The European Union’s new anti-money-laundering (AML) supervisor on Thursday launched two consultations on draft rules intended to tighten how companies assess their financial-crime risks and apply compliance controls across corporate groups. 

The Anti-Money Laundering Authority, or AMLA, said one consultation covers draft guidelines on business-wide risk assessments and the other covers draft regulatory technical standards on group-wide requirements. The consultation on the group-wide rules runs through June 15, while the consultation on business-wide risk assessments closes July 15.

The risk-assessment guidelines would require firms to structure their assessments around four main elements: a business and operational overview, identification and classification of inherent risks, an evaluation of the quality of internal controls, and a classification of residual risks after those controls are applied.

Under the draft, firms would be expected to use a broad range of sources when assessing exposure to money-laundering, terrorist-financing, and sanctions-evasion risks, including official watchlists and sanctions lists, international assessment reports, internal audit findings, suspicious activity reporting, and credible open-source reporting.

AMLA’s separate draft on group-wide requirements would set minimum standards for policies, procedures, and controls across groups, as well as rules for sharing information among affiliates. 

The proposals also address cases in which third-country laws block the sharing of customer or beneficial ownership information for AML purposes. In those situations, firms would have to notify supervisors without undue delay, test whether lawful workarounds such as customer consent are available, and apply additional measures. If the risks still cannot be managed, the draft says firms may have to end customer relationships, refuse transactions, or shut operations in the affected country.

Read more from the AMLA here