Article 48 (10) of the Directive (EU) 2015/849 requires that The European Banking Authority (EBA) issues guidance on the Risk Based Approach to AML/CFT Supervision. The EBA have consequently released a public consultation on key changes relating to its guidelines on Risk-Based Supervision (RBS) of Credit and Financial Institutions. The consultation was published on the 17th of March 2021 and responses are due by the 17th of June 2021.  The purpose of this consultation is to address the challenges that supervisors have encountered across the European Union when implementing a Risk-Based Approach to AML/CFT supervision.

The intended changes that EBA proposed consist of a new EU legislative framework, identification of new risks and addressing the challenges faced by supervisors when implementing a Risk-Based Approach.  Some of the requirements outlined in the revised guidelines are as follows:

  • The requirement for an exhaustive Risk Assessment at a sectoral and sub-sectoral level to enable the identification of risks in cases where more robust supervisory intervention is required;
  • The need to provide guidance on supervisory tools available to competent authorities and selecting appropriate tools for different objectives;
  • The relevance of a strong follow-up process that competent authorities should consider when determining follow up actions;
  • Guidance on implementing a robust supervisory plan with a clear strategy; to enable the effective allocation of supervisory resources;
  • The need for supervisory authorities, to understand their duties and responsibilities related to AML/CFT Supervision and the importance of developing a good level of understanding of ML/TF risks;
  • The relevance of supervisory cooperation between competent authorities either when supervising cross-border groups, domestic groups and subjects of assessments including Credit and Financial Institutions;
  • Additional guidance on how competent authorities determine the type of guidance needed in a specific sector;
  • Additional guidance on training that competent authorities should provide to their staff.

In order to mitigate supervisory concerns and demonstrate robust systems and controls, the following actions should be proactively undertaken by Credit and Financial Institutions:

  • Consult national risk assessments, and AML/CTF red flags and typologies issued by law enforcement/competent authorities to improve risk management and demonstrate compliance with regulatory requirements;
  • Conduct a comprehensive and thorough analysis of their Risk Assessment to review the relevance of risks previously accepted;
  • Making any adjustments to the control environment based on their Risk Assessment if inconsistencies are observed;
  • Applying a Risk-Based Approach to identifying risk sources and evaluating risk mitigating controls effectively;
  • Understanding the level of risk associated with business relationships and transactions and implement appropriate controls to manage or limit these relationships;
  • Operate clear governance and escalation processes, documenting clear rationales when making appropriate risk-based decisions;
  • Build capacity across frontline staff to ensure quality and consistency of implementation of AML/CTF frameworks through on-the-job training and internationally recognised certifications.

Plenitude supports a number of institutions, big and small, in meeting their regulatory obligations and reducing their financial crime risk exposure. If you would like to discuss how these changes might impact you or need help in responding to them, please reach out to our team at

Laura Castro


Share with: