法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Delegated Regulation (EU) 2024/595 of 9 November 2023 supplementing Regulation (EU) No 1093/2010 of the European Parliament and of the Council with regard to regulatory technical standards specifying the materiality of weaknesses, the type of information collected, the practical implementation of the information collection and the analysis and dissemination of the information contained in the Anti-money laundering and counter terrorist financing (AML/CFT) central database referred to in Article 9a(2) of that Regulation

CELEX
Delegated Regulation (EU) 2024/595
Date of document
Articles
18
Source
EUR-Lex
Article 1Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1)

‘reporting authorities’ means any of the authorities referred to in points (2) to (7) of this Article and the Single Resolution Board;

(2)

‘AML/CFT authority’ means the authority entrusted with the duty to ensure compliance of a financial sector operator with Directive (EU) 2015/849;

(3)

‘prudential authority’ means the authority entrusted with the duty to ensure compliance of a financial sector operator with the prudential framework set out in any of the legislative acts referred to in Article 1(2) of Regulation (EU) No 1093/2010, Article 1(2) of Regulation (EU) No 1094/2010 and Article 1(2) of Regulation (EU) No 1095/2010 and in any national laws transposing the Directives referred to in those provisions, including the European Central Bank with regard to matters relating to the tasks conferred on it by Council Regulation (EU) No 1024/2013  ( 8 ) ;

(4)

‘payment institutions authority’ means the authority referred to in Article 22 of Directive (EU) 2015/2366 of the European Parliament and of the Council  ( 9 ) ;

(5)

‘conduct of business authority’ means the authority entrusted with the duty to ensure compliance of a financial sector operator with the conduct of business or the consumer protection framework set out in any of the legislative acts referred to in Article 1(2) of Regulation (EU) No 1093/2010, Article 1(2) of Regulation (EU) No 1094/2010 and Article 1(2) of Regulation (EU) No 1095/2010 and in any national laws transposing the Directives referred to in those Articles;

(6)

‘resolution authority’ means a resolution authority as defined in Article 2(1), point (18), of Directive 2014/59/EU of the European Parliament and of the Council  ( 10 ) ;

(7)

‘designated authority’ means a designated authority as defined in Article 2(1), point (18), of Directive 2014/49/EU of the European Parliament and of the Council  ( 11 ) ;

(8)

‘AML/CFT-related requirement’ means any requirement with regard to the prevention and countering the use of the financial system for the purpose of money laundering or terrorist financing imposed on a financial sector operator in accordance with the legislative acts referred to in Article 1(2) of Regulation (EU) No 1093/2010, Article 1(2) of Regulation (EU) No 1094/2010 and Article 1(2) of Regulation (EU) No 1095/2010, and with any national laws transposing the Directives referred to in those Articles;

(9)

‘measure’ means any supervisory and administrative measure, sanction and penalty, including precautionary or temporary measure, taken by a reporting authority in response to a weakness which is deemed material in accordance with Article 3;

(10)

‘branch’ means a place of business which forms a legally dependent part of a financial sector operator and which carries out directly all or some of the transactions inherent in the business of the financial sector operator, whether its registered office or head office is situated in a Member State or in a third country;

(11)

‘parent financial sector operator’ means a financial sector operator in a Member State that has another financial sector operator as a subsidiary or that holds a participation in such a financial sector operator and which is not itself a subsidiary of another financial sector operator authorised in the same Member State;

(12)

‘Union parent financial sector operator’ means a parent financial sector operator in a Member State that is not a subsidiary of another financial sector operator established in any Member State;

(13)

‘college’ means a college of supervisors as referred to in Article 116 of Directive 2013/36/EU, a resolution college or a European resolution college as set out in Articles 88 and 89 of Directive 2014/59/EU, or an AML/CFT college.

Article 2Weaknesses and corresponding situations where weaknesses may occur

1.   For the purposes of Article 9a(1), point (a), first subparagraph, of Regulation (EU) No 1093/2010, a weakness shall mean any of the following:

(a)

a breach by a financial sector operator of an AML/CFT-related requirement, which has been identified by a reporting authority;

(b)

any situation in which the reporting authority has reasonable grounds to suspect that the financial sector operator has breached an AML/CFT-related requirement, or that the financial sector operator has attempted to breach such a requirement (‘potential breach’);

(c)

the ineffective or inappropriate application by a financial sector operator of an AML/CFT-related requirement, or the application of internal policies and procedures that financial sector operators put in place to comply with AML/CFT-related requirements in a way that the reporting authority considers to be inadequate or insufficient to achieve the intended effects of those requirements or policies and procedures and is likely, by its nature, to lead to a breach as referred to in point (a), or to a potential breach as referred to in point (b),if the situation is not rectified (‘ineffective or inappropriate application’).

2.   The corresponding situations where weaknesses may occur are set out in Annex I.

Article 3Materiality of a weakness

1.   Reporting authorities shall consider a weakness to be material where that weakness reveals, or could lead to, significant failures in the compliance of the financial sector operator, or of the group to which the financial sector operator belongs, with any of the AML/CFT-related requirements.

2.   For the purposes of paragraph 1, reporting authorities shall assess at least all of the following criteria:

(a)

whether the weakness is occurring or has occurred repeatedly;

(b)

whether the weakness has persisted over a significant period of time (duration);

(c)

whether the weakness is serious or egregious (gravity);

(d)

whether the management body, or the senior management, of the financial sector operator appear to know about the weakness and decided not to remedy it (negligence), or whether they adopted decisions or held deliberations directed at generating the weakness (wilful misconduct);

(e)

whether the weakness increases the exposure of the financial sector operator, or of the group to which it belongs, to money laundering or terrorist financing risks;

(f)

whether the weakness has, or could have, a significant impact on the integrity, transparency and security of the financial system of a Member State or of the Union as a whole, or on the financial stability of a Member State or of the Union as a whole;

(g)

whether the weakness has, or could have, a significant impact on the viability of the financial sector operator or of the group to which the financial sector operator belongs;

(h)

whether the weakness has, or could have, a significant impact on the orderly functioning of financial markets.

Article 4Information to be provided by reporting authorities

Exclusively for the purposes of Article 9a(1), point (a), first subparagraph, of Regulation (EU) No 1093/2010, reporting authorities shall provide the EBA with all of the following types of information:

(a)

the general information specified in Article 5 of this Regulation;

(b)

the information specified in Article 6 of this Regulation about material weaknesses;

(c)

the information specified in Article 7 of this Regulation about any measures taken.

Article 5General information

1.   Reporting authorities shall provide the EBA with all of the following general information:

(a)

the identification of the reporting authority, including the specification whether it is the home or host AML/CFT authority and, where Article 12(4) applies, the identification of the authority submitting that information indirectly;

(b)

the identification of the financial sector operator and of its branches, of the agents as defined in Article 4, point (38), of Directive (EU) 2015/2366, and of distributors, including the type of financial sector operator and, where applicable, the type of establishment, where that operator, or its branches, agents, or distributors are concerned by the material weakness or the measure taken;

(c)

where the financial sector operator is part of a group, the identification of the Union parent financial sector operator and of the parent financial sector operator;

(d)

where the information is submitted by the European Central Bank, the Single Resolution Board, or the national reporting authority of the Member State where the financial sector operator has its registered office, or, if the financial sector operator has no registered office, of the Member State in which the head office of the financial sector operator is situated, the identification of the countries in which the financial sector operator operates branches and subsidiaries or operates through a network of agents and distributors;

(e)

where the financial sector operator is part of a group, information about any college in which the reporting authority participates, including information about the members, observers, and about the lead supervisor, group supervisor, consolidating supervisor or group level resolution authority of that college;

(f)

whether there is a central contact point as referred to in in Article 45(9) of Directive (EU) 2015/849, and, where applicable, its identification;

(g)

any other relevant information about the financial sector operator, branch, agent or distributor, including information about whether:

(i)

the financial sector operator is currently applying for authorisation, or is in the process of applying to exercise its right of establishment or its freedom to provide services, or of any other supervisory approvals;

(ii)

the financial sector operator is subject to any of the proceedings set out in Directive 2014/59/EU, or other insolvency proceedings;

(h)

information on the size of the activities of the financial sector operator and its branches, including, where applicable:

(i)

information on financial statements;

(ii)

the number of clients;

(iii)

the volume of assets under management;

(iv)

for an insurance undertaking, its annual gross written premium (GWP) and the size of its technical provisions;

(v)

for an insurance intermediary, the volume of premiums intermediated;

(vi)

for payment institutions and electronic money institutions, the size of the distribution network, including information on the number of agents and distributors.

2.   Prudential authorities shall, in addition to the information referred to in paragraph 1, submit all of the following information to the database:

(a)

the result of risk assessment determined on the basis of any relevant supervisory review process, including the supervisory reviews referred to in Article 97 of Directive 2013/36/EU and Article 36 of Directive 2009/138/EC of the European Parliament and of the Council  ( 12 ) , and of any other similar processes affected by the exposure of the financial sector operator, or of its branches, to the risk of money laundering or terrorist financing, including in the areas of internal governance, business model, operational risk, liquidity and credit risk;

(b)

any negative final assessment of, or decision on, an application for authorisation as a financial sector operator, including where a member of the management body does not meet the requirements on fitness and propriety, and including where such an assessment or decision is based on grounds of money laundering or terrorist financing.

Any reporting on natural persons for the purposes of point (b) shall be made in accordance with Annex II.

3.   AML/CFT authorities shall, in addition to the information referred to in paragraph 1, provide the EBA with the money laundering and terrorist financing risk profile of the financial sector operator and of its branches, and with available information about the money laundering and terrorist financing risk profile of the agents and distributors using the categories specified in Annex III.

Article 6Information about material weaknesses

Reporting authorities shall provide the EBA with all of the following information about material weaknesses:

(a)

the type of material weakness as set out in Article 2(1);

(b)

the reason as to why the reporting authority considers that the weakness is material;

(c)

a description of the material weakness;

(d)

the corresponding situation in which the material weakness has occurred, as set out in Annex I;

(e)

the timeline of the material weakness;

(f)

the origin of the information on the material weakness;

(g)

the AML/CFT-related requirement to which the material weakness relates;

(h)

the type of products, services or activities for which the financial sector operator has been authorised that are affected by the material weakness;

(i)

whether the material weakness concerns the financial sector operator on its own, its branch, its agent or its distributor alone, as well as any cross-border impact of the material weakness;

(j)

whether information on the material weakness has been communicated to a college that has been established for the group to which the financial sector operator belongs; and, if not communicated yet, the reason why;

(k)

for the host AML/CFT authorities, whether the information on the material weakness has been communicated to the home AML/CFT authority or to the central contact point referred to in Article 45(9) of Directive (EU) 2015/849, where applicable, and, if not communicated yet, the reason why;

(l)

whether the material weakness appears to be inherent in the design of the product, service or activity concerned;

(m)

whether the material weakness appears to be linked to specific natural persons, whether a customer, a beneficial owner, a member of the management body or key function holder, including the reasons why the reporting authority considers that that natural person appears to be linked to the material weakness;

(n)

any contextual or background information with regard to the material weakness, where known by the reporting authority, including:

(i)

whether the material weakness is linked to a specific area relevant for money laundering or the financing of terrorism that has already been identified by the EBA;

(ii)

for the AML/CFT authorities, whether the material weakness indicates an emerging risk as regards money laundering or the financing of terrorism;

(iii)

whether the material weakness is linked to the use of new technology, and, if so, a short description of that new technology.

For the purposes of point (m), any information on natural persons shall be provided in accordance with Annex II.

Article 7Information about any measures taken

Reporting authorities shall provide the EBA with all of the following information about any measures taken:

(a)

a reference to the material weakness in relation to which the measure has been taken, and, where relevant, any update of the information provided in accordance with Article 6;

(b)

the date of the imposition of the measure;

(c)

the type of measure, its internal reference number and link to it, if published;

(d)

full information about the legal and natural persons on which the measure was imposed;

(e)

a description of the measure, including its legal basis;

(f)

the status of the measure, including whether any appeal has been brought against the measure;

(g)

whether and how the measure has been published, including the reasons for any anonymous publication, delay in publication or non-publication;

(h)

all information relevant to the remediation of the material weakness that the measure concerns, including any action planned or taken for such remediation, and any additional explanations necessary regarding remediation process and the relevant timeline by which remediation is expected;

(i)

whether the information about the measure has been communicated to a college that has been established for the group to which the financial sector operator belongs; and if not communicated yet, the reason why;

(j)

for the host AML/CFT authorities, whether information on the measure has been communicated to the home AML/CFT competent authority; and, if not communicated yet, the reason why.

For the purposes of point (d), any information on natural persons shall be provided in accordance with Annex II.

Article 8Timelines and obligation to provide updates

1.   Reporting authorities shall provide the EBA with all information about material weaknesses and measures without undue delay.

2.   Reporting authorities shall provide the EBA with information about material weakness irrespective of whether any measure has been taken in response to such material weakness. In addition, host AML/CFT authorities shall submit that information irrespective of any notification made to the home AML/CFT authority.

3.   Reporting authorities shall ensure that the information they provide to the EBA remains accurate, complete, appropriate and up to date.

4.   Where the EBA determines that the information provided is not accurate, complete, adequate or up to date, the reporting authorities shall provide the EBA upon its request with any additional or subsequent information without undue delay.

5.   Reporting authorities shall provide the EBA, in due time, with all the information necessary to keep the EBA informed about any subsequent developments relating to the information provided, including information related to the material weakness identified or to the measure taken and its remediation.

Article 9Analysis of the information received by the EBA

1.   The EBA shall analyse the information received in accordance with this Regulation on a risk-based approach.

2.   The EBA may, where appropriate, combine information submitted in accordance with this Regulation with any other information available to the EBA, including information disclosed to the EBA by any natural or legal person including the type of information listed in Annex II.

3.   ESMA and EIOPA shall provide the EBA, where requested, with any additional information necessary for the analysis of the information received in accordance with this Regulation. Where the additional information includes personal data, such data shall be provided using the categories in Annex II.

4.   The EBA shall endeavour to make use of the information received in accordance with this Regulation for the performance of its tasks as set out in Regulation (EU) No 1093/2010, including all of the following:

(a)

to conduct analyses on an aggregate basis:

(i)

to inform its opinion referred to in Article 6(5) of Directive (EU) 2015/849;

(ii)

to perform the risk assessments referred to in Article 9a(5) of Regulation (EU) No 1093/2010;

(b)

to provide responses to requests received from reporting authorities for information about financial sector operators relevant for the supervisory activities of those authorities with regard to the prevention of the use of the financial system for the purposes of money laundering or of terrorist financing, as specified in Article 9a(3) of Regulation (EU) No 1093/2010;

(c)

to inform requests for investigation as referred to in Article 9b of Regulation (EU) No 1093/2010;

(d)

to disclose, on its own initiative, information to reporting authorities relevant for their supervisory activities as specified in Article 10(1), point (b);

(e)

to provide EIOPA and ESMA with information analysed in accordance with this Regulation, including information on individual financial sector operators, and on natural persons in accordance with Annex II, either on its own initiative, or following a request received from EIOPA or ESMA providing reasons as to why that information is necessary for the achievement of their tasks as set out in Regulation (EU) No 1094/2010 and Regulation (EU) No 1095/2010, respectively.

Article 10Making information available to the reporting authorities

1.   The EBA shall provide the reporting authorities with the information received in accordance with this Regulation and analysed in accordance with Article 9 in all of the following situations:

(a)

following a request received from the reporting authority for information about financial sector operators relevant for the supervisory activities of that authority with regard to the prevention of the use of the financial system for the purpose of money laundering or terrorist financing, as specified in Article 9a(3) of Regulation (EU) No 1093/2010;

(b)

on the EBA’s own initiative, including for the following cases on a risk-based approach:

(i)

to the lead supervisor, group supervisor, consolidating supervisor or group level resolution authority, where a college has been established but the information has not been disseminated therein in accordance with Article 6, point (j), and Article 7, point (i), of this Regulation and the EBA deems the information relevant for that college;

(ii)

where no college has been established, but the financial sector operator is part of a cross-border group or has branches or operates through agents or distributors in other countries and the EBA deems the information relevant for the authorities supervising such group entities, branches, agents or distributors.

2.   The request referred to in paragraph 1, point (a), shall specify the following:

(a)

the identification of the requesting reporting authority and the authority enabling the indirect submission as referred to in Article 12(4), as applicable;

(b)

the identity of the financial sector operator concerned by the request;

(c)

whether the request concerns the financial sector operator or a natural person;

(d)

why the information is relevant for the requesting reporting authority and its supervisory activities with regard to the prevention of the use of the financial system for the purpose of money laundering or terrorist financing;

(e)

the intended use of the requested information;

(f)

the date by which the information should be received, if any, and a justification for that date;

(g)

whether there is a degree of urgency, and a justification for that urgency;

(h)

any additional information that may assist the EBA while processing the request, or which is requested by the EBA.

3.   Where natural persons are concerned, requests referred to in paragraph 1, point (a), and the provision of information in accordance with paragraph 1, point (b), shall be made in accordance with Annex II.

Article 11Articulation with other notifications

1.   The submission of information about a measure by an AML/CFT authority to the EBA in accordance with Article 7 of this Regulation shall be deemed to be a submission of information as referred to in Article 62 of Directive (EU) 2015/849 with regard to that measure.

2.   An AML/CFT or a prudential authority submitting information in accordance with this Regulation shall specify with its submission whether it has already submitted a notification under Article 97(6) of Directive 2013/36/EU.

Article 12Practical implementation of the information collection

1.   The information referred to in Articles 5, 6 and 7 and the requests referred to in Article 9(4), point (b), and Article 10(1), point (a), shall be submitted by electronic means and in English.

2.   Supporting documents that are not available in English shall be submitted in their original language, accompanied by a summary in English.

3.   Where the operation of a deposit guarantee scheme is administered by a private entity, the designated authority supervising that scheme shall ensure that such private entity administering the scheme reports to that designated authority material weaknesses identified in the course of its activities.

4.   Where a reporting authority, other than an AML/CFT authority (‘authority indirectly submitting’), submits information and requests to the EBA and receives information from the EBA through the AML/CFT authority in charge of the supervision of the financial sector operator concerned by the material weakness of the Member State where the authority indirectly submitting is established (‘authority enabling indirect submission’), the following shall apply:

(a)

the authority indirectly submitting shall submit information and requests to and receive information from the EBA only through the authority enabling indirect submission;

(b)

the liability of the authority enabling indirect submission shall be limited solely to submitting to the EBA all the information and requests received from the authority indirectly submitting and to transferring to that authority all the information received from the EBA;

(c)

the authority indirectly submitting shall remain exclusively liable to comply with its obligations to report material weaknesses and measures in accordance with this Regulation;

(d)

the notifications under Article 9a(3) of Regulation (EU) No 1093/2010 shall be done by the EBA for the authority indirectly submitting through the authority enabling indirect submission.

5.   Reporting authorities shall appoint a person of appropriate seniority to represent the authority vis-à-vis the EBA for the submission, request and reception of information in accordance with this Regulation, and inform the EBA of that appointment and of any changes to that appointment. Reporting authorities shall ensure that sufficient resources are dedicated for their reporting obligations under this Regulation. Reporting authorities shall appoint a person or persons as contact points for the submission, the requests and the reception of information under this Regulation and notify the EBA thereof. Any notifications made in accordance with this paragraph shall be made in accordance with Annex II. Authorities indirectly submitting shall make those notifications to the authorities enabling their indirect submission.

6.   For the AML/CFT authority, the additional information referred to in Article 9a(1), point (a), third subparagraph, of Regulation (EU) No 1093/2010 shall include the current money laundering or terrorist financing risk profile of the group, if any, and the money laundering or terrorist financing risk assessments of the financial sector operator, branch, agent or distributor or of the group. Reporting authorities shall provide the EBA with any information or document not referred to in this Regulation that is relevant for any material weakness or measure with an explanation of such relevance.

7.   The EBA shall set out and communicate to reporting authorities technical specifications, including data exchange formats, representations, relevant data points and instructions, rights of access to the database, to which the reporting authorities shall conform, when submitting or receiving information in accordance with this Regulation. The EBA shall, having regard to the different supervisory activities of the reporting authorities, the expected frequency of submissions and the need to achieve operational and cost efficiency, identify the reporting authorities that shall be authorities indirectly submitting in accordance with paragraph 4.

Article 13Confidentiality

1.   Without prejudice to provisions of this Regulation as to how information is analysed and made available to authorities, information submitted to the EBA in accordance with this Regulation shall be subject to Articles 70, 71 and 72 of Regulation (EU) No 1093/2010. Information received by EIOPA and ESMA in accordance with this Regulation shall be subject to Articles 70, 71 and 72 of Regulation (EU) No 1094/2010 and to Articles 70, 71 and 72 of Regulation (EU) No 1095/2010, respectively.

2.   Members of the reporting authorities’ management bodies, and persons working for those authorities or who have worked for those authorities, even after their duties have ceased, shall be subject to professional secrecy requirements and shall not disclose information received in accordance with this Regulation, except in summary or aggregate form only such that individual financial sector operators, branches, agents, distributors or other natural persons cannot be identified, without prejudice to cases where criminal law proceedings are pending.

3.   Reporting authorities receiving information in accordance with this Regulation shall treat that information as confidential and shall use it only in the course of their supervisory activities with regard to the prevention of the use of the financial system for money laundering or terrorist financing, carried out pursuant to the legal acts referred to in Article 1(2) of Regulation (EU) No 1093/2010, Article 1(2) of Regulation (EU) No 1094/2010 and Article 1(2) of Regulation (EU) No 1095/2010, including in appeals against measures taken by those authorities and in any court proceedings concerning supervisory activities.

4.   Paragraph 2 shall not preclude a reporting authority from disclosing information received in accordance with this Regulation to another reporting authority or to an authority or body pursuant to the legal acts referred to in Article 1(2) of Regulation (EU) No 1093/2010, Article 1(2) of Regulation (EU) No 1094/2010 and Article 1(2) of Regulation (EU) No 1095/2010.

Article 14Data protection

The EBA may keep personal data in an identifiable form for a period of up to 10 years from the collection by the EBA and, where it does so, shall delete personal data upon expiry of that period. Based on a yearly assessment of their necessity, personal data may be deleted before the end of that maximum period on a case-by-case basis.

Article 15Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

Schedules & Appendices

ANNEX ICORRESPONDING SITUATIONS

ANNEX I

CORRESPONDING SITUATIONS

Reporting authorities may come across weaknesses in the following situations:

PART 1:     AML/CFT authorities

When carrying out their on-site and off-site supervisory activities, regarding:

(a)

customer due diligence measures, including customer ML/TF risk assessments, reliance on third parties and transaction monitoring;

(b)

suspicious transaction reporting;

(c)

record-keeping;

(d)

internal AML/CFT systems and controls;

(e)

risk management system, including business-wide ML/TF risk assessments;

(f)

group-wide policies and procedures including policies for sharing information within the group.

PART 2:     Prudential authorities

1.

During the authorisation process and the process for the assessment of the acquisition of qualifying holdings, regarding:

(a)

analysis of business strategy and of business model and reflection on other risk areas, including liquidity where applicable;

(b)

fitness and propriety assessment of the members of the management body and key function holders, where performed;

(c)

notification to establish a branch or to provide services under the freedom of establishment or the freedom to provide services;

(d)

shareholders or members holding qualifying holdings or, exclusively at authorisation, and where applicable, identity of 20 largest shareholders or members if there are no qualifying holdings;

(e)

internal governance arrangements including remuneration policies and practices;

(f)

internal control framework, including risk management, compliance and internal audit;

(g)

information communication technology risk and risk management;

(h)

assessment of the sources of funds to pay up capital at authorisation or the source of funds to purchase the qualifying holding.

2.

During ongoing supervision, including on-site inspections and off-site supervisory activities, regarding:

(a)

internal governance arrangements, including remuneration policies and practices;

(b)

internal control framework, including risk management, compliance and internal audit;

(c)

fitness and propriety assessment of the members of the management body and key function holders, where performed;

(d)

the assessment of the notifications of proposed acquisitions of qualifying holdings;

(e)

operational risks including legal and reputational risks;

(f)

information communication technology risk and risk management;

(g)

business models;

(h)

liquidity management;

(i)

outsourcing arrangements and third party risk management;

(j)

carrying out the procedures related to market access, banking licensing and authorisations;

(k)

carrying out the Supervisory Review and Evaluation Process (SREP); the supervisory review process (SRP), or similar supervisory review processes;

(l)

the assessment of ad hoc requests, notifications and applications;

(m)

the assessment of the eligibility of and monitoring institutional protection schemes;

(n)

information received during ongoing work to ensure compliance with Union prudential rules, including the collection of supervisory reporting.

PART 3:     Designated authorities

When preparing for DGS interventions, including stress testing and on-site or off-site inspections, or when executing a DGS intervention, including pay-outs.

PART 4:     Resolution authorities and the Single Resolution Board

In the course of their functions, from resolution planning to execution.

PART 5:     Conduct of business authorities

When carrying out their on-site and off-site supervisory activities, and in particular in situations where they are aware of:

(a)

a denial of access to financial products or services for reasons of anti-money laundering or combating the financing of terrorism;

(b)

a termination of a contract or the end of a service for reasons of anti-money laundering or combating the financing of terrorism;

(c)

an exclusion of categories of customers, in particular in the situations referred to in points (a) and (b) for reasons of anti-money laundering or combating the financing of terrorism.

PART 6:     Payment institutions authorities

In particular:

1.

during the authorisation process and passporting;

2.

when carrying out their on-site and off-site supervisory activities, and in particular:

(a)

with regard to payment institutions and electronic money institutions, including when they provide their activities through agents and distributors;

(b)

with regard to the payment service provider’s obligations under Directive (EU) 2015/2366, including the obligation of the payee’s payment service providers to make funds available to the payee immediately after the amount is credited to the payment service provider’s account.

PART 7:     Any other situations where the weakness is material.

ANNEX IIINFORMATION ON NATURAL PERSONS

ANNEX II

INFORMATION ON NATURAL PERSONS

1.

The information to be provided in application of Article 5(2), point (b)

(a)

name, surname, date of birth, country of residence, nationality, function in the financial sector operator or branch;

(b)

the grounds of money laundering or terrorist financing.

2.

The information to be provided in application of Article 6, point (m):

(a)

customers or beneficial owners:

(i)

name, surname, date of birth, country of residence, nationality;

(ii)

whether the customer or beneficial owner is or was also a member of the management body or a key function holder in the financial sector operator or branch;

(iii)

whether the customer or beneficial owner holds or held, directly or indirectly, shares in the financial sector operator or branch;

(iv)

whether the customer is considered as ‘high risk’ by the financial sector operator, branch, agent or distributor;

(b)

members of the management body or key function holders:

(i)

name, surname, date of birth, country of residence, nationality;

(ii)

function in the financial sector operator or branch;

(c)

any natural person referred to in points 2(a) or (b) of this Annex: the reason why the reporting authority considers that the natural person appears to be linked with the material weakness.

3.

The information to be provided in application of Article 7, point (d):

(a)

name, surname, date of birth, country of residence, nationality;

(b)

function in the financial sector operator, branch, agent or distributor or, with regard to the customer or beneficial owner, role.

4.

The information to be provided in application of Article 10(3) by a reporting authority when making a request about natural persons:

(a)

name, surname, date of birth, nationality, country of residence;

(b)

where known, the function, or, with regard to the customer or beneficial owner, role;

(c)

the reason why the information about that specific person is necessary for the requesting reporting authority for its supervisory activity with regard to the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and the intended use(s) of the information requested.

5.

The dissemination of personal data by the EBA:

When requested by a reporting authority, the EBA shall share personal data under the conditions referred to in point 4(c) of this Annex, and on its own initiative under the conditions laid down in Article 10(1), point (b), if the information about the person concerned is necessary for the reporting authority for its supervisory activity with regard to the prevention of the use of the financial system for the purpose of money laundering or terrorist financing. In both cases, the information shall be shared between authenticated users and secured communication channels shall be used.

6.

The information to be provided in application of Article 12(5) shall contain the name, surname, function, and business contact.

ANNEX IIIMONEY LAUNDERING AND TERRORIST FINANCING RISK PROFILE

ANNEX III

MONEY LAUNDERING AND TERRORIST FINANCING RISK PROFILE

1.   Less significant risk profile:

The financial sector operator, branch, agent or distributor has a less significant risk profile where its inherent risk is less significant and its risk profile remains unaffected by mitigation, or where inherent risk is moderately significant or significant but is effectively mitigated through anti-money laundering and combating the financing of terrorism (AML/CFT) systems and controls.

2.   Moderately significant risk profile:

The financial sector operator, branch, agent or distributor has a moderately significant risk profile where its inherent risk is moderately significant and its risk profile remains unaffected by mitigation, or where its inherent risk is significant or very significant but is effectively mitigated through AML/CFT systems and controls.

3.   Significant risk profile:

The financial sector operator, branch, agent or distributor has a significant risk profile where its inherent risk exposure is significant and the risk profile remains unaffected by mitigation, or where its inherent risk is very significant but is effectively mitigated through AML/CFT systems and controls.

4.   Very significant risk profile:

The financial sector operator, branch, agent or distributor has a very significant risk profile where its inherent risk is very significant and, regardless of the mitigation, the risk profile remains unaffected by mitigation, or where the inherent risk is very significant but is not effectively mitigated due to systemic AML/CFT system and control weaknesses in the financial sector operator.

18 articles

Cite this act

Commission Delegated Regulation (EU) 2024/595 of 9 November 2023 supplementing Regulation (EU) No 1093/2010 of the European Parliament and of the Council with regard to regulatory technical standards specifying the materiality of weaknesses, the type of information collected, the practical implementation of the information collection and the analysis and dissemination of the information contained in the Anti-money laundering and counter terrorist financing (AML/CFT) central database referred to in Article 9a(2) of that Regulation (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32024R0595

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com