On May 6, the European Banking Authority (EBA), the independent European Union (EU) supervisor for the European banking sector, started a public consultation on draft Regulatory Technical Standards (RTS) for a central database on the AML/CFT frameworks of financial institutions in the EU. According to the EBA, the database is intended to “be a key tool” in its “recently enhanced mandate to lead, coordinate and monitor AML/CFT efforts in the European Union.” The consultation will conclude on June 17, 2021.
The revised EBA Regulation, which came into effect in January 2020, requires the EBA to establish and update a central database with information on AML/CFT weaknesses that national regulators across EU member states have identified at individual financial institutions. The database will also provide details on remediation required by regulators in order to address those issues, as well as progress made.
At this stage, the consultation is looking to identify categories of vulnerabilities previously identified by regulators at individual financial institutions, to create a shared taxonomy of potential AML/CFT weaknesses. The consultation will also review the kind of data and information collected by regulators during relevant examinations, and ways in which this can be transmitted to the EBA. The consultation will further consider how the EBA can analyze, leverage, and disseminate the material from the database across relevant EU agencies and member states, as well as to measure the effectiveness of the database. Security and data confidentiality concerns are also covered.
Although the EBA has not provided a granular explanation of how the database is likely to be used, the agency says that the database will provide material that will help “individual competent authorities and the EBA….make the fight against ML/TF in the EU more targeted and effective in the future.” It will, moreover, be seen as “an early warning tool” to identify systemic compliance risks and vulnerabilities and provide support for the preparation of on-site inspections and ongoing off-site monitoring.
The announcement of the consultation comes as European banks continue to face regulatory censure and law enforcement investigation for AML/CFT failings. On April 30, for example, the German regulator BaFin announced that Deutsche Bank would need to “adopt further appropriate internal safeguards and comply with due diligence obligations,” if it was to meet its AML/CFT obligations (see our Regulatory Highlights from May 6).
What the EBA’s statement suggests is that it intends to provide material support for a more proactive regulatory approach at the national level, very much in line with the expectations that have surrounded the EU’s AML/CFT reform plan. A single AML/CFT rulebook, with more far-reaching effects than the current Anti-Money Laundering Directives (AMLDs), allied with stronger supranational regulation, is likely to bring new levels of energy to the EU’s (and member states’) fight against financial and economic crime.
The comprehensive identification of AML/CFT vulnerabilities at individual financial institutions will, moreover, provide considerable incentives to the private sector. It is conceivable that the database – if the information within is publicly shared – will help create a form of performance ‘league table’ across the financial services sector. As we have noted before, the clear lesson to be learned by firms is that they should seek to get ‘ahead of the game’ now, finding innovative ways to improve their AML/CFT frameworks, rather than waiting for regulatory censure and reputational damage in the future. If an AML/CFT league table is likely to develop, it will be important to be towards the top of the list.