On October 21, the joint committee of the three European Supervisory Authorities (ESAs, comprising the European Banking Authority, the European Securities and Markets Authority, and the European Insurance and Occupational Pensions Authority) opened a public consultation on two sets of anti-money laundering and countering the financing of terrorism (AML-CFT) guidelines. Specifically, the ESAs published a joint consultation paper on risk-based AML-CFT supervision (Supervision CP) and a separate joint consultation paper on the risk factors to be considered when undertaking simplified or enhanced AML-CFT due diligence on customers (Risk Factors CP). Both consultation papers come in the wake of the adoption earlier this year of Directive (EU) 2015/849 of the European Parliament and of the Council of May 20 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (Directive 2015/849), which aligned the European Union’s AML-CFT legislative framework with the Financial Action Task Force’s (FATF) International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation.
The Supervision CP is directed primarily at the competent authorities (CAs) of EU member states, and is intended to set out a framework for each CA to implement a risk-based approach to AML-CFT supervision, including appropriate risk-based allocations of supervisory resources to AML-CTF issues. The ESAs identify a four-step process in risk-based supervision: (1) identification of AML-CFT risk factors; (2) holistically assessing the risk of a given firm or group of firms; (3) allocation of appropriate supervisory resources; and (4) ongoing monitoring and review. The ESAs then make recommendations in the form of guidelines so that CAs follow a common supervisory approach to AML-CFT issues.
The Risk Factors CP complements the Supervisory CP by focusing on the steps to be taken by credit and financial institutions in assessing the AML-CFT risk associated with a particular business relationship or occasional transaction. Directive 2015/849 permits firms to perform its customer due diligence (CDD) functions on a risk-sensitive basis, and apply either “simplified” CDD when the risks are low, or “enhanced” CDD when risks are higher. The ESAs propose two sets of guidelines––a general set applicable to all firms and a set of sector-specific recommendations to firms in particular sectors––in relation to a firm’s determination of the level of CDD to apply to a particular relationship or transaction.