The European Banking Authority (EBA) on Monday published revised guidelines for money-laundering and terrorist-financing risk factors, including guidance on related risk assessments and customer due diligence (CDD) for beneficial owners.
The guidelines, which are addressed to both financial institutions and supervisory authorities, separately incorporate sectoral guidance on crowdfunding platforms, corporate finance, payment initiation services providers (PISPs), account information service providers (AISPs) and currency exchange offices, the EBA said. The authority issued the amended guidelines to take into account changes to the EU’s anti-money laundering (AML) and counterterrorism financing (CFT) legal framework, and address new risks identified by the EBA’s implementation reviews.
Under the revisions, financial institutions must identify the beneficial owner of a corporate client, determine that the customer’s ownership structure isn’t unduly complex or opaque, and assess whether true control of the legal entity is in the hands of an individual not named as its owner—inclusions to the amended guidelines that largely echo industry practices.
Such compliance steps, however, cannot solely rely on data included in national beneficial ownership registers, the EBA warned, noting that firms may need to take additional steps to verify customer information, particularly when the risks associated with the business have increased or when they have reasons to doubt that the register’s data is inaccurate.
In some instances, financial firms may cite a company’s senior managers as its beneficial owners, but only when “they have exhausted all possible means of identifying the natural person who ultimately owns or controls the customer” and are satisfied that the customer’s reasons for not naming the ultimate beneficial owner are plausible, the EBA said.
Compliance professionals that use technological solutions for beneficial-ownership identification and verification purposes should assess whether their use of such tools sufficiently addresses, or perhaps exacerbates, their AML/CFT risks, according to the revised guidelines.
In a statement, the authority reiterated that financial institutions are not required to discontinue services for entire categories of customers—a practice known as “de-risking”—and instead should balance the need for financial inclusion with the need to mitigate their individual AML/CFT risks.