.svg)
Financial regulators are more aware of de-risking and how it impacts financial exclusion, but it has not necessarily decreased, a new report from the European Banking Authority (EBA) says.
Customers being de-risked has not "changed significantly" since the European Banking Authority (EBA) flagged the issue in 2021.
In fact, the EBA warns that the scale of de-risking of certain customer types has in fact increased.
In particular, this has been the case since the Russian invasion of Ukraine in 2022.
Refugees from Ukraine, individuals with links to Russia and Belarus, and some commercial banks providing payments to Russia, all became victims of this.
However, there are also positive signs for de-risking in Europe.
For example, the EBA says that competent authorities' awareness of de-risking practices has increased since the banking watchdog published an opinion on the issue in 2022.
According to the EBA, several competent authorities have carried out an assessment of de-risking in their respective jurisdictions subsequently.
In March, the EBA issued two new guidelines addressed to credit and financial institutions regarding de-risking — one aimed at money laundering/terrorism financing (ML/TF) risks with non-profit organisations, and the other clarifying the interaction between the access to financial services and institutions’ anti-money laundering/counter-terrorism financing (AML/CTF) obligations. The latter included situations where customers have legitimate reasons for failing to satisfy customer due diligence (CDD) requirements.
The European Commission, meanwhile, has taken action to prevent the de-risking of payments and e-money institutions.
For example, the EU's newly proposed Payment Services Regulation (PSR) enhances existing requirements under the revised Payment Services Directive (PSD2) for banks to provide payments and e-money firms with access to payment accounts.
For example, banks are limited in the reasons they can provide to not allow a bank account to these firms.
The PSR further extends this to entities that are in the process of applying for regulatory approval as a payment institution and to agents or distributors of payment institutions.
If a bank refuses to open or closes a payment account, it will have to explain its decision and the firm has the right to appeal this decision to the relevant national competent authority.
The EBA shared its findings on de-risking as part of its fourth biennial Opinion on the risks of ML/TF affecting the EU’s financial sector. The EBA is mandated to do this via the 4th Anti-Money Laundering Directive.
Virtual IBAN concerns
A virtual IBAN is an IBAN reference number that can be used to re-route incoming payments to a physical bank account.
As a payment solution, they are especially suited to banks and financial institutions that often have to process a large number of international payments.
Virtual IBANs can be used for different purposes, for example, to counteract the effects of IBAN discrimination — an issue that is prevalent in the EU.
However, the EBA flags that because they are functionally identical to conventional IBANs and cannot be distinguished from them, they can make transaction monitoring and the detection of suspicious transactions difficult.
Further, national authorities highlighted that there was a lack of legal certainty about AML/CTF supervision in some situations.
For example, when a financial institution sets up a shell branch in a host member state to issue local IBANs, but continues to collect funds directly through the parent financial institution on a free provision of services basis.
This can raise questions about the applicable CDD and data retention regime, the entity that is required to apply it and the competent authority that is required to supervise it.
The EBA has said that it plans to further assess the risks associated with the misuse of virtual IBANs and, if necessary, it will advise the European Commission and EU co-legislators to clarify supervisory expectations and competencies.
Instant payments risks
The new opinion also references the EU's incoming instant payments requirements.
The proposal does not affect PSPs’ compliance requirements in the EU AML/CTF legislation.
However, the EBA warns that there may be situations where the ML/TF risk associated with a business relationship or transaction is increased, and where real-time transaction monitoring is the only effective AML/CTF control.
Here, the authority says that instant payments should be implemented on the basis of an assessment of associated risks in relation to ML/TF, rather than being driven by purely economic considerations.
For financial sanctions monitoring, the instant payments legislation suggests screening all customers, immediately after entry into force of new or amended designations and at least once a day, rather than screening transactions.
This means that PSPs will not be required to take measures to satisfy themselves that the payee PSP’s restrictive measures systems and controls are adequate.
Here, the EBA flags that this might also expose PSPs to a significant risk of breaches of restrictive measures that are not targeted financial sanctions, like sectoral restrictive measures.
