Issued on November 22, 2022 by the European Banking Authority (EBA), the Guidelines apply to all credit and financial institutions that are within the scope of the Anti-money Laundering Directive (AMLD) and sets out the steps these institutions should follow to ensure to choose adequate tools for a safe and effective remote customer onboarding.
Highlights of the key requirements include but are not limited to the following:
Implementation and maintenance of policies and procedures for an effective remote customer onboarding process that (i) include an explanation of the features and functioning of a solution; (ii) take into account the risks factors; (iii) distinguish which steps are fully autonomized and which steps require human intervention
Submission of the aforementioned policies and procedures to management’s approval
pre-implementation assessment of the remote customer onboarding solution (i.e. adequacy of the solution, assessment of the impact of the use of such solution on a business-wide risk (ML/TF, operational, reputational and legal risks…); identification of possible mitigating measures and remedial actions…)
Ongoing monitoring of the remote customer onboarding solution: policies and procedures must include information provided by the Guidelines, including a description of at least a) the steps entities will take to be satisfied of the ongoing quality, completeness, accuracy and adequacy of data collected during the remote customer onboarding process; b) the scope and frequency of such regular reviews…
Identification of natural persons (e.g. what information is manually entered by the customer, is automatically captured from the documentation provided by the customer or is gathered using other internal or external sources…) VS legal entities (e.g. which category of legal entities they will onboard remotely, taking into account the level of ML/TF risk associated with each category, and the level of human intervention required to validate the identification information).
Document authenticity & integrity (e.g. ascertain that the reproduction of an original document is reliable, ensure that tools such as Optical Character Recognition (OCR) algorithms or Machine Readable Zone (MRZ) verifications capture information in an accurate and consistent manner, verify the security features embedded in the official document where possible…)
Match customer identity as part of the verification process: Entities must amongst others ensure that (i) there is a match between the visible information of the natural person and the documentation provided; (ii) where the customer is a legal entity, it is publicly registered, where applicable; (iii) where the customer is a legal entity, the natural person that represents it is entitled to act on its behalf.