Response to consultation on draft RTS on the implementation of group wide AML-CFT policies in third countries

Go back

Question 1: Do you agree with the scope of the draft RTS as described in Article 1?

EFAMA agrees with the scope as described in Article 1.

Question 2: Do you agree that while minimum action must always be taken, credit and financial institutions can adjust the nature and extent of the remaining additional measures on a risk-sensitive basis?

EFAMA agrees with the concept of a risk-based adjustment of the remaining measures that are additional to those corresponding to the minimum action to be taken. This is in line with the 4th Anti-Money Laundering Directive and the FATF Recommendations.

Question 3: Do you agree that the minimum action in Article 3 is appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions you think Article 3 should include? If so, please explain and provide evidence where possible.

Apart from what foreseen in Article 3 it should be also mentioned that any entity located in a third-country should identify and perform a gap analysis of the group policies and procedures against the third-country legal requirements and report on the outcome. This may be contained under Article 4 1) b.

EFAMA also considers that in some cases the resultant ML/TF risk for the group and its entities may be difficult to be efficiently dealt with, given the lack of national provisions that allow to monitor and encounter such risks. For instance, in relation to minimum sanctions screening measures, certain sanction regimes on criminal activities may not be applicable in a third country in which the entity of a group operates. For this reason, given the fact that different sanction regimes may be applicable to a group, EFAMA thinks that these should not be part of the minimum actions listed in article 3.

Question 4: Do you agree that the minimum action and additional measures in Article 4 are appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions or additional measures you think Article 4 should include? If so, please explain and provide evidence where possible.

The compliance officer employed by a branch or a majority-owned subsidiary in a third country should always be able to perform individual ML/TF risk assessment at the local level on the basis of the global standards of the group’s policies.

EFAMA would propose the following measures by way of statistical reporting on a monthly basis:
a. Number of PEPs
b. Number of high risk customers
c. Number of suspicious transactions
d. Number of STRs filed
e. Number of blocked accounts
f. Number of blocked transactions for ML/TF reasons

No further minimum action is recommended.

Question 5: Do you agree: that the minimum action and additional measures in Article 5 are appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions or additional measures you think Article 5 should include? If so, please explain and provide evidence where possible.

EFAMA agrees with what is proposed in Article 5 on the minimum action and additional measures. Moreover, we consider that in the case of a customer and a beneficial owner that already has business relations with an entity of the same group located in another jurisdiction, the branch or majority-owned subsidiary should be able to leverage the KYC due diligence already performed by the other entity, following the consent of the client and the beneficial owner.

Question 6: Do you agree that the minimum action and additional measures in Article 6 are appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions or additional measures you think Article 6 should include? If so, please explain and provide evidence where possible.

EFAMA would add to the proposed measures a monthly reporting on the number of clients and / or beneficial owners, who refused to provide their KYC documentation.

Question 7: Do you agree that the minimum action in Article 7 is appropriate? If you do not agree, please explain and provide evidence where possible. Are there any other minimum actions or additional measures you think Article 7 should include? If so, please explain and provide evidence where possible.

EFAMA would suggest that in the cases foreseen in Article 7, what should be done is an AML/CTF risk assessment of the customer on an annual basis. Moreover, the parent company’s AML/CTF Risk Assessment should include the scenarios of this assessment.

In the case of customers in a third country with such data transfer limitations, it would be difficult for them to meet the conditions to be classified as Low Risk. In those cases it is important to have a risk identification framework and a proper setup for assessing and mitigating the identified risk.

Question 8: Are there any other scenarios these RTS should address? In particular, are there any policies and procedures in Article 8 of Directive (EU) 2015/849 where the implementation of a third country’s law might prevent the application of group-wide policies and procedures? Please explain and provide examples where possible.

EFAMA considers that the scenarios proposed are exhaustive and there are no further scenarios to be addressed. We would like, however, to raise the point of the on-going screening ‎of the employees, which may be considered in some jurisdictions as abusive under privacy law, even if it is complying with national law during the recruitment process.

Question 9: Do you agree with the impact assessment? In particular, • do you agree that there are relatively few countries where the implementation of the law prevents the application of group-wide policies and procedures? Please provide the names of third countries, if any, and the nature of the impediment you have identified. • do you agree that Option 3, whereby the draft RTS distinguish between different situations where a third country’s law prevents the application of group-wide AML/CFT policies and procedures , is the most proportionate option? If you do not agree, please explain and provide evidence where possible. Please also explain which approach you would prefer, and why.

There are several jurisdictions where the banking secrecy or data protection laws may prevent the application of group wide policies and procedures, such as Singapore, Taiwan, Cayman Islands, Switzerland, Lichtenstein, Curacao, to name a few countries. In Cayman Island it is a criminal offence to transfer data without the consent of the data subject.

We agree with Option 3 being the most appropriate option. By identifying different situations, there is more room to end up with more targeted and therefore more efficient measures.

Name of organisation

European Fund and Asset Management Association (EFAMA)