On July 11, 2023, the European Banking Authority (EBA) published the findings from its 2022 review of the approaches taken by competent authorities (CAs) to tackling money laundering and terrorist financing (ML/TF) risks in the banking sector.
While the report noted that all of the supervisors had undertaken work to implement a risk-based approach to anti-money laundering and combatting the financing of terrorism (AML/CFT), significant differences existed in how they identified and addressed ML/TF risks in banks. Nonetheless, the EBA’s report showed that supervisors are making progress in the fight against financial crime, citing improvements in on-site and off-site supervision and information sharing.
Following the publication of this report, the EBA has entered its fourth and final round of implementation reviews for CAs. The authority will then issue a report that will include an assessment of the progress made since 2019.
EBA Review: Round Three Findings
EBA implementation reviews are assessments to evaluate how CAs supervise banks’AML/CFT approaches. The main goal of these reviews is to pinpoint areas needing improvement and assist individual supervisors in enhancing their compliance efforts. At the end of each review, targeted feedback is provided, along with specific recommendations for actions that each competent authority should take.
During this round of reviews, EBA staff assessed 12 CAs from nine member states, specifically looking at the following five areas of compliance:
- Risk assessment.
- AML/CFT supervision.
- Tackling ML/TF risks through prudential supervision.
- Enforcement and supervisory follow-up.
- Domestic and international cooperation.
Progress Made Since Round Two Reviews
The report cited alignment, cooperation, and collaboration as particular areas of progress. These improvements specifically related to:
- On-site and off-site supervision: The report noted that all the CAs that responded to the EBA’s last implementation review were in the process of reviewing their ML/TF risk assessment methodology and adjusting the frequency and intensity of on-site and off-site supervision to align with the outcomes of their risk assessments. Most CAs had also increased the number of specialist AML/CFT staff or implemented new training strategies to enhance their supervision capabilities.
- Cooperation and information sharing: The EBA found that all CAs recognized the importance of collaboration and exchanging information with other authorities at a domestic and international level. In light of this, the report noted that all supervisors had established mechanisms to share information at home and abroad.
- Expert input: Following ongoing efforts from the EBA to foster a holistic approach to AML/CFT, the review found that over half of all prudential supervisors were aware of their role in tackling ML/TF risks. Some supervisors had also begun incorporating insights from AML/CFT experts in their supervisory review (SREP) processes.
While overall progress was noted, the EBA highlighted the following areas that require improvement from CAs:
- Alignment of national and supervisory priorities: While all of the reviewed supervisors contributed to their member state’s national risk assessment (NRA), the EBA found the link between the NRA and CAs’ own supervisory risk assessments was not always evident. To ensure national and supervisory priorities are aligned, the EBA reminds CAs to reflect the risks highlighted in their member state’s NRA in their own supervisory risk assessments.
- Risk-based supervision and sectoral risk assessments: As was the case in previous rounds of implementation reviews, the report highlighted that less than half of all CAs had carried out their own sectoral risk assessment and taken steps to comply with the EBA’s revised risk-based supervision guidelines. To meet supervisory information needs, the EBA reminds authorities that sectoral risk assessments should provide a holistic view of all inherent ML/TF risks relevant to their sector, including those risks identified in the NRA. It should also provide them with a view of the relevance of each of these risks for their sector. In doing this, authorities should be able to take a risk-based approach and prioritize their supervisory activities accordingly.
- Limited understanding: The EBA found that most of the supervisors had a partial understanding of ML/TF risk in their banking sector, and almost half were unaware of the purpose of a sectoral risk assessment, affecting their ability to implement an effective risk-based approach. In light of this, the authorities yet to implement robust training programs to enhance their supervision capabilities should look to do so.
- Risk gaps: Where supervisors had relied exclusively on the NRA for sectoral risk assessment purposes, the EBA discovered they had not assessed whether it was sufficient to fulfill the information needs of AML/CFT supervisors, creating several risk gaps. To combat this, the report encourages CAs to identify and address any information gaps in their risk assessment.
ML/TF Risks Affecting the EU’s Financial Sector
Two days after publishing the results of its third review, the EBA issued its fourth opinion on ML/TF risks across the EU. Pursuant to Article 6(5) of the Fourth Money Laundering Directive (4AMLD), the EBA publishes these opinions on the ML/TF risks affecting the EU’s financial sector every two years.
Some of the standout risks highlighted in the opinion include:
- Changing geopolitical situations: While the TF risks identified in 2021 continue to exist, the EBA notes that due to changing geopolitical situations and an increase in right-wing extremism and terrorism, new threats have arisen.
- Restrictive measures: Since Russia’s invasion of Ukraine, restrictive measures have been implemented on an unprecedented scale. However, the national approaches to enforcing restrictive measures are not harmonized, creating pressure on institutions’ compliance resources.
- Transaction monitoring: The weakness in transaction monitoring and reporting of suspicious activities is a notable concern, with between 30 and 50 percent of CAs rating these aspects as “poor” or “very poor.” Among the worst-performing sectors in this regard are payment institutions and e-money institutions.
- AML/CFT systems and controls: The EBA noted that despite efforts made by institutions to establish AML/CFT systems and controls, their effectiveness is not always satisfactory. Notably, they face significant challenges in monitoring transitions and reporting suspicious transactions.
- New risks: The report also highlights an increase in risk relating to human trafficking, environmental crime, and cybercrime.
When reviewing the EBA’s review findings, compliance staff should pay particular attention to the boxes that include real-world examples of good and bad practices relating to each section of the report.
Additionally, the report should remind firms to ensure they have relevant processes ready in case of an audit to demonstrate their risk-based approach to AML/CFT. This should include Know Your Customer (KYC) and customer due diligence (CDD) measures; sanctions, politically exposed persons (PEPs) and adverse media screening; and the appointment of an AML compliance officer. The risks highlighted in the EBA’s fourth opinion report should also be considered in case additional controls should be implemented to mitigate any potential threats.
The State of Financial Crime 2023
Uncover the evolving anti-money laundering regulatory landscape, examining global trends and key themes in major economies.