EBA Report Raises Concerns About Use of De-Risking Measures

The European Banking Authority (EBA) has issued new guidance on the impact and scale of de-risking in the EU, and warned financial institutions that its increased use could indicate their anti-money laundering and combatting the financing of terrorism (AML/CFT) measures are not effective.

De-risking – when financial institutions decide not to provide services to customers in certain risk categories – can be a legitimate risk management tool, but “when unwarranted, can cause the financial exclusion of legitimate customers. It can also affect competition and financial stability,” the EBA says in its guidance.

The report aims to raise awareness of the issue and reinforce existing standards, with suggestions on how these can be implemented by EU member states to minimize the use of de-risking.

“The EBA invites competent authorities to support institutions and their users and take the steps necessary to promote the financial inclusion of categories of customers that are particularly affected by unwarranted de-risking,” the report states.

It adds that there should be more active engagement with institutions that de-risk and customers affected by de-risking in order to raise awareness of the rights and responsibilities of both institutions and their customers. 

In November 2021, guidance from The Financial Action Task Force (FATF) highlighted the unintended consequences of firms adhering to FATF standards. These include de-risking, and FATF warned that “smaller and more financially isolated economies, emerging market economies, as well as conflict zones, tend to be impacted more significantly.”

Improper implementation of AML/CFT requirements, fear of supervisory action, reduced risk appetite in banks, and reputational concerns, could all drive de-risking, FATF noted. 

The EMA report cites ML/TF risks exceeding risk appetites, a lack of understanding of customers’ business models, and cost of compliance as additional drivers of de-risking. 

Alignment with EU AML/CFT objectives 

The EBA’s findings suggest that de-risking has a detrimental impact on the EU’s objectives related to fighting financial crime effectively and promoting financial inclusion, competition and stability.

In July 2021, the European Commission published an AML/CFT package that contains a number of legislative proposals that could go some way towards mitigating unwarranted de-risking and associated financial exclusion. 

In particular, the Commission put forward its proposal for an Anti-Money Laundering Regulation (AMLR), which states in Recital 42 and Article 17(2) that where institutions take a decision to not enter into a business relationship with a prospective customer, the customer due diligence (CDD) records should include the grounds for such a decision. 

In the Commission’s view, this would then enable supervisory authorities to assess whether institutions have appropriately calibrated their CDD practices. 

The EBA, based on the findings in its report on de-risking, considers that this provision should be complemented by steps to clarify the relationship between provisions in the Payment Accounts Directive (PAD), PSD2, and the Union’s AML/CFT requirements.

“While decisions not to establish or to end a business relationship, or not to carry out a transaction may be in line with the provisions of Directive (EU) 2015/849 (AMLD), de-risking of entire categories of customers, without due consideration of individual customers’ risk profiles, can be unwarranted and a sign of ineffective ML/TF risk management,” it states.

The report further notes that fintechs handling virtual currencies are being particularly affected by de-risking. Fintechs were being asked to provide ”disproportionate” and “excessive” documentation; denied access to operational bank accounts used for transfers, salary deposits, and account top-ups; and had cross-border payment services canceled, the report states.

Payment institutions, e-money institutions, and fund managers were also highlighted as those affected by de-risking. Customers who were not authorized and supervised in the member state, or whose sources of wealth were not located in the EU, were seen as causes for concern.

What compliance teams should know

Countries in the Baltic region, a growing fintech hub, are a good example of the EU’s vulnerabilities related to de-risking. With smaller populations, a host of emerging fintech businesses, and a complex geopolitical history, these countries fall into the categories that FATF warns are being significantly impacted by de-risking. 

Their proximity to Russia, and the fact that de-risked businesses are often forced to go underground to manage their finances, removing AML/CFT oversight, also highlights why the EU is so concerned about the subject.

Compliance teams will find a lot to unpack in this report. Page 24 onwards is the key section – summarizing what regulators are doing now, and instruments the EBA already has in place to address de-risking. But compliance teams may also be interested in why others are de-risking (pages 16-17).

The report is a reminder that if the risk is managed correctly there should be no need to de-risk particular sectors. Firms need to have the ability and confidence to manage risk, and reports such as these can help inform and educate.

Find out more about the EU’s new AML/CFT framework in our comprehensive guide.