Due diligence requirements and de-risking: Comments and recommendations by the NBB

Contents

Since the entry into force of the Anti-Money Laundering Law, the NBB has noted an increase in the number of de-risking actions by financial institutions under its remit that allege reasons related primarily to AML/CFT.

“De-risking” is defined here as the decision in principle, taken a priori by a financial institution, to refuse to enter into business relations with potential customers or to terminate existing business relations with current customers on the grounds that these potential or existing customers belong to a category of persons which the financial institution alleges is linked to excessive ML/FT risks, inter alia in view of its risk appetite or the AML/CFT system it has put in place. The NBB notes that a significant number of undertakings and professionals from various sectors have been confronted with this phenomenon. At present, the NBB observes that de-risking is mainly practised by financial institutions from the banking sector, but it cannot be ruled out that this phenomenon may also spread within the other financial sectors supervised by the NBB.

While decisions not to enter into or terminate a business relationship, or not to carry out a transaction, may be consistent with the requirements of the Anti-Money Laundering Law, de-risking entire categories of customers without due regard to individual customers’ risk profiles is a sign of ineffective ML/FT risk management and can have a significant impact.

In its capacity as the supervisory authority designated by Article 85, § 1, 3°, of the Anti-Money Laundering Law, the NBB is of the opinion that financial institutions under its supervision must effectively implement mechanisms to prevent and manage ML/FT risks.

The NBB also recognises that the business relations between a financial institution and its customers are essentially governed by the principle of contractual freedom which, barring legal exceptions, does not allow a party (in this case, a financial institution) to be obliged to enter into a contractual relationship to which it has not freely consented. The NBB wishes to point out that the scope of these comments and recommendations is limited to such de-risking as results from inadequate implementation by financial institutions of their obligations under the applicable legal and regulatory provisions on AML/CFT.

Entities under the NBB’s supervision are reminded that effective application of the anti-money laundering law and regulations does not exempt them from complying fully and simultaneously with other mandatory or public-order legislation that is also binding on them (see the page Due diligence obligations and compliance with other legislation). This is the case e.g. with the legislation on combating discrimination, Article VII 55/12 of the Code of Economic Law, which grants payment institutions objective, non-discriminatory and proportionate access to the payment account services of credit institutions, as well as the provisions of Book VII, Title 3, Chapter 8, of the Code of Economic Law on access to payment accounts and the basic banking service.

The NBB also stresses that financial institutions are expected to assume their specific responsibility for the economic development of society as effectively as possible, without prejudice to the legal and regulatory provisions applicable to them.

Although some financial institutions may have tried to justify their restrictive and defensive behaviour in the context of implementing their procedure for accepting new customers or terminating existing business relationships by their desire to strictly manage the reputational risk to which they are exposed, it should be noted that these very behaviours might damage their reputation if, as a result, they were to be accused of not fully or satisfactorily assuming their specific societal responsibilities, or even of promoting discriminatory behaviour in the exercise of their activities, of hindering economic development and financial inclusion, of participating in the destabilisation of the financial system or of disregarding some of their legal public-order obligations.

Moreover, where financial institutions adopt such restrictive and defensive behaviours, they may fail to contribute effectively to the prevention of ML/FT, instead rejecting out of any control transactions that may be related to ML/FT issues.

The NBB therefore expects financial institutions under its jurisdiction to take great care in defining and implementing balanced AML/CFT policies which, while ensuring effective implementation of the obligations set out in or under the Anti-Money Laundering Law, also enable them to comply with all their other legal public-order or mandatory obligations and to fulfil all their specific societal responsibilities.

On the basis of Article 86, § 2, 1°, of the Anti-Money Laundering Law, the NBB hereby addresses a number of comments and recommendations to financial institutions under its remit to assist them in achieving this balance.

These comments and recommendations take full account of the statements issued by the FATF on 23 October 2014, 26 June 2015 and 23 October 2015 dealing specifically with de-risking, as well as the various sets of Guidance in which it clarified the scope of the risk-based due diligence obligations of financial institutions and took a position on the issue of de-risking.

Reference is made in particular to the following sets of Guidance:

These comments and recommendations also take full account of the European Banking Authority (EBA) publications on de-risking:

The NBB urges financial institutions to take note of these publications and to take them into account when implementing their legal obligations to prevent ML/FT.

1. Implications of the overall risk assessment and customer acceptance policy

It appears that some financial institutions have tried to justify their refusal to enter into business relations with a number of customers on the grounds that their customer acceptance policy would prohibit entering into business relations with persons in the category to which the potential customer concerned belongs. In this respect, note should be taken of the following.

Pursuant to Article 7 of the Anti-Money Laundering Law, the entities under supervision, including financial institutions, are required to implement the AML/CFT measures required by the Law in a differentiated manner, depending on their assessment of ML/FT risks, in particular due diligence measures with respect to transactions and business relationships.

In order to do so, the entities under supervision are required to carry out an “overall risk assessment” in accordance with Article 16 of the Anti-Money Laundering Law, taking into account risk factors relating to customers, products and services offered, distribution channels and relevant geographical areas (see the page Risk-based approach and overall risk assessment).

It is therefore not only appropriate but also mandatory that, on the basis of their overall risk assessment, entities should classify according to ML/FT risks the various categories of customers to whom they offer their financial services and products, taking into account their general characteristics (natural persons or legal entities, residence in Belgium or abroad, economic sector of activity, sources of income or wealth, etc.). This classification of customers, combined with that resulting from other risk factors relating inter alia to the financial products or services requested, the distribution channel used or the geographical areas to which the customers or their transactions are linked, must enable them to establish, in accordance with Article 4 of the Anti-Money Laundering Regulation of the NBB, an appropriate risk classification to take into account the characteristics of all the activities conducted.

The aim of risk classification is to ensure that financial institutions are able to apply appropriate due diligence measures in each specific situation (see the page Risk classification). Based on the overall risk assessment, the risk classification provides the basis for each financial institution to define risk-differentiated policies, procedures, processes and internal control measures as required by Article 8 of the Anti-Money Laundering Law (see the page Policies, procedures, processes and internal control measures).

In particular, according to the NBB's recommendations, financial institutions' AML/CFT policies should include a “customer acceptance policy” which “[i]n terms of principles, (…) primarily aims to determine the conditions regarding the reduction of ML/FT risk which the financial institution imposes on itself for entering into a business relationship with its customers or to become involved in performing occasional transactions for its customers. This customer acceptance policy should enable institutions to adequately take into account the overall risk assessment and the diversity of the risks mapped in terms of nature and intensity. This diversity should also be reflected in the risk classification. The customer acceptance policy should thus enable institutions to define appropriate procedures and arrangements for entering into a business relationship with or performing transactions for these customers.”

It may be envisaged that acceptance of certain categories of customers with high ML/FT risks may be conditional on the implementation of specific risk mitigation measures. Risk mitigation measures may include (but are not limited to):

  • providing the financial institution with better guarantees as to the honesty of the customer's approach in general (e.g. the customer's formal commitment to respect labour and social law in Belgium or the communication of an extract from the criminal record which must be free of any recent conviction for one of the crimes underlying the ML/FT, as listed in the Anti-Money Laundering Law);
  • providing the financial institution with guarantees of honesty and transparency in the conduct of the customer's transactions (e.g. by requiring documentation of the transactions, such as a copy of the invoice to be paid, or even a document from the customer's auditor certifying that they have carefully examined the transaction in question and have not detected any indication of ML/FT);
  • adapting, without prejudice to other applicable legal provisions, the offer of products and services to high-risk customers by limiting or excluding from such offer those products and services identified in the overall risk assessment as being most likely to be used for ML/FT purposes;
  • facilitating the understanding and management of ML/FT risks through organisational measures (e.g. by centralising the management of business relationships with certain categories of customers in a centre of expertise).

In the context of these same recommendations, the NBB made a point of emphasising that “the customer acceptance policy is essentially intended to serve as a framework for the decision-making process as regards the establishment of a business relationship or the execution of the occasional transaction and the nature and intensity of the due diligence measures to be implemented. However, these decisions may not result automatically from the customer acceptance policy, but require an individual risk assessment carried out in accordance with Article 19 of the Anti-Money Laundering Law that allows the possible specificities of each individual case to be taken adequately into account.” The NBB also specifies that this policy should include, inter alia, the listing of general criteria for allocating customers to the various risk categories, and the principles for the differentiated allocation of the power to decide to enter into the business relationship or to carry out the transaction requested by the customer to persons of an appropriate hierarchical level in relation to each risk category. (See point 2.1.2. of the NBB’s Comments and Recommendations on Internal Control Policies, Procedures, Processes and Measures).

The NBB thus confirms that it is not appropriate, nor is it consistent with AML/CFT legal and regulatory requirements, for a financial institution's customer acceptance policy to exclude all business relationships with potential or existing customers on the basis of general criteria such as, inter alia, their belonging to a particular economic sector or a link to a high-risk country (without prejudice to any other legal provisions that may be applicable or measures to implement binding financial embargo provisions).

Thus, for example, the NBB considers that it would be inappropriate and inconsistent with AML/CFT legal and regulatory provisions for the customer acceptance policy of a “generalist” credit institution, whose service offering includes the provision of payment accounts to all of its customers, to prohibit a priori the provision of this service to certain categories of natural or legal persons on the basis of their membership of a particular economic sector.

The NBB therefore urges financial institutions whose acceptance policy includes such provisions to repeal them as soon as possible.

It appears that some financial institutions have tried to justify their refusal to enter into business relationships with certain customers by alleging that the Anti-Money Laundering Law prohibits them from entering into such business relationships where there is a high risk of ML/FT.

The NBB emphasises that the Anti-Money Laundering Law does not formulate such a prohibition, but instead requires a financial institution to implement enhanced due diligence measures in situations where it identifies high ML/FT risks. In this respect, one should bear in mind the following.

In accordance with Article 19 of the Anti-Money Laundering Law, financial institutions are required to carry out an “individual risk assessment” as soon as they enter into a business relationship with a customer or when the customer requests them to carry out an occasional transaction of EUR 10,000 or more. This individual risk assessment should enable the financial institution concerned to determine, in accordance with its customer acceptance policy, the scope and intensity of the due diligence measures implemented, according to the ML/FT risks specifically associated with the customer concerned.

As a reminder, the due diligence measures required are as follows:

  • To identify and verify the identity of the customer and, where applicable, of their agent(s) and beneficial owner(s);
  • To assess the characteristics of the customer and the purpose and proposed nature of the business relationship or occasional transaction; and
  • To exercise continuous due diligence with regard to the business relationship and the customer's transactions.

Certain de-risking decisions may have originated from an inadequate interpretation of the scope of these due diligence requirements, in particular in the context of correspondent banking activities or with regard to payment institutions. As the FATF itself has pointed out (see Guidance dated 21 October 2016 on Correspondent Banking, p. 3), the NBB confirms in this respect that where the customer is another financial institution, the due diligence obligations relate to that financial institution in its capacity as customer, and do not include implementing due diligence measures in respect of the customers of that client financial institution (“KYCC”). In this regard, reference is made to the commentary on Article 23 of the Anti-Money Laundering Law in its preparatory works, which explicitly states that “[w]here transactions are intended to enable a financial institution to effectively provide its own customers with the products and services it offers, these transactions are to be considered as transactions for the financial institution's own account, and not for the account of its customers. In this case, the latter do not have the possibility of determining any of the terms and conditions of these transactions. This is the case, for example, where a credit institution takes out interbank loans to finance its loan portfolio or where it uses the clearing and settlement services provided by another financial institution to ensure the proper execution of the services it offers to its customers in the area of payments or securities transactions.” (Chambre des représentants / Kamer van volksvertegenwoordigers, 2016-2017, DOC 54 2566/001, p. 109. See on the AML/CFT site: Explanatory Memorandum to the Anti-Money Laundering Law, Article 23, point A3: Articles 21 to 25).

The absence of a systematic legal obligation on KYCC does not preclude the examination of atypical transactions carried out by the client financial institution in accordance with Article 45 of the Anti-Money Laundering Law in order to determine whether they are suspicious of being related to ML/FT (e.g. due to a significant and unanticipated increase in the amount of the transactions carried out by the client financial institution, the counterparties or beneficiaries of such transactions, their country of establishment, etc.). In this case, the client financial institution may be asked for additional information on the transactions of its customers underlying the detected atypical transaction in accordance with § 1, second subparagraph, of Article 45 of the Anti-Money Laundering Law. In this respect, reference is made to the page Analysis of atypical facts and transactions. Attention is drawn to the commentary on this provision in the explanatory memorandum to the Anti-Money Laundering Law, which states that “[n]evertheless, the information available to [the institution] in this way may be insufficient to enable it to decide whether there are suspicions of ML/FT. In this case, the second subparagraph of § 2 requires the entity under supervision to take (at the initiative of its AMLCO) such additional measures to those already applied in the context of ongoing due diligence as are necessary to be able to assess whether or not such transactions or activities seem suspicious.” (Chambre des représentants / Kamer van volksvertegenwoordigers, 2016-2017, DOC 54 2566/001, p. 155. See on the AML/CFT site: Explanatory Memorandum to the Anti-Money Laundering Law, Articles 45 and 46).

Concerns have also been expressed that when, conversely, a Belgian financial institution maintains correspondent banking relationships as a client of a foreign correspondent institution, the latter may refuse or terminate the business relationship on the grounds that the Belgian institution accepts to serve customers with a high ML/FT risk profile, and that this Belgian institution may thereby lose its access to the currency market of the third country concerned. However, the NBB notes that, much more than the risk profile of the client institution's customers, it is the quality and effectiveness of the due diligence measures implemented by this client institution, taking into account the risk profile of its customers, that are analysed by the correspondent bank (for example by using the Wolfsberg Group Correspondent Banking Due Diligence Questionnaire, which focuses extensively on the ML/FT prevention measures implemented by the client bank), with the aim of ensuring as much as possible that any criminal financial flows are identified and reported by the client bank to the competent local authorities before being injected into the correspondent banking relationship.

In order to properly implement all due diligence requirements on the basis of the risks, and in addition to the risk criteria identified in general by the overall risk assessment and reflected in the customer acceptance policy, the individual risk assessment should enable the financial institution to take into account characteristics that are specific to the customer (e.g. where the customer is a professional who is himself exposed to the risk of being used by third parties for ML/FT purposes, the quality of the measures the customer has implemented themselves to manage and reduce this risk), the product or service requested (e.g. the particular terms or conditions requested by the customer), the distribution channel (e.g. the particular circumstances surrounding the request to enter into a business relationship) or any links with risky geographical areas (e.g. the nature and intensity of these links). This individual risk assessment should either confirm the level of risk that is determined on the basis of the risk criteria that have been identified generally for all customers, or lower or raise the level of risk where specific information so requires.

Article 19, § 2, second subparagraph, of the Anti-Money Laundering Law specifies that where the individual risk assessment associated with a business relationship leads the financial institution to identify high risks, the institution is obliged to take enhanced due diligence measures.

For more details on the individual risk assessment, please refer to the page Individual Risk Assessment, and in particular to the EBA Guidelines of 1 March 2021 on ML/TF risk factors and the NBB's Comments and Recommendations published there.

In this context, the NBB notes that the Anti-Money Laundering Law only provides for a prohibition on entering into or continuing the business relationship in a limited number of cases, namely:

  • Where entities under supervision cannot fulfil their obligations to identify and verify the identity of the customer, or, where applicable, of the customer’s agents or beneficial owners (Article 33, § 1, first subparagraph, of the Anti-Money Laundering Law),
  • Where entities under supervision cannot fulfil their obligation to assess the characteristics of the customer and the purpose and nature of the business relationship (Article 34, § 3, first subparagraph, of the Anti-Money Laundering Law), and
  • Where they have reason to consider that they will not be able to satisfy:
    • their obligation to scrutinise the transactions carried out during the business relationship and, if necessary, the origin of the funds, or
    • their obligation to update the identification data of the customer and of any agents and beneficial owners of the customer, as well as other information collected which is necessary to assess the characteristics of the customer and the purpose and nature of the business relationship

(Article 35, § 2, first subparagraph, of the Anti-Money Laundering Law).

Consequently, the NBB is of the opinion that the refusal to enter into a business relationship on the basis of the Anti-Money Laundering Law is only required by the above-mentioned legal provisions in situations where the financial institution concerned can justify that it is unable to comply with the due diligence obligations concerned.

However, these prohibitions do not apply merely because the financial institution's individual risk assessment has determined that high ML/FT risks are associated with the business relationship, so that enhanced due diligence measures are required by law.

Where the financial service or product for which the financial institution is solicited by the customer is consistent with the financial institution's habitual range of financial services and products, the financial institution must, pursuant to Article 8 of the Anti-Money Laundering Law, have the appropriate AML/CFT organisation and internal control mechanisms in place with respect to its “business model”. This internal AML/CFT scheme must enable it to adequately manage all ML/FT risk situations that may arise in the context of the activities covered by its business model, including high-risk situations. In this context, the NBB considers that the mere fact that the implementation of enhanced measures requires the financial institution to perform additional or more intensive work than in the case of more ordinary risks in order to meet its due diligence obligations does not mean that the situation is so impossible for the financial institution that it must refuse to enter into a business relationship.

On the other hand, where the business relationship requested by the customer is not consistent with the ordinary offer of financial services or products that fall within its business model or commercial strategy, the effective exercise of the above-mentioned due diligence obligations may require substantial changes to its organisation and internal control measures. Where such changes are not justified in the light of the financial institution's business model, the NBB considers that the failure to meet the above due diligence requirements may be due to the fact that the financial institution cannot reasonably be expected to have the appropriate organisation and internal control mechanisms to manage the ML/FT risks that are specific to this business relationship situated outside its business model.

The NBB would also like to point out that where a financial institution is obliged to refuse a customer's request to enter into a business relationship in application of the above-mentioned articles of the Anti-Money Laundering Law, it is also obliged to examine, in accordance with Article 46 of the Law, whether the reasons for the failure to comply with the due diligence obligations are such as to give rise to a suspicion of ML/FT and whether CTIF should be informed. In this respect, reference is made to Article 33, § 1, second subparagraph, Article 34, § 3, second subparagraph, and Article 35, § 2, second subparagraph, of the Anti-Money Laundering Law.

In view of the above, the NBB considers that the provisions of Articles 33, § 1, first subparagraph, 34, § 3, and 35, § 2, of the Anti-Money Laundering Law should only be invoked to justify the refusal to enter into a business relationship requested by the customer in cases where the entity under supervision can justify that it is proven impossible for it to fulfil the due diligence obligations imposed by the Anti-Money Laundering Law.

The NBB also recommends that in such cases, in accordance with Article 24 of the Anti-Money Laundering Regulation of the NBB, the entity should carefully establish and keep in its records: (i) the individual risk assessment and the justification for the impossibility of fulfilling the legal due diligence obligations on which the refusal to enter into a business relationship is based, and (ii) an analysis of the causes of this impossibility that led to determining whether or not CTIF should be informed.

3. Updating individual risk assessments and terminating existing business relationships

As noted in some cases of refusal to enter into a business relationship, it appears that some financial institutions have tried to justify the termination of existing business relationships with certain customers by alleging that the Anti-Money Laundering Law prohibits them from maintaining such business relationships where it is revealed in the course of the business relationship that high ML/FT risks are associated with it.

As is well known, Article 35, § 1, first subparagraph, 2°, of the Anti-Money Laundering Law requires updating the identification data and information relating to the characteristics of the customer and the purpose and nature of a relationship as held by a financial institution, in particular where elements relevant to the individual risk assessment referred to in Article 19 of the Law have been modified. The individual risk assessment must be updated whenever events occur that may have such significant influence on the risks associated with the business relationship that the due diligence measures implemented might no longer be adequate and sufficient in view of the new level of risks. The NBB has also considered that, in order to ensure the current relevance of individual risk assessments, internal procedures may usefully provide for a periodic review of these assessments and the information held on which they are based, where this is appropriate to the activities carried out (see the pages Due diligence on business relationships and occasional transactions and detection of atypical facts and transactions: Comments and recommendations by the NBB, Identification of the customer's characteristics and of the purpose and nature of the business relationship or the occasional transaction: Comments and recommendations by the NBB, and Individual risk assessment: Comments and recommendations by the NBB).

Where the individual risk reassessment leads to an increase in the level of risk that the financial institution associates with the business relationship, the Anti-Money Laundering Law requires the financial institution to also increase the level of due diligence it exercises in respect of that business relationship.

As in the case of entering into a business relationship, the Anti-Money Laundering Law does not however require the financial institution to terminate the business relationship if the level of risk is higher than previously assessed, except in cases where the financial institution:

  • cannot fulfil its obligation to update and verify the identification data of the customer or, where applicable, of their effective authorised representatives or beneficial owners (Article 33, § 1, first subparagraph, of the Anti-Money Laundering Law),
  • cannot fulfil its obligation to update its assessment of the characteristics of the customer and the purpose and nature of the business relationship (Article 34, § 3, first subparagraph, of the Anti-Money Laundering Law), or
  • has reason to believe that it will not be able to satisfy:
    • its obligation to scrutinise the transactions carried out during the business relationship and, if necessary, the origin of the funds, or
    • its obligation to subsequently update the identification data of the customer and of any authorised representatives and beneficial owners, as well as other information collected which is necessary to assess the characteristics of the customer and the purpose and nature of the business relationship

(Article 35, § 2, first subparagraph, of the Anti-Money Laundering Law).

The comments made above regarding the impossibility of fulfilling the relevant obligations in the case of entering into a business relationship are equally applicable.

However, the NBB would like to point out that where a suspicious transaction report has been sent to CTIF, the financial institution must update the individual risk assessment of the customer concerned by the report, in accordance with Article 22 of the Anti-Money Laundering Regulation of the NBB. In this context, the analysis of the intensity of the suspicion of money laundering or terrorist financing, of the amount or frequency of the suspicious transactions, may lead the financial institution to consider that the enhanced due diligence measures that it could implement with regard to the customer concerned would not allow it to sufficiently protect itself from the risk of being involuntarily involved in future money laundering or terrorist financing transactions by the customer, and to decide to terminate the business relationship with the customer.

In view of the above, the recommendations made by the NBB in the previous chapter apply, mutatis mutandis, where a financial institution terminates a business relationship due to its inability to fulfil its due diligence obligations.

4. The cost of due diligence

It appears that some financial institutions have sought to justify their refusal or termination of business relationships with certain customers by invoking the costs of performing the due diligence required by the Anti-Money Laundering Law, particularly where high ML/FT risks are associated with the business relationship. As a rule, the cost of AML/CFT controls is covered by the ordinary fees that financial institutions charge their customers for the provision of their financial services and products. Their pricing policy does not necessarily differentiate between the different levels of ML/FT risk associated with business relationships, as reflected in the risk classification.

In this respect, although the implementation of AML/CFT due diligence is intended to reduce the potential future costs that ML/FT risks are likely to generate if they materialise, and which may be extremely heavy or even unbearable for financial institutions, the NBB is aware that, like all internal control measures of any kind, the implementation of the due diligence measures required by the Anti-Money Laundering Law generates an immediate cost which increases where, due to a high level of ML/FT risks, the law requires an increased level of due diligence. The NBB therefore does not rule out that, in compliance with any other legislation that may be applicable, the additional cost of implementing additional due diligence measures may be objectively reflected in the charges that financial institutions apply to their customers.

On the other hand, the NBB is not of the opinion that it would be legitimate for a financial institution to de-risk categories of customers on the grounds that the pricing of the products and services provided would be insufficient to cover the costs incurred by the exercise of due diligence required by the Anti-Money Laundering Law.

In view of the above, it could be accepted that financial institutions, to the extent legally permitted, take into account the objectively assessed cost of the due diligence measures required by the Anti-Money Laundering Law in pricing the financial services and products they offer to their customers. The NBB considers that it may be legitimate to apply differentiated charges according to the nature and level of due diligence required, provided that such differentiation can be objectively justified in such a way that it cannot be qualified as discriminatory or prohibitive.

5. The risk of administrative remedial measures, administrative sanctions and civil or criminal convictions

It appears that some financial institutions have also tried to justify their refusal to enter into business relations with certain customers or their decision to terminate them by invoking the risk of being subject to administrative remedial measures as listed in Articles 93 and 94 of the Anti-Money Laundering Law or to administrative sanctions as defined in Article 132 of the Law, or even criminal sanctions based on Article 505 of the Criminal Code in the event that the customer uses the financial relationship to carry out ML/FT transactions. Where suspicious transaction reports are sent to CTIF and the funds concerned are frozen as a result, there is also a risk that the customer will file a claim for compensation if the report to CTIF was not made in good faith.

It should be stressed, however, that when considering whether to impose the above-mentioned administrative measures or to initiate an administrative sanction procedure against a financial institution, the NBB will take into account, in accordance with the positions adopted in this respect by the FATF (see in particular its statement of 23 October 2015 and the FATF Guidance dated 23 October 2015 for a Risk-Based Approach: Effective Supervision and Enforcement by AML/CFT Supervisors of the Financial Sector and Law Enforcement), the fact that the risk-based approach that financial institutions are legally obliged to implement does not strictly ensure that they cannot be misused for ML/FT purposes.

Consequently, administrative remedial measures are not systematically imposed or administrative sanction procedures initiated whenever the NBB finds that the due diligence obligations required by the Anti-Money Laundering Law have only been imperfectly implemented in the context of particular business relationships, or in every case where suspicious transactions have not been detected and reported to CTIF. In the face of such findings, the NBB will determine whether it is necessary and appropriate for it to take serious measures of this nature on the basis of an assessment of the seriousness of the established facts. Criteria shall be taken into account for this purpose such as the amounts involved, the repetitive nature of the breaches or the fact that the breaches are the result of clear and inexcusable negligence or a known serious deficiency in the internal organisation that has not been remedied, or, a fortiori, when they are the result of a deliberate act.

Administrative measures or sanction procedures may be justified in particular if the NBB has serious indications that the breaches observed result in the financial institution not being able to cooperate effectively in the prevention of ML/FT as required by law.

With regard to the risk of criminal sanctions based on Article 505 of the Criminal Code, the NBB wishes to stress that it has no competence in criminal matters and cannot, in particular, give an opinion on the conditions under which a financial institution, its directors or employees may be prosecuted and sentenced under this article of the Criminal Code as perpetrators, co-perpetrators or accomplices in a criminal money laundering offence.

The NBB also notes that in cases where suspicious transaction reports have been sent to CTIF, the civil and criminal immunity granted by Article 57 of the Anti-Money Laundering Law is not absolute, but subject to the condition that the suspicious transaction report has been sent “in good faith”. The interpretation of this notion is not a matter for the NBB, but for the Courts of law. Where this condition is not met, the risk of a claim for compensation or prosecution and criminal sanction cannot be excluded. Nevertheless, the NBB considers that Article 57 of the Anti-Money Laundering Law, like Article 37 of Directive 2015/849 of 20 May 2015 and FATF Recommendation 21, which it transposes, aims to provide security for entities under supervision that report suspicions in good faith, by protecting them from possible prosecution, particularly judicial prosecution, including prosecution based on the money laundering transactions they have reported.

It should also be recalled in this respect that, in civil law, the case law indicates that “good faith” as referred to above presupposes in particular that the atypical transactions by customers have been the subject of a specific analysis, as required by Article 45 of the Anti-Money Laundering Law, which effectively takes into account all the information held by the financial institution or which results from such additional measures to those referred to in Articles 19 to 41 of the Law as are necessary to support this analysis, and which the financial institution is required to implement, pursuant to the same Article 45 of the Law.

The NBB wishes to bring back to mind that the best way for financial institutions to avoid the risk of serious administrative measures or sanctions for breaches of the Anti-Money Laundering Law, or even the risk of criminal prosecution for assisting money laundering transactions by its customers, and the risk of claims in civil courts due to reports made to CTIF without due analysis, is to ensure the effective implementation of appropriate and effective money laundering prevention measures, including and especially in cases where high ML/FT risks are identified.

Disclaimer: This English text is an unofficial translation and may not be used as a basis for resolving any dispute.