Reporting by financial institutions: Comments and recommendations

1. Overall risk assessment (business-wide risk assessment)

1.1 Documents to be submitted

In order to meet their statutory and regulatory obligations relating to the overall risk assessment (see the page devoted to this topic), financial institutions are required to complete and submit to the NBB the following two documents:

  • summary table providing a general overview of the institution’s overall risk assessment. The NBB sets out its expectations regarding the content of this table in its Communication NBB_2020_002 of 23 January 2020 containing the conclusions of the horizontal analysis of a sample of summary tables of the overall assessment of the risks of money laundering and/or terrorist financing (see points 1.2 and 1.3 below); and 
  • questionnaire with specific questions relating to the institution’s overall risk assessment process.

Both documents are available in EnglishFrench and Dutch.

For any questions regarding these documents, please contact the NBB’s AML/CFT supervisory team at [email protected].
 

1.2 Distinction between the summary table and the overall risk assessment itself 

As indicated in its Communication NBB_2020_002 of 23 January 2020, the NBB found it useful to specify its expectations regarding the content of the summary table, which financial institutions were required to submit to it for the first time byby 15 July 2018 and which has to be resubmitted whenever the overall risk assessment is updated:

  • for the risk identification phase, the NBB expects the summary table to include all significant activities of the financial institution, as well as the inherent risk attributed by the financial institution to each of these activities (i.e. including the description of inherent risks considered “Low” by the institution). By doing so, the financial institution demonstrates that all of its activities have been subject to a risk analysis;
  • in contrast, for the gap analysis phase, the summary table may differ from the overall risk assessment itself with regard to the inherent risks that the financial institution has assessed as “Low”, in the sense that the table should not include the management measures taken for these risks or the level of residual risk attached to each inherent risk identified as “Low”;
  • as a result, for the action plan phase, the summary table should also not list the actions to be taken for the inherent risks assessed as “Low” by the financial institution.

In Communication NBB_2020_002, the NBB also specified that the template in Annex 1 to Circular NBB_2018_02 of 24 January 2018 on the overall assessment of money laundering and terrorist financing risks was provided as an example to financial institutions for drafting the overall risk assessment summary table or even the overall risk assessment itself. The columns in this template list the absolute minimum of information to be reported to the NBB regarding the overall risk assessment. However, financial institutions are free to add other columns relating to the risk identification phase including, for example, the risk scenarios used (in what ways can the risk materialise?) or an assessment of residual risk.

Finally, the NBB also specified in this Communication that, by submitting a summary table, financial institutions are not exempted from documenting the process of the overall risk assessment itself and from making this documentation available to the NBB in its capacity as AML/CFT supervisory authority (that can always request this documentation when needed).

 

1.3 Deadlines for submission and updating

When they performed the overall risk assessment process for the first time after the entry into force of the Anti-Money Laundering Law, institutions were requested to provide the NBB with a first version of the two above-mentioned documents by 1 April 2018 at the latest. These first versions, which had to reflect the state of progress of institutions’ overall risk assessment at the time, were primarily intended to allow the NBB to ensure that the assessment work was proceeding on schedule.

The final versions of these documents, which had to reflect the full and finalised risk assessment, in accordance with the provisions of Articles 16 and 17 of the Anti-Money Laundering Law, were to be submitted to the NBB by 15 July 2018 at the latest.

Starting from its own risk classification, the NBB carried out a horizontal analysis and an assessment of a substantial number of overall risk assessment summary tables and the related questionnaires. The analyses performed also enabled the NBB to draw several more general findings. It included these findings, as well as several (non-exhaustive) resulting transversal expectations and recommendations in its Communication NBB_2020_002 of 23 January 2020.

In this Communication, the NBB also specified that each AMLCO should, with the support of his/her senior officer responsible for AML/CFT, review the overall risk assessment of his/her financial institution for compliance with this Communication, and identify and implement any improvements and/or updates required. The conclusions of this review should be communicated to the NBB in the AMLCO’s next annual activity report. Where appropriate, institutions were also required to submit the updated overall risk assessment summary table to the NBB.

Finally, and more generally, it should be stressed that the overall risk assessment process is a continuous exercise which the NBB will continue to monitor in the future. Therefore, institutions are asked to update the aforementioned documents each time the overall risk assessment is adjusted, and, if necessary, to submit the updated version of the summary table to the NBB simultaneously with a copy of the AMLCO’s annual activity report, as referred to in Article 7 of the Anti-Money Laundering Regulation of the NBB (see below) and with the periodic questionnaire.

1.4 Transmission channel

Institutions should submit the completed documents through the NBB Supervision portal. . Reference is made to the Communication NBB_2022_14 of 28 June 2022.

2. Periodic questionnaire

The NBB uses the periodic questionnaire to obtain standardised information from financial institutions in order to implement its risk-based approach in exercising its statutory supervisory powers in the field of AML/CFT (see the page Supervisory powers, measures and policy of the NBB). The questionnaire provides information on both the inherent ML/FT risks to which financial institutions are exposed, as well as the quality of the measures they take to manage those risks. By assessing both types of information, the NBB can then determine the residual ML/FT risk and supervisory priorities for each institution. Each financial institution is expected to send the completed periodic questionnaire to the NBB in accordance with the following rules.

2.1 Documents to be submitted

Four different questionnaires were prepared for the following categories of institutions subject to the NBB’s supervision: (i) credit institutions, (ii) stockbroking firms, (iii) life insurance companies and (iv) payment institutions and electronic money institutions. Settlement institutions should complete the questionnaire aimed at credit institutions. To the extent possible, the questionnaires take into account the specific activities performed in the different sectors.

All questionnaires are available in EnglishFrench and Dutch.

For any questions regarding these questionnaires, please contact the NBB’s AML/CFT supervisory team at [email protected].

2.2. Frequency and deadline for submission

In order to be able to regularly update its classification of financial institutions according to the ML/FT risks associated with them, the NBB asks that institutions complete the periodic questionnaire annually. New versions of the questionnaire are prepared every year and made available under point 2.1 above.

The answers to the questionnaire must be submitted to the NBB through OneGate by 15 May of each year. The electronic form in which the requested information must be provided is available in OneGate from 1 April of the previous year.

2.3 Submission channel

Financial institutions should submit their answers to the periodic questionnaire through OneGate, where it is available in electronic form. The NBB automatically receives the information provided by each institution as soon as the electronic form is closed and sent.

To guarantee the security of the information provided, institutions should log in to OneGate through eID/Itsme via CSAM or through an electronic certificate. The necessary certificates can be obtained from various external service providers (inter alia Globalsign, Isabel and/or Quo Vadis).

More information about the OneGate application and how to access it can be found under the following link: Onegate Declarations | nbb.be.

2.4 Procedure for answering the questionnaire

a) Answering the questions

Each financial institution should provide the necessary information in the electronic form in OneGate by selecting, for each question, the answer in the drop-down menu that best suits its organisation (e.g. ‘yes’, ‘no’ or ‘not applicable’).

Where numerical information is requested, institutions can usually choose between the options 'not available' or 'digit'. If the institution does not have the statistical information required to provide a reliable answer to a question, it should select the option 'not available’. If the institution does have the required information, it should select the option 'digit’ and enter the correct number. Finally, if a question is not relevant to the responding institution, it should select the option 'digit' and enter ‘0’.

Please note:

Numbers should always be entered without points or commas to separate the thousands. Points may only be used as a decimal separator. If a number is not entered in the correct format, an error message will appear and it will not be possible to close the form.

Error message
b) Reference date for answering the questions

As regards the reference date for answering the questions, the following distinction must be made.

The questions aimed at obtaining statistical information in principle always mention the date or period to which the information requested should relate. In almost all cases, the information should relate to (i) the situation on 31 December of the previous calendar year (e.g. number of customers as at 31 December 20XX), or (ii) the previous calendar year (e.g. number of payments made to high-risk countries in 20XX).

As for the qualitative questions, which are aimed e.g. at verifying compliance of a financial institution’s internal procedures with the legislation in force, or which concern the checks, if any, performed by the institution, the information provided should always relate to the situation as at 31 December of the previous calendar year.

c) Responsibility for the accuracy of the answers

The answers to the questionnaire should be submitted to the NBB under the ultimate responsibility of the responding financial institution’s senior management.

It should also be noted that the AMLCO appointed within each financial institution in accordance with Article 9 §2 of the Anti-Money Laundering Law is, pursuant to the same statutory provision, primarily tasked not only with analysing atypical transactions in order to determine whether they should be considered suspicious and be reported to CTIF-CFI, but also with implementing the policies and procedures referred to in Article 8 of the Law, particularly the internal control measures and procedures which are necessary to ensure compliance with the Law and which are covered in the questionnaire. Article 9 of the Law also provides that the AMLCO should ensure, in general, that the institution fulfils all its obligations with regard to AML/CFT and, more in particular, that an adequate administrative organisation and adequate internal control measures are set up, as required pursuant to Article 8 of the Law. The AMLCO should also have the power to propose, on his/her own initiative, all necessary or useful measures in this regard to the senior management of the institution, including the release of the necessary resources (see the page Governance).

The NBB therefore expects the financial institution’s senior management to decide which answers should be given to the questionnaire, on the proposal of the AMLCO.

The NBB will certainly verify the accuracy and quality of the answers provided by the institutions during specific control actions or on-site inspections.

3. Activity report by the AMLCO

3.1 Document to be submitted

Article 7 of the Anti-Money Laundering Regulation of the NBB requires the AMLCO to establish an activity report and send it to the management committee (or to the senior management if there is no management committee) and to the board of directors at least once a year.

This report is an important document for the management bodies, as it allows them to properly perform their tasks. The report is prepared specifically for AML/CFT purposes, as the nature of the subject requires specific treatment, although it is also important from a prudential point of view (for the compliance function).

The NBB’s expectations regarding the content of this report are set out on the page Governance. The NBB invites financial institutions to use the activity report template prepared by it, which is available on the same page.

Each financial institution is expected to send a copy of the activity report to the NBB in accordance with the rules below.

3.2 Deadline for submission

The copy of the AMLCO’s activity report should be sent to the NBB no later than 15 May of the year following the year to which it relates.

3.3 Submission channel

Institutions should submit the completed document through the NBB Supervision portal. Reference is made to the Communication NBB_2022_14 of 28 June 2022.

4. Exemption policy

4.1 Context

The NBB uses the reporting mentioned above (overall risk assessment, periodic questionnaire and activity report by the AMLCO) to collect standardised information relating to, on the one hand, the ML/FT risks facing supervised financial institutions and, on the other, the measures adopted by these institutions to manage those risks. The information collected by the NBB enables it to monitor, by applying a risk-based approach, financial institutions’ correct implementation of the anti-money laundering legislation.

However, the aforementioned reporting obligations also place an administrative burden on the financial institutions, which have to collect the information requested and submit it to the NBB using various reporting instruments. The NBB therefore takes care to ensure that the reporting obligations and burden are always proportionate to the objectives pursued.

The NBB has found that the administrative burden caused by this reporting cannot be considered reasonable for all financial institutions. This is particularly the case for some institutions which fall within the scope ratione personae of the Anti-Money Laundering Law and are therefore also subject to the NBB’s supervision, but which do not conduct activities in Belgium or are not (or only to a very limited extent) exposed to ML/FT risks in Belgium. In this respect, see the examples included in the point on the principle of proportionality on the page Governance.

The NBB considers that such financial institutions can submit a request to be exempted from the reporting referred to in points 1 “Overall risk assessment” and 2 “Periodic questionnaire”.

4.2 Procedure

Financial institutions that consider themselves eligible for an exemption from the various reporting obligations and have not yet obtained an exemption from the NBB should submit a motivated request for this purpose to the NBB (by e-mail to [email protected]). This request should at least contain:

  • a description of the institution’s business model;
  • a description of the reasons for setting up the Belgian establishment;
  • a general description of the exact functions and tasks conferred upon the Belgian establishment;
  • a more specific description of the functions and tasks to be performed by the Belgian establishment in the context of the implementation of the institution’s AML/CFT policies and procedures.

If the information requested has already been submitted to the NBB as part of the registration of the Belgian establishment on the NBB’s official lists, a simple reference to the information already provided may suffice.

4.3 Consequences

If the NBB approves the exemption request, the financial institution will receive confirmation from the NBB that it is exempted, in principle for an indeterminate period of time, from submitting the reporting referred to in points 1 “Overall risk assessment” and 2 “Periodic questionnaire” above.

The institution concerned should, however, confirm annually that the circumstances which led to the granting of the exemption (e.g. the institution’s business model and the tasks and functions conferred upon the Belgian establishment) have remained unchanged. This statement should be submitted to the NBB in accordance with the arrangements for submitting the AMLCO’s annual activity report, which in such cases can be limited to a confirmation that the conditions for benefiting from the exemption are still being met, that there have been no developments that could lead to the Belgian establishment being exposed to new ML/FT risks, and that as a result, the exemption previously granted by the NBB remains fully justified, without any changes, taking into account the principle of proportionality.

Additionally, the institution’s AMLCO should always notify the NBB spontaneously and without delay of any plans by the institution to change the Belgian establishment’s business model. This enables the NBB to analyse these changes in a timely fashion and to assess whether the previously granted exemption from the reporting mentioned above remains justified.

4.4 Scope of the exemption

The exemption granted on the basis of this section only entails that the financial institution concerned does not have to submit the reporting expected by the NBB. It therefore does not release the institution from all other obligations imposed on it by the Belgian anti-money laundering legislation and regulations. Where appropriate, however, the principle of proportionality can be applied in accordance with the relevant statutory and regulatory requirements (see in this context the page Organisation and internal control in financial institutions). Nevertheless, there can be no derogation from the obligation for the AMLCO to draw up an activity report at least once a year and submit it to the management committee (or the institution’s senior management if it does not have a management committee) and the board of directors, in accordance with Article 7 of the Anti-Money Laundering Regulation of the NBB, and to provide the NBB with a copy. However, as indicated above, the content of this annual activity report can be limited to a description of the specific functioning of the Belgian establishment.

Disclaimer: This English text is an unofficial translation and may not be used as a basis for resolving any dispute.