Introduction and legal basis

1. Financial institutions and credit institutions (hereinafter ‘institutions’) have to put in place and maintain policies and procedures to comply with their legal obligations in accordance with Article 8 of Directive (EU) 2015/849 (AMLD) [Directive (EU) 2015/849 of the European Parliament and the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).]. These policies and procedures include policies and procedures to identify and manage the risks to which they are exposed, for example credit risk or the risk that they may be used for money laundering and terrorist financing (ML/TF) purposes. Where a financial institution takes a decision to refuse to enter into, or to terminate, business relationships with individual customers or categories of customers associated with higher ML/TF risk, or to refuse to carry out higher ML/TF risk transactions, this is referred to as ‘de-risking’.

2. While decisions not to establish or to end a business relationship, or not to carry out a transaction, may be in line with Article 14(4) of Directive (EU) 2015/849 (AMLD), de-risking of entire categories of customers, without due consideration of individual customers’ risk profiles, can be unwarranted and a sign of ineffective ML/TF risk management.