Risk & Compliance

EBA Guidelines: onboarding the vulnerable client

Date:January 8, 2024

The European Banking Authority (EBA) published new AML-related guidelines on 31 March 2023, which took effect on 3 November 2023. These guidelines impose additional requirements on the controls that institutions have for effective management of Money Laundering & Terrorist Financing (ML/TF) when providing access to financial services. As such, they mainly focus on customer acceptance. The focus of these guidelines is very much on the vulnerable client.


Who do these guidelines apply to?
The guidelines are mainly addressed to banks, investment fund managers, investment firms, payment service providers, financial service providers, leasing companies and life insurers. The guidelines therefore do not apply to all Wwft institutions.

Why these guidelines?
In a 2022 report, the EBA wrote that recent sector-wide ‘de-risking’ has led to vulnerable clients being denied access to financial services in some cases without a valid reason. The offboarding of certain categories of clients (without due consideration of individual risk profile) is unjustified, according to the EBA, and a sign of ineffective ML/TF management. So to counter this, the regulator is now introducing new guidelines.

Mandatory adapted KYC policy for refugees and asylum seekers

The new guidelines indicate that a customer can be refused on ML/TF grounds only after other options – such as a tightening of control measures – have been considered. This should include both the grounds for refusal and the requirement to document refusal. Also, after refusal, the customer should be informed of his right to contact a relevant competent authority or designated dispute resolution body.

Credit and financial institutions should have policies and procedures that include an onboarding process for the following cases:

  • The client is an asylum seeker who cannot provide a traditional form of identification (passport, ID card);
  • The client is a refugee who cannot hand over a traditional form of identification and/or has no address. Alternatively, (expired) documentation provided by an agency such as the Red Cross can be used (as long as national law allows);
  • The client has no residence permit but deportation is not possible due to legal or factual reasons. This can be proved with documentation from migration services, among others.
    If it concerns the provision of prepaid cards and it is a simplified client screening, the policy should state that the client screening can be postponed to a later date.

When it concerns a payment account for a customer with a low risk profile, the policy should include the alternative identification options. The policy should also state when customer due diligence may be deferred until after the business relationship has been established.

Controlling higher risks

The EBA indicates that lower customer due diligence requirements may create higher risks. These risks are mitigated by offering a restricted product. Here, the EBA lists options of restrictions on products, an assessment of which should be included in the procedures:

  • Restrictions on lending
  • Monthly turnover limits
  • Limits on the amount, type and number of transfers
  • Limits on the number of transactions to and from third countries
  • Limits on the size of deposits
  • Limits on payments to and from third parties
  • Prohibitions on withdrawals of funds from third countries

What this means for you
Under Article 16(3) from the Regulation establishing the EBA, credit and financial institutions must make “best efforts” to comply with these guidelines. This means that if your institution falls within the scope of the guidelines, the utmost effort should be made to align the organisation’s policies and their application with the guidelines. National regulators have indicated that they see these guidelines as clarifying and specifying existing standards. Failure to meet the regulator’s expectations can have dire consequences.

Find out more

Projective Group is happy to help you interpret and implement new laws and regulations, such as the EBA guidelines on onboarding the vulnerable client. For instance, we can help by conducting a gap analysis. Here, we map out the extent to which your organisation already complies with the requirements from the EBA guidelines and which steps you still need to take to be fully compliant. We also offer an e-learning on conducting customer research through our training institute, The Ministry of Compliance. Please contact us for this without any obligation.