On 16 October 2023, the CSSF released two Circulars on the fight against money laundering and terrorist financing ("AML/CTF") regarding EGA Guidelines on (i) customer due diligence and the factors credit and financial institutions should consider when assessing the ML/TF risks associated with individual business relationships and occasional transactions under Articles 17 and 18(4) of Directive (EU) 2015/849 (the so-called Guidelines on ML/TF risk factors) and (ii) policies and controls for the effective management of ML/TF risks when providing access to financial services.
On 16 October 2023, the Commission de Surveillance du Secteur Financier (the "CSSF") released two Circulars on the fight against money laundering and terrorist financing ("AML/CTF").
Circulars CSSF 23/842 and 23/843 (the "Circulars") aim at integrating into the CSSF's administrative practice and regulatory approach two sets of documents released by the European Banking Authority ("EBA") on 31 March 2023: (i) Guidelines EBA/2023/03 amending the EBA Guidelines on customer due diligence ("CDD") and the factors credit and financial institutions should consider when assessing the ML/TF risks associated with individual business relationships and occasional transactions under Articles 17 and 18(4) of Directive (EU) 2015/849 (the so-called Guidelines on ML/TF risk factors, the "First Set") and (ii) EBA Guidelines on policies and controls for the effective management of ML/TF risks when providing access to financial services (the "Second Set").
The Circulars apply to credit and financial institutions as defined under the law of 12 November 2004 on AML/CFT, as amended (the "Firms") as from 3 November 2023.
The First Set becomes an annex (the "Annex") to the Guidelines EBA/2012/02 on CDD and the factors that Firms should consider when assessing the ML/TF risk associated with individual business relationships and occasional transactions. The Annex amends Guidelines EBA/2012/02 to the extent that it focuses on the factors Firms should consider when assessing the ML/TF risks associated with a business relationship with customers that are not-for-profit organisations (the "NPOs"). NPOs are defined as legal persons or arrangements or organisations that primarily engage in raising or disbursing funds for purposes such as charitable, religious, cultural, educational, social or fraternal purposes.
As not all NPOs are exposed to a similar risk, Firms must have a good understanding of the NPO's governance, how it is funded, its activities, where it operates and who its beneficiaries are. When identifying the risk associated with customers that are NPOs, Firms consider risk factors set forth in the Annex and assess them on a risk-sensitive basis, for instance: (i) governance and exertion of control, (ii) reputation/adverse media findings, (iii) funding methods, and (iv) operations in jurisdictions associated with higher ML/TF risks and high-risk third countries. Firms also consider factors that may contribute to reducing risks, such as documentation on the governing body, independent reviews or external audit of the NPOs, annual disclosure of its financial statement.
The Second Set is new Guidelines on policies and controls for the effective management of ML/TF risks when providing access to financial services (the "Guidelines").
To assess the ML/TF risks, Firms set up their policies, controls and procedures to identify relevant risk factors and to assess ML/TF risks associated with individual business relationships and they differentiate between the risks associated with a particular category of customers and the risks associated with individual customers that belong to this category. However, the implementation of such policies, controls and procedures does not result in the blanket refusal or termination of business relationships with entire categories of customers that they have assessed as presenting higher ML/TF risk.
Firms also put in place risk-sensitive policies and procedures to ensure that their approach to applying CDD measures does not result in them unduly denying customers legitimate access to financial services. Consequently, Firms set out in their policies and procedures the criteria they will use to determine on which grounds they will decide that a business relationship may be rejected or terminated or that a transaction may be denied and on which they would suspect that ML/TF is taking place or is being attempted. The documentation in this respect is made available to their competent authority upon request. In the context of the right of access to a payment account with basic features as provided for by Directive 2014/92, Firms adjust their CDD to the limited functionalities of a basic payment account, verify that digital onboarding solutions do not produce automated rejections and update the individual risk assessment of the customer.
Firms must also adjust the intensity of monitoring measures in Iine with the customer's risk profile and set it out in their policies and procedures. Such monitoring includes at least the 3 steps described in the Guidelines. Firms' policies and procedures also contain guidance on handling applications from individuals that may have credible and legitimate reasons to be unable to provide traditional forms of identity documentation, such as persons seeking asylum (the "Vulnerable Customers"). The Guidelines provides examples of alternative official identification papers (where permitted under national law).
Regarding the targeted and proportionate limitation of access to products and services, Firms' policy and procedures include criteria on adjusting the features of products or services offered to a given customer on an individual and risk-sensitive basis, notably for Vulnerable Customers.
Finally, Firms specify that when they communicate a decision to refuse or terminate a business relationship with a customer or potential customer, they must advise that person of their right to contact the relevant competent authority or designated alternative dispute resolution body and they must provide the relevant contact details.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.