Compliance Briefing — November 22, 2022
The EBA finalised guidelines on the use of remote customer onboarding solutions, obliging EU financial institutions to implement risk-based controls, secure identity verification, and ongoing monitoring by 2 October 2023.
Executive briefing: On 22 November 2022 the European Banking Authority published Guidelines on the use of remote customer onboarding solutions (EBA/GL/2022/15). Credit and financial institutions must adapt customer due diligence (CDD) policies, technology, and governance to comply by 2 October 2023.
Key compliance checkpoints
- Risk assessment. Document a product and channel risk assessment to determine when remote onboarding is permissible and what safeguards apply.
- Identity verification. Implement reliable, secure methods (e.g., liveness detection, trusted databases) and perform ongoing monitoring to detect fraud or manipulation.
- Governance and outsourcing. Ensure senior management approval, auditability, and oversight of third parties supporting remote onboarding.
Operational priorities
- Policy updates. Align AML/CFT manuals with the guideline’s requirements for information capture, record retention, and fallback procedures.
- Technology validation. Test remote identification solutions against accuracy, bias, and security criteria; maintain incident response plans.
- Training and monitoring. Educate staff on red flags, escalation steps, and enhanced due diligence triggers for higher-risk profiles.
Enablement moves
- Integrate remote onboarding controls with transaction monitoring and sanctions screening to maintain continuous CDD.
- Run thematic reviews to evidence compliance, covering sample testing and documentation quality.
- Coordinate with data protection teams to ensure biometric and identity data processing complies with GDPR requirements.
Sources
Zeph Tech delivers remote onboarding control assessments, vendor governance frameworks, and implementation roadmaps aligned with EBA/GL/2022/15.