knowledge 13 November 2019 |

Joint Opinion on Money Laundering and Terrorist Financing Risks in the Financial Sector

The Joint Opinion, which was published on 4 October 2019, draws on information provided by the competent authorities of EU Member States (“Competent Authorities”) and from the European Supervisory Authorities’ (“ESAs”) work throughout the year. It groups the money laundering and terrorist financing (“ML/TF”) risks identified into two broad categories: cross-sectoral risks and sector specific risks. This briefing focuses on cross-sectoral risks and the ESAs’ recommendations for future reforms.

Cross-sectoral Risks

Brexit

Brexit is causing a number of firms to relocate from the UK to the EU27.  Some Competent Authorities may not be adequately resourced to supervise these firms and there is also a risk that some relocating UK firms may establish themselves as a “shell company” in the EU27, making adequate supervision more difficult. Moreover, in the case of a “hard Brexit”, Competent Authorities will no longer be able to exchange relevant information to ensure the effective anti-money laundering and counter financing of terrorism (“AML/CFT”) supervision of firms that operate on a cross-border basis.

Firms themselves may also be impacted by Brexit. As the EU’s Fourth Money Laundering Directive 2015/849 (“MLD4”) only sets minimum AML/CFT requirements, a firm’s compliance with its existing AML/CFT requirements may not always be sufficient to meet those applicable in its new home Member State.  Firms will also have to update their AML/CFT policies to account for the UK becoming a third country for MLD4 purposes, particularly in relation to correspondent banking relationships, transfers of funds, third party reliance arrangements and customer risk assessments.

New Technologies

Most Competent Authorities consider that FinTech and RegTech present ML/TF risks and vulnerabilities to which almost all sectors are exposed. These include risks relating to FinTech providers themselves as well as risks arising from firms:

• using new technologies to on-board customers remotely without putting in place proper safeguards; and
• over-relying on outsourcing arrangements with FinTech firms without putting in place proper oversight mechanisms.

The majority of Competent Authorities consider virtual currencies to be among the most important emerging risks present in almost all sectors, including because of the lack of straightforward regulation governing virtual currencies and associated products and services.

Legislative Divergences

The ESAs are particularly concerned about ML/TF risks arising from legislative divergences in the following areas:

• some firms may be forum shopping when determining in which Member State to apply for authorisation as different AML/CFT requirements may apply in different Member States owing to the fact that the MLD4 is a minimum harmonisation measure and must be transposed by Member States into national law;
• for much of the period covered by the Joint Opinion, the respective responsibilities of home and host AML/CFT supervisors were interpreted differently in Member States, meaning that not all firms were supervised and monitored effectively;
• EU rules on authorisations, qualifying holdings, and fitness and propriety rely heavily on national transpositions and interpretations of EU law by national prudential supervisors and the European Central Bank. Consequently, they leave little room for the development of a consistent approach to addressing ML/TF risks effectively in these contexts.

The Joint Opinion also refers to ML/TF risks arising from impediments to cooperation between Competent Authorities; however the ESAs expect that legal changes introduced by the EU’s Fifth Money Laundering Directive 2018/843 (“MLD5”) will provide a clear legal basis for supervisory cooperation.

Divergent Supervisory Practices

National approaches continue to differ significantly between Competent Authorities in different jurisdictions. Various factors may contribute to these differences, including differences in the national transpositions of MLD4, variations in the size and nature of the supervised sector and the level of exposure to ML/TF risk. According to the ESAs, the main differences observed relate to the frequency and intensity of supervisory engagements with firms in different sectors. Most Competent Authorities focus their attention on sectors that they consider to present significant ML/TF risks while neglecting other sectors. While this may be in line with a risk-based approach, not all Competent Authorities have a good understanding of ML/TF risks and some may fail to identify and act upon ML/TF risks to which their sector is exposed. Moreover, the level of resources and AML/CFT supervision is not always commensurate with the level of ML/TF risk and the size of the relevant section.

Weaknesses in Internal Controls

While most Competent Authorities consider policies and procedures implemented by firms to be adequate, the application of these policies is not consistently effective. In this regard, Competent Authorities expressed particular concern about:

• the quality of business-wide ML/TF risk assessments;
• the effectiveness of suspicious transaction reporting; and
• the effectiveness of ongoing policies and procedures, including transaction monitoring.

The most common types of legislative breaches relate to inadequate controls as regards the identification and verification of firms’ customers, weaknesses in the internal controls and overall AML/CFT policies and procedures, and customer risk assessments. Competent Authorities are also concerned about the systems and controls put in place by firms for the identification and verification of beneficial owners, as they consider these to be inadequate.

Terrorist Financing

The ESAs consider that the EU’s financial sector continues to be exposed to terrorist financing risks. This is partially attributable to firms not having access to relevant information that would help them identify TF risks before they crystallise.  In this regard, the ESAs welcome the fact that there are now a small number of initiatives designed to test how law enforcement agencies can provide firms with more specific and meaningful information on specific persons of interest, allowing firms to focus their transaction monitoring on these persons.

De-risking

De-risking is a decision taken by firms to no longer offer services to some categories of customers associated with higher ML/TF risks. However, lack of access to the financial system can drive financial transactions underground and away from effective AML/CFT oversight and controls.

According to the ESAs, the guidelines are clear that the application of a risk-based approach does not require firms to refuse, or terminate, business relationships with entire categories of customers that are considered by firms to present higher ML/TF risk, as the risk associated with individual relationships will vary, even within one category.

Comment and Next Steps

As is clear from the Joint Opinion, the EU is facing a number of ML/TF risks. However, legislative and supervisory divergences appear to be two contributory factors which are common to several of these risks.  This reflects concerns expressed by the European Commission including in a Communication and four reports published in July 2019. Moreover, on 30 September 2019, the Council of the EU published a Presidency Issues Note, on its strategic AML/CFT priorities. In the note the Presidency outlines several issues likely to continue to impede the effectiveness of the European AML/CFT framework, and invites EU ministers to discuss the following:

• What would be the most appropriate scope of further reforms?
• Which AML/CFT aspects would most benefit from further harmonisation through a Regulation?
• Is the creation of a new EU body a valid way forward to ensure adequate supervision?
• How could effective cooperation be ensured between the relevant authorities and bodies involved in AML/CFT?

The outcome from these discussions will be used to inform Council conclusions to be adopted on 5 December 2019.