European Banking Authority Launches EuReCA AML/CFT ‘Early Warning Tool’

The European Banking Authority (EBA) has launched a central database for anti-money laundering and countering the financing of terrorism (AML/CFT), which it hopes will act as an “early warning tool” across the European Union.

The European reporting system for material CFT/AML weaknesses, EuReCA, will centralize information on weaknesses identified in financial institutions, and measures imposed to rectify them. 

Examples of material weaknesses include a lack of adequate AML/CFT policies and procedures, including the absence of transaction monitoring at the group level, and the absence of policies and procedures for high-risk customers, which increase the ML/TF risks associated with a financial institution.

The EBA will also share information from EuReCA with competent authorities as appropriate, to support them at all stages of the supervisory process, particularly around emerging ML/TF risks or trends.

EuReCA has been established based on provisions in article 9a (1) and (3) of the EBA Regulation, and in draft Regulatory Technical Standards (RTS). It will also include internal audit findings identified by a prudential authority during an on-site inspection, about which the management body of the senior management appeared to have been informed and decided not to remediate. 

The EBA publicly consulted on the draft RTS in May and June 2021. It says that while respondents welcomed them, a few questions were raised – including requests for clarification on the definition of material weaknesses. Respondents also highlighted the sensitive nature of the information held in the database and asked that an application retention period for personal data be specified.

“They said that the resulting database will contribute to a better system to fight ML/TF at the EU level and that it will facilitate the exchange of information between competent authorities, while achieving operational and cost efficiency,” said the EBA.

The EBA’s full report includes more detail on plans for the database. This should be reviewed by compliance staff to better understand key definitions and the scope of the new database. 

How does the EBA define AML weaknesses?

The definition of ‘weaknesses’ encompasses not only breaches or suspected breaches, but also situations where the application by a financial sector operator of the AML/CFT-related requirements or policies falls short of supervisory expectations. 

A weakness is considered material where it reveals, or could lead to, significant failures in the compliance of the financial sector operator, or of the group to which the financial sector operator belongs, with its AML/CFT-related requirements. The following criteria should be assessed: 

• It occurs repeatedly
• It has persisted over a significant period of time
• It is serious or egregious 
• The management body, or the senior management of the financial sector operator, either appear to have a knowledge of the weakness and decided not to remediate it, or they adopted decisions or deliberations directed at generating the weakness (negligence and willful misconduct)
• The weakness increases the ML/TF risk exposure of the financial sector operator, or the ML/TF risk associated with the financial sector operator, or of the group to which it belongs
• The weakness has or could have a significant impact on the integrity, transparency, and security of the financial system of a Member State or of the EU as a whole
• The weakness has or could have a significant impact on the viability of the financial sector operator or of the group to which the financial sector operator belongs, or on the financial stability of a Member State or of the EU as a whole
• The weakness has or could have a significant impact on the orderly functioning of financial markets

How does the EBA define a ‘measure’?

The definition of ‘measures’ covers the various types of actions taken by a competent authority on a financial sector operator, in response to the material weakness and to cover the measures taken in response not only to a material ‘breach’ but also a ‘potential breach’ or ‘ineffective or inappropriate application’.

How the EBA will use the data

The EBA will use the central AML/CFT database to: 

• Share relevant information proactively on its own initiative with competent authorities in support of their supervisory activities on a risk-based approach
• Answer ‘reasoned requests’ for information from competent authorities about financial sector operators to the extent that this information is relevant for competent authorities’ supervisory activities with regard to preventing the use of the financial system for the purpose of ML/TF
• Analyze information in the database on an aggregate basis to inform the opinion on ML/TF risk and to perform risk assessments 
• Support the EBA’s work to lead, coordinate and monitor the EU financial sector’s AML/CFT efforts

Compliance teams will find lots to unpack in the full report, including how information on ‘natural persons’ such as beneficial owners and senior managers can be captured. It provides good insight into the EBA’s areas of focus, enabling firms to carry out a gap analysis to check their effectiveness and ensure they have processes in place and can fix potential problems before they occur.The EBA will submit the draft RTS to the European Commission for endorsement. Once approved, the RTS will be directly applicable in all Member States, and EuReCA will start to collect personal data. 

Uncover more about latest European regulations with our Guide to the European Union’s New AML/CFT Framework.