The European Banking Authority (EBA) published this month
three regulatory instruments to address de-risking practices based on
evidence gathered in its call for input. The instruments clarify that
compliance with anti-money and countering terrorist financing (AML/CTF)
obligations in EU law does not require financial institutions to refuse,
or terminate, business relationships with entire categories of
customers that they consider to present a higher ML/TF risk. In these
documents the EBA also set out steps that financial institutions and
competent authorities should take to manage risks associated with
individual business relationships in an effective manner.
De-risking refers to decisions taken by financial institutions not to
provide services to customers in certain risk categories. This can
leave customers without access to the financial system. De-risking can
be a legitimate risk management tool in some cases but it can also be a
sign of ineffective ML/TF risk management, with severe consequences.
The EBA referred to particular aspects of de-risking in its previous work, such as in the Opinion
in 2016 to mitigate risks of financial exclusion of asylum seekers in
situations where they were unable to provide the standard Customer Due
Diligence documentation. However, it has become apparent that more
comprehensive action is needed to address unwarranted de-risking, given
its impact on consumers and competition in the single market. In May
2020, the EBA therefore launched a Call for Input
to the wider public so as to better understand the drivers, scale and
the impact of de-risking across the EU. The EBA subsequently assessed
the extensive feedback received and, issued three legal instruments this
month to address this issue.
First, the EBA published its 2021 Opinion on ML/TF risks
in the EU financial sector, in which it observes that de-risking is a
continuing trend that has implications from an ML/TF risk, consumer
protection and financial stability point of view and sets out a number
of actions the competent authorities should take to understand the
drivers, scale and impact of de-risking in their sectors.
Secondly, the EBA issued its revised ML/TF Risk Factors Guidelines,
which clarify that the application of a risk-based approach to AML/CFT
does not require financial institutions to refuse, or terminate,
business relationships with entire categories of customers that are
considered to present higher ML/TF risk. Instead, the Guidelines provide
guidance on the steps financial institutions should take effectively to
manage ML/TF risks associated with individual business relationships.
Finally, the EBA launched a public consultation on changes to its existing Guidelines on risk-based AML/CFT supervision.
The proposed Guidelines require competent authorities to take stock of
the extent of de-risking in their jurisdiction and address de-risking in
their ML/TF risk assessments. The proposed Guidelines also require
competent authorities to pay particular attention to the way financial
institutions manage ML/TF risks and encourage them to engage with their
sectors to ensure that financial institutions have a good understanding
of the regulatory expectations of how ML/TF risks should be managed.
Throughout the remainder of this year, the EBA will continue to
monitor and assess the scale and impact of, as well as the reasons for,
de-risking, and consider the extent to which the current legal and
regulatory framework is sufficient to address the issues associated with
de-risking.
Legal basis
The EBA is carrying out its work on de-risking to fulfil its mandates
to lead, coordinate and monitor the EU financial sector’s fight against
ML/TF, to contribute to the protection of consumers across the EU, and
to bring about supervisory convergence in the implementation of the
competition enhancing objective of PSD2.