The UK, EU and the Financial Action Task force have promoted banks to adopt and implement a measured approach to de-risking clients that pose money laundering and financial crime risks. The central message has been for financial institutions to manage money laundering risks and to cease relationships with clients as a last resort.
But, the increased scrutiny, accountability and responsibility, plus higher fines, have led to banks finding it more desirable to de-risk clients and reduce the risk of non-compliance, consequently running contrary to the message from the EU, UK and FATF. And a recent advisory opinion submitted at the ECJ, in combination with these factors, has now further increased the likelihood of banks de-risking.
The advisory opinion addressed questions on AML expectations of entities in the regulated sector dealing with other regulated entities, and the extent to which they can undertake due diligence on their clients’ clients.
Safe, a client of several banks, refused to submit its own clients for due diligence and, consequently, those banks closed Safe’s accounts in a bid to de-risk in the case of Safe’s clients using their payment services to transmit money for the purposes of money laundering. As a result, Safe contends that the closure of the accounts was unfair and anti-competitive, and contravened EU data protection law.
Safe’s refusal to disclose its clients for the submission of due diligence rested on its contention that, as a regulated entity, its own due diligence procedures were robust and sufficient enough to be compliant with the Money Laundering Directive. Moreover, there are no obligations on the banks to undertake customer due diligence on Safe’s clients. Due to Safe’s refusal, all banks involved closed the company accounts.
Customer due diligence
There are three levels of due diligence that a regulated entity can undertake depending on the risk posed: simplified, standard and enhanced. These consist of standard procedures set out in the directive and include the identification, validation and understanding of the purpose of the business relationship of clients, and the identification and validation of beneficial owners of client accounts. Under some circumstances, such as when onboarding Politically Exposed Persons, or a client that comes from a high risk country, there is an obligation to undertake enhanced due diligence.
The banks wanted to subject Safe and its clients to enhanced due diligence procedures, a decision supported by data and documentation, which Safe declined to allow. Consequently, the issue was referred to the ECJ, on which the UK Advocate Attorney General has just offered opinion.
The Advocate General did not support Safe’s arguments, stating that, Safe being a regulated entity and, thus, being subject to the regulations set out in the Money Laundering Directive itself, did not preclude the banks from undertaking enhanced due diligence of Safe and of Safe’s clients.
It was the Advocate General’s opinion that the directive requires all regulated entities to take into account all relevant factors when assessing the risk of money laundering activities. It was put forward that a client subjected to due diligence rules under the Money Laundering Directive is not precluded from being subjected to enhanced due diligence procedures, including due diligence as a client’s clients. The actions did not contravene the Data Protection Directive, and protecting public interest around personal data should not be a bar to due diligence in the case of suspected money laundering. Neither was it anti-competitive or unfair for a bank to close Safe’s accounts.
Taking into account the advisory opinion, it is clear that, where there is a suspicion of money laundering from a regulated entity that is also a client, extending the practice to undertake due diligence of a client’s client is acceptable.
What the opinion offers is clear sign that, when tackling money laundering, there should be no shortcuts taken and any potential bars to undertaking due diligence – such as the protection of personal data – do not prohibit such practice. In addition, the decision of a bank to de-risk is neither unfair nor anti-competitive.
This may be a sign of lack of adherence to the message in the EU, UK and FATF policy, and we could continue to see banks taking a more aggressive stance on de-risking.