Subject persons are often faced with deciding whether to terminate a business relationship (derisk) or introduce mitigating measures that reduce money laundering/terrorism financing (“ML/FT”) risk and cater for financial inclusion.
The FATF refers to de-risking as the phenomenon of financial institutions terminating or restricting business relationships with clients or categories of clients to avoid, rather than manage, risk in line with the FATF’s risk-based approach. Persons or entities who do not have access to the controlled financial system may resort to using less regulated or unregulated channels, thus increasing the risk of ML/FT due to a lack of control over transactions.
The FATF state that de-risking should never be an excuse for obliged entities to avoid implementing a risk-based approach. The FATF Recommendations only require financial institutions to terminate customer relationships, on a case-by-case basis, in instances where the ML/FT risks cannot be mitigated. On the other hand, cutting loose of entire classes of customers, without taking into account, seriously and comprehensively, their level of risk or risk mitigation measures for individual customers within a particular sector, goes against anti-money laundering/ counter terrorism funding (“AML/CFT”) obligations.
It is important to highlight that de-risking is not solely an AML/CFT issue, but also concerns profitability, reputational risk, lower risk appetites, regulatory burdens concerning AML/CFT obligations, an increasing number of sanctions regimes and regulatory requirements within the financial sector. Financial institutions of MONEYVAL countries identified potential sanctions and reputational risk as being the main drivers behind de-risking activities.
Following a consultation exercise by the EBA, several respondents indicated that they found it challenging to comply with AML/CFT requirements and ensure financial inclusion at the same time and queried how to implement this in practice.
In light of this, the EBA has introduced three new Guidelines (4.9 to 4.11) requiring firms to apply risk-sensitive measures, through which more individuals and businesses, especially low-income, unserved and underserved groups, should be able to get access and use regulated financial services, which could in turn, actually increase the effectiveness of the fight against ML/FT.
As part of this, firms should put in place appropriate and risk-sensitive policies and procedures to ensure that their approach to applying CDD measures does not result in unduly denying legitimate customers access to financial services. Where a customer has legitimate and credible reasons for being unable to provide traditional forms of identity documentation, firms should consider mitigating ML/TF risk in other ways, including by
a) Adjusting the level and intensity of monitoring in a way that is commensurate to the ML/TF risk associated with the customer, including the risk that a customer who may have provided a weaker form of identity documentation may not be who they claim to be; and
b) Offering only basic financial products and services, which restrict the ability of users to abuse these products and services for financial crime purposes. Such basic products and services may also make it easier for firms to identify unusual transactions or patterns of transactions, including the unintended use of the product; but any limits must be proportionate and do not unreasonably or unnecessarily limit customers’ access to financial products and services.
The Guidelines do not require firms to no longer offer services to some categories of customers associated with higher ML/TF risk. In particular, the EBA also notes that the Guidelines do not prevent firms from establishing a correspondent banking relationship with a respondent situated in a high-risk third country, provided that the risk is mitigated through enhanced due diligence measures. The EBA specifies in GL 4.10 b) that firms should ensure that their approach to applying CDD measures does not result in unduly denying legitimate customers access to financial services. Therefore, the key focus of firms should be on policies and controls that are commensurate to the risks identified.
Thus, firms should carefully balance the need for financial inclusion with the need to mitigate ML/TF risk. Firms may wish to refer to the EBA’s Opinion on the application of customer due diligence measures to customers who are asylum seekers from higher-risk third countries or territories. Further work is being conducted by the EBA and FATF on the issue of de-risking and firms should keep abreast of any developments in the area.