Digital Dawn: EU Remote Onboarding Rules Usher in New Era of Financial Access

The European Banking Authority (EBA) guidelines on remote customer onboarding, which were published in late 2022, have officially come into force as of the start of October 2023. These guidelines become the EU standard for remote onboarding to financial services in all EU states and other countries from the European Economic Area (EEA), except if they conflict with national law. All EU/EEA countries except one (likely by mistake) and the European Central Bank have reported a state of compliancewith the guidelines, where 19 reports “compliant” and 12 “intend to comply”. This means that shortly remote onboarding according to these guidelines will be effective in all EU/EEA Member States.

Signicat, a leader in European regulatory compliance and digital identity solutions, provides an expert perspective on these significant regulatory changes.

Key Aspects of the EBA Guidelines on Remote Customer Onboarding

The EBA guidelines focus on modernizing the approach to customer onboarding and data management in the financial sector. The guidelines include five recommendations, with two being particularly specific and noteworthy:

• Identifying Consumer or Business Customers Digitally: meaning performing an identity verification without physical presence. This guideline allows for remote identification of customers, a significant shift from traditional in-person verification methods. It opens the door for utilizing advanced technology in identity verification, reducing the need for physical interactions and enhancing convenience and efficiency in customer onboarding.
• Storing Data Gathered During Customer Onboarding: this aspect of the guidelines mandates the secure and timestamped storage of information collected during the remote onboarding process. This requirement ensures that data is readily available for audit and other verification purposes, enhancing transparency and accountability in financial transactions.

As stated by the EBA “these Guidelines have been developed in response to the European Commission’s request in the context of its Digital Finance Strategy, published in 2020. They are also in line with the EBA’s legal mandate to lead, coordinate and monitor the EU financial sector’s fight against money laundering and terrorism financing (ML/TF)”.

Implications for the Financial Industry

The Guidelines apply to all credit and financial institutions that are within the scope of the Anti-money Laundering Directive (AMLD) and according to Article 16(3) of Regulation (EU) No 1093/2010, “the competent authorities and financial institutions shall make every effort to comply with those guidelines and recommendations”.

The implementation of these guidelines represents a considerable evolution in the regulatory landscape and local competent authorities of all European countries are now tasked with updating their processes to align with these new standards. This change not only involves technological advancements but also requires a deep understanding of the evolving regulatory environment.

“Harmonization is needed to build regulations and to ensure that the members of the European Economic Area are in an equal competitive environment in the single market. Of course, it is a challenging task that cannot be carried out at the national level by the regulator of each country alone but must be done by an institution, as in this case the EBA and the coming new AMLA to be established in 2024, from an objective and pragmatic point of view”, indicates Antti Kela, Sales Executive at Signicat and Certified Anti-Money Laundering Specialist (CAMS).

Long-Term Perspective and Industry Reaction

The financial industry acknowledges the need for these guidelines to harmonize regulations across different EU member states. Still, they also face the challenge of staying informed about the regulatory changes their sector is undergoing, as well as keeping track of the regulations they and their suppliers must follow, to stay compliant and avoid not only fines but reputational damage.

“In navigating the intricate landscape of regulations and third-party risk management, we invest not just euros but diligence. With €7 billion dedicated annually to operating expenses and nearly €3 billion directed towards third parties in 2021, our commitment goes beyond compliance; it’s about internal control and safeguarding against potential fines. As we embrace outsourcing, especially in regulated landscapes like remote customer onboarding technology, maintaining control becomes essential. We know that real resilience comes from actively managing our path, with guidance and assurance from trusted third-party partners like Signicat” states Sandor Welfing, Head of Supply Risk Management and Oversight at Rabobank.

Signicat’s Role in Navigating Compliance

This varied compliance landscape highlights the ongoing efforts to achieve a uniform regulatory environment within the financial sector of the European Union and associated countries. Signicat plays a pivotal role in helping institutions navigate these differing national requirements and achieve compliance efficiently. With a strong focus on compliance with European regulations, Signicat’s digital identity solutions are constantly updated to align with the latest regulatory requirements.

“At Signicat, we specialize in understanding and navigating the complex landscape of European standards and regulations. Our expertise in regulations and country-specific frameworks enables us to provide invaluable support to our customers in meeting the dynamic regulatory requirements, especially in times of change and uncertainty, but where they must comply to avoid sanctions”, says Jon Ølnes, Tribe Lead and Thought Leader at Signicat and editor of the ETSI TS 119 461 standard on policy and security requirements for remote identity proofing, which is a base standard for the EBA Guidelines.