What are the EBA guidelines on the use of remote customer onboarding solutions?
In December 2021, EBA, the European Banking Authority, launched a public consultation on its draft “Guidelines on the use of remote customer onboarding solutions“.
The Guidelines offer a common understanding by competent authorities of the measures that financial sector operators should take to ensure safe, effective remote customer onboarding solutions, in line with anti-money laundering and countering the financing of terrorism (AML / CFT).
What is the digital customer onboarding? Digital customer onboarding is the set of activities to make a service/product/company known to a new customer, using digital technologies to allow a positive and personalized customer experience.
Purpose of the Guidelines
Digital transformation is asking companies to respond to the growing demand for remote services from customers. This need was reinforced with restrictions during the COVID-19 pandemic.
The phenomenon also affects financial institutions and digital onboarding in banking has become more frequent.
As a consequence, the EBA felt it was important for financial industry to understand the opportunities and threats behind remote onboarding solutions in order to better manage them.
As the EBA explains, the guidelines:
- set common EU standards on the development and implementation of sound, risk-sensitive initial customer due diligence (CDD) policies and processes in the remote customer onboarding context;
- set out the steps financial institutions should take when choosing remote customer onboarding tools and when assessing the adequacy and reliability of such tools, in order to comply effectively with their AML/CFT obligations;
- encourage financial operators to adopt internal policies and procedures in order to implement a remote customer onboarding solution.
Policies and procedures for remote onboarding solutions. Contents of the guidelines
The draft contains a list of the details that internal policies and procedures should define. Here a few of them:
- Competent authorities must notify to the EBA whether they comply or intend to comply with the guidelines. In the absence of any notification by a deadline to be decided in the future, the competent authorities will be considered as non-compliant.
- EBA describes subject matter, scope of application, and to which competent authorities the guidelines are addressed. It also provides definitions of terms such as digital identity, digital issuer, biometric data, representation fraud risk.
- EBA lists what policies and procedures should include to comply with the guidelines.
- The AML/CFT compliance officer should prepare remote customer onboarding policies and procedures, ensure that these are implemented effectively, reviewed regularly and amended where necessary.
- The financial operator management should approve policies and procedures, and oversee their correct implementation.
- The guidelines include instruction about how financial sector operators should carry out a pre-implementation assessment. They also include instruction about how to carry out ongoing monitoring of the remote customer onboarding solution(s), how to put in place remedial measures in case of weaknesses, risks, or errors.
- The use of fully automated remote customer onboarding solutions does not exempt financial sector operators from their duty to carry out ongoing monitoring. Moreover, the review findings should be duly documented.
- The guidelines explain how to identify customer, natural persons, legal entities and the nature and purpose of the business relationship. They also give advices about how to verify authenticity and integrity of paper copies, photos or scans of paper-based documents.
- They regulate the use of digital identity, the reliance on third parties and outsourcing, ICT and security risk management.
The public consultation ended in March 2022. At the moment the final version of the “Guidelines on the use of remote customer onboarding solutions” is still under development.
