Response to consultation on draft Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on customer due diligence and ML/TF risk factors

Go back

Question 1: Do you have any comments with the proposed changes to the Definitions section of the Guidelines?

Question 1: Changes to Definitions Section
Efficient Frontiers International Limited welcomes the clarification provided in relation to both the risk assessment process and the amendments made to align the wording to the changes made by the 5th Anti-Money Laundering Directive (“5AMLD”).

In our experience, firms will reflect the terminology used in AML/CFT guidance published by AML Supervisors in their own AML/CFT policies and procedures. It is therefore important, in seeking to bolster a firm’s application of measures described in those documents, that key terms are defined and the intended use of certain terminology is made clear.

1.1 Definition of Risk Appetite – (j)
We note that the amendments made in Guideline 15 include reference to the EBA’s Guidelines in Internal Governance [ https://eba.europa.eu/sites/default/documents/files/documents/10180/2164689/531e7d72-d8ff-4a24-a69a-c7884fa3e476/Guidelines%20on%20Internal%20Governance%20(EBA-GL-2017-11)_EN.pdf] . This document includes a slightly different definition of risk appetite:

Risk appetite means the aggregate level and types of risk an institution is willing to assume within its risk capacity, in line with its business model, to achieve its strategic objectives.

In order to move towards greater consistency across EBA-issued guidance, the EBA may wish to consider updating the proposed definition with the above wording. We believe that this recommendation is in line with Recommendation 10 of the Expert Group on Regulatory Obstacles to Financial Innovation (ROFIEG): 30 Recommendations on Regulation, Innovation and Finance - Final Report to the European Commission - December 2019, in working towards the use of common terminology usage. [https://ec.europa.eu/info/files/191113-report-expert-group-regulatory-obstacles-financial-innovation_en ]

1.2 Definition of Outsourcing

The term “outsourcing” is referred to in the Guidelines 2.21 and 4.34. The term itself, however, is not explained in the definition section. The term “outsourcing” is defined in the EBA Guidelines on outsourcing arrangements [https://eba.europa.eu/sites/default/documents/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf?retry=1] as follows:

Outsourcing: Means an arrangement of any form between an obliged entity and a service provider by which that service provider performs a process, a service or an activity that would otherwise be undertaken by the obliged entity itself.

In order to move towards greater consistency across EBA-issued guidance, the EBA may wish to consider updating the proposed definition with the above wording. We believe that this recommendation is in line with Recommendation 10 of the Expert Group on Regulatory Obstacles to Financial Innovation (ROFIEG): 30 Recommendations on Regulation, Innovation and Finance - Final Report to the European Commission - December 2019, in working towards the use of common terminology usage. [See above for URL]

1.3 Definition of Senior Managing Official

We welcome the clarification provided in Guideline 4.20 concerning the beneficial ownership requirement of Article 13(a)(ii) in the 5AMLD.

In our experience, in the absence of a definition or indicative guidance as to what constitutes a “senior managing official”, firms have interpreted this term in very different ways. Some, for example, will use terms more commonly used such as “principals” or “officers”. We have also seen some confusion in relation to the meaning of this term, when compared to the definition of “senior management” in Article 3(12) of the 4th Anti Money Laundering Directive (“4AMLD”):

‘senior management’ means an officer or employee with sufficient knowledge of the institution's money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting its risk exposure, and need not, in all cases, be a member of the board of directors;

A sample of existing EU Member State regulations and supporting instruments illustrates the different ways in which this term is defined:
• Example 1: Ireland Regulation 2 of Statutory Instrument 110/2019 defines a “senior managing official” as including a director and a chief executive officer. https://rbo.gov.ie/faqs/defining-who-is-a-beneficial-owner/what-is-a-senior-managing-official-smo.html
• Example 2: Luxembourg Circular 19/02 Senior managing official for non-profit associations: The entire board; not limited to the president of the board or members of an executive committee.
• Example 3: Netherlands Decree - Senior management officials … are the directors (statutory board members) of an entity, or, in the case of a limited partnership, the general partner(s).

It is recognised that it may not be practicable to formulate a definition for this term. There may be unintended consequences that occur where a definition would differ from the current procedures established by firms. We therefore propose an alternative solution, as explained in our response to Guideline 4.20.

1.4 Terminology – Country, Jurisdiction, Geography
The proposed amendments provide welcome clarification concerning the required measures under Article 9 in relation to high risk third countries (“HRTCs”). The term “country”, however, is used interchangeably with jurisdiction, along with reference to “geographies”. Use is also made of the term “third country”, which is used in both the 4AMLD and 5AMLD.

To reduce the unintended consequence of misinterpretation whereby the use of the term “country” in sections other than [third country section] is misunderstood to be referred to HRTC, the EBA may wish to consider one of two ways in which to address this:

1. Include a definition for “high risk third countries” and adopt the clarification note used in the glossary of the FATF Recommendations:

“Country”: All references in the [Risk Factor Guidelines] to country or countries apply equally to territories or jurisdictions.

“third country”: A country outside the European Union and European Economic Area.

2. Restrict use of the term “country” to those Guidelines that reference third counties and HRTC and for all other guidelines use “jurisdiction” and “geographies” (as applicable).

We also believe that this recommendation is in line with Recommendation 10 of the Expert Group on Regulatory Obstacles to Financial Innovation (ROFIEG): 30 Recommendations on Regulation, Innovation and Finance - Final Report to the European Commission - December 2019, in working towards the use of common terminology usage.[See above for URL]

1.5 Terminology – “Can” versus “Should”

In our experience, we have seen variations in how financial institutions interpret and apply AML/CFT requirements where terminology such as “can” or “should” is used. This can sometimes occur when AML supervisors have a different understanding as to whether these terms used when describing whether AML/CFT measures are mandatory or offered as a suggestion.

The risk of misinterpretation or variation in approaches by Member States in applying the measures in this Guidance, could be mitigated if the meaning of the terms “can” and “should” be clarified. The EBA may wish to consider adopting the clarification note used in the glossary of the FATF Recommendations:

“should”: For the purposes of assessing compliance with the [Risk Factor Guidelines], the word should has the same meaning as must.

We believe this clarification will also align to the Recommendation 10 of the Expert Group on Regulatory Obstacles to Financial Innovation (ROFIEG): 30 Recommendations on Regulation, Innovation and Finance - Final Report to the European Commission - December 2019. [See above for URL]

Question 2: Do you have any comments on the proposed amendments to Guideline 1 on risk assessment?

2.1 Guideline 1.5 – Reference to EBA Guidelines on Internal Governance

We welcome the amendments proposed that clarify the general considerations for conducting a business-wise risk assessment.

The Governance Guidelines [https://eba.europa.eu/sites/default/documents/files/documents/10180/2164689/531e7d72-d8ff-4a24-a69a-c7884fa3e476/Guidelines%20on%20Internal%20Governance%20(EBA-GL-2017-11)_EN.pdf] referred to here cover a broad range of activities, some of which may fall outside of the scope of consideration intended, for the purposes of understanding the financial crime risks to which a firm may be exposed.

For ease of reference and to assist firms to identify the relevant guidance, the EBA may wish to consider amending the wording of Guideline 1.5 to include specific reference to the applicable section. Based on our review, we understand that Guideline 6.3 - Complex structures and non-standard or non-transparent activities – to be the relevant section. Due to the depth of detail included in 6.3, the EBA may also wish to consider amending the wording of Guideline 1.5 to indicate the subject covered by Guideline 6.3, with words to the effect of:

1.5 Firms that are credit institutions and investment firms should also refer to Guideline 6.3 of the EBA’s internal governance guidelines in relation to its own business structure and the risk that any entity forming a part of that structure could be used for a purpose connected with money laundering or other financial crimes.

Note: This wording is taken directly from paragraph 75 of the Governance Guidelines, which includes a cross reference back to the Risk Factor Guidelines.

2.2 Guidelines 1.21 and 1.22 - Individual Risk Assessments

We welcome the clarification added to the Guidelines about what is expected in the undertaking of an individual risk assessment. In the spirit of reducing duplication or re-description, the EBA may wish to consider whether, when read alongside Guideline 2.3, these two guidelines are necessary. The concepts described in 1.21 and 1.22 are fully captured in the subsequent Guidelines that follow it.

In the alternative, if it is intended that these two guidelines are to serve as an introduction, the EBA may wish to combine the two and amend them with words to the effect of:

Firms should undertake individual risk assessments prior to entering a business relationship or carrying out an occasional transaction, taking account of the possible inherent risks concerning the nature of the customer, the countries or geographical areas to which they are exposed, the particular products and services the customer requires and the channels the firm uses to deliver these products, services and transactions.

We suggest replacing “operate” with “to which they are exposed” to capture both the idea of “involving” HRTCs and third country institutions, as used in Guideline 4.46(c) and capture risks associated with jurisdictions who may experience higher level of risks such as political instability or bribery and corruption. Please note our recommendations on “Definitions”, concerning the use of the term “country” versus “jurisdiction”.

2.3 Guidance 1.30 & 1.31 – Sources of information

We welcome the clarification provided concerning supervisors’ expectations as to the sources of information to which they expect firms to refer in developing the methodology and weighting of their business-wise risk and individual risk assessments.

In our experience, the firms with whom we work incorporate these sources, in their existing assessment methodologies. In relation to 1.30(f), the EBA may wish to consider re-characterising this requirement by replacing the existing text with words to the effect of:

(f) data related to the firm’s existing customer population, transactional activity and trends.

The use of “data” more accurately reflects the way in which firms are increasingly characterising the information they hold in relation to their customers and their activities.

The EBA may also wish to considering moving the reference to FATF typology reports concerning terrorism in Guideline 2.8, so that it is included as a factor incorporated into the methodologies of both business-wide and individual risk assessments.

2.4 Guideline 1.28 – Ongoing customer due diligence

We suggest that this Guideline should be moved and incorporated into Guideline 4. The current wording does seem to assist in clarifying the measures that should be taken by firms in relation to ongoing customer due diligence. In our experience, firms incorporate data both from onboarding, and throughout the relationship with a customer, including transaction monitoring, as part of their ongoing customer due diligence activities.

Please see our recommendations in relation Guideline 4 that follow.

Question 3: Do you have any comments on the proposed amendments to Guideline 2 on identifying ML/TF risk factors?

3.1 Guideline 2.7 Customer Risk Factors – Terrorism

We welcome the inclusion of risk factors related to terrorism financing.

In our experience, firms are mindful of including the risk of terrorism financing in their business-wise and individual assessment methodologies. There is a risk, however, in listing these risks separate from the other categories of risk factors (jurisdiction, customer, product and service, channels of delivery) may have the unintended consequence of firms interpreting this as requiring them to assess these risks separate and apart from other customer risk factors.

This may compromise the effectiveness of the holistic approach advocated in Guideline 3.2, despite the intention of the guidance provided in the introductory paragraph of Guideline 2.7. There is also a risk that the wording of this paragraph could be misinterpreted to mean that terrorist financing risk should only be looked into where other high-risk indicators have been identified.

Presented in its format, Guideline 2.7 may have the unintended consequence of obliged entities and Member State supervisory interpreting this to mean that firms must demonstrate, separate and apart from other customer risk factors, that the TF risk factors were assessed for each customer. We are uncertain whether it is intended to capture the finding made by the UN, Interpol and Europol concerning the ‘increased convergence’ between organised crime and terrorism and between criminal and terror groups.

As a possible alternative, the EBA may wish to consider distributing these risk factors within the risk factors described in preceding Guidelines as follows:

- Guidelines 2.7(b) and (d) be moved to Guideline 2.4 -Business or profession.
- Guideline 2.7(a) be moved to Guideline 2.5 – Reputation
- Guidelines 2.7(c), (e) and (f) be moved to Guideline 2.6 - Nature and behaviour

The footnote to Risk factor 2.7(a) also makes reference to not only individuals named on a sanctions list, are they known to have close personal or professional links to persons registered on such lists (for example, because they are in a relationship or otherwise live with such a person)?

There is a risk that this could be misinterpreted by some firms such that they investigate in all cases whether a potential customer had a close personal or professional link to a person designated and named on a “sanction list”, regardless of the level of possible TF risk present, to evidence to their AML supervisor there was no information available such that they should have “known” of such a link. A similar challenge has been encountered by some firms in relation to “known” associates of PEPs.

In our experience, there are two main sources through which to verify the links described in Guideline 2.7(a):

(a) Published sanction lists which cross reference data to link professional or personal connections between different named sanction targets. This can include, secondary lists, for example, the UN narrative summaries of reasons for listings [https://www.un.org/securitycouncil/sanctions/2127/sanctions-list-materials/summaries]

(b) Open source information, accessed via internet searches or via a third-party screening tool or data aggregation provider

To reduce the risk of compromise to the risk-based approach while also ensuring that the criteria under (a) is effectively considered, the EBA may wish to consider incorporating an additional paragraph with words to the effect of:

"For the purpose of deciding whether a person is known to have personal or professional links, the firm need only have regard to any information which is in its possession, or which is publicly known. Having to obtain knowledge of such a relationship does not presuppose an active research by the firm in the absence of other [terrorist financing] risk indicators."

In the alternative, the EBA may wish to consider the criteria described in the OECD Handbook [https://www.oecd.org/tax/crime/money-laundering-and-terrorist-financing-awareness-handbook-for-tax-examiners-and-tax-auditors.pdf] which describes at pp. 70-79 risk indicators related to terrorist financing, which may be detected during tax audit activities.

Guideline 2.9 Countries and Geographical Areas Risk – Risk factors
In our view, it is important that the guidance provided in the Risk Factor Guidelines clearly explain duties and are alive to the importance in how certain terms are used in relation to tax obligations.

Guideline 2.9(a) makes reference to jurisdictions in which a customer or beneficial owner(s) is “based or is resident”.

One area of the EFI’s expertise is tax compliance. In in our experience, KYC collected for tax compliance purposes, is based upon the tax residence of a beneficial owner and/or controlling person. Because there is greater emphasis through the amendments made by the 5AMLD on the detection of tax evasion and, in particular, Article 14(5) which now requires that firms incorporate a review “trigger” linked to compliance with certain tax requirements, it is unclear whether the term “resident” in this Guideline is intended to include the tax residence of a customer or beneficial owner.

Equally, the amendment in Guideline 2.9(c), which refers to “financial or legal interests” could also include the tax residence of a customer or beneficial owner.

The EBA will need to consider how it will incorporate reference to tax residency throughout these guidelines and to distinguish those instances where its requirements are only intended to refer to, for example, the location where a person may live or where a company may operate.

3.2 Guideline 2.9(c) – Countries and Geographical Areas Risk - Sources

We welcome the clarification sought to be made concerning the sources of customer information based upon which country and geographical risk factors might be identified.

We note the addition of 2.9(c) the jurisdictions to which the customer and beneficial owner have relevant personal or business links, or financial or legal interests.

A review of the overall Guidelines shows that the term “relevant” is most often used to reference more generally detailed instruments such as regulations, contracts and in instances where it can clearly be discerned what is required.

The use of the term “relevant” in this instance, will require that firms exercise their judgment, when operationalising this requirement into their onboarding process, to decide (a) what information would evidence a personal or business link and (b) when that information is relevant in assessing the AML/CFT risks associated with a customer.

In our experience, there is a risk that both firms and national AML/CFT supervisors will take differing approaches in their understanding as to what this requirement will mean in practice. Again, in our experience, some firms may resort to assessing this factor on a case by case basis, which can lead to very different outcomes and inconsistent KYC outcomes across common populations of customers.

If this requirement is intended to be applied on a risk-basis by firms, allowing them the discretion to determine which these links are relevant, the EBA may wish to consider stating this in 2.9(c). This will also mitigate the risk of supervisory divergence in their assessment of firm’s compliance with this requirement, preventing a rules-based approach towards its application in practice.

Alternatively, and for consistency with other terminology used for such risk factors as politically exposed persons (“PEPs”), we recommend that the more optimal approach would be to amend Guideline 2.9(c) as follows:

(c) the jurisdictions to which the customer and beneficial owner have known personal or business links, or financial or legal interests.

We see also this alternative proposal as being aligned to Recommendation 10 of the Expert’s Report noted earlier in our response. [See URL in Response to Definitions]

3.3 Guideline 2.10 (a) and (c) - country and geographical risk factors

We welcome the clarification sought to be made concerning the link been the nature and purpose of a customer’s business and individual country and geographical risk factors.

In our experience, financial institutions will endeavour to incorporate the wording used to describe links such as these into their operational procedures, in relation to both the information sought from and about customers during onboarding, and as part of monitoring and screening of those customers throughout the lifetime of the business relationship.

Based on that experience, we see there is a risk that firms may interpret the factors described in points 2.10(a) – “Where funds used in the business relationship have been generated from abroad, the level of predicate offences to money laundering and the effectiveness of a country’s legal system” – and 2.10(c) – “adequacy of the country’s AML/CFT regime and the effectiveness of AML/CFT supervision”.

In some parts of the overall Guidelines, reference is made to its requirements applying in relation to “third countries”, however, Guideline 2.10 does not limit consideration to these jurisdictions, alone.

The European Commission’s revised methodology for identifying HRTCs [https://ec.europa.eu/info/sites/info/files/business_economy_euro/banking_and_finance/documents/200507-anti-money-laundering-terrorism-financing-action-plan-methodology_en.pdf], captures the criteria described in 2.10(a) and 2.10(c) above.

The current wording of 2.10 may therefore create the unintended consequence of firms interpreting this as requiring that they also undertake an independent assessment of these factors. Here, there is a risk that firms may arrive at different conclusions from those of the European Commission and treat customers with links to additional jurisdictions as high risk.

The EBA may therefore wish to consider two possible clarifications:
1. Amend the wording of the main paragraph to specify that this risk factor is to be considered in relation to third countries and, in particular, HRTCs and not Member States
2. Update the wording of 2.10(a) and 2.10(c) to align with the risks for which the enhanced due diligence provisions appear intended to mitigate:

• Whether the customer is financed via sources originating in HRTCs
• Whether the customer’s products/services are distributed or sold in HRTCs

3.4 Guideline 2.10(d) – Countries and Geographical Areas Risk - Trusts or other Legal Arrangements

Obliged entities are asked to take account of “extent to which the country in which the customer and, where applicable, the beneficial owner are registered effectively complies with international tax transparency and information sharing standards”.

We think that Guideline 2.10(d) should be amended to clarify that the term “registered” refers to the tax residency of the customer and, where relevant, the ultimate beneficial owner(s) of that arrangement. The OECD Rules in relation to the Common Reporting Standard (CRS) [https://www.oecd.org/tax/automatic-exchange/crs-implementation-and-assistance/tax-residency/], governing tax residence also note that for tax purposes, there might be situations where a person qualifies as a tax resident under the tax residence rules of more than one jurisdiction, and therefore is a tax resident in more than one jurisdiction.

It is also important when describing this risk factor to remember that the OECD Rules [See URL above] in relation to the CRS requires financial institutions to ensure that Account Holders (or Controlling Persons) disclose all tax residences in the required self-certification. The mere right to reside in a given jurisdiction (on permanent or temporary basis) or the fact of holding citizenship of a given jurisdiction does not automatically mean that a person is considered a tax resident in that jurisdiction or that, upon obtaining residency or citizenship, the tax residency is extinguished in the former jurisdiction(s) of tax residence.

In our experience, it is possible for a customer or a beneficial owner to be registered in one jurisdiction considered to “comply” with the international tax transparency and information sharing standards and registered in another jurisdiction which is not considered to provide the same level of “compliance”.

Guideline 2.10(d) – Countries and Geographical Areas Risk - Customers who are Trusts or other Legal Arrangements

Obliged entities are asked to take account of “extent to which the country in which the customer and, where applicable, the beneficial owner is registered effectively complies with international tax transparency and information sharing standards”.

We are of the view that there are two areas which require clarification:
1. Use of the term “registered”; and
2. The phrase “effectively complies with international tax transparency and information sharing standards”.

1. We have commented on the terminology used in Guideline 2.9 in relation to use of the term “resident” and whether this is intended to include the tax residency of a customer or beneficial owner. It is also unclear whether the term “registered” is intended to include the tax residency of a customer or beneficial owner.

In our view, for clarity, wherever the Guidelines refer to international tax transparency and information sharing standards, the terms “registered” and “resident/ residency” should be interpreted as including tax residency of a customer or beneficial owner.

In our view, because there is greater emphasis through the amendments made by the 5AMLD on the detection of tax evasion and, in particular, Article 14(5) which now requires that firms incorporate a review “trigger” linked to compliance with certain tax requirements, for AML purposes tax residency should be a factor taken account of as part of individual risk assessments. In doing so, the wording in Guideline 2.10(d) would need to be amended to refer to “countries” [please refer to our recommendation in the Definitions section concerning the use of this term more generally].

The OECD Rules in relation to the Common Reporting Standard (CRS) [See URL above], governing tax residence also note that for tax purposes, there might be situations where a person qualifies as a tax resident under the tax residence rules of more than one jurisdiction, and therefore is a tax resident in more than one jurisdiction.
It is also important, when describing this risk factor to remember that the OECD Rules in relation to the CRS [See URL above], financial institutions must ensure that Account Holders (or Controlling Persons) disclose all tax residences in the required self-certification. For the purposes of the CRS, the Account Holder (or Controlling Person) must disclose all its tax residences in the required self-certification…the mere right to reside in a given jurisdiction (on permanent or temporary basis) or the fact of holding citizenship of a given jurisdiction does not automatically mean that a person is considered a tax resident in that jurisdiction or that, upon obtaining residency or citizenship, the tax residency is extinguished in the former jurisdiction(s) of tax residence.

In our experience, it is possible for a customer or the beneficial owners of an account to be registered in one jurisdiction considered to “comply” with the international tax transparency and information sharing standards, while also be registered in another which is not considered to provide the same level of “compliance”.

We would recommend that to reduce the risk of a customer or beneficial owner, with more than one tax residency, being rated high risk solely on the basis of having multiple tax residencies, Guideline 2.10(d) be amended to explain how this indicator might be dealt with in these circumstances.

We elaborate on this recommendation, with examples, at the end of point 2 which follows.

2. Guideline 2.10(d) makes reference to the country of registration that “effectively complies with international tax transparency and information sharing standards”.
We welcome the intention to incorporate consideration of tax compliance standards. In our experience, however, in order for this addition to be operationally effective, further information and clarification about those standards, is needed.

It is important to note that inclusion in the OECD list of participating jurisdictions [https://www.oecd.org/tax/automatic-exchange/crs-implementation-and-assistance/crs-by-jurisdiction/crs-by-jurisdiction-2020.htm] simply indicates the point from which implementation and reporting will commence. Whilst this identifies a jurisdiction’s commitment to comply it does not measure the effectiveness of that jurisdiction’s implementation and compliance. Reports are published on the status of the exchange of information between jurisdictions who have committed to implementation of the CRS.

Whilst the Global Forum commenced initial peer reviews in 2015, these only concentrated on specific areas of compliance with the CRS. Peer reviews of the overall effective implementation of these standards are only due to commence in 2020. There is currently no country by country list of jurisdictions that have committed to the CRS but have not yet fully implemented the requirements to the required standard.

We recommend that to achieve the aim of this Guideline, it be amended with words to the effect of:

When determining the effectiveness of a jurisdiction’s compliance with international tax transparency and information sharing standards, a firm should refer to both the CRS list of participating jurisdictions [See URL above], in conjunction with the EU list of non-cooperative jurisdictions [https://www.consilium.europa.eu/en/policies/eu-list-of-non-cooperative-jurisdictions/].

We see this assisting firms by allowing them to take a risk-sensitive approach, as illustrated by the following examples:

Example 1:

If the any of the places of tax residence provided in the self-certification are in the list of participating jurisdictions for CRS [See URL above] and also appear on the EU list of non-cooperative jurisdictions for tax purposes [See URL above], for example based on the list as at 30 June 2020, Cayman Islands and Panama, then the risk factor is considered to be higher and further due diligence should be performed commensurate with the risk factor rating.

Example 2:

If any of the places of tax residence provided in the self-certification are in the list of participating jurisdictions for CRS and not on the EU list of non-cooperative jurisdictions, then the risk factor is considered to be lower and due diligence should be performed commensurate with the risk factor rating.

For practicality, the EBA may wish to make reference to the regularly updated list [https://www.oecd.org/tax/transparency/aeoi-commitments.pdf] entitled “Automatic Exchange Of Information (AEOI): Status of Commitments” issued by the OECD. This document shows which countries are implementing international tax transparency measures.

We also recommend that the clarification provided in Guideline 4.52 concerning PEPs should also be extended to customers and beneficial owners who may be a tax resident in more than one jurisdiction.

3.5 Guideline 2.14 – Level of transparency and tax compliance

We welcome the clarification sought to be given in this Guideline concerning risk factors related to a jurisdiction’s level of transparency and tax compliance.

In our experience in advising firms on tax compliance, there can be some inconsistency in interpreting whether a jurisdiction has “complied” with international tax transparency and information sharing standards. We think that it is important for firms to have an accurate understanding about the information contained in lists that might be published in relation to these standards.

For example, under the USA’s FATCA rules, there is provision for a financial institution to be “deemed compliant”. However, this concept does not extend to countries or jurisdictions as a whole. We recommend that this expression be deleted and replace with wording that more accurately reflects how jurisdictions are assessed in terms of their activity under standards like the CRS.

One possible revision of this wording might be:

"Is there information from more than one credible and reliable source that the country has committed to international tax transparency and information sharing standards?"

Again, in our experience, there can be an inconsistency in how firms understand which international tax transparency and information sharing standards rules are relevant for the purposes of assessing possible risk factors related to financial crime, and what constitutes “effective” implementation in practice.

We explained in our response to Guideline 2.10 how the OECD and the Global Forum monitor a jurisdiction’s implementation of the CRS. We noted that whilst initial peer reviews commenced in 2015, these only concentrated on specific areas of compliance with the CRS, peer reviews of the overall effective implementation of these standards are only due to commence in 2020. There is currently no country by country list of jurisdictions that have committed to the CRS but have not yet implemented the requirements to the required standard.

We recommend that the wording of the second question in Guideline 2.14(a) be amended as follows:

"Is there evidence that the jurisdiction is fulfilling its commitments under these standards?"

The EBA may wish to amend 2.14(a) to include under examples a reference to the OECD list [See URL above] entitled “Automatic Exchange Of Information (AEOI): Status of Commitments” issued by the OECD. This document shows which countries are implementing international tax transparency measures.

We recommend, based on our proposed revisions, that the criteria already listed in 2.14(a) and that 2.14(b) be deleted in its entirety, to reduce unnecessary duplication.

Question 4: Do you have any comments on the proposed amendments and additions in Guideline 4 on CCD measures to be applied by all firms?

4.1 Guideline 4.12(c) – Use of beneficial ownership registers

We welcome the efforts towards achieving greater transparency around the ownership and control of legal entities and arrangements.

In our experience, reference to registry data is an important source of information through which to not only verify the identity of owners and controls, but to also understand more fully the nature and purpose of a customer’s business.

There has been considerable discussion concerning the requirement under Article 14(1) of the 5AMLD, which states that firms, “shall collect proof of registration or an excerpt of the register”. We would refer the EBA to our recommendations concerning terminology under “Definitions” on the use of the term “should” versus “can”, as the wording in 4.12(c) could be misinterpreted as “should consider” as optional, which would not seem to fully align with the wording in Article 14(1).

4.2 Guideline 4.13 – Beneficial ownership registers

In our experience, not all firms “collect” proof of registration or hold an extract from all registers. Currently, Member State registers are not equally accessible. A recent report by Open Corporates [https://opencorporates.files.wordpress.com/2020/06/eu-company-data-state-of-the-union.pdf] describes some of the challenges experienced by firms attempting to accessing registry information for KYC purposes.

Also, in our experience, larger firms will commonly rely on external RegTech solution providers who aggregate available data from registers and other open source information used for CDD purposes. The solution provides a single view of relevant registry information both at the time of onboarding and throughout the lifetime of the business relationship.

There is a risk that firms may misinterpret Article 14(1) to require that firms generate and retain a screen shot from the registry in question, to evidence that it has complied with this requirement, separate an apart from the RegTech solutions which generate this information for them.

To reduce this risk, the EBA may wish to consider adding to Guideline 4.13 an additional paragraph clarifying that the requirement in Article 14(1) can be fulfilled either manually or through the use of a RegTech solution, and that collection of this information can form a part of the overall KYC undertaken.

We also note a separate aspect not commented on in the Guidelines. Article 30(4) and 31(4) of the 5AMLD requires that firms notify registries of any discrepancies in the beneficial ownership information on the register and the information available to it.

In our experience, there has been considerable discussion in the private sector and in industry associations about how this duty can be fulfilled. We note that in some Member States and the UK, where registries are operational, separate information has been generated on how this duty should be fulfilled [see: https://www.gov.uk/guidance/report-a-discrepancy-about-a-beneficial-owner-on-the-psc-register-by-an-obliged-entity#what-a-discrepancy-is] , and any circumstances in where notification is not required [See: https://www.bundesfinanzministerium.de/Content/DE/Gesetzestexte/Gesetze_Gesetzesvorhaben/Abteilungen/Abteilung_VII/19_Legislaturperiode/2019-12-19-Gesetz-4-EU-Geldwaescherichtlinie/3-Verkuendetes-Gesetz.pdf;jsessionid=DE852580479DC2B0AE08D31094AA4CD3.delivery1-replication?__blob=publicationFile&v=2] . It is unclear Member State AML supervisors expect firms to demonstrate compliance with this requirement, both in relation to evidencing the notifications and, more crucially, the treatment of customers where discrepancies have been found, but about which a suspicion had not been formed.

In our experience, firms already follow-up as part of their KYC onboarding and ongoing monitoring on any discrepancies found, on a risk-basis, between the information it holds about beneficial owners or controllers and other open source information.

We think that the Guidelines should clarify that the reporting requirement does not constitute a new stand-alone component of an AML/CFT programme. This will ensure that the notification requirement is not misinterpreted by firms or regulators so as to undermine the risk-based approach and create a potentially disproportionate burden on existing onboarding and monitoring processes, such as the use of simplified due diligence in low-risk business relationships.

4.2.1 Guideline 4.27 & 4.64 - Information and Data - Reliable and Independent

We welcome the clarification that firms’ policies and procedures should set out what information and data they will treat as reliable and independent for CDD purposes.

In our experience, one source of this is open source information, including “adverse media” reports. Firms invest significant source in both time and staff both at the time of onboarding and throughout a business relationship monitoring for both adverse media and open source information that may indicate risk factors related to a customer not previously known, or which have changed.

In some instances, social media and consumer advocacy websites can include information that, when reviewed alongside other open source information, will raise “red flags” about a customer or its business. In the case of OneCoin, for example, a consumer watchdog “blog”[https://behindmlm.com/mlm-reviews/onecoin-review-100-5000-eur-ponzi-point-cryptocurrency/] posted crucial information early on alerting the public to the fraudulent nature of the scheme. In a second example, the 1MDB case, a website, created by a journalist advocate [https://www.sarawakreport.org/2016/08/khadem-al-qubaisi-owned-nightclub-chain-hakkasan-as-part-of-the-vasco-trust-web-of-companiesq-major-exclusive/], disclosed information concerning front companies that eventually were disclosed several years later as forming a part of the scheme used to defraud and then launder the proceeds stolen from the Malaysian sovereign wealth fund.

These any many other sources, outside of known newspapers, have been instrumental in allowing firm to verify and monitor the activities of their customers and businesses.

In our experience, firms have experienced some confusion over the additional expectation that they are able to evidence to their AML supervisors that this information is also “reputable” or “credible”. This implies the exercise of judgement, which can vary between both firms and AML supervisors.

We also observe that references vary across the Guidelines about this type of information. For example:

Guideline 1.9 – systems and controls - identification of emerging risks – (b) media reports that are relevant to the sectors or jurisdictions in which the firm is active
Guideline 1.31 - information from credible and reliable open sources, such as reports in reputable newspapers
4.64 EDD measures firms should apply may include….(a)(i)(c) adverse media searches

Guideline 2.5(a) Are there adverse media reports or other relevant sources of information about the customer, for example are there any allegations of criminality or terrorism against the customer or the beneficial owner? If so, are these reliable and credible? Firms should determine the credibility of allegations on the basis of the quality and independence of the source of the data and the persistence of reporting of these allegations, among other considerations. Firms should note that the absence of criminal convictions alone may not be sufficient to dismiss allegations of wrongdoing.

Guideline 2.13(a) … credible and reliable open media sources

We suggest that the wording used throughout the Guidelines be standardised to make clear:
a) Information can be derived from open sources, including media sources; and
b) The key elements are “reliable” and “independent”, replacing “credible” noted above.

We also see this proposal as being aligned to Recommendation 10 of the Expert’s Report [See Definitions section for URL] noted earlier in our response.

4.2.2 Guideline 4.17 – Exercise of Control
We welcome the inclusion of guidance intended to clarify the meaning of the term “control through other means” in Article 3(6) of the 5AMLD, and the examples given in (a) – (c).

In our experience, this is an area in which some firms have adopted detailed procedure related to the identification of controllers. It is important that firms can clearly identify circumstances constituting control, particularly for first line staff dealing with its customers. Some firms, who are also obliged to undertaken screening of their customers against sanctions lists, have adopted the definition of control found in the document entitled: Restrictive measures (Sanctions) - Update of the EU Best Practices for the effective implementation of restrictive measures:

Article 63: The criteria to be taken into account when assessing whether a legal person or entity is controlled by another person or entity, alone or pursuant to an agreement with another shareholder or other third party, could include, inter alia:

(a) having the right or exercising the power to appoint or remove a majority of the members of the administrative, management or supervisory body of such legal person or entity;
(b) having appointed solely as a result of the exercise of one's voting rights a majority of the members of the administrative, management or supervisory bodies of a legal person or entity who have held office during the present and previous financial year;
(c) controlling alone, pursuant to an agreement with other shareholders in or members of a legal person or entity, a majority of shareholders' or members' voting rights in that legal person or entity;
(d) having the right to exercise a dominant influence over a legal person or entity, pursuant to an agreement entered into with that legal person or entity, or to a provision in its Memorandum or Articles of Association, where the law governing that legal person or entity permits its being subject to such agreement or provision;
(e) having the power to exercise the right to exercise a dominant influence referred to in point (d), without being the holder of that right (including my means of a front company);
(f) having the right to use all or part of the assets of a legal person or entity;
(g) managing the business of a legal person or entity on a unified basis, while publishing consolidated accounts;
(h) sharing jointly and severally the financial liabilities of a legal person or entity, or guaranteeing them.

While the examples provided in this Guideline are illustrative, there is a risk that they may be misinterpreted to mean that additional due diligence information should be obtained which may prove difficult to verify. We think the examples provided above also reflect the intended objective as described in Recital 13 of the 4AMLD.

The EBA may wish to consider referring to the above text, to provide for greater consistency across both sanctions and AML/CFT KYC compliance approaches. This proposal is also aligned to Recommendation 10 of the Expert’s Report [See Definitions section for URL] noted earlier in our response.

4.2.3 Guideline 4.20 – Beneficial Ownership – Senior Managing Officials (“SMOs”)

We welcome the clarification provided concerning the approach to be taken in the identification of an SMO and note the alignment of the wording to the intentions reflected in Recital 13 of the 4AMLD.

In our experience, firms have interpreted this term differently from one another. While it may not be helpful to try an draw up an exhaustive list of roles that would constitute an SMO, providing examples of indicators as to the types of roles which would satisfy to be identified as an SMO – for example, authorised representatives, authorised signatories on account, corporate secretary (i.e. those with authority to act on behalf of the customer), would help to mitigate this practice.

It may also be helpful to provide indicators as to the types of roles that would NOT be acceptable to satisfy this requirement – e.g. Nominee Directors, external Legal Advisors.

Recital 34 of the 5AMLD records the intention of identifying an SMO on a registry. It notes that in cases where the senior managing official has been identified as the beneficial owner only ex officio and not through ownership interest held or control exercised by other means, this should be clearly visible in the registers.

Under equivalent tax regulations, firms are required to identify an SMO’s tax residency, based on the AML KYC collected in relation to a Passive Non-Financial Entity (“PNFE”), where there are no natural controlling persons identified, as if they were the controlling person of the entity. This, however, does not make the SMO liable for tax owed by the PNFE or legally liable to fulfil any other obligations that might be owed by the entity itself.

The EBA may wish to consider adding a final point to this Guideline to make clear, in alignment with Recital 34, where an individual has been identified as the beneficial owner on these grounds.

4.2.4 Guidelines 4.75 and 4.77 – Keeping CDD information up to date

We welcome the clarification amendments made to these paragraphs and the examples provided.

In our experience in working with firms on their operational tax compliance activities, at present, some AML KYC teams have a limited understanding of the firm’s tax compliance obligations. It is essential that firms are provided with clear guidance on what these obligations involve so that they are able to align their existing customer CDD reviews to them.
We encourage the EBA to therefore consider the following recommendations:

1. The amendment of Article 14(5) of the 5AMLD, in effect, introduces a new “tax trigger” in relation to its duties under the Council Directive 2011/16/EU of 15 February 2011 on administrative cooperation in the field of taxation. In effect, this new trigger would occur where, under national regulations that have transposed this Directive, firms are required to contact the account holder regarding the tax residency of an account’s beneficial owners.
Under these regulations, a financial institution is required to reach out/ contact a customer about the information it has provided for tax purposes in the following instances:

- To collect US status information from existing customers and their owners/controlling persons (in the case of US FATCA)
- To collect tax residency information from existing customers and their owners/controlling persons via a self-certification process to identify all the countries in which they are tax resident
- Follow-up with a customer who has submitted self-certification information, which has not been completed in full or is missing information such as their Tax Identification Number (TIN)
- To verify there is no reason to doubt the information based on the AML KYC held and there is no reason to know that the information is incorrect
- During the lifetime of the relationship where there is reason to believe or there is indicia to suggest there has been a change in an existing customers’ tax residency

In some Member States, a change of permanent residence within the jurisdiction, may result in a new TIN being provided to the customer, which would need to be updated by the financial institution; and

- Information identified during the lifetime of the relationship which suggests a change in a customer’s tax residency and follow-up with them is undertaken via a relationship manager to confirm the veracity of the information found.

To ensure that firms properly apply this new requirement, we recommend that additional wording be added to the Risk Factor Guidelines, either as a new Guideline 4.78 or as a separate section to Guideline 4, explaining whether some or all of the above triggers, are those that the firms are expected to apply as part of their procedures to keep CDD up to date.

In our view, this will also assist AML supervisors in understanding what triggers are involved and should be applied by firms.

2. Temporal Scope of Application
From speaking with firms, we understand there has been some confusion as to when the new tax trigger applies: does the new requirement apply only to customers onboarded by firms from January 2020 onwards, or does it apply to the entire existing book of business?

From an operational perspective, the temporal scope to apply this trigger can have a significant impact on firms’ operations, both in terms of resources to undertake the reviews required but also to adjust existing systems and controls to ensure that triggers are identified and addressed in a timely manner. This is in addition to undertaking change work that will be needed to verify that tax compliance and AML compliance functions processes are aligned to ensure that triggers are alerted and requisite information effectively shared to fulfil this review requirement.

We have observed that in the case of discrepancy notifications in the case of beneficial ownership registers (Article 30(4) and 31(4) of the 5AMLD), some jurisdictions have elected to restrict this requirement to the date on which the 5AMLD was to have been transposed (January 2020). This notification requirement does not apply to existing customers of financial institutions onboarded prior to this date.

To reduce the risk of AML supervisors adopting different approaches, we recommend that the Risk Factor Guidelines clearly identify the expected temporal scope of this requirement.

3. Application of Tax Triggers to Existing CDD Review Procedures
In our experience, firms’ tax compliance and AML/CFT compliance programmes operate differently from one another, due to the different regulatory requirements they are designed to meet. The new tax trigger will mean that firms will need to revisit how the AML/CFT compliance programme will incorporate the new tax trigger as part of its ongoing CDD processes.

Most firms use a risk-based approach as part of their ongoing CDD processes. They can determine to what extent additional information must be obtained, including a complete CDD refresh, is required for a business relationship, depending upon the risk rating assigned to that customer.

Firms usually formulate a programme which includes scheduled periodic reviews, in addition to any triggers such as transaction monitoring alerts, for example.
In general, most tax compliance programmes are not designed in this way. Tax requirements are rules-based; it is not possible defer or delay tax compliance, such as investigating a change in tax residency, on a risk-basis.

For tax purposes, if a change of circumstances is detected that suggests there may have been a change in tax residency, a financial institution must contact the customer about this, normally within a specific period of time (e.g. 90 days of becoming aware of a possible change). It is not possible to defer or delay this activity based on the risk rating given to the customer for AML/CFT purposes. This means it is not possible to delay this activity until the next scheduled CDD review is undertaken.

Whilst financial institutions will have an existing process in place to verify the tax residency information based on the AML KYC information held, at present, this does not happen the other way around. Current processes may be dealt with by separate teams with information held on separate systems that are not currently aligned and interconnected. While they might be both collected at the time of onboarding, the processes for each diverge from one another thereafter.

Absent some guidance on how to implement this new requirement, we foresee some potential difficulties for firms in trying to operationalise the new tax trigger, alongside existing AML/CFT procedures. Here are a few examples of how this could take place from an AML perspective and what tax compliance teams are obliged to do:

Scenario: Customer changes tax residence from France to HRTC listed by the EU
Possible Action - AML Team: AML team will follow-up with customer to better understand reason for move, additional KYC collected to comply with Article 18 EDD requirements
Action – Tax Team: Contact the account holder to collect a new self-certification

Scenario: Customer changes tax residence from France to Germany or another Member State
Possible Action - AML Team: AML will verify residency information as part of standard CDD ID&V procedures, provided no other indicia present to suggest a change in risk profile; contact with customer may not be necessary; review of CDD limited to address and occupation
Action – Tax Team: Contact the account holder to collect a new self-certification


Scenario: Customer moves address within same jurisdiction but is given a new TIN (e.g. Austria
Possible Action - AML Team: AML will verify that residential address has been updated on customer record and subject to no other risk factor changes; full CDD review would not be undertaken; contact with customer may not be necessary
Action – Tax Team: Contact the account holder to collect a new self-certification


Scenario: Customer submits a self-certification, identifies their jurisdiction of tax residency but omits to provide their TIN
Possible Action - AML Team: No contact required to be made with the customer; no current process that would require any review of existing CDD
Action – Tax Team: Contact the account holder to collect a valid self-certification with TIN included or similar process

Scenario: Customer is a PNFE and there is a change in beneficial owners or a change in ownership levels (i.e. 5-26%)
Possible Action - AML Team: AML team will verify that it holds up to date ID&V on owner; confirm change in shareholder; Extent of CDD review determined by risk rating; further CDD review may be postponed until future scheduled date
Action – Tax Team: Contact the account holder to collect a valid self-certification to collect the tax residency of the entity and its controlling persons (natural persons)

Scenario: Tax team receives self-certification from PNFE – identifies 5 controlling persons; tax team refers to AML KYC and identifies only 3 beneficial owners
Possible Action - AML Team: AML team notified by tax team of discrepancy; contact made with customer to clarify ownership; collect missing CDD; Extent of CDD review determined by risk rating; further CDD review may be postponed until future scheduled date; if suspicion formed, submit a suspicious activity report
Action – Tax Team: No further action taken, provided the 3 identified UBOs were identified in the 5 identified in the AML KYC. The 5 would be reported, if located in reportable countries, as part of annual reporting requirements

Scenario: PNFE customers with account opened pre: 30 June 2014, (pre FATCA) with balance of $350,000
Possible Action - AML Team: No action taken, provided account activity falls within expected levels and use. CDD review not undertaken until future scheduled date
Action – Tax Team: Tax team refers to AML KYC collected to identify controlling persons who fall within tax reporting requirements

Scenario: PNFE customers with account opened pre: 30 June 2014, (pre FATCA) with balance that as at 31 December 2019 exceeds $1 million
Possible Action - AML Team: No action taken, provided account activity falls within expected levels and use. CDD review not undertaken until future scheduled date
Action – Tax Team: Contact the account holder to collect a valid self-certification to collect the tax residency of the entity and its controlling persons (natural persons)

The examples above illustrate one way that firms might interpret how to comply with the new tax trigger. There is a risk, however, that some firms may think that AML Supervisors will expect them to undertake a comprehensive CDD review in all cases. This may have the unintended consequence of diverting compliance resources to undertaking these reviews on multiple occasions, regardless of the overall AML/CFT risk assessed in relation to a customer. This may also lead to customers and their beneficial owners being repeatedly requested for information by the business, leading to a poor customer experience and potential damage to those relationships.

We equally also wish to mitigate the potential risks that firms, in trying to operationalise the new tax trigger, wrongly adjust their tax compliance programmes to fit existing CDD review processes. This could lead to the unintended consequence of firms complying with this AML/CFT requirement, at the expense of complying with their tax obligations.
We therefore recommend that additional guidance be included in these Risk Factor Guidelines:

1. Clarifying the types of events that will constitute a “tax trigger”
2. Clarify how firms are expected to respond to “tax triggers” as they arise and whether, for example, changes to tax residency information, alone, should be treated as indicia – and not a determinative trigger requiring that a full review of CDD of that customer be performed
3. Confirm that the guidance provided in Guideline 4.77 is applicable to allow firms to determine, on a risk-basis, the extent and timing of the CDD reviews; and
4. Emphasise that operationalising these new requirements should not be undertaken in a manner that compromises compliance with tax regulations.

We would welcome the opportunity to engage with you further on the development of these Guidelines.




Question 5: Do you have any comments on the amendments to Guideline 5 on record keeping?

We have no comments on the proposed amendments.

Question 6: Do you have any comments on Guideline 6 on training?

We have no comments on the proposed amendments.

Question 7: Do you have any comments on the amendments to Guideline 7 on reviewing effectiveness?

We have no comments on the proposed amendments.

Question 8: Do you have any comments on the proposed amendments to Guideline 8 for correspondent banks?

We have no comments on the proposed amendments.

Question 9: Do you have any comments on the proposed amendments to Guideline 9 for retail banks?

We have no comments on the proposed amendments.

Question 10: Do you have any comments on the proposed amendments to Guideline 10 for electronic money issuers?

We have no comments on the proposed amendments.

Question 11: Do you have any comments on the proposed amendments to Guideline 11 for money remitters?

We have no comments on the proposed amendments.

Question 12: Do you have any comments on the proposed amendments to Guideline 12 for wealth management?

We welcome the opportunity to propose further clarification to assist the wealth management sector to detect and prevent financial crime.

12.4(g) – Customer risk factors

The EBA may wish to consider updating the reference to “weak tax transparency standards” in the paragraph to align with the final wording used to describe the international tax transparency and information standards in Guideline 2.14.

12.6 Country or geographical risk factors

The EBA may wish to consider updating the terms, “culture of banking secrecy” and “comply with international tax transparency standards” paragraph (a) to “EU Taxation: EU list of non-cooperative jurisdictions” and the final wording used to describe the international tax transparency and information standards in Guideline 2.14.

In relation to 12.6(b), the EBA may wish to consider updating this paragraph to include reference to jurisdictions identified on the EU list of HRTC. In the alternative, if it is intended that this paragraph capture those jurisdictions assessed by a firm, separate and apart from the EU HRTC list, as being higher risk, this should be clarified. This paragraph could be amended as follows:

“The customer lives in, or their funds derive from activity, a jurisdiction assessed by the firm to pose a higher level of ML/TF risk.”

Golden Visas

The amendments made by the 5AMLD to Annex III.

We note that access to Citizenship by Investment (CBI) and Residency by Investment (RBI) schemes (“residency visas”) was discussed extensively by the Special Committee on financial crimes, tax evasion and tax avoidance.

From our experience, AML teams will have limited experience around the purpose and operation of these schemes and being able to identify when the schemes are being misused. There is a risk that firms and AML/CFT Supervisors may undertake differing approaches in assessing customers thought to hold “golden visas”. We think it is essential that guidance be provided in the Risk Factor Guidelines to mitigate these risks.

1. Application to Member States

Several Member States operate CBI schemes and RBI schemes. The Guidelines should clarify whether customers and beneficial owners who have been issued visas by these schemes should be treated as if this is an increased risk factor for ML/TF purposes. We note, for example, that under the methodology for both the HRTC list and the EU tax non-compliance list, that Member States are excluded from consideration.

2. Types of Risk Factors

While there are many legitimate reasons why individuals may obtain a visa under a CBI or RBI scheme, there can be indications or red flags, that can help to determine when a scheme is being misused. Firms would be greatly assisted if the Risk Factor Guidelines identified some of these red flags. These might include:

• The scheme does not require that applicants to spend time on the territory in which the investment is made or the jurisdiction in which the CBI or RBI was issued;
• The individual’s actual tax residency may differ from the one identified on their self-certification form based on their documentation issued by the RBI and CBI scheme

We also think it would beneficial for the Guidelines to clarify that a firm is not expected to challenge the decision made by the government agency responsible for issuing a visa or other documentation, to a customer or beneficial owner.

The EBA may wish to consider identifying as a possible source of information to which firms can refer concerning CBI or RBI schemes is the OECD list [http://www.oecd.org/tax/automatic-exchange/crs-implementation-and-assistance/tax-residency/] (see footnote concerning * notation) that identifies jurisdictions with investment (CBI/RBI) schemes that present a high risk of being misused for circumventing CRS reporting.

Finally, we note that (b) lists sources of information that can be used to establish source of funds and wealth. As this information must also be confirmed for PEPs, who may not only be a wealth management customer, we recommend that all of (b) be included under the Enhanced Due Diligence Guidelines in Guideline 4.


Question 13: Do you have any comments on the proposed amendments to Guideline 13 for trade finance providers?

We have no comments on the proposed amendments.

Question 14: Do you have any comments on the proposed amendments to Guideline 14 for life insurance undertakings?

We have no comments on the proposed amendments.

Question 15: Do you have any comments on the proposed amendments to Guideline 15 for investment firms?

We have no comments on the proposed amendments.

Question 16: Do you have any comments on the proposed amendments to Guideline 16 for providers of investment funds and the definition of customer in this Guideline?

We have no comments on the proposed amendments.

Question 17: Do you have any comments on the additional sector-specific Guideline 17 on crowdfunding platforms?

We have no comments on the proposed amendments.

Question 18: Do you have any comments on the additional sector-specific Guideline 18 on account information and payment initiation service providers?

We have no comments on the proposed amendments.

Question 19: Do you have any comments on the additional sector-specific Guideline 19 on currency exchanges?

We have no comments on the proposed amendments.

Question 20: Do you have any comments on the additional sector-specific Guideline 20 on corporate finance?

We have no comments on the proposed amendments.

Upload files

Name of the organization

Efficient Frontiers International Limited