Foreign citizens looking to open an account with a Bulgarian bank have been facing various challenges related to KYC procedures. This is because financial institutions must follow strict rules for verifying their customers, which can lead to termination of business relationships and unwillingness to invest in Bulgaria. In this regard, in March 2021 the European Banking Authority ('EBA'), which works to ensure an effective and consistent level of prudential regulation and supervision across the European banking sector, announced three regulatory instruments to address de-risking practices.
De-risking refers to decisions of banks to refuse to provide services or to terminate existing business relationships with certain groups of clients associated with higher risks of money laundering and terrorist financing. Based on the input received from the competent authorities, the EBA concluded that de-risking continues to cause higher risks of money laundering and terrorist financing. Announcing new and strict regulatory requirements, in practice, had an opposite effect because customers affected by de-risking resorted to alternative payment service providers. Consequently, payment transactions are no longer monitored and finding and reporting of suspicious transactions became more difficult.
Article 6(5) of Directive (EU) 2015/8491 requires the EBA to issue an Opinion on the risks of money laundering and terrorist financing affecting the European Union’s financial sector. The EBA issued three regulatory instruments in relation to the de-risking practices:
On 3 March 2021, the EBA published an opinion informing that several respondents of EBA’s Call for Input suggested that de-risking is a practice that may be caused by financial institutions “failing to develop a sufficiently robust and comprehensive business-wide risk assessment and implement controls that effectively manage these risks”. The respondents also suggested that banks could choose not to manage the risk associated with individual business relationships and discontinue business relationships with entire categories of customers instead. Subsequently, certain categories of individuals or entities could be entirely excluded from the financial system. Considering the feedback received, the EBA’s opinion addresses that competent authorities should remind the financial institutions under their supervision that EBA’s Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated ('The Guidelines') are clear that the application of a risk-based approach does not require financial institutions to refuse or terminate business relationships with entire categories of customers that are considered to present high risks of money laundering and terrorist financing, as the risk associated with individual business relationships may vary depending on the specific facts and circumstances, even though these individuals or entities are subject to the same category. The Guidelines outline a number of considerations that financial institutions should take into account when assessing the money laundering and terrorist financing risks. Also, instead of de-risking clients, EBA recommends that the respective competent authorities consider improving the level of control including a requirement to communicate their risk assessment and regulatory expectations to the relevant sectors ensuring that the risk is managed properly.
Furthermore, the EBA revised the Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849. The revised Guidelines introduce a number of new provisions related to de-risking.
First, the application of a risk-based approach does not oblige banks to refuse or terminate, business relationships with entire categories of clients that are assessed to have a higher money laundering and terrorist financing risk.
Also, banks should establish risk-sensitive policies and procedures to ensure that their approach to applying customer due diligence measures does not result in excessively denying legitimate clients access to financial services. For instance, in case the client cannot provide traditional forms of identity documentation, the financial institutions should consider mitigating the risk of money laundering and terrorist financing by adjusting the level and intensity of monitoring and offering only basic financial products and services, which restrict the ability of users to abuse these products for financial crimes. In addition, banks may wish to refer to the EBA’s Opinion on the application of customer due diligence measures to customers who are asylum seekers from higher-risk third countries or territories (EBA-OP-2016-07).
Most importantly, the above regulatory instruments are aimed at clarifying that compliance with anti-money laundering and countering terrorist financing obligations does not require financial institutions to refuse or terminate business relationships with entire categories of clients and emphasising that competent authorities and financial institutions should come to properly manage risks depending on each specific case and the profile of the individual or entity.
As an upcoming step, the EBA launched a public consultation on changes to its existing Guidelines on the characteristics of a risk‐based approach to anti‐money laundering and terrorist financing supervision, and the steps to be taken when conducting supervision on a risk‐sensitive basis under Article 48(10) of Directive (EU) 2015/849 (amending the Joint Guidelines ESAs 2016 72) (“The Risk‐Based Supervision Guidelines”). Until 17 June 2021, EBA welcomes feedback on the draft Risk‐Based Supervision Guidelines. EBA continues its monitoring of the de-risking impact and will consider the extent to which the current regulatory framework is sufficient to address the issues associated with de-risking.