Navigating Through Remote Customer Onboarding Solutions
The European Banking Authority (EBA) has taken a significant step in bolstering regulatory compliance and risk mitigation with the publication of “Guidelines on the use of Remote Customer Onboarding Solutions”.
While the Anti-money Laundering Directive (AMLD) outlines the AML/CFT obligations for financial institutions, it lacks detailed provisions on what is permissible in remote and digital onboarding scenarios, which leaves regulatory expectations unclear. This has resulted in risks and challenges for institutions in adopting innovative forms of customer identification, particularly in non-face-to-face interactions. The Covid-19 pandemic further deepened the urgent need for secure and efficient non-face-to-face customer onboarding options, amplifying the need for comprehensive and unequivocal guidelines.
Pertaining to all credit and financial institutions within the scope of the AMLD, the guidelines aim to establish common EU standards for developing risk-sensitive initial customer due diligence policies and processes in the context of remote customer onboarding. The guidelines will apply from October 2, 2023.
Remote customer onboarding refers to the process of acquiring, verifying, and recording customer information without requiring the customer to be physically present at a branch. The EBA recognizes the significance of remote customer onboarding solutions and emphasises the importance of competent authorities and financial institutions fully understanding their capabilities.
These solutions offer a pathway to optimise compliance efforts and to identify natural persons and legal entities during initial customer due diligence (CDD) in an efficient manner. However, it is equally crucial to be aware of potential money laundering and terror financing risks associated with these tools and to implement effective measures to mitigate such risks. The guidelines seek to establish a common understanding to support institutions in adopting safe and effective remote onboarding practices.
- Technological neutrality: The guidelines promote technological neutrality, avoiding favouritism towards specific solutions. This approach encourages ongoing innovation and ensures that the principles and procedures outlined in the guidelines remain relevant and applicable. By maintaining this neutrality, credit and financial institutions can better mitigate risks, such as impersonation fraud, arising from the use of technological solutions in remote onboarding.
- Adaptation for simplified due diligence: While the guidelines primarily apply to standard remote customer onboarding journeys, they equally allow for adjustments in cases where simplified due diligence can be applied. Financial institutions can tailor the verification data and documentation elements according to a risk-based approach, enabling efficient onboarding while maintaining compliance.
- Support for non-qualified trust services: The guidelines also support the use of non-qualified trust services or other regulated, recognized, approved, or accepted solutions at a national level, as per Article 13(1) (a) of the AMLD. However, institutions must implement adequate safeguards to counter impersonation and identity fraud risks in this context.
- Internal policies and procedures: Develop risk-sensitive policies that encompass the technology used for data collection, verification, and recording. Differentiate between automated- and human intervention steps. Regularly train staff on the solution and associated risks.
- Conduct thorough pre-implementation assessment: Evaluate data completeness, accuracy, and reliability to identify potential risk factors. Undertake robust testing for fraud and ICT security risks. Choose electronic identification schemes that meet requisite assurance levels.
- Ensure data protection measures: Strengthen data protection practices to safeguard customer information. Employ secure communication channels and encryption protocols to ensure data confidentiality and integrity.
- Emphasize ongoing monitoring: Regularly monitor data quality, accuracy, and adequacy based on ML/TF risks. Conduct both scheduled and ad hoc reviews to proactively address changing risk exposure. Establish procedures for remedial measures to rectify identified risks or errors.
- Reliance on third parties: Clearly define the allocation of remote customer onboarding functions and activities between the institution, third parties, and outsourced service providers. Assess the adequacy of third-party CDD processes and ensure business relationship continuity in case of any shortcomings.
The guidelines mark a significant step towards fostering compliant and efficient customer onboarding in the digital age. Striking the right balance between embracing technological advancements while ensuring data protection and mitigating money laundering and terrorist financing risks might just be the determining factor that allows companies to thrive in the ever-evolving financial landscape.
However, given the concept of “technological neutrality”, companies with advanced technical capabilities, unburdened by legacy systems, could capitalize on their expertise to create sophisticated and streamlined onboarding solutions. Sooner or later, financial institutions will face the challenge of recalibrating and aligning their own onboarding processes. Assessments may lead to adjustments in contractual arrangements with current service providers and outsourcing partners.
It remains to be seen how other sectors excluded from adopting the guidelines, but still within the scope of the AMLD, will go about being unable to utilise remote onboarding solutions. Will they continue to face operational inefficiencies and higher costs associated with traditional in-person onboarding processes?
Ultimately, investments and technological developments in this aspect of customer experience will hopefully establish a foundational framework for ensuring fairness, security, and consistent practices across the financial industry.
For more information please contact: