EU Banking Regulator to Strengthen Remote Onboarding Checks

The EU’s banking regulator, the European Banking Authority (EBA), has announced plans to strengthen the anti-money laundering (AML) checks required for remote customer onboarding.

Launching a public consultation on draft guidelines, the measures aim to tackle the problem of inconsistencies across EU countries in checks conducted by financial institutions.  

With advances in technology and growing demand for virtual services – accelerated by pandemic restrictions, a decline in branch use, and the adoption of open banking – remote services have become the norm for many. 

This EBA consultation is a signal that regulars recognize remote onboarding is here to stay, and that as part of the EU’s 2020 digital finance strategy, a unified regulatory approach is needed to provide clarity and convergence about what is, and what is not, allowed in a remote and digital context, for all member states. 

What do the proposed guidelines say?

The guidelines set out a common process that firms should adopt to ensure remote onboarding meets customer due diligence (CDD) obligations, in line with AML/CFT legislation and the EU’s data protection framework.

The EBA also stresses the importance of firms understanding the capabilities of new remote solutions to make the most of opportunities they offer and “to support their sound and responsible use, as well as to be aware of ML/TF risks arising from the use of such tools and taking steps to mitigate those risks effectively.”

A consultation on the guidelines will run until March 10th, 2022, with a public hearing on February 24th. Questions in the consultation highlight the key areas of the guidelines, including the acquisition of information, document authenticity, and integrity, digital identities, reliance on third parties, outsourcing, ICT, and security risk management.

Once adopted, these standards will apply to all financial sector operators that are within the scope of the EU’s Anti-Money Laundering Directives (AMLD). 

The EU has already announced plans for its next AMLD, which will cover new players including crypto asset service providers, so firms should monitor if they’re in scope – and remember this could change as new legislation is enacted. 

Onboarding: A competitive advantage?

The new measures coincide with a wider debate in the digital finance industry about onboarding and AML risk. Many digital banks, for example, have used the promise of fast onboarding as a competitive advantage. But there’s a risk that onboarding too quickly can lead to firms having to remediate a lot of alerts manually, and then remove customers who are using their services for illicit purposes. 

Compliance teams should take particular note of Section 4.1 of the guidance (page 15), around what their policies and procedures should include, and additional clarity on requirements when outsourcing customer due diligence (CDD). They should also be aware of the increasing global focus on cybercrime and the growth of the electronic money institutions (EMI) sector, which research from Transparency International UK warns comes with potential money laundering red flags. 

The UK already has remote onboarding guidelines in place. However, in March 2020, when the Financial Conduct Authority (FCA) sent a letter to CEOs at UK financial firms with guidance on how to navigate the challenges of the pandemic, the national press exploded with stories on how identity checks could now be done with selfies. 

In fact, the letter was a reminder that flexibility for remote onboarding already existed within current UK guidelines. Money Laundering Regulations (MLRs) and Joint Money Laundering Steering Group guidance already enable client identity verification to be carried out remotely and give indications of appropriate safeguards and additional checks which firms can use to assist with verification. 

For more about recent announcements by the EBA, read our blog on their guidelines on the role of AML/CFT compliance officers