The three European level three (3L3) committees, the Committee of European Securities Regulators (CESR), the Committee of European Banking Supervisors (CEBS) and the Committee of European Insurance and Occupational Pension Supervisors (CEIOPS), have this week turned their attention to the area of anti-money laundering (AML) with the publication of a new report. The 3L3’s Anti-Money Laundering Task Force (AMLTF) has therefore released a new paper detailing recommendations for European regulators on implementing the Third Money Laundering Directive (2005/60/EC).
This compendium paper provides a collective overview of EU member states’ practices in relation to the application of customer due diligence (CDD) requirements and the customer identification and verification requirements in face to face situations of the directive. It also contains a comprehensive table of the applicable AML framework in all 27 member states based on data from two surveys conducted over 2008 by the taskforce.
The paper is aimed at presenting regulators with commonalities and divergences of supervisory practice, with the aim to support convergence of supervisory practices in the application of CDD and Know Your Customer (KYC) rules laid out in the directive. By highlighting these differences, the 3L3 is hoping to achieve harmonisation but this will be a significant challenge for those member states that have not even begun to implement the regulation. Even for those that have implemented the requirements, there are certain technical details that differ in relation to the application of the common legal framework, notes the paper.
The Third Money Laundering Directive builds on the two previous incarnations and provides specific and detailed provisions related to customer identification and compels firms to take measures on a “risk sensitive basis” to verify their identity. The differences in the national implementation of the directive are largely attributed to the different legal frameworks within each member state: “some supervisors have more experience in the risk-based approach relative to those coming from a prescriptive rules-based tradition” states the report.
Thus far, both Ireland and Spain have failed to implement the directive and Belgium, France and Poland have only partially implemented it. In terms of a group wide approach to CDD risk management, only 17 of the member states provide for an obligation for a consolidated approach to this area. This essentially involves the group wide tracking of customer data for global financial institutions across all of its entities.
As Lehman has proved, the lack of legal entity data standards means this tracking this data is a significant challenge for financial institutions and regulators alike. Perhaps if the entire European regulatory community, across all 27 member states, had stronger rules in place regarding CDD across a group, it would force more standardisation? Currently, a consolidated approach to tracking this data is only “encouraged” in three countries: Germany, France and Slovakia.
The report also identifies significant disparities between member states’ treatments of third countries and third parties. There is, for example, a diverse range of categories of institutions that are recognised by the different national frameworks as third parties that are considered to be reliable enough to provide CDD data, ranging from auditors to credit institutions. There are also differing rules on the transmission of identification of data and documents, only six member states actually require the transmission of this data without request.
A separate survey conducted around customer identification requirements also indicates that there are differences between the data required by various member states to verify identity. In fact, the report notes that “almost no member state is alike” and indicates that this should be a priority area for harmonisation in future. The only common denominator seemed to be that the first and last name of these customers are collected, verified and recorded. The lack of a standard data format would make problematic any attempts to track these customers at a European level.
The report and survey findings do not reveal anything new (data is collected in completely different ways across Europe), but they indicate the scale of the harmonisation challenge for the future. Given the focus on European level regulatory cooperation at the moment, it seems likely that this will be added to the ‘to do’ list for the incoming pan-European regulatory bodies.
Should this be pushed up the agenda, firms can expect higher levels of scrutiny at a European level for this data and the possibility of new standardised reporting formats to be adopted in the future.