The Joint Committee of the three European Supervisory Authorities (EBA, EIOPA and ESMA – ESAs) published today its draft regulatory technical standards (RTS) specifying how credit and financial institutions should manage money laundering and terrorist financing (ML/TF) risks at group level where they have branches or majority-owned subsidiaries based in third countries whose laws do not permit the application of group-wide policies and procedures on anti-money laundering and countering the financing of terrorism (AML/CFT). These RTS are part of the ESAs’ wider work on fostering a common approach to AML/CFT and will contribute to creating a level playing field across the European Union’s financial sector.
Credit and financial institutions have to put in place and maintain AML/CFT policies and procedures to assess and manage effectively the ML/TF risks to which they are exposed. Where they are part of a group, these AML/CFT policies and procedures have to be applied at group-level. This can be challenging where branches or majority-owned subsidiaries are located in a third country, outside of the European Economic Area (EEA), whose law may not permit the application of some or all parts of a group’s AML/CFT policies and procedures.
In such cases, credit and financial institutions must take effective steps to manage the resultant ML/TF risk. These may include:
- obtaining consent from customers to overcome restrictions on the ability to share and process customer data;
- carrying out enhanced reviews to be satisfied that branches and majority-owned subsidiaries in those jurisdictions are able to adequately assess and manage ML/TF risk;
- restricting financial services and products offered by the branch or majority-owned subsidiary in the third country to those presenting a low ML/ TF risk and requiring approval from senior management at group-level of all higher risk business relationships;
- restricting the ability of other entities in the same group to rely on customer due diligence measures carried out by a branch or majority-owned subsidiary in those requiring that the risk profile and due diligence information related to customers of such branches and majority-owned subsidiaries are kept for as long as legally possible under the third country’s legislation, and in any case for at least the duration of the business relationship.
The draft RTS require credit and financial institutions to determine the extent of these measures on a risk-sensitive basis and be able to demonstrate to their competent authorities that the steps taken are commensurate with the ML/ TF risk.
In exceptional cases where, after taking all possible steps, ML/TF risk cannot be mitigated effectively, credit and financial institutions will have to require their branch or majority-owned subsidiary to terminate the business relationship, or not to carry out the occasional transaction, decide to close down some or all of their operations in the third country.
The statement and related information is available here.