EBA revised AML guidelines – some interesting thoughts on UBO verification solutions

On Monday, 1^st March 2021, the European Banking Authority (EBA) published revised guidelines for money-laundering and terrorist-financing risk factors, including guidance on

1. Related risk assessments and
2. Customer due diligence (CDD) for beneficial owners.

The guidelines, which are addressed to both financial institutions and supervisory authorities, separately incorporate sectoral guidance on

3. Crowdfunding platforms,
4. Corporate finance,
5. Payment initiation services providers (PISPs),
6. Account information service providers (AISPs) and
7. Currency exchange offices,

The authority issued the amended guidelines to consider changes to the EU's anti-money laundering (AML) and counterterrorism financing (CFT) legal framework and address new risks identified by the EBA's implementation reviews.

Under the revisions, financial institutions must:

8. Identify the beneficial owner of a corporate client,
9. Determine that the customer's ownership structure isn't unduly complex or opaque, and
10. Assess whether true control of the legal entity is in the hands of an individual not named as its owner

The inclusions to the amended guidelines that largely echo industry practices.

The EBA warned

11. Firms cannot solely rely on data included in national beneficial ownership registers,
12. Firms may need to take additional steps to verify customer information significantly when the risks associated with the business have increased or when they have reasons to doubt that the register's data is inaccurate.

In some instances, financial firms may cite a company's senior managers as its beneficial owners, but only when

13. "They have exhausted all possible means of identifying the natural person who ultimately owns or controls the customer."
14. And are satisfied that the customer's reasons for not naming the ultimate beneficial owner are plausible, the EBA said.

Compliance professionals that use technological solutions for beneficial-ownership identification and verification purposes should

15. According to the revised guidelines, assess whether their use of such tools sufficiently addresses or perhaps exacerbates their AML/CFT risks.

In a statement, the authority reiterated that financial institutions

16. Are not required to discontinue services for entire categories of customers—a practice known as "de-risking"—
17. Instead, it should balance the need for financial inclusion to mitigate their individual AML/CFT risks.

Read the EBA's Revised Guidelines on ML/TF risk factors here:

• https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/963637/Final%20Report%20on%20Guidelines%20on%20revised%20ML%20TF%20Risk%20Factors.pdf