EBA Draft RTS: Assessment of Inherent and Residual Risk

Draft RTS on the assessment of the inherent and residual risk profile of obliged entities under Article 40(2) of the AMLD

EBA Draft RTS on the Assessment of the Inherent and Residual Risk Profile under Article 40(2) AMLD

The European Banking Authority (EBA) has published a Draft Regulatory Technical Standard (RTS) under Article 40(2) of Directive (EU) 2024/1640 (6AMLD), setting out a harmonised methodology for assessing and classifying the inherent and residual risk profile of obliged entities. This RTS represents a key pillar of the new EU Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) framework.

What Is the Purpose of the Draft RTS?

The main objective of the RTS is to ensure consistent, objective, and risk-sensitive supervision across the European Union. It provides national competent authorities and the new Anti-Money Laundering Authority (AMLA) with a standardised scoring methodology to:

  • Evaluate inherent ML/TF risks based on customer, product, channel, and geographic indicators
  • Assess the quality of AML/CFT controls implemented by obliged entities
  • Derive a residual risk score that will inform supervisory intensity and regulatory priorities

Three-Step Risk Assessment Framework

1. Inherent Risk Assessment

Obliged entities are scored on a 1–4 scale based on:

  • Customer types and risk exposure
  • Products and services offered
  • Delivery channels (e.g. online onboarding, intermediaries)
  • Countries of operation or customer origin

Each factor is weighted depending on its risk relevance.

2. Control Effectiveness Assessment

The quality of internal AML/CFT controls is scored from 1 (very good) to 4 (poor), covering:

  • Governance and compliance culture
  • Risk assessment frameworks
  • Ongoing monitoring and escalation procedures

3. Residual Risk Calculation

The residual risk is derived from the interplay between inherent risk and control quality:

  • If controls are worse than the inherent risk, residual risk = inherent risk
  • If controls are equal or better, residual risk = average of both

Frequency of Risk Assessments

  • Annual reassessments are required for most obliged entities
  • Triennial cycles apply to small or low-risk institutions
  • Ad-hoc reviews are mandatory following significant events (e.g. business model changes or control failures)

Why This RTS Matters

This draft RTS is a cornerstone of the EU’s single AML rulebook. It supports:

  • AMLA’s direct supervision of high-risk institutions
  • Greater transparency and comparability in supervisory decisions
  • More efficient allocation of supervisory resources based on measurable risk

It also lays the foundation for data-driven AML supervision and links directly to the RTS on AMLA selection criteria under Article 12(7) AMLAR.

What’s Next?

The RTS is currently in draft form and will undergo consultation before adoption. Once finalised, all competent authorities in the EU must apply the methodology consistently. Obliged entities are advised to review their internal risk and control assessments now to align with the upcoming standard.

Consultation Paper on Response to Call for Advice new AMLA mandatesHerunterladen
Public hearing 10 April 2025 – PresentationHerunterladen

Source:

https://www.eba.europa.eu/publications-and-media/events/consultation-proposed-rts-context-ebas-response-european-commissions-call-advice-new-amla-mandates

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert