European Authorities Examine Authorization Withdrawal Process for AML/CFT Violations

European Supervisory Authorities (ESAs) have published a joint report advocating for a more comprehensive framework of powers related to the revoking of licenses for serious breaches of anti-money laundering and countering the financing of terrorism (AML/CFT) rules. The report states that such breaches have had a significant impact on the prudent management of regulated entities and their ability to continue meeting the conditions for authorization. In the last 10 years, 26 financial entities have had their licenses revoked due to AML/CFT rule violations. 

In the report, the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA) call for the amendment of sectoral laws to provide for sanctions based solely on AML/CFT breaches. Additionally, the ESAs outline the need for legislation that legally requires competent authorities to undertake a money laundering and terrorist financing (ML/TF) risk assessment immediately after authorization is first granted.

The report responds to Objective 5 of the AML Council Action Plan, which was adopted in 2018 to improve the cross-border exchange of information and collaboration between prudential and AML supervisory authorities. 

Authorization withdrawal: Key action points

To clarify aspects of the authorization withdrawal process, the report includes four key action points.

First, the report clarifies the degree of discretion prudential supervisors are granted, and the criteria for the withdrawal of the authorization once a serious breach of AML/CFT rules has been determined. The ESAs organized their conclusions to this action point by sector, specifically detailing the grounds for authorization withdrawal from providers engaged in exchange services between virtual currencies and fiat currencies. The report highlights the need for new regulations in the cryptoasset sector, calling on the Markets in Cryptoassets Regulation (MiCAR) to integrate AML/CFT issues.

Second, the report notes that a serious AML/CFT breach does not automatically mean that authorization will be removed. Instead, bodies should make a qualitative judgment as to the seriousness of a breach depending on the type of AML/CFT provision that does not comply and the features of the breach itself. The report highlights that the withdrawal of authorization should be a last resort measure. 

Third, consideration is given to the consequences of license withdrawal. The ESAs note that, when exercising the power to withdraw authorization, appropriate communication between the relevant governing bodies must take place and the opportunity given to oppose the revocation if necessary.

Finally, the report identifies the measures available to prudential authorities to address concerns coming from ML/TF risks and AML/CFT rule violations. The ESAs outline that the assessment of AML/CFT risks is now embedded in prudential regulation due to the Capital Requirements Directive (CRD) amendments made in 2019, which clarify the requirement of prudential authorities to act on AML/CFT information. In the AML Action Plan, the EU Council demonstrated a clear link between the prudential objectives and ML/TF risks, meaning prudential authorities and AML/CFT supervisors must share information and closely cooperate when addressing rule violations and concerns. 

These action points, and the report as a whole, speak to the wider push by European authorities to standardize AML rules and regulations across the continent. This is designed to reduce the level of arbitrage, improve standards, and enable firms to innovate with confidence.