ANNEX I | Delegated Regulation 2024/595

Updated 05/02/2025

Metadata

In force

Initial Legal Act

Amendments

ANNEX I - Delegated Regulation 2024/595

ANNEX I

CORRESPONDING SITUATIONS

Reporting authorities may come across weaknesses in the following situations:

PART 1: AML/CFT authorities

When carrying out their on-site and off-site supervisory activities, regarding:

(a)	customer due diligence measures, including customer ML/TF risk assessments, reliance on third parties and transaction monitoring;

(b)	suspicious transaction reporting;

(c)	record-keeping;

(d)	internal AML/CFT systems and controls;

(e)	risk management system, including business-wide ML/TF risk assessments;

(f)	group-wide policies and procedures including policies for sharing information within the group.

PART 2: Prudential authorities

During the authorisation process and the process for the assessment of the acquisition of qualifying holdings, regarding:

(a)	analysis of business strategy and of business model and reflection on other risk areas, including liquidity where applicable;

(b)	fitness and propriety assessment of the members of the management body and key function holders, where performed;

(c)	notification to establish a branch or to provide services under the freedom of establishment or the freedom to provide services;

(d)	shareholders or members holding qualifying holdings or, exclusively at authorisation, and where applicable, identity of 20 largest shareholders or members if there are no qualifying holdings;

(e)	internal governance arrangements including remuneration policies and practices;

(f)	internal control framework, including risk management, compliance and internal audit;

(g)	information communication technology risk and risk management;

(h)	assessment of the sources of funds to pay up capital at authorisation or the source of funds to purchase the qualifying holding.

During ongoing supervision, including on-site inspections and off-site supervisory activities, regarding:

(a)	internal governance arrangements, including remuneration policies and practices;

(b)	internal control framework, including risk management, compliance and internal audit;

(c)	fitness and propriety assessment of the members of the management body and key function holders, where performed;

(d)	the assessment of the notifications of proposed acquisitions of qualifying holdings;

(e)	operational risks including legal and reputational risks;

(f)	information communication technology risk and risk management;

(g)	business models;

(h)	liquidity management;

(i)	outsourcing arrangements and third party risk management;

(j)	carrying out the procedures related to market access, banking licensing and authorisations;

(k)	carrying out the Supervisory Review and Evaluation Process (SREP); the supervisory review process (SRP), or similar supervisory review processes;

(l)	the assessment of ad hoc requests, notifications and applications;

(m)	the assessment of the eligibility of and monitoring institutional protection schemes;

(n)	information received during ongoing work to ensure compliance with Union prudential rules, including the collection of supervisory reporting.

PART 3: Designated authorities

When preparing for DGS interventions, including stress testing and on-site or off-site inspections, or when executing a DGS intervention, including pay-outs.

PART 4: Resolution authorities and the Single Resolution Board

In the course of their functions, from resolution planning to execution.

PART 5: Conduct of business authorities

When carrying out their on-site and off-site supervisory activities, and in particular in situations where they are aware of:

(a)	a denial of access to financial products or services for reasons of anti-money laundering or combating the financing of terrorism;

(b)	a termination of a contract or the end of a service for reasons of anti-money laundering or combating the financing of terrorism;

(c)	an exclusion of categories of customers, in particular in the situations referred to in points (a) and (b) for reasons of anti-money laundering or combating the financing of terrorism.

PART 6: Payment institutions authorities

In particular:

1.	during the authorisation process and passporting;

when carrying out their on-site and off-site supervisory activities, and in particular:

(a)	with regard to payment institutions and electronic money institutions, including when they provide their activities through agents and distributors;

(b)	with regard to the payment service provider’s obligations under Directive (EU) 2015/2366, including the obligation of the payee’s payment service providers to make funds available to the payee immediately after the amount is credited to the payment service provider’s account.

PART 7: Any other situations where the weakness is material.

Recitals Article 1 - Definitions Article 2 - Weaknesses and corresponding situations where weaknesses may occur Article 3 - Materiality of a weakness Article 4 - Information to be provided by reporting authorities Article 5 - General information Article 6 - Information about material weaknesses Article 7 - Information about any measures taken Article 8 - Timelines and obligation to provide updates Article 9 - Analysis of the information received by the EBA Article 10 - Making information available to the reporting authorities Article 11 - Articulation with other notifications Article 12 - Practical implementation of the information collection Article 13 - Confidentiality Article 14 - Data protection Article 15 - Entry into force ANNEX I - CORRESPONDING SITUATIONS ANNEX II - INFORMATION ON NATURAL PERSONS ANNEX III - MONEY LAUNDERING AND TERRORIST FINANCING RISK PROFILE

Metadata

Related documents

ANNEX I - Delegated Regulation 2024/595

Table of contents