Warning for European financial institutions as major new report warns money laundering and terrorist financing risks are not properly assessed and managed

A new report from the European Banking Authority (EBA) warns that payments firms and banks in the EU often insufficiently identify and manage the risk of money laundering and terrorist financing, despite the heightened risk of both within the sector. This blog looks at the report’s findings and suggests takeaways for firms, including the need for a comprehensive due diligence process which uses authoritative data and leverages technology.

Manage your money laundering risks: a stark warning for EU financial institutions

The European Banking Authority (EBA) is a regulatory agency which oversees the banking sector across all EU countries. In a 28-page report released in June, it said that money laundering and terrorist financing risks in the EU’s payments sector “may not be assessed and managed effectively” by financial companies such as banks. Failure to identify and mitigate risks exposes these companies to significant legal, financial, reputational and strategic risks.

The report notes that “payment institutions, as a sector, represent high inherent money laundering/terrorist financing risks”. This applies to the wider financial services sector, particularly banks which facilitate payments across borders. For example, EU banks have recently had to implement enhanced screening of transactions which could circumvent sanctions against Russian entities and individuals.

The EBA identifies risk factors which financial institutions should consider when assessing their exposure to possible money laundering and terrorist financing, including:

• Their customer base.
• How “cash-intensive” are the services they offer to customers.
• The prevalence of occasional transactions with customers or third parties, as opposed to established business relationships.
• The overall volume and speed of transactions.
• How customers are on-boarded remotely, and which new technologies are used to do this.

High risks of money laundering and terrorist financing in the banking sector

Given this heightened risk, the payments and financial sector is heavily regulated within the EU. Under the EU’s Money Laundering Directives, institutions are required to identify, assess, monitor and manage money laundering and terrorist financing risk. The EBA’s report also confirms that firms are advised to take a “risk-based approach” to monitoring for and managing money laundering and terrorist financing risk. This involves assessing which third parties carry a higher risk and applying enhanced due diligence proportionally. Factors that may inform this decision could include a third party’s jurisdiction, their industry, their legal record, their ultimate beneficial ownership, or their association with Politically-Exposed Persons (PEPs).

The EBA’s report also hints at further regulatory developments to come from the EU, as it identifies several weaknesses in the governance structure, including:

• A lack of an “EU-level common approach” to supervising “agent networks” acting on behalf of payment institutions.
• Significant variation in supervisory practices when authorising payment institutions, and the fact that AML and CFT controls are “not consistently assessed”.

This should spur national regulators within EU member states to strengthen their own regulatory framework and enforcement of financial crime, in anticipation of new regulations.

Moreover, in March the European Parliament approved a package of measures against money laundering and terrorist financing. This includes establishing the European Anti-Money Laundering Authority, which has the power to investigate and ensure that companies are complying with AML requirements. It also extends the scope of the EU’s AML regime to cover crypto-asset providers, and specifies rules around beneficial ownership transparency and customer due diligence. Banks must therefore ensure they are keeping up-to-date–and compliant–with regulations.

Why robust, risk-based due diligence is the best defence against AML and terrorist financing risks

The EBA’s warning should serve as a reminder to financial companies that their compliance operation must be capable of effectively identifying money laundering and terrorist financing risks, then managing and mitigating them.

Positive steps companies should take include:

1. Expand your data coverage: Companies need comprehensive and authoritative financial and legal data to assess their customers’ and third parties’ risks of financial crime such as money laundering and terrorist financing. Companies also need to bring in data which surfaces ESG and reputational risks and opportunities, including news (and adverse news) data.
2. Set high expectations of suppliers and customers: Companies should set clear ethical expectations of all third parties, including banking customers, during onboarding and throughout the relationship, and scrutinise these third parties’ own due diligence processes. Any relationship with a third party which cannot demonstrate that it manages money laundering risk should be reviewed.
3. Prioritize data quality: Given the proliferation of data, and the frequency of misinformation, companies should only base due diligence decisions on reliable and authoritative data, such as licensed news sources and official company and legal records.
4. Leverage technology: It is almost impossible to sift through vast datasets of news, company and legal sources manually. Instead, companies should use technology platforms which allow them to automatically screen a high volume of entities against a wide range of authoritative sources in one place. Artificial Intelligence applications also allow companies to detect new risks.

Upgrade your approach to risk management and due diligence with help from Nexis^® Solutions

The clear takeaway from the EBA’s report is that companies must make it a priority to mitigate the financial, legal, reputational and strategic risks of a compliance failure around money laundering or terrorist financing. The best way to do that is to leverage data and technology to strengthen your due diligence process. This will help you to better detect suspected AML transactions or activities within your business or by a customer, supplier or other third party.

Nexis Solutions helps firms to implement a more efficient and effective due diligence process to identify and mitigate AML risks by providing companies with authoritative data from the most relevant sources, including:

• News data to identify reputational risks of third parties.
• PEPs and sanctions data to identify third parties which may require enhanced due diligence.
• Company data to help to build a picture of a third party company’s structure, directors and beneficial owners.
• ESG data to assess third parties’ compliance with growing expectations from regulators and the public around human rights and environmental due diligence.

We support firms to deploy technology across these sources to improve their approach to due diligence and risk management. For example:

• Nexis Diligence+ supports an effective due diligence process with our extensive archives and news searches going back more than 40 years.
• Nexis^® Data as a Service delivers an unrivalled collection of licensed and web content, deep archives and data, through our flexible data APIs.