11 June 2025 — Consultation Response
Accountancy Europe appreciates the opportunity to respond to the European Banking Authority’s (EBA) consultation on the Proposed Regulatory Technical Standards in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates. We fully support the objectives of enhancing legal clarity, achieving consistency across Member States, and strengthening the overall effectiveness of the EU framework for combating money laundering and terrorist financing (AMUCFT).
We acknowledge that this consultation is aimed first and foremost for financial sector obliged entities. However, for the new EU AML framework and its supervision to be effective, it is pivotal that the future Regulatory Technical Standards (RTS) are sufficiently adaptable to cater for each obliged entity category and size, which can be ensured by collecting feedback from all obliged entity groups. There are also certain practical elements that affect all obliged entities – whether from the financial or non-financial sectors. We therefore hope that our response from a non-financial sector perspective will help inform EBA’s insights.
We have focused our replies on the Draft RTS under Article 28(1) of the AMLR on Customer Due Diligence. Our comments are aimed at supporting a practical, risk-based, and proportionate implementation of the RTS across all categories of obliged entities. Our members-accountants, auditors, and (tax) advisers- play a vital role in protecting the integrity of the financial system. They also bring extensive operational experience from both financial and non-financial sectors across Europe, which informs our contribution.
We welcome many of the proposals in the draft RTS, and at the same time wish to highlight areas where clarification, recalibration, or greater flexibility would significantly enhance the practical applicability and proportionality of the framework. In our review and for the sake of focus, we have at this point identified four RTS Articles that would benefit from clarification, refinement, or more proportionality. However, Accountancy Europe will continue to engage and provide our members’ expert input for future RTS and consultation processes, covering additional angles and topics.
While the RTS is intended to apply to financial sector obliged entities, we note several challenges that smaller obliged entities will face that share similar features with non-financial sector professionals and small and medium-sized firms.
The RTS prescribes detailed and extensive information-gathering obligations which may be burdensome, particularly for smaller obliged entities (e.g. those with fewer than 50 employees, and with less sophisticated technological resources and solutions). This raises concerns about whether such data requirements are proportionate to the actual level of AMUCFT risk.
We believe the RTS would benefit from a clearer and more explicit incorporation of risk-based principles throughout.
In several cases, overly prescriptive requirements could hinder the application of proportionate Customer Due Diligence (COD) measures. For example, the reproduction of documents or detailed verification of low-risk
beneficial ownership could impose unnecessary administrative burdens without a commensurate AMUCFT benefit.
We strongly support a risk-based approach and encourage the EBA to promote scalable, resource-appropriate compliance solutions, particularly for smaller DNFBPs (Designated Non-Financial Businesses and Professions).
We note that recital (16) of the RTS refers to a “minimum” five-year period for updating information. This appears to be a drafting error, as the remainder of the paragraph correctly reflects a maximum five-year interval. To avoid confusion, the word “minimum” should be deleted from line 4 of the recital.
We welcome the intent to standardise the collection of place of birth information under Article 3. However, we would like to raise practical considerations regarding the necessity and proportionality of requiring both the city and country of birth in all cases.
The requirement to collect the city of birth raises concerns about its practical value for identification and screening, particularly as many official identity documents do not include this detail. Collecting it may increase administrative burdens without a clear risk-based justification. However, the city of birth can help distinguish individuals with common names in certain jurisdictions. One option could be to limit this requirement to higher risk clients or those where there may be confusion as to identity, in order to ensure proportionality.
Article 5 does not adequately address situations involving vulnerable individuals who do not have the documents suggested. For example, many elderly persons in jurisdictions such as Ireland-or certain third countries where there is no requirement to hold or carry a national ID-may not possess passports or other documents which have the features specified. Without appropriate flexibility or alternative provisions, this could lead to unintended financial exclusion.
We welcome the efforts to clarify the conditions under which an ownership and control structure is to be considered “complex” under Article 11 of the draft RTS. However, we would like to raise the following concerns and suggestions regarding the scope, practicality, and implications of the current draft provisions.
The designation of a complex structure is not a neutral label- it triggers higher client risk scoring and expanded due diligence requirements. This goes beyond the obligation to obtain an organigram. Therefore, the definition of a complex structure must be carefully calibrated to avoid mischaracterising widespread and legitimate business structures as inherently higher risk.
The proposed criteria to define a complex ownership and control structure apply uniformly across all customer types. We are concerned that this uniform application does not take into account the nature of activities/operations, size, or typical structuring practices of the customer. A structure that may appear complex for a small company with economic presence in only one country may be standard practice for a multinational enterprise. Other industry sectors, such as shipping, on the other hand often have a more complex structure by nature.
Categorising an entity as complex solely because there are two or more layers of intermediate entities – especially when combined with only one additional condition (points a-d) – sets a threshold that appears too broad. In particular, the criterion under point (b), which designates a structure as complex if the customer and
any legal entities in the chain are registered in different jurisdictions, may not adequately reflect the operational reality of global corporate models. It is common practice – particularly for private equity groups or multinational entities – to use intermediary entities across jurisdictions for legitimate business purposes.
For instance, Dutch corporate structures often include at least two layers: a holding entity and an operating company, with three-layer structures also being common. As currently drafted, the criteria would result in every operating entity in the Netherlands that is part of a multinational structure being classified as part of a complex ownership and control structure.
Importantly, classification as a complex structure does not merely trigger a request for an organisational chart
– it can lead to increased risk scoring and enhanced due diligence obligations. This approach should be carefully evaluated to avoid mischaracterising standard business practices as overly complex or high-risk. We recommend revisiting the definition under Article 11(1) to require a more nuanced combination of risk-relevant factors, better aligned with proportionality and the principle of risk-based supervision.
We also recommend that guidance be provided on how to assess the legitimacy of the business rationale for a structure, particularly in relation to Article 11(1)(d). Specific indicators or red flags for non-transparent ownership could be included to support obliged entities in making these assessments in a risk-based manner.
Requiring the same set of information and identity verification for senior managing officials (SMOs) as for beneficial owners (UBOs) appears excessive. SMOs often include a broader group of individuals, such as board members or executives below board level, which can result in a significantly larger volume of data collection and increased administrative burden, without a corresponding benefit in terms of AML risk mitigation.
The broad definition of SMOs under the AMLR, coupled with the fact that these individuals are not actual beneficial owners but rather identified as “pseudo-UBOs” only when UBOs cannot be determined, raises concerns about the necessity and proportionality of treating them identically to UBOs.
Questions are also raised about the implications of this equal treatment-specifically, whether full due diligence measures such as source of funds/source of wealth checks and sanctions screening are required for SMOs, especially in cases where an SMO may qualify as a politically exposed person (PEP), despite not contributing funds to the business relationship.
Overall, this requirement imposes an undue burden without significantly enhancing AML outcomes and calls for a more proportionate approach to the treatment of SMOs.
We thank the EBA for the opportunity to provide input on this important consultation. We support the goals of improving consistency and clarity in the application of COD requirements across the EU. At the same time, we encourage the EBA to consider the operational realities of a diverse set of obliged entities-particularly those outside the financial sector-and to ensure the final RTS supports a balanced, risk-based, and practical approach to AMUCFT compliance.
We welcome continued engagement and the opportunity to contribute further to the development of a proportionate and effective AML framework in Europe.
