Bank of Lithuania: to know their customers, financial institutions should ask such amount of information that is necessary for risk assessment and management
As the requirements for the prevention of money laundering and terrorist financing (ML/TF) are tightened and financial market participants devote increasingly more attention to this area, the Bank of Lithuania receives more inquiries and complaints from the customers of banks, electronic money institutions and other financial institutions concerning excess requirements related to the requests to complete and update the KYC (“know your customer”) questionnaire or to provide additional information.
“It is very important to understand that financial market participants are the first line of defence preventing the legalisation of money earned from the trade in drugs, guns or people as well the opportunities for terrorists to implement their criminal intents. On the other hand, financial market participants must apply proportionate measures while managing these risks. We also urge financial institution customers to cooperate properly when providing the requested information, whereas in cases where any issues arise, to try solving them together with the financial market participant first. This year, the Bank of Lithuania will focus on the assessment whether the possibilities to use payment services are not unreasonably restricted,” said Jekaterina Govina, Director of the Financial Market Supervision Service of the Bank of Lithuania.
Customers are often resentful about the detailed nature of questions (“Why does the financial institution need to know so much about me? I do not launder money, where are my rights to private life? I have sent money to my relative, why the bank is asking about the origin of the funds that I have sent?”). Financial market participants must properly know their customers and monitor their business relationships. The legal acts do not detail what and how much information financial institutions need to request from their customers in each individual case. The institutions decide this themselves during risk assessment, therefore, the amount of information and its nature may differ in each individual case. In the opinion of the Bank of Lithuania, financial institutions should request their customers to provide such amount of information that is sufficient to manage the ML/TF risk in a specific case.
When investigating the complaints of financial institution customers, the Bank of Lithuania notes some cases where financial institutions request their customers to provide potentially more information than necessary for the proper assessment and management of the risk posed by them. There are certain cases when the risk related to specific customers is simply avoided instead of managing it. Such cases pose a threat that basic financial services (e.g. payment accounts) may become inaccessible to certain individuals or businesses. It is important for financial institutions to ensure that their customers do not use the financial system for illegitimate purposes, however, they should not create barriers for customers to use their services to the extent that they are able to manage the ML/TF risk.
The Bank of Lithuania monitors this matter to ensure that financial institutions do not abuse the right to terminate relationships with their customers, but apply this measure only in extreme cases.
If customers receive the financial institution’s request to provide information, it is important for them to:
- provide or update the requested information following the indicated deadlines;
- apply to the financial institution and consult it in case they have questions on the content or provision of information;
- know that financial institutions must very carefully protect the personal data of their customers and to disclose it only in exceptional cases envisaged by the legal acts;
- if the customer does not provide the requested information or provides incomplete information, financial institutions may restrict the provision of services to such customers and in exceptional cases terminate the agreement.
When financial institutions request information from their customers, it is important for them to:
- explain to their customers as thoroughly as possible on what grounds and why specific information, data and/or documents are requested;
- ensure in all cases that they request their customers to provide such amount of information that is sufficient for the proper assessment and management of the ML/TF risk and that customers are really capable to provide this information;
- to apply proportionate and objectively reasonable measures for the ML/TF risk management.