In recent years, the demand for remote on-boarding of customers has increased considerably, especially following the COVID-19 pandemic. In light of this, and to fulfil the subject persons' AML/CFT obligations, effective methods for remote on-boarding of customers became essential. In this regard, the European Banking Authority (hereinafter, the “EBA”) on the 22nd of November 2022 has published its final guidelines following a public consultation which took place between the 10th of December 2021 until the 10th of March 2022. These guidelines address the application of AML/CFT rules in the context of the use and performance of remote customer on-boarding (hereinafter, the “Guidelines”), and shall enter into force within six (6) months after the publication in all EU official languages.

Scope and Application

These Guidelines are aimed towards the competent national authorities and, most importantly, credit and financial institutions (hereinafter, the “Financial Operators”) who carry out Customer Due Diligence (hereinafter, the “CDD”) measures in situations where customers are on-boarded remotely.

Financial Operators must keep in mind that, once adopted, these Guidelines will ultimately complement other EBA Guidelines, including inter alia the EBA guidelines on outsourcing arrangements as well as the EBA guidelines on ICT and security risk management. In this regard, Financial Operators should familiarise themselves with these Guidelines, to be read in conjunction with the already-existing EBA guidelines.

Purpose of the Guidelines

These Guidelines essentially provide further clarity on the application of the remote customer on-boarding CDD processes as generally outlined in Directive (EU) 2015/849 (hereinafter, the “5AMLD”), in order to ensure that, during the on-boarding process, fraudulent attempts to access accounts can be distinguished from genuine authentication attempts with the hopes of further mitigating anti-money laundering.

By aligning with common European standards, these Guidelines cover both customer due diligence during on-boarding and authentication as well as the requirements that on-boarding solutions should meet before being acquired.

In a nutshell, these Guidelines establish:

1. The forms of suitable innovative technologies when Financial Operators on-board customers remotely;

Naturally, customer expectations of Financial Operators differ across Member States, however these Guidelines provide a general idea of what forms of digital documentation are suitable to be used for remote customer on-boarding.

2. The conditions that need to be satisfied when Financial Operators adopt innovative technologies for remote customer on-boarding;

Financial Operators are advised to introduce a policy on customer remote on-boarding. They should also provide regular training in order to improve staff awareness on how to use a remote customer on-boarding solution, any related risks and the policies and procedures in place to reduce such risks.

3. The acceptable forms of remote customer on-boarding digital documentation; and

If Financial Operators do not use digital identity issuers to confirm a customer's identity, they must ensure that the information obtained through remote on-boarding is up-to-date, of sufficient quality and stored according to the General Data Protection Regulation, Regulation (EU) 2016/679 (hereinafter, the “GDPR”). Proof of identification are to be timestamped and securely stored. Moreover, if Financial Operators use digital identity issuers other than those falling within Regulation (EU) No 910/2014 (i.e. the eIDas Regulation) to verify their customers' identity, Financial Operators should take sufficient measures to better understand the digital identity system and determine its reliability and independence.

4. The circumstances under which Financial Operators may rely on third-party-information when on-boarding customers remotely.

If Financial Operators are to place reliance on third parties in their initial CDD, they should ensure that firstly, the third party's CDD remote customer on-boarding policy and procedures are sufficient with those of the Financial Operator and, secondly, the business relationship between the customer and the Financial Operator is not impaired due to any shortcomings of the third party in the remote customer on-boarding process.
As mentioned above, these Guidelines will enter into force within six (6) months after the publication in all EU official languages. Subject persons can access the document by clicking on the link on the FIAU website or the link on the EBA website.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.