CDD measures for higher risk customers
Enhancing risk mitigation in the context of the Payment Accounts Directive
Banking alert | 20 April 2016 | CDD measures for higher risk customers
EBA outlines the application of CDD measures to asylum seekers from higher-risk countries
The level of money laundering and terrorist financing (ML/TF) risk associated with many asylum seekers’ countries and territories of origin and concerns over the reliability and robustness of some asylum seekers’ identity documentation create unique compliance challenges for credit and financial institutions.
Directive 2014/92/EU on Payment Accounts (“PAD”) creates a right for all consumers who are legally resident in the European Union, including asylum seekers, to obtain a basic payment account and protects them from discrimination on the basis of their nationality, place of residence or any ground referred to in Article 21 of the Charter. The PAD provides that the right to open and use a basic payment account applies only to the extent that credit institutions can comply with their AML/CFT obligations.
EBA opinion on verification requirements
The EBA considers that the official identity documents issued to asylum seekers are likely to satisfy the verification requirement in both Article 8 of Directive 2005/60/EC (3rd AMLD) and Article 13 of Directive (EU) 2015/849 (4th AMLD), provided that they are:
- current (i.e. unexpired); and
- issued by an official national or local authority.
Limiting ML/TF risk through monitoring
EU AML/CFT Directives require institutions to adjust the extent of monitoring on a risk-sensitive basis. Monitoring measures that may be particularly relevant include:
- Setting expectations of the customer’s behaviour, to be able to spot unusual transactions and considering what might constitute a suspicious transaction;
- Ensuring asylum seekers’ accounts are reviewed both regularly and after trigger events such as unusual or unexpected transactions;
- Taking steps to ensure that the institution becomes aware of any changes to the Customer Due Diligence (“CDD”) information previously obtained that might affect its assessment of the ML/TF risk associated with the individual business relationship;
- Taking steps to ensure that the institution can identify cases where an asylum seeker no longer resides in the institution’s Member.
Other measures to mitigate ML/TF risk
Examples of limits institutions might impose on a risk-sensitive basis include, for example:
- no provision of credit or overdraft facilities;
- monthly turnover limits;
- limits on the amount of person to person;
- limits on the amount of transactions to and from third countries, in particular where these third countries are associated with higher ML/TF risk; and
- limits on the size of deposits and transfers from unidentified third parties, in particular where this is unexpected; and prohibiting cash withdrawals from third countries.
Enactment of the PAD
From 18 September 2016, where asylum seekers intend to use a payment account with basic features, the PAD will apply. This means that credit institutions will be unable to refuse the opening of the account unless the opening of the account or its subsequent use would result in a breach of national law transposing the applicable AML/CFT Directive.
Article 17(1) of the PAD specifies that credit institutions will be able to limit a basic payment account’s services on a case by case basis where this is necessary to manage the ML/TF risk they have identified.
Where credit institutions decide to refuse or limit the services of a basic payment account for AML/CFT compliance purposes, they should document their reason for doing so and stand prepared to demonstrate to their competent authority that these steps were appropriate and commensurate to the ML/TF risk associated with the individual business relationship.
Policies, procedures and record-keeping
The EBA considers that institutions should be in a position to demonstrate to their supervisor that the AML/CFT measures they take in relation to asylum seekers from higher risk country or territory are adequate if:
- this category of customers is explicitly addressed in the business-wide risk assessment;
- the policies and procedures clearly state which controls staff may consider applying, on a case-by-case and risk-sensitive basis;
- in relation to such customers; and
- any decision to refuse a business relationship or to apply risk -mitigating measures is clearly documented.
How can we help?
We are available to assist, should you wish to have a specific review and report assessing the adequacy of your risk assessment and CDD process. We can also review the current set of monitoring rules you are currently using as part of your transaction monitoring obligations, in order to schedule quarterly assessments and optimisation of the said rules.