i-hub is a centralised repository servicing obliged entities (hereinafter “Firms”) under the AML EU directives, which at the same time facilitates the interaction between such Firms and their clients by verifying and sharing AML/KYC data and documents while respecting personal information and privacy of all parties.
Following the opinion of the European Supervision Authorities (“ESAs”) in regards to the use or pretended use of Innovative solutions by Credit and Financial Institutions in the Process of Due Diligence (Opinion), we wish to produce some lines of context to define the application and impact of the Opinion in the handling of AML/KYC documents and data via a centralised repository and the role of regulators in this regard.
The ESAs is a joint effort of the different European Supervisory Authorities (European Banking Authority, European Insurance and Occupational Pension Authority, European Securities Market Authority) to standardise, guide and define expectations applicable to Member States and Firms located in Members States or having activities in the aforementioned Member States.
As part of the effort of cooperation, standardisation and better communication, the ESAs joined forces to fight financial criminality and to define European wide expectations, setting the pace for a more clear set of guidance and for harmonisation in terms of AML/CTF rules and regulations.
Even though the Opinion refers also to client on-Boarding via innovative methods, we will only address in this article the specific points linked to the centralised repositories when performing identification and verification services.
ESAs defined centralised repositories as desirable in the frame of standardisation and solutions to reduce costs and promote efficiency while maintaining security of the information and quality of the service delivered.
ESAs have defined 5 risk factors that competent authorities should consider when approving/analysing centralised repositories:
1. Oversight and control mechanisms (internal and external Audits; the fact of being or not obliged entities; the solution shall ensure appropriate capital and structure to avoid Bankruptcy);
2. The Quality and adequacy of the CDD measures (governance, structure, quality of data and documents and effectiveness of the compliance culture);
3. Reliability of CDD measures (validity, accuracy and authenticity of data, documentation and information obtained);
4. Delivery channels (extent to which the use of innovative solutions can address the risks associated with non-face-to-face business relationships and other collection methods of KYC);
5. Geographical risk (location of the Solution and services in Europe and/or transfer to third countries).
Additionally, ESAs define that such solutions should include sufficient safeguards to maintain personal data protected and facilitate the access of Firms to such data in a secure and easy way.
In this Opinion, ESAs defined that centralised repositories should be compatible with Firm’s systems and be able to communicate with current and legacy systems in order to provide efficient monitoring.
ESAs “encourage competent authorities to support those developments, especially where they improve effectiveness and efficiency of firms’ AML/KYC Compliance” and to engage in the process of creation and set up of centralised repositories when they have the option of being used by several Firms.
ESAs additionally “consider the lack of understanding on behalf of competent authorities not to be a sufficient reason for preventing innovations and technologies from being used by firms to meet AML/CTF compliance obligations”.
ESAs calls for such innovative solutions to be supported if they meet the requirements of proficiency, technology and compliance set by local regulators as follows:
1. Ability to demonstrate compliance and to compare the solution offered versus Firms RBAs and the Law as well as Firms Risk Based Approaches versus the Law;
2. Ability to provide a comprehensive risk scoring and risk analysis to Firms and their respective clients;
3. Ability to utilise different sources including but not limited to: PEP lists, social media, online publications, watch-lists and public databases;
4. Being Compliant by design;
5. Constitute a more effective way to achieve compliance rather than a way to reduce or maintain poor levels of compliance;
6. Able to be used as a definition of standards when cooperating with local authorities;
7. Willing to cooperate and integrate with local authorities to facilitate control, reporting and standardisation of practices in AML/KYC related matters.
Finally, ESAs set its willingness to cooperate with competent authorities in providing training and issuance of guidelines to assess such innovative solutions.
In conclusion, we, at i-Hub, see centralised repositories as key infrastructures in promoting standardisation, cooperation and transparency in the fight against Financial Crime, Money Laundering, Terrorism and Corruption. Their wide adoption shall deliver strong benefits to the Financial industry enabling better controls and analysis by Firms on their underlying clients while outsourcing the data and document gathering and verifications to specialists.
By Jaime Prieto, Chief Compliance and Risk Officer – i-Hub