ESAs AML/CFT guidelines

Risk factors

On 26 June 2017 the European Supervisory Authorities (EBA, EIOPA and ESMA - hereafter “ESAs”) published their final Guidelines on simplified and enhanced customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (the “Risk Factors Guidelines”).

Article from Regulatory Newsflash of 6 July 2017


The elaboration of these Guidelines was required by the 4th AML Directive (AMLD IV) to support firms with the set-up and implementation of their risk based approach.

The local law implementing AMLD IV in Belgian legislation has been approved by the Council of Ministers of 22 June 2017 and will soon be published in the Belgian Official Journal.

Regulatory Newsflash


AMLD IV (and its local implementation) puts the “Risk Based Approach” at the center of the AML/CFT regime, meaning that ML/FT risks can vary and that therefore firms should take the necessary steps to identify, assess and manage these risks.

The Risk Based Approach should be based on the results of a Business (or Enterprise) Wide Risk Assessment focusing on the products and services the firms offer, the jurisdictions they operate in, the customers they attract and the transaction or delivery channels they use to service their clients.

The result of this assessment, should be used by the firms to define the appropriate level and type of Customer Due Diligence applicable to their individual business relationships and occasional transactions. The Guidelines provide credit and financial institutions with the tools they need, to make informed, risk-based decisions on the effective management of individual business relationships and occasional transactions by providing them with:

  • Guidance on the risk factors they should consider when assessing the ML/TF risk associated with a business relationship or occasional transaction.
  • Guidance on how they can adjust the extent of their customer due diligence measures to mitigate the ML/TF risk they have identified.

The Guidelines provide general guidance applicable to all firms complemented by further sector specific guidance.

They should be implemented by 26 June 2018.

Risk factors to be considered

The Guidelines set out risk factors to be considered by credit and financial institutions within their risk-based approach for the following categories:

  • Customer risk factors, related to professional activity, reputation, nature and behavior.
  • Countries and geographical areas, related to jurisdictions where customers are based, where they have their main places of business and where they have relevant personal links.
  • Products, services and transactions risk factors, related to transparency, complexity and value of the product, service or transactions.
  • Delivery channel risk factors, related to the fact whether there is a face-to-face basis or not and any intermediaries to be used.

The Guidelines provide insight on how credit and financial institutions should perform their ML/TF risk assessment, amongst others by providing clarity about how to weigh risk factors and categorise business relationships and occasional transactions.

Appropriate level of Customer Due Diligence measures

The Guidelines also set out the consequences of the risk assessment regarding the Simplified or Enhanced Customer Due Diligence that should be applied by credit and financial institutions and provide more detailed insights on how these due diligences should be conducted.

Sector specific guidelines

Next to the general guidance applicable to all firms, the Guidelines contain additional sector specific sections for the following sectors:

  • Correspondent banks
  • Retail banks
  • Electronic money issuers
  • Money remitters
  • Wealth management
  • Trade finance providers
  • Life insurance undertakings
  • Investment firms
  • Providers of investment funds

Interested in further information?

To have a better view on how to set up and perform a practical and effective Business/Enterprise Wide Risk Assessment and/or to build a risk based approach tailored to the risk level and appetite of the specific financial institution and in line with the requirements of AMLD IV and the new AML Law, you can always contact our dedicated specialists Caroline Veris, Edwin Somers or Inneke Geyskens-Borgions.

Did you find this useful?