remit. For the first time, this report will include a sectoral risk assessment of crypto asset service providers.

EBA mandates under MiCAR

Europe is about to take a significant step towards regulating the sector of crypto-assets across EU Member States, with the introduction of the Markets in Crypto-assets Regulation (MiCAR). Under MiCAR, the EBA has been given 20 mandates to issue regulatory technical standards (RTS) or guidelines, in particular in relation to issuers of asset-referenced tokens (ARTs). ARTs are a type of crypto-assets which aim to maintain a stable value by referencing another value or right, or a combination thereof, such as one or several official currencies.

While CASPs are brought under the provisions of the 5^th EU Directive on AML/CFT, ART issuers are not. Under MiCAR, the EU legislator will require ART issuers to apply a thorough authorisation process before issuing an ART in the EU.

The EBA will consult on a draft of these instruments.

You are receiving this newsletter because you have previously expressed an interest in the European Banking Authority’s work to lead, coordinate and monitor the EU financial sector’s fight against money-laundering and terrorist financing. | We will be publishing this newsletter four times per year. If you do not wish to receive the newsletter, please ‘unsubscribe’. You can also find more information on the EBA’s AML/CFT page. Subscribe, if this email was forwarded to you. | You can unsubscribe on your profile page.

The European Commission is committed to personal data protection. Any personal data is processed in line with the Regulation (EU) 2018/1725. Please read the privacy statement