What are the potential impacts on financial institutions?
1. Overall risk assessment and customer acceptance policy
In application of the risk-based approach, financial institutions are required to take measures that are appropriate and proportionate with their nature and their size to identify and assess the ML/FT risks to which they are exposed (articles 7 and 16 of the AML/CTF Law). Such assessment should be performed taking into account the characteristics of the institutions’ customers, the products, services or transactions offered, the countries or geographical areas concerned and the distribution channels used, and should provide a risk-based classification of an institution’s customer base. Financial institutions are also required to adopt a customer acceptance policy which takes into account the overall risk assessment.
In its circular, the NBB clarifies what financial institutions can and cannot mention in their acceptance policy with regard to preventing unlawful de-risking:
Allowed:
- Making acceptance of certain high-risk categories subject to specific due diligence measures, such as guarantees on the fairness and transparency of a customer’s transactions (e.g. copy of invoice to be paid).
Not allowed:
- Exclude/offboard entire categories of business relationships based on general criteria such as their economic sector or link with a high-risk country, instead of on the basis of an individual risk assessment.
- Prohibiting a priori the provisions of a service offered because the potential customer belongs to a specific (high-risk) industry, such as the diamond sector.
As a consequence thereof, financial institutions may be required to review their overall risk assessment and customer acceptance policy.
2. Individual risk assessment and refusal to enter into a business relationship on grounds related to AML/CFT
Article 19 of the Anti-Money Laundering Law contains the obligation for financial institutions to carry out an individual risk assessment on each of their customers. On this basis, financial institutions can determine which due diligence measures are appropriate for each customer using a risk-based approach.
- Financial institutions cannot justify their refusal to enter into business relationships with customers claiming that the AML/CFT Law prohibits them to do so where there is a high risk of ML/FT.
- The refusal to enter into a business relationship is only possible in the situations provided in the AML/CFT Law and where financial institutions can prove that it cannot meet the due diligence obligations imposed by law.
- In such cases, they have to comply with two other requirements: (i) keeping record of the individual risk assessment and the justification for the impossibility of fulfilling the legal due diligence obligations on which the refusal to enter into a business relationship is based; (ii) analyzing the reasons why it could not meet these obligations, on the basis of which it was determined whether a notification to the CTIF had to be carried out.
- Example: a financial institution cannot refuse an individual a priori just because (s)he has crypto-assets, which brings a high risk of ML/FT.
This may, once again, lead to financial institutions being obliged to review their individual risk assessment and acceptance criteria.
3. Due diligence and its cost
Financial institutions try to justify their refusal to enter into a business relationship or the termination of an existing business relationship by invoking the high costs of performing the due diligence as required by the AML/CFT Law. Furthermore, they indicate that their pricing does not necessarily differ for customers with or without high ML/FT risks.
On this topic, the NBB notes the following:
- Financial institutions can, within what is permissible, take into account in their pricing the costs that comes with the due diligence measures as required by the AML/CFT Law. As a result, it may be legitimate to apply different price levels according to the nature and level of due diligence required. However, such price differentiations must remain legitimate and not qualify as discriminatory or prohibitive.
- Consequently, the higher cost of AML/CFT due diligence is not a valid ground for de-risking entire customer categories.
This may have several consequences for financial institutions. Those currently relying on the above argument, will probably need to adjust their pricing by, for example, integrating due diligence costs.