The Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) has issued a final report that includes two draft Regulatory Technical Standards (RTSs).
The first draft RTS concerns the assessment of the inherent and residual risk profile of obliged entities under Article 40(2) of Directive (EU) 2024/1640 (AMLD). The article requires AMLA to develop draft RTSs establishing a common methodology for supervisors to use when assessing the level of money laundering and terrorist financing (ML/TF) risk to which obliged entities are exposed. The methodology specifies how supervisors should classify inherent and residual risk profiles and the frequency with which these risk profiles must be reviewed. This draft RTS specifically applies to financial sector obliged entities and their supervisors.
The draft RTS establishes a fully harmonised, risk-based approach. It identifies a set of common datapoints applicable to all entities, including the total number of customers, supplemented by sector-specific datapoints, such as the number of customers which are natural persons (NP) per country. Data collection is restricted to information strictly necessary for ML/TF risk assessments at the entity level. The RTS does not define the source of the datapoints, enabling supervisors to rely on existing information. Moreover, where feasible, quantitative data is used, and assessments are based on objective criteria or evidence-based supervisory judgment supported by a shared methodology. Additionally, the methodology does not rely on obliged entities’ self-assessments of their ML/TF risks.
The risk assessment methodology is organised into three steps and, in line with international AML/CFT standards, combines an assessment of an obliged entity’s inherent risk profile with an evaluation of the effectiveness of its AML/CFT controls environment to produce a residual risk score, which represents the risk remaining after the quality of the entity’s AML/CFT systems and controls has been taken into account.
The frequency of entity-level risk assessments is proportionate to the nature and size of obliged entities. This RTS provides that to maintain supervisors’ understanding of the ML/TF risks faced by credit institutions and financial institutions, their inherent and residual risk profiles should be reviewed at least annually. However, where an institution is very small or its activities entail a low level of risk that does not warrant annual review, supervisors may assess the risk profile once every three years, provided that no major events or developments occur during the preceding three-year period.
Once this methodology is implemented, it will assist national supervisors in designing supervisory strategies and inspection plans and promote a common understanding of how various risk factors affect an entity’s overall ML/TF risk exposure. This harmonised approach is intended to improve operational efficiency and provide more consistent and comparable supervisory results across the EU.
The report emphasises that the mandate in Article 40(2) of the AMLD applies equally to obliged entities in both the financial and non-financial sectors. Consequently, following a phased approach, AMLA will issue two separate RTSs, one for the financial sector and one for the non-financial sector.
The Second draft RTS deals with risk assessment for the purpose of selection of credit institutions, financial institutions and groups of credit and financial institutions for direct supervision under Article 12(7) of Regulation (EU) 2024/1620.
Article 12(7) of Regulation (EU) 2024/1620 (AMLAR) obliges AMLA to develop Draft RTS to define important elements of the methodology it will use to select which obliged entities it will directly supervise. As a first step, AMLA will determine which entities qualify for direct supervision by applying a geographic eligibility criteria.
To this end, the draft RTS establishes alternative thresholds to assess whether an obliged entity’s activities carried out under the freedom to provide services are material. These thresholds are designed to capture entities with either substantial transaction volumes, defined as the total annual amount of incoming and outgoing transactions generated by customers in the previous year exceeds EUR 50,000,000, or a large number of customers, defined as more than 20,000 customers are resident in that Member State as of 31 December in the previous year. The thresholds are based on data that obliged entities can readily provide.
The draft RTS further specifies the risk assessment methodology AMLA will use to identify which eligible obliged entities will be subject to direct supervision, and to this end it provides detailed sequential steps. Furthermore, the draft RTS introduces a group-wide risk assessment approach based on a weighted average of entity-level residual risk scores, ensuring that high-risk entities and significant operations are appropriately reflected in the overall group assessment.
Using this methodology, AMLA will focus its direct supervision on the most complex and highest-risk entities with a significant presence in the EU, ensuring a coordinated and consistent approach to cross-border AML/CFT supervision.
For any additional information or assistance, kindly contact us at info@gtg.com.mt
Author: Shanise Cardona