EU financial services ‘should not wait’ for finalised AML single rulebook to begin due diligence remediation

European Union financial services firms should not wait for the finalized anti-money laundering (AML/CFT) single rulebook  to begin due diligence remediation, said a senior banking regulator.

The single rulebook, which aims to bring a harmonised set of rules AML/CFT to the bloc, will apply from 10 July 2027. The list of obliged entities will expand to include all crypto asset service providers (CASPS) and extend to football agents and professional football clubs for certain transactions from 10 July 2029.

“The key here is to start early, not to wait until May 2027, and then start your remediation action. So really, start early,” Endija Springe, a policy expert at the European Banking Authority (EBA) in Paris told the Association for Financial Markets in Europe’s (AFME) 8th Annual European Compliance and Legal Conference.

By the go-live date, EU financial services firms should have reviewed customer files for any discrepancies between the single rulebook’s approach to customer due diligence (CDD) and the national competent authority (NCA) rules they follow now. The issue is that the process to define the rulebook is still in the preliminary stages. The European Commission asked the EBA for advice on regulatory technical standards (RTS) and guidelines in March.

Tough timeframe for banks

Jose Arevalo, director of financial crime and markets regulatory risk and control oversight at Commerzbank in London, told the AFME conference that the single rulebook and the establishment of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) represented a ‘once in a generation’ opportunity to optimise and enhance the preventive framework,which focuses on regulatory effectiveness; risk-based proportionality; and establishing a sound legal basis for information and intelligence sharing, measurable asset recovery and the disruption of criminal proceeds and criminal enterprise.

However, the short implementation timeframe was going to be hard for firms to manage without sight of the regulatory technical standards, Arevalo said, and there were further concerns that banks might be forced to offboard customers who could not comply with requests for additional information, exacerbating financial inclusion concerns.

“This could cause some implementation issues for banks, given the short-term nature of that remediation timeframe. CDD has been performed by large entities in line with the legal requirements that are live as of now, and as part of that, they would have been subject to risk-based proportionality, risk-based checks, ongoing screening and monitoring in line with the regulation of the day,” he added.

The expectation to uplift millions of customer relationships across the EU, through branches and subsidiary networks, will produce a huge workload for large entities, that will be extremely difficult to achieve by July 10. Arevalo said.

Uplift a challenge

Regulators agreed the CDD uplift would be a challenge, but said work on the single rulebook had begun.

“The EBA is starting that process now, with key deliverables on CDD on the methodology. Key elements will be known in the course of next year,” Jo Swyngedouw, the National Bank of Belgium’s deputy director head of financial stability, AML supervision and banking prudential policy, said at the AFME conference.

“There is an explicit provision in the regulation that says existing rules from EBA guidelines or from national authorities remain in place until the new AMLA rules come into force. And it’s explicitly mentioned that a transitional phase can be installed, and it’s envisioned. There will be a transition. It will be challenging, but it can be prepared from next year onwards, when building blocks of the single rulebook will come into the public domain,” he said.

Striking a balance

Some banking industry officials believe financial crime compliance is already too complex and costly. “There’s a massive cost on the industry that seems to result in remarkably few prosecutions – except of the firms who are doing their best to do the processes,” Howard Davies, former chair of NatWest Group, told the House of Lords’ Financial Services Regulation Committee.

In the EU, banks and government departments would like to see a balance struck between tackling financial crime and the bureaucratic burden placed on obliged entities.

“The EU is very much leading the charge globally with many of these regulatory provisions, and when you lead the charge, inherently, sometimes you go above and beyond international standards. A golden thread of effectiveness and outcomes-based pursuit should run through the AMLR with the view to, where possible, avoiding disproportionate or rule-based requirements, which ultimately lead to greater cost of compliance without necessarily yielding preventive outcomes for the EU itself,” Arevalo said.

Marcus Pleyer, deputy director general at the German Federal Ministry of Finance, said at the AFME conference: “There will be a need to strike the balance between, on the one side getting a robust criminal regime, and on the other side not putting too much bureaucratic burden on the financial industry. We need to walk a very fine line between recognising the national specificities and having flexibility, especially when applying the risk-based approach, while on the other side, making sure we have a common body of law and it is applied uniformly in all countries.”