The ESAs have published draft RTS under MLD4 on how credit and financial institutions should manage their AML/TF risks at group level where their group includes branches or major subsidiaries in third countries that do not permit group wide policies to be used. The RTS include practical steps institutions should take, such as:
- getting customer consent to data sharing and processing
- carrying out reviews to be satisfied the branches can properly assess and manage ML/TF risks
- restricting the offerings of products and services to low-risk ones, and requiring senior management approval for anything else
- restricting the ability to rely on CDD carried out by those entities.