You can find the PDF version of the position paper here

The following details EFA’s views as regards AMLR

a) Exclusion of PISPs from the AMLR scope: The EFA together with the ETPPA would like to highlight that PISPs are “technical service providers” providing software tools by which the payment order is transmitted by the Payment Service User (PSU) to his bank. Therefore, they cannot be considered “financial institutions” as they do not hold or handle funds and do not conduct any “financial activity” – it is the Bank that carries out the transaction. PISPs cannot provide any additional information to the data already controlled by the credit institutions they work with. Therefore, Including TPPs as “obliged entities” is not risk-proportionate and duplicates the bank’s AML procedures.

b) CDD outsourcing and related information sharing: EFA members believe that regulated and performed properly, CDD outsourcing and sub-outsourcing can help SMEs in Europe compete with larger, more established competitors – without compromising on essential efforts to counter financial crime.

EFA believes that there is value in a regime which allows for specialisation in the conduct of CDD, including through the use of innovative technologies. Specialisation can both increase effectiveness and decrease cost. Increased effectiveness will help counter criminal exploitation of Europe’s economy, and decreased cost will help reduce the margin of the price of goods and services constituted by regulatory compliance costs. These benefits would be particularly impactful for smaller and more innovative businesses, which are less likely to have the budget, bandwidth, or expertise to conduct CDD either well or efficiently. Regulated and performed reasonably and responsibly, CDD outsourcing and sub outsourcing, as well as cooperation between obliged entities and between fellow group companies can help small and medium-sized businesses (SMBs) and start-ups in Europe compete with larger, more established competitors – without compromising on essential efforts to counter financial crime.

Therefore, EFA recommends:

1. The exclusion of PISPs from the AMLR scope (See Annex: Joint EFA- ETTPA paper)
2. Broadening the scope of identity verification and authentication methods for the purposes of eKYC
3. Preserving the risk-based approach in setting deadlines for customer identity verification
4. Ensuring harmonization and consistency when requiring enhanced due diligence to obliged entities
5. Enabling reliance on other obliged entities to meet the customer due diligence requirements
6. Allowing obliged entities to outsource CDD to non-EU entities
7. Proportionate requirements to Intra-group outsourcing
8. Promoting regulatory clarity and ensuring obliged entities are able to outsource certain controls
9. Enabling obliged entities to outsource the drawing up of policies, controls and procedures
10. Enabling obliged entities to outsource the attribution of risk profiles
11. Enabling obliged entities to outsource the identification of criteria for detection of suspicious or unusual transactions or activities
12. Enabling external CDD providers to report suspicious activity directly to FIUs on behalf of obliged entities
13. Addition of new provisions at the end of Article 40 – sub-outsourcing, AMLA guidance, and intra-group “outsourcing”
14. Broadening conditions under which obliged entities may disclose certain AML/CFT activities in order to facilitate AML/CFT efforts and compliance
15. Explicitly permitting the processing of personal data by means of automated decision-making, and the exchange of information in efforts to counter ML/TFs