Reporting by financial institutions: Comments and recommendations
1. Overall risk assessment (business-wide risk assessment)
1.1 Documents to be submitted
In order to meet their legal and regulatory obligations relating to the overall risk assessment (see the page devoted to this topic), financial institutions are required to complete and submit to the NBB the following two documents:
- The first document contains a summary table that provides a global overview of the overall risk assessment carried out by the institution. The NBB specified its expectations regarding the content of the summary table of the overall risk assessment in its Communication NBB_2020_002 of 23 January 2020 containing the conclusions of the horizontal analysis of a sample of summary tables of the overall assessment of the risks of money laundering and/or terrorist financing (see points 1.2. and 1.3. below).
- The second document contains a number of specific questions relating to the way in which the overall risk assessment process has been conducted.
For any questions regarding these documents, the NBB’s AML/CFT supervisory team can be contacted at the following e-mail address: email@example.com.
1.2 Distinction between the overall risk assessment and the reporting of results to the NBB
As indicated in its Communication NBB_2020_002 of 23 January 2020, the NBB found that it would be useful to specify its expectations regarding the content of the summary table which was to be submitted to it by the financial institutions by 15 July 2018 and which will have to be resubmitted in case of future updates of the overall risk assessment:
- the risk identification phase: the NBB expects the summary table to include all significant activities of the financial institution, as well as the inherent risk attributed by the financial institution to each of these activities (i.e. also the description of the inherent risks considered “Low” by the financial institution). Thus, the financial institution demonstrates that all of its activities have been subject to a risk analysis;
- in contrast, the summary table may differ from the overall risk assessment itself with regard to the inherent risks that the financial institution has assessed as “Low”, in the sense that the table must not include the management measures taken for these risks or the level of residual risk attached to each inherent risk identified as “Low” (gap analysis phase);
- as a result, the summary table must also not list the actions to be taken for these inherent risks assessed as “Low” by the financial institution (action plan).
In its Communication NBB_2020_002, the NBB also specified that the model in Annex 1 to Circular NBB_2018_02 of 24 January 2018 on the overall assessment of money laundering and terrorist financing risks was provided as an example to the financial institutions for drafting the overall risk assessment summary table or even the overall risk assessment itself. The columns included in this model list the absolute minimum of information to be reported to the NBB with regard to the overall risk assessment. However, there is nothing to prevent the financial institutions from adding other columns with regard to the risk identification phase including, for example, the risk scenarios (in what ways can the risk materialise?) or an assessment of the residual risk.
Finally, the NBB specified in this Communication that, by submitting a summary table, financial institutions are not exempted from documenting the process of the overall risk assessment itself and from making this documentation available to the NBB in its capacity as AML/CFT supervisory authority (that can always request this documentation when needed) .
1.3 Deadlines for submission and updating
When implementing the overall risk assessment process for the first time after the entry into force of the Anti-Money Laundering Law, institutions were requested to provide the NBB with a first version of both documents by 1 April 2018 at the latest. This first version, which was primarily intended to allow the NBB to monitor the timely progress of the assessment work, had to reflect the state of progress of the overall risk assessment on that date.
The final version of these documents, which had to reflect the full and finalised risk assessment, in accordance with the provisions of Articles 16 and 17 of the Anti-Money Laundering Law, was to be submitted to the NBB by 15 July 2018 at the latest.
Starting from its own risk classification, the NBB carried out a horizontal analysis and an assessment of a substantial number of overall risk assessment summary tables and the related questionnaires. On the basis of the analyses performed, the NBB also generated a number of more general findings. It specified these findings, as well as several (non exhaustive) resulting transversal expectations and recommendations in its Communication NBB_2020_002 of 23 January 2020.
In this Communication, it moreover indicated that each AMLCO should, with the support of his senior officer responsible for AML/CFT, review the overall risk assessment of his financial institution in light of this Communication, identify any improvements and/or updates to be made and perform the improvements and/or updates required. The conclusions of this review should be communicated to the NBB in the AMLCO’s next annual activity report (to be submitted by 30 June through eCorporate). Where appropriate, the updated overall risk assessment summary table should also be submitted to the NBB (either also through eCorporate or by e-mail for financial institutions that do not have access to eCorporate).
More in general, it should finally be recalled that the overall risk assessment process is a continuous exercise and that the NBB will continue to monitor this process afterwards. Therefore, institutions are asked to update the aforementioned documents each time the overall risk assessment is adjusted, and, if necessary, to submit the new updated version of the summary table to the NBB simultaneously with a copy of the AMLCO’s annual activity report, as referred to in Article 7 of the Anti-Money Laundering Regulation of the NBB (see below) and with the periodic questionnaire.
1.4 Transmission channel
Institutions that have access to eCorporate should submit the completed documents through this application. Institutions that do not have access to eCorporate should send the completed documents to the following e-mail address: firstname.lastname@example.org.
2. Periodic questionnaire
Through this questionnaire, the NBB seeks to obtain standardised information from the financial institutions in order to implement its risk-based approach in exercising its legal supervisory powers in the field of AML/CFT (see the page “Supervisory powers and measures available to the NBB”). This information relates to the inherent ML/FT risks to which the financial institutions are exposed, on the one hand, and to the quality of the risk management measures taken by them on the other hand. On the basis of both assessments, the residual ML/FT risk and the supervisory priorities can then be determined for each institution. Each financial institution is expected to send the the completed periodic questionnaire to the NBB in accordance with the following rules.
2.1 Documents to be submitted
For each category of institutions subject to supervision by the NBB, separate questionnaires are available, which – to the extent possible – take into account the specific activities performed in the different sectors. A total of four different questionnaires were prepared for the following categories of institutions: (i) credit institutions, (ii) stockbroking firms, (iii) life insurance companies and (iv) payment institutions and electronic money institutions. Settlement institutions should answer the questionnaire for credit institutions.
- Credit institutions pdf - word
- Stockbroking firms pdf - word
- Life insurance companies pdf - word
- Payment institutions and electronic money institutions pdf - word
- Indicative list of countries presenting a higher risk of money laundering or terrorist financing (annex 1 to the above-mentioned questionnaires) xlsx
For any questions regarding these questionnaires, the NBB’s AML/CFT supervisory team can be contacted at the following e-mail address: email@example.com.
2.2. Frequency and deadline for submission
In order to be able to regularly update its classification of financial institutions according to the ML/FT risks associated with them, the NBB invites these institutions to reply annually to the said periodic questionnaire, of which a new version is established each year and made available under point 2.1 above.
Replies should be sent to the NBB through OneGate by 30 June of each year. The electronic form in which the requested information must be provided is available in OneGate from 1 May of the previous year.
2.3 Transmission channel
The financial institutions should submit their answers to the periodic questionnaire through OneGate, where it will be available in electronic form. The NBB automatically receives the information provided by each institution as soon as the electronic form is closed and sent.
In order to guarantee the safety of the information provided, each institution must have an electronic certificate to access the OneGate application. These certificates can be obtained from various external service providers (inter alia Globalsign, Isabel and/or Quo Vadis). Institutions that do not have a Belgian CBE number can exceptionally request to be exempted from using an electronic certificate by sending an e-mail to firstname.lastname@example.org. If the requested exemption is granted, the institution concerned is granted a login and password to access the OneGate application in order to reply to the periodic questionnaire.
More information about the OneGate application and how to access it can be found under the following link: www.nbb.be/onegate.
2.4 Procedure for answering the questionnaire
a) Answering the questions
In the electronic form that will be available in OneGate, each financial institution should provide the necessary information by selecting in the drop-down menu, for each question, the answer that best suits its organisation (e.g. ‘yes’, ‘no’ or ‘not applicable’).
Where numerical information is requested, the responding institution usually has the choice between the options 'not available' or 'digit'. If the institution does not have the statistical information required to provide a reliable answer to a question, the option 'not available’ should be chosen. If the institution does have the required information, the option 'digit’ must be chosen and the correct figure must be entered. Finally, if the question is not relevant to the responding institution, the option 'digit' must be chosen and ‘0’ must be entered.
Numbers should always be entered without points or commas to separate the thousands. Points may only be used as a decimal separator. If the number is not entered in the correct format, an error message will appear and it will not be possible to close the form.
b) Reference date for answering the questions
As regards the reference date for answering the questions, the following distinction must be made.
The questions aimed at obtaining statistical information in principle always mention the date or period to which the information requested should relate. In almost all cases, the information requested should (i) relate to the situation on 31 December of the previous calendar year (e.g. number of customers as at 31 December 20XX), (ii) or relate to the previous calendar year (e.g. number of payments made to high-risk countries in 20XX).
As regards the qualitative questions, which are aimed, for example, at verifying compliance of the internal procedures with the legislation in force, or which concern the checks, if any, performed by a financial institution, the information provided by the responding institution should always relate to the situation as at 31 December of the previous calendar year.
c) Responsibility for the accuracy of the answers
The answers to the questionnaire should be submitted to the NBB under the ultimate responsibility of the responding financial institution’s senior management.
It should also be noted that the AMLCO appointed within each financial institution in accordance with Article 9, § 2, of the Anti-Money Laundering Law is, pursuant to the same legal provision, primarily tasked not only with analysing atypical transactions in order to determine whether these transactions should be considered suspicious and be notified to the CTIF-CFI, but also with implementing the policies and procedures referred to in Article 8 of the Law, particularly the internal control measures and procedures which are necessary to ensure compliance with the Law and which are covered in the questionnaire. Article 9 of the Law also provides that this person responsible should ensure, in general, that the institution fulfils all its obligations with regard to AML/CFT and, more in particular, that an adequate administrative organisation and adequate internal control measures are set up, as required pursuant to Article 8 of the Law. The AMLCO should also have the power to propose, on his own initiative, all necessary or useful measures in this regard to the senior management of the institution, including the release of the necessary resources (see the page "Governance").
The NBB therefore expects the financial institution’s senior management to decide which answers should be given to the questionnaire, on the proposal of the AMLCO.
In the context of specific control actions or on-site inspections, the NBB will not fail to verify the accuracy and quality of the answers provided by the institutions.
3. Activity report by the AMLCO
3.1 Document to be submitted
Article 7 of the Anti-Money Laundering Regulation of the NBB requires the AMLCO to establish an activity report and send it to the management committee (or to the senior management if there is no management committee) and to the board of directors at least once a year.
This report is an important document for the management bodies, as it allows them to properly perform their tasks. This report is specific for AML/CFT, as the nature of the subject requires specific treatment, although it is also important from a prudential point of view (from a compliance function perspective). The expected content of this report is set out on the “Governance” page.
Each financial institution is expected to send a copy of the aforementioned activity report to the NBB in accordance with the following rules.
3.2 Deadline for submission
The copy of the AMLCO's activity report should be sent to the NBB no later than 30 June of the year following the year to which it relates. Life insurance companies, however, should respect the reporting dates laid down in the e-Corporate circular.
3.3 Transmission channel
Institutions that have access to eCorporate should submit a copy of the activity report through this application. Institutions that do not have access to eCorporate should send the completed documents to the following e-mail address: email@example.com.
4. Exemption policy
Using the reportings mentioned above (overall risk assessment, periodic questionnaire and activity report by the AMLCO), the NBB collects standardised information relating to, on the one hand, the ML/FT risks facing supervised institutions and, on the other, the measures adopted by these financial institutions to manage those risks. The information collected by the NBB enables it to monitor, by applying a risk-based approach, the correct implementation of the anti-money laundering legislation by the financial institutions.
However, the aforementioned reporting obligations also place an administrative burden on the financial institutions, which have to collect the information requested and submit it to the NBB using the various reporting instruments. The NBB therefore ensures that the reporting obligations and burden are at all times proportionate to the objectives pursued.
The NBB has found that the administrative burden caused by these reportings cannot be considered reasonable for all financial institutions, particularly not for some institutions which fall within the scope ratione personae of the Anti-Money Laundering Law and are therefore also subject to the NBB’s supervision but do not conduct activities in Belgium or are only exposed to a very limited extent to ML/FT risks in Belgium. In this respect, see the examples included in the point on the principle of proportionality on the page “Governance”.
The NBB considers that such financial institutions can submit a request to be exempted from the reportings referred to in 1. Overall risk assessment and 2. Periodic questionnaire.
Financial institutions that consider themselves eligible for an exemption from the various reporting obligations and have not yet obtained an exemption from the NBB should submit a motivated request for this purpose to the NBB (by e-mail to firstname.lastname@example.org). This request should at least contain:
- a description of the institution’s business model;
- a description of the reasons for setting up the Belgian establishment;
- a general description of the exact functions and tasks conferred upon the Belgian establishment;
- a more specific description of the functions and tasks to be performed by the Belgian establishment in the context of the implementation of the institution’s AML/CFT policies and procedures.
If the information requested has already been submitted to the NBB as part of the registration of the Belgian establishment on the NBB’s official lists, a simple reference to the information already provided may suffice.
If the NBB approves the exemption request, the financial institution will receive confirmation from the NBB that it is exempted, in principle for an indeterminate period of time, from submitting the reportings referred to above in 1. Overall risk assessment and 2. Periodic questionnaire.
The institution concerned should, however, confirm annually that the circumstances which led to the granting of an exemption (e.g. the institution’s business model and the tasks and functions conferred upon the Belgian establishment) have remained unchanged. This statement should be submitted to the NBB in accordance with the arrangements for submitting the AMLCO’s annual activity report, which in such cases can be limited to a confirmation that the conditions for benefiting from the exemption are still being met, that there have been no developments that could lead to the Belgian establishment being exposed to new ML/FT risks, and that as a result, the exemption previously granted by the NBB remains fully justified, without any changes,, taking into account the principle of proportionality.
Additionally, the institution’s AMLCO should always notify the NBB spontaneously and without delay of any plans by the institution to change the Belgian establishment’s business model, enabling the NBB to analyse these changes in the business plan in a timely fashion and to assess whether the previously granted exemption from the reportings mentioned above remain justified.
4.4 Scope of the exemption
The exemption granted on the basis of this chapter only results in the financial institution concerned not having to submit the reportings expected by the NBB. It therefore does not release the institution from all other obligations imposed on it by the Belgian anti-money laundering legislation and regulations. Where appropriate, however, the principle of proportionality can be applied in accordance with the relevant legal and regulatory requirements (see in this context “Organisation and internal control in financial institutions”). Nevertheless, there can be no derogation from the AMLCO’s obligation to draw up an activity report at least once a year and submit it to the management committee (or the institution’s senior management if it does not have a management committee) and the board of directors, in accordance with Article 7 of the Anti-Money Laundering Regulation of the NBB, and to provide the NBB with a copy. However, as indicated above, the content of this annual activity report can be limited to a description of the specific functioning of the Belgian establishment.