Annexes to COM(2024)112 - Implementation of Directive (EU) 2015/849 - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2024)112 - Implementation of Directive (EU) 2015/849. |
|---|---|
| document | COM(2024)112 |
| date | March 11, 2024 |
The three ESAs’ Joint Guidelines on AML/CFT Colleges create a framework for supervisory cooperation in the cross-border context. The EBA facilitated the establishment of AML/CFT colleges of supervisors and monitors their functioning (29). By 15 September 2023, 274 colleges had been set up. The AML/CFT package will further strengthen this framework by including a legal obligation to establish AML/CFT colleges for cross-border credit or financial institutions that operate in several Member States.
The EBA’s AML/CFT Cooperation Guidelines, issued in December 2021, provide guidance on the practical terms of cooperation and information exchange among prudential supervisors, AML/CFT supervisors and FIUs at the level of Member States and across the EU. These guidelines, based on Article 117(6) of Directive 2013/36/EU, cover the full supervisory life cycle and bring clarity on which information to exchange with whom and at what stage.
Another improvement in supervisory cooperation and exchange of information was brought about by Article 57a(2) of Directive (EU) 2015/849 introduced by Directive (EU) 2018/843. It requires the ESAs to facilitate an agreement between the ECB and national AML/CFT competent authorities. The EBA published a multilateral agreement in January 2019, which was signed by the European Central Bank (ECB) and more than 50 national AML/CFT supervisors in the European Economic Area. It includes regular and ad hoc submissions on both sides relating to obliged entities (more than 1 000 individual information exchanges have taken place so far).
To further strengthen cooperation and information exchange across the EU, the EBA launched the first European AML/CFT database in January 2022, named EuReCA. It contains information on material AML/CFT weaknesses that supervisors have identified in individual financial institutions, as well as on specific measures that supervisors have taken in response to these weaknesses. Reporting obligations are not limited to AML/CFT supervisors but extend to all financial sector supervisors. The EBA can share information from EuReCA with individual competent authorities on its own initiative and at a supervisor’s request to support them at all stages of the supervisory process. The EBA also uses it to identify specific risks and trends at sectoral and European level. As of 15 September 2023, EuReCA has received 924 submissions in total from 36 AML/CFT and prudential authorities (including the ECB), including 608 material weaknesses and 316 measures concerning 210 entities (mainly credit institutions and payment institutions) (30).
In March 2022, the EBA published revised Guidelines on common procedures and methodologies for the supervisory review and evaluation process (31), which were amended to set out how prudential supervisors should consider ML/TF risks in their prudential supervisory work. The revised guidelines complement the EBA’s wider work on tackling ML/TF risk through prudential supervision, which includes Guidelines on the assessment of the suitability of members of the management body and key function holders (32) and Guidelines on internal governance (33).
Thanks to the efforts that the EBA has put in embedding ML/TF risks in all areas of its supervisory work, cooperation and information exchange between national AML/CFT supervisors and prudential supervisors is improving. However, the EBA also observes that cultural and procedural obstacles continue to exist and can hamper effective collaboration and supervisory outcomes. It expects that these shortcomings will be addressed as prudential authorities implement relevant guidelines.
The 2022 survey of Member States indicates that cooperation between supervisors in the non-financial sector (comprising several types of obliged entities such as lawyers, notaries, tax advisors and accountants, but also real estate agents, providers of gambling services and certain traders in goods) is less formalised than in the financial sector. This is also due to the fact that supervisors in the non-financial sector cannot always easily identify counterparts, given the absence of clear rules and an EU-level authority with an AML/CFT mandate for these sectors. Also, the exchanges between self-regulatory bodies, which in some Member States have been authorised to supervise legal professions and real estate agents, with other AML/CFT supervisors tend to take place rather informally and on a case-by-case basis.
A specific challenge is to ensure smooth exchanges of information between AML/CFT supervisors and obliged entities that operate establishments in a Member State but have their head office in another country, such as payment service providers and e-money issuers present through agents and distributors in the financial sector. The 2022 survey shows that the nomination of representatives who act as contact points is a widely used and effective means to obtain information. As part of the AML/CFT package, the Commission proposed to extend to crypto-asset service providers the possibility for Member States to require the appointment of a central contact point, which already exists for e-money issuers and payment service providers acting through agents or distributors.
As regards FIUs, they were asked in an additional survey carried out by the Commission in 2022 to indicate whether they have direct or indirect access to certain sources of financial, administrative and law enforcement information. The results of this analysis highlight some divergences in FIUs’ powers to access information which may impact their ability to conduct effective analyses and cooperate with each other. The Commission’s proposal for a new AML/CFT Directive seeks to support effective analysis by EU FIUs by mandating a minimum list of information that FIUs should be able to access.
As regards international cooperation and the information exchange of national competent authorities with third countries, a point which is covered in Article 65(1)(d), the results of the 2022 survey show that not all national AML supervisors of credit and financial institutions have made use of Article 57a(5) of Directive (EU) 2015/849 to conclude cooperation agreements with competent authorities of third countries. This is because alternatives exist: in practice, supervisors seem to include relevant AML/CFT provisions in other bilateral and multilateral agreements (e.g. the International Organization of Securities Commissions’ multilateral memorandum of understanding). Furthermore, in line with the ESAs’ guidelines, AML/CFT supervisory colleges envisage the participation of supervisors from third countries as observers where relevant, and findings from the EBA’s monitoring of AML/CFT colleges suggest that this happens in practice. As part of the AML/CFT package, Member States would be able to authorise all financial sector supervisors to conclude cooperation agreements.
In the non-financial sector, no individual arrangements for the exchange of information with third countries have been reported. This can be partly explained by the fact that many obliged entities in the non-financial sector operate at a local level and within national borders, as well as by the specific requirements that apply to the provision of services across borders, which may include re-licensing. In this case, information is exchanged with third-country supervisory authorities on a case-by-case basis.
As regards the international cooperation and information exchange of FIUs, Directive (EU) 2015/849 does not address or regulate the cooperation of FIUs in EU Member States with FIUs in third countries. Nevertheless, FIUs in all Member States exchange information with FIUs in third countries on a regular basis. This is done on the basis of the Charter of the Egmont Group, bilateral agreements or memoranda of understanding. The scope of the memoranda of understanding varies in terms of geographical focus. One FIU, for example, has reported that it has concluded more than a hundred such arrangements, while other FIUs have concluded fewer.
5. Beneficial ownership (BO) information regarding entities incorporated outside of the Eu
Article 65(1)(f) requests an analysis of the feasibility of specific measures and mechanisms at Union and Member State level on the possibilities to collect and access the BO information of corporate and other legal entities incorporated outside of the Union.
Transparency and access to BO information is a key element of the EU’s AML/CFT framework. While Article 30 of Directive (EU) 2015/849 establishes rules to ensure BO transparency of corporate and other legal entities incorporated within the EU, no such transparency rules apply to foreign corporate entities. This makes it more difficult for FIUs and law enforcement authorities analysing or investigating legal entities involved in possible criminal schemes to identify those who control them.
The 2022 survey shows that a large majority of Member States (23) currently do not require the collection of beneficial ownership information on foreign legal entities. Some Member States (12) highlighted that this information might be available to a limited extent based on the obliged entities’ customer due diligence requirements and/or where a foreign entity and its beneficial owner(s) own and/or control a national legal entity and are therefore recorded in the national BO register. Only a small number of Member States (5) proactively collect BO information on foreign legal entities. Based on the responses, this disclosure requirement for foreign entities is triggered by the acquisition of real estate or where the foreign legal entity is operating through an establishment in the Member State and generating economic activity or tax obligations.
The AML/CFT package includes provisions to address and mitigate the ML/TF risks linked to foreign legal entities. They complement the existing requirement to obtain and hold BO information on trusts where the place of establishment or residence of the trustee or person holding an equivalent position in a similar legal arrangement is outside the EU in Article 31(3a) of Directive (EU) 2015/849. Specifically, registration of beneficial ownership information on legal entities incorporated outside the EU is required when they enter into a business relationship with an obliged entity or acquire real estate in a Member State. The proposal anticipated the revised Recommendation 24 of the Financial Action Task Force (FATF), the international standard-setting body in the field of AML/CFT, adopted in March 2022, which requires among other things that competent authorities have access to BO information on companies and other legal entities that are not incorporated in the country but have a sufficient link with it and present money laundering or terrorist financing risks.
6. Politically Exposed Persons – Enhanced due diligence measures
Article 65(1)(f) also requests an analysis of the proportionality of the measures referred to in point (b) of Article 20. It sets out the additional customer due diligence measures to be carried out in cases of business relationships with politically exposed persons, namely senior management approval for establishing or continuing business relationships with such persons, adequate measures to establish the source of wealth and source of funds that are involved in business relationships or transactions, and enhanced ongoing monitoring of those business relationships. Article 65(1) third sub-paragraph further requests that the report is required to be accompanied, if necessary, by appropriate legislative proposals, including, where appropriate, on a risk-based application of these measures.
The requirements of the FATF on politically exposed persons (PEPs) have been implemented in EU AML/CFT legislation, in particular in Article 3(9), Article 3(10) and Article 3(11) of Directive (EU) 2015/849 on definitions, as well as in Article 20 of Directive (EU) 2015/849 on additional customer due diligence measures. The FATF defines a PEP as an individual who is or has been entrusted with a prominent public function. The rationale for applying additional measures to PEPs is that they have an increased risk of committing ML/TF offences due to their advantageous position and influence. The FATF therefore outlines in Recommendation 12 a list of preventive requirements to mitigate these risks (34). It requires that financial institutions should, in addition to performing normal customer due diligence measures as set out in Recommendation 10, have appropriate risk management systems to determine whether the customer or its beneficial owner is a foreign PEP. This means that proactive steps are to be taken, such as assessing customers on the basis of risk criteria, risk profiles, the business model, and verification of customer due diligence information (35). To determine if a person is a domestic PEP or PEP at the level of international organisations, Recommendation 12 requires taking reasonable measures based on the assessment of the risk level of the business relationship, which means reviewing the customer due diligence information collected in line with Recommendation 10. If a customer is deemed to be a foreign PEP or if there is a higher risk business relationship with domestic or international organisation PEPs, enhanced risk mitigation measures should be applied in line with Recommendation 12. These measures include obtaining senior management approval for establishing or continuing such business relationships, taking reasonable measures to establish the source of wealth and source of funds, and conducting enhanced ongoing monitoring of the business relationship. The requirements for all types of PEP should also apply to their family members or close associates.
Article 20 of Directive (EU) 2015/849 takes up all enhanced due diligence measures required by the FATF without distinguishing between foreign and domestic PEPs.
7. Fundamental rights
Article 65(1)(g) requests an evaluation of how fundamental rights and principles recognised by the Charter of Fundamental Rights of the European Union have been respected. Fundamental rights as laid down in the Charter are the backbone of the EU’s legal system and must always be upheld. The provisions of the Charter are addressed to the institutions and bodies of the EU in all their actions as well as to national authorities when they are implementing EU law. The Charter protects individuals and legal entities against actions by these institutions and authorities that infringe fundamental rights.
The rights and principles enshrined in the Charter need to be taken into account at every step of the EU legislative process. To ensure that all proposals for EU legislation respect the Charter, the Commission already has to assess the impact of new proposals on fundamental rights when preparing them. During the legislative process, the Commission works with the co-legislators to ensure that EU law is in line with the Charter. On data protection, in order to ensure consistency of the rules throughout the EU, the Commission, following the adoption of proposals for a legislative act, has to consult the European Data Protection Supervisor on whether there is an impact on the protection of individuals’ rights and freedoms with regard to the processing of personal data (36). In September 2021, the Supervisor issued an Opinion on the Commission’s AML/CFT legislative package (37), in which it welcomed the objectives pursued by the proposals in general.
As regards breaches of the Charter, we should distinguish between several cases: if actions by an EU institution infringe fundamental rights, the Court of Justice of the EU has the power to review the legality of the act. If a national authority breaches rights under the Charter when implementing EU law, national judges have the power to ensure that the Charter is respected, in line with the case-law of the Court of Justice of the EU. The Commission can take a Member State to court for breaching fundamental rights when implementing EU law, e.g. if a national measure applies EU law in a manner incompatible with the Charter.
In relation to AML/CFT requirements, the Court of Justice has touched upon the respect of fundamental rights in different contexts, notably with regard to Article 7 of the Charter on the respect for private and family life and Article 8 on the protection of personal data, as well as Article 12 on the freedom of assembly and association.
In light of Articles 7 and 8, the Court of Justice delivered a judgment on the provisions on public access to beneficial ownership information for corporate and other legal entities in preventing ML/TF (38). In its judgment, the Court invalidated the provision of Directive (EU) 2015/849 whereby Member States must ensure that the BO information on corporate and other legal entities incorporated within their territory is accessible in all cases to any member of the public (Article 30(5), point c of Directive (EU) 2015/849 as amended by Directive (EU) 2018/843). The Court found that such indiscriminate access constituted serious interference with the fundamental rights to respect for private life and the protection of personal data. In the case at hand, this interference could not be considered justified as it did not meet the applicable necessity and proportionality tests.
In light of Articles 7, 8 and 12 of the Charter on the right to respect for private and family life, the right to the protection of personal data and the right to freedom of association, the Court of Justice also delivered a judgment on restrictions imposed by a Member State on the financing of civil organisations by persons established outside that Member State (39). In its judgment, the Court held that the Member State had introduced discriminatory and unjustified restrictions that were contrary to the obligations on Member States in respect of the free movement of capital laid down in Article 63 of the Treaty on the Functioning of the European Union and to Articles 7, 8 and 12 of the Charter. As regards a possible justification for that restriction, the Court noted that grounds of public policy or public security, which cover in particular the fight against money laundering, the financing of terrorism and organised crime may be relied upon. However, those grounds may not be relied upon unless there was a genuine, present and sufficiently serious threat to fundamental interests of society which had not been demonstrated by the Member State in that specific case.
As regards the respect of fundamental rights and principles recognised by the Charter at national level, the 2022 survey of Member States enquired in particular about potential interferences of AML requirements with the following fundamental rights and principles enshrined in the Charter: (i) Article 7 on the respect for private and family life; (ii) Article 8 on the protection of personal data; (iii) Article 11 on the freedom of expression and information; (iv) Article 12 on the freedom of assembly and association; (v) Article 16 on the freedom to conduct a business; (vi) Article 17 on the right to property; (vii) Article 20 on equality before the law; (viii) Article 21 on non-discrimination; (ix) Article 47 on the right to an effective remedy and to a fair trial; (x) Article 48 on the presumption of innocence and right of defence; (xi) Article 49 on the principles of legality and proportionality of criminal offences and penalties; and (xii) Article 50 on the right not to be tried or punished twice in criminal proceedings for the same criminal offence. Eight Member States reported proceedings initiated before national courts related to this kind of interference. Other Member States that responded to the question were not aware of such cases.
Member States did not report on cases regarding interference with other fundamental rights than the ones mentioned above. As regards the right to privacy and the protection of personal data, the 2022 survey showed the following: administrative complaints about requirements set out in Directive (EU) 2015/849 have been filed with data protection authorities in the majority of the Member States (17). Data protection authorities have been consulted in the context of the preparation of national acts to transpose or implement requirements of Directive (EU) 2015/849 in almost all Member States (24). Nine Member States listed other types of complaints filed / consultations carried out with other national authorities that have a bearing on the interaction between AML/CFT requirements and fundamental rights.
8. Requirements regarding potential legislative proposals pursuant to Article 65(1) third sub-paragraph
Article 65(1) third sub-paragraph of Directive (EU) 2015/849 requests the Commission to assess the need to make new legislative proposals on several specific topics, notably virtual currency user databases, asset recovery offices and politically exposed persons. The latter category was already addressed in section 6.
1. Virtual currency user databases
With respect to virtual currencies, Article 65(1) third sub-paragraph of Directive (EU) 2015/849 requires the Commission to draw up a legislative proposal – if appropriate – including empowerments to set up and maintain a central database that registers the identities and wallet addresses of virtual currency users accessible to FIUs and including self-declaration forms for the use of virtual currency users.
The creation of a central database at EU level would require Member States to already have such registers in place, which could then be interconnected to feed into a central register, or alternatively that means would be allocated at EU level to create a central register directly (40). The 2022 survey shows that Member States currently do not have crypto-asset account registers in place. The regulation of virtual currencies at international and European level has undergone several changes since the adoption of Directive (EU) 2018/843, which introduced the reference to a potential legislative proposal on a virtual currency user database.
The FATF adopted new standards on new technologies in June 2019, requiring jurisdictions to regulate virtual asset service providers (also termed crypto-asset service providers in the EU legal framework) for AML/CFT purposes and for them to be licensed or registered and be subject to effective systems for monitoring and ensuring compliance with the relevant measures called for in the FATF recommendations. These standards also require traceability for transfers of virtual assets. Specifically, virtual asset service providers must accompany transfers with detailed information on their originators and beneficiaries (the ‘travel rule’). This requirement is being introduced into EU law by Regulation (EU) 2023/1113 of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets (TFR Regulation) (41), which is a recast of Regulation (EU) 2015/847 on information accompanying transfers of funds (42).
The 2021 AML/CFT legislative package entails several further proposals to address and mitigate the ML/TF risks linked to the use of virtual currencies. First, providers of all virtual asset services likely to raise money laundering or terrorist financing risks are added to the list of obliged entities. Second, it proposes prohibiting the provision and custody of anonymous crypto-asset wallets as these do not allow crypto-asset transfers to be traced and carry a greater risk of misuse for criminal purposes.
At a more general level, the Regulation on Markets in Crypto-assets aims at providing a clear, dedicated and harmonised legal framework in the EU for crypto-assets and crypto-asset service providers by requiring them to be authorised by a national competent authority to perform their activities. This Regulation will also put in place adequate protection for all consumers as they will go through authorised exchanges, wallets and trading platforms to buy, trade and transfer crypto-assets.
Overall, the new Regulation on Markets in Crypto-assets and the TFR Regulation will significantly increase the monitoring of crypto-asset transfers for ML/TF by competent authorities throughout the EU. The new AML Regulation will further mitigate ML/TF risks related to the use of virtual currencies, while not providing for the creation of a central database as referred to in Article 65(1) of Directive (EU) 2015/849. With the adoption of Regulation (EU) 2023/113, crypto-asset service providers will be included within the scope of financial institutions within the meaning of the AML Directive, and thus subject to all AML/CFT rules applicable to the financial sector, which will ensure that competent authorities, including FIUs, can swiftly access information on holders of custodial crypto asset wallets.
2. Cooperation between Asset Recovery Offices of the Member States
Article 65(1) third sub-paragraph of Directive (EU) 2015/849 requests the Commission to table, if appropriate, a legislative proposal to improve cooperation between Asset Recovery Offices of the Member States.
On 25 May 2022, the Commission adopted a proposal for a new Directive on asset recovery and confiscation (43). It provides a comprehensive set of rules that addresses asset recovery from beginning to end – from tracing and identification, freezing and management, to confiscation and final disposal of assets. In particular, the proposal aims at strengthening the capacity of Asset Recovery Offices to trace and identify proceeds of crime, by providing them with a broader access to the necessary information, ensure a swift exchange of information among these offices and enabling them to urgently freeze property when there is a risk that assets could dissipate.
9. Conclusion and outlook
The last few years have been marked by many challenges in the area of AML/CFT. While the risk environment has changed considerably, the Commission has continuously reacted to these changes by regularly analysing the risk, providing written guidance to Member States and stakeholders and intervening in cases of incorrect or non-complete transposition by Member States. The EBA has contributed to harmonised approaches and supervisory convergence through its work on peer reviews of supervisory practices, numerous guidelines and opinions in the field of the application of risk-based measures by credit and financial institutions, as well as work on cooperation between supervisors. Over the past few years, substantial improvements have been made in particular in the fields of information exchange and cooperation between AML/CFT supervisors in the financial sector.
In order to address the issues identified on the implementation of Directive (EU) 2015/849, the Commission proposed an ambitious AML/CFT legislative package in 2021. It introduces comprehensive reform, both from a regulatory and institutional perspective, of the EU AML/CFT framework. Under this package, a substantial part of the Directive will be moved to a Regulation so that obliged entities will be subject to directly applicable rules. This will remove the need for transposition and put an end to the possibility of national variations and at the same time reduce delays in the application of EU rules. The AML Regulation provides for harmonised requirements for internal policies, procedures and controls and customer due diligence, it further specifies rules on beneficial ownership transparency of legal entities and legal arrangements and extends the list of obliged entities among others to crypto-asset service providers. The proposal for a revised AML/CFT Directive strengthens the tasks, powers and tools of supervisors and FIUs to improve their functioning. It also aims at setting out clear rules for all authorities to ensure effective cooperation and information sharing. All this will provide the EU with a comprehensive and integrated system that is commensurate with the integration of its internal market. The new integrated AML/CFT supervisory system will consist of the new European Anti-Money Laundering Authority (AMLA) at its centre and the national authorities with an AML/CFT supervisory mandate and will be based on common supervisory approaches and risk assessment methodologies. To ensure effective and consistent supervision AMLA will directly supervise the riskiest cross-border financial entities and coordinate national supervisory authorities and supervisory actions, including for the non-financial sector. AMLA will also be entrusted with an FIU coordination function. As all recent major money laundering cases reported in the EU have had a cross-border dimension, this approach aims at ensuring closer cooperation and exchange of information among FIUs and also achieving synergies between supervisors and FIUs. The existence of AMLA will therefore play a significant role in the prevention and detection of money laundering, its predicate offences and terrorist financing, and will form the heart of a robust EU AML/CFT framework.
1()Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).
2()Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (OJ L 156, 19.6.2018, p. 43).
3()The points listed in Article 65(1) of Directive (EU) 2015/849 have been covered in this report in the following way: Section 2 of the report covers the first part of point (e) of Article 65(1) concerning an account of Commission actions to verify that Member States take action in compliance with this Directive as well as point (b) of Article 65(1), Section 3 on risk assessment and risk mitigation covers the second part of point (e) concerning Commission actions to assess emerging problems and new developments in the Member States as well as point (a) of Article 65(1), Section 4 on information access and cooperation, including at international level, for National Competent Authorities and FIUs covers point (c), Section 5 on beneficial ownership information regarding entities incorporated outside of the Union covers the first part of point (f), Section 6 on enhanced customer due diligence measures for politically exposed persons covers the second part of point (f), Section 7 on fundamental rights covers point (g) and Section 8 covers the third sub-paragraph of Article 65(1) of Directive (EU) 2015/849 providing an assessment of the need to make new legislative proposals on virtual currency user databases and asset recovery offices.
4()Summaries of the results of the surveys and the contributions provided by the EBA are included in the staff working document accompanying the report. The study carried out by the Council of Europe is publicly available on the website of the European Commission from the date of publication of the report.
5()https://finance.ec.europa.eu/publications/anti-money-laundering-and-countering-financing-terrorism-legislative-package_en
6()Commission staff working document, impact assessment accompanying the anti-money laundering package, SWD (2021) 190 final. Parts of the AML/CFT legislative package are still under negotiation (as of 15 September 2023).
7()For more introductory background information, see the accompanying staff working document to this report.
8()Communication from the Commission on an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing, 2020/C 164/06.
9()28 cases on non-transposition grounds and 6 on non-conformity grounds.
10() The study carried out by the Council of Europe is publicly available on the website of the European Commission from the date of publication of the report.
11()EBA Regulation (EU) 1093/2010 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02010R1093-20210626&qid=1680524907642&from=en
12()Report from the Commission to the European Parliament and the Council on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities, COM (2022) 554 final.
13()The ESAs, namely the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA), work primarily on harmonising financial supervision in the EU by developing the single rulebook, a set of prudential standards for individual financial institutions. The ESAs help to ensure the consistent application of the rulebook to create a level playing field. They are also mandated to assess risks and vulnerabilities in the financial sector.
14()EBA/GL/2021/02 of 1 March 2021: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/963637/Final%20Report%20on%20Guidelines%20on%20revised%20ML%20TF%20Risk%20Factors.pdf
15()EBA/GL/2021/16 of 16 December 2021: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/EBA-GL-2021-16%20GL%20on%20RBA%20to%20AML%20CFT/1025507/EBA%20Final%20Report%20on%20GL%20on%20RBA%20AML%20CFT.pdf
16()EBA/GL/2022/15 of 22 November 2022: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2022/EBA-GL-2022-15%20GL%20on%20remote%20customer%20onboarding/1043884/Guidelines%20on%20the%20use%20of%20Remote%20Customer%20Onboarding%20Solutions.pdf
17()EBA/GL/2022/05 of 14 June 2022: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2022/EBA-GL-2022-05%20GLs%20on%20AML%20compliance%20officers/1035126/Guidelines%20on%20AMLCFT%20compliance%20officers.pdf
18()The most recent is EBA/Op/2021/04 of 3 March 2021: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Opinions/2021/963685/Opinion%20on%20MLTF%20risks.pdf
19()EBA/GL/2023/04 of 31 March 2023: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2023/1054144/Guidelines%20on%20MLTF%20risk%20management%20and%20access%20to%20financial%20services.pdf and Opinion on ‘de-risking’, EBA/Op/2022/01, 5 January 2022: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Opinions/2022/Opinion%20on%20de-risking%20%28EBA-Op-2022-01%29/1025705/EBA%20Opinion%20and%20annexed%20report%20on%20de-risking.pdf
20()https://www.eba.europa.eu/eba-publishes-fourth-opinion-%C2%A0-money-laundering-and-terrorist-financing-risks-across-eu
21()EBA statement on actions to mitigate financial crime risks in the COVID-19 pandemic, issued on 31 March 2020: https://www.eba.europa.eu/sites/default/documents/files/document_library/News%20and%20Press/Press%20Room/Press%20Releases/2020/EBA%20provides%20additional%20clarity%20on%20measures%20to%20mitigate%20the%20impact%20of%20COVID-19%20on%20the%20EU%20banking%20sector/Statement%20on%20actions%20to%20mitigate%20financial%20crime%20risks%20in%20the%20COVID-19%20pandemic.pdf
22()EBA AML/CFT Newsletter, 1st Issue, 15 May 2020: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Other%20publications/2020/883686/EBA%20AML%20Newsletter_Issue%201-.pdf
23()EBA/REP/2022/05 of 22 February 2022:
https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Reports/2022/1027361/Report%20Risk%20assessment%20on%20Luanda%20Leaks%20under%20art%209a.pdf
24()http://www.eba.europa.eu/eba-calls-financial-institutions-and-supervisors-provide-access-eu-financial-system
25()Report on ML TF risks associated with payment institutions: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Reports/2023/1056453/Report%20on%20ML%20TF%20risks%20associated%20with%20payment%20institutions.pdf
26()This part of the AML/CFT legislative package is still under negotiations (as of 15 September 2023).
27()Joint Guidelines on cooperation and information exchange, JC 2019 81 of 16 December 2019: https://www.eba.europa.eu/sites/default/documents/files/document_library//Joint%20Guidelines%20on%20cooperation%20and%20information%20exchange%20on%20AML%20-% https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/EBA-GL-2021-15%20GL%20on%20CFT%20cooperation/1025384/Final%20AML-CFT%20Cooperation%20Guidelines.pdf20CFT.pdf
28()https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/EBA-GL-2021-15%20GL%20on%20CFT%20cooperation/1025384/Final%20AML-CFT%20Cooperation%20Guidelines.pdf
29()See the EBA reports on AML/CFT colleges: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Reports/2020/961425/Report%20o.n%20the%20functioning%20of%20AML%20Colleges%20.pdf and https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Reports/2022/1038179/Report%20on%20functionion%20of%20AML%20CFT%20Colleges.pdf
30()EuReCA reporting as of 15 September 2023.
31()EBA/GL/2022/03 of 18 March 2022, Guidelines on supervisory review and evaluation process – SREP: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2022/EBA-GL-2022-03%20Revised%20SREP%20Guidelines/1028500/Final%20Report%20on%20Guidelines%20on%20common%20procedures%20and%20methodologies%20for%20SREP%20and%20supervisory%20stress%20testing.pdf
32()Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders under Directive 2013/36/EU and Directive 2014/65/EU, EBA/GL/2021/06 of 2 July 2021: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/EBA-GL-2021-06%20Joint%20GLs%20on%20the%20assessment%20of%20suitability%20%28fit%26propoer%29/1022127/Final%20report%20on%20joint%20EBA%20and%20ESMA%20GL%20on%20the%20assessment%20of%20suitability.pdf
33()Guidelines on internal governance under Directive 2013/36/EU, EBA/GL/2021/05 of 2 July 2021: https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/1016721/Final%20report%20on%20Guidelines%20on%20internal%20governance%20under%20CRD.pdf
34()FATF (2012-2023), International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, FATF, Paris, France, www.fatf-gafi.org/recommendations.html
35()FATF Guidance Politically Exposed Persons (Recommendations 12 and 22), June 2013. FATF GUIDANCE (fatf-gafi.org)FATF GUIDANCE (fatf-gafi.org)
36()Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
37()Opinion 12/2021, https://edps.europa.eu/system/files/2021-09/21-09-22_edps-opinion-aml_en.pdf
38()Judgment of the Court of 22 November 2022 in joined cases WM (C-37/20) and SOVIM SA (C-601/20) versus Luxembourg Business Registers: https://curia.europa.eu/juris/document/document.jsf?text=&docid=268059&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=1503497
39()Judgment of the Court of 18 June 2020 in case (C-78/18 ‘Commission v Hungary’): https://curia.europa.eu/juris/document/document.jsf;jsessionid=98151443F97F6BA2D856266F83B1C03F?text=&docid=227569&pageIndex=0&doclang=en&mode=req&dir=&occ=first&part=1&cid=112968
40()See ‘Study on developments with regard to virtual assets users and the possibility to set-up and maintain a central database registering users’ identities and wallet addresses accessible to financial intelligence units (FIUs)’, published in 2021.
41()Regulation (EU) 2023/1113 of 31 May 2023 of the European Parliament and of the Council on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 (OJ L150, 9.6.2023, p. 1).
42()Regulation (EU) 2015/847 of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141, 5.6.2015, p. 1).
43()Proposal for a Directive of the European Parliament and of the Council on asset recovery and confiscation, COM/2022/245 final.
EN EN