Source: OJ L, 2024/1624, 19.6.2024

Current language: EN

Annex I Indicative list of risk variables

The following is a non-exhaustive list of risk variables that obliged entities shall take into account when drawing up their risk assessment in accordance with Article 10 and when determining to what extent to apply customer due diligence measures in accordance with Article 20:

  1. Customer risk variables:

    1. the customer’s and the customer’s beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement;’s business or professional activity;

    2. the customer’s and the customer’s beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement;’s reputation;

    3. the customer’s and the customer’s beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement;’s nature and behaviour;

    4. the jurisdictions in which the customer and the customer’s beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; are based;

    5. the jurisdictions that are the customer’s and the customer’s beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement;’s main places of business;

    6. the jurisdictions to which the customer and the customer’s beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; have relevant personal links;

  2. Product, service or transaction risk variables:

    1. the purpose of an account or relationship;

    2. the regularity or duration of the business relationshipmeans a business, professional or commercial relationship connected with the professional activities of an obliged entity, which is set up between an obliged entity and a customer, including in the absence of a written contract and which is expected to have, at the time when the contact is established, or which subsequently acquires, an element of repetition or duration;;

    3. the level of assets to be deposited by a customer or the size of transactions undertaken;

    4. the level of transparency, or opaqueness, the product, service or transaction affords;

    5. the complexity of the product, service or transaction;

    6. the value or size of the product, service or transaction;

  3. Delivery channel risk variables:

    1. the extent to which the business relationshipmeans a business, professional or commercial relationship connected with the professional activities of an obliged entity, which is set up between an obliged entity and a customer, including in the absence of a written contract and which is expected to have, at the time when the contact is established, or which subsequently acquires, an element of repetition or duration; is conducted on a non-face-to-face basis;

    2. the presence of any introducers or intermediaries that the customer might use and the nature of their relationship with the customer;

  4. Risk variable for life and other investment-related insurance:

    1. the risk level presented by the beneficiary of the insurance policy.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod