On 4 October 2019, the European Supervisory Authorities (ESAs) published their second joint opinion on the risks of money laundering (ML) and terrorist financing (TF) affecting the European Union’s (EU) financial sector. The opinion is based on Art. 6(5) of Directive (EU) 2015/849, the 4th Anti-Money Laundering Directive (4th AMLD). The provision calls on the ESAs to issue an opinion every two years on the risks of money laundering and terrorist financing affecting the Union’s financial sector. The first opinion was issued in February 2017. The “ESAs” are the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA).

The ESAs’ report is based on information provided by national anti-money laundering (AML) and countering the financing of terrorism (CFT) competent authorities (CAs) and on information obtained in the context of the ESAs’ work.

Underpinning the risk-based approach introduced by the 4th AMLD, the joint opinion is, above all, designed to help identify, understand, manage, and mitigate the risks of money laundering and terrorist financing that the EU and its Member States face. The risks are grouped into two broad categories: cross-sectoral risks and sector-specific risks. The opinion identifies the following issues as the main ML/TF risks that cut across all sectors:

• The UK’s withdrawal from the EU which, inter alia, results in relocations of companies, thus making adequate supervision difficult;
• New technologies, making it difficult to understand new products and services available to credit institutions;
• Virtual currencies, bringing about challenges due to the absence of a common regulatory regime and the anonymity associated with them, and requiring CAs to engage in more cooperation with the private sector;
• Divergent national legal frameworks: although this is a direct consequence of the minimum level of EU harmonization, diverging transposition especially in the area of prevention of the use of the financial system for the purpose of ML/TF is apparent;
• Divergent supervisory practice: here, the CAs’ engagement in the same sector varies significantly; in some sectors, a large number of CAs do not even carry out an assessment of controls;
• Weaknesses in the implementation of internal controls within firms, in particular as regards customer due diligence;
• Application of non-adequate de-risking methods, i.e., a firm’s decision to no longer offer services to some categories of customers associated with a higher ML/TF risk, which leads to the increased use of informal and unregulated channels by customers.

The ESAs propose a number of actions to the CAs, which could mitigate the identified ML/TF risks. These include:

• Better cooperation and information exchange between CAs and UK authorities in order to cope with the challenges that result from re-establishment of firms in EU Member States following the UK’s withdrawal from the EU;
• Familiarization with new technical developments, in particular in the FinTech and RegTech sectors, and engaging directly with private companies;
• Close monitoring of developments associated with virtual currencies and assessment of whether changes to the AML/CFT regulatory and legal framework is required;
• Setting of clear regulatory expectations as regards internal controls, taking account, for instance, of the ESAs’ risk factor guidelines;
• ¡ Support for the exchange of information and cooperation between law enforcement, firms, and CAs;
• ¡ Guidance for the de-risking policies of the firms.

In the second section, the opinion examines the risks in specific sectors, e.g., credit institutions, life insurance companies, payment institutions, bureaux de change, investment firms, etc. Each sector is assessed according to the following five aspects:

(1) Inherent risk in the sector;

(2) Quality of controls and common breaches in the sector;

(3) Overall risk profile of the sector;

(4) Emerging risks in the sector;

(5) Recommendations for the CAs.

In the sector-specific context, the ESAs are alarmed by the fact that a number of CAs have not carried out an assessment of controls in certain sectors. Poor quality controls result in a higher number of breaches.

An interactive tool, available on the EBA website, completes the joint opinion. It provides a snapshot of all ML/TF risks covered in the joint opinion.