In brief
Due on 4 July, the 2025 revamped version of the AML Qualitative Questionnaire introduced by the Commissariat aux Assurances, includes a series of interesting and significant updates, reflecting the evolving regulatory landscape and dynamics; as well as the growing complexity of financial crime risks.
With a focus on increased granularity, transparency, and sector-specific controls, these changes are set to challenge current compliance practices within the insurance industry.
This article outlines the main areas of evolution and what they mean for compliance teams.
In detail
A shift toward targeted risk assessment
The updated questionnaire places a strong emphasis on specific risk categories, requiring institutions to conduct focused evaluations on:
- Terrorist financing
- Corruption
- Proliferation financing
- Emerging risks, such as cyberattacks, digitalisation, and virtual assets
These requirements go beyond traditional AML frameworks, calling for a more tailored understanding of each risk type and the implementation of corresponding control measures.
Scrutiny of automated onboarding processes
Institutions are now expected to demonstrate the existence, governance, and regulatory compliance of any automated onboarding systems they use. This includes providing evidence of regular reviews and updates and ensuring that the technology aligns with broader risk management policies.
The message is clear: automation does not exempt firms from accountability.
Increased transparency on beneficial ownership
A stronger focus is also being placed on the verification of beneficial owners. Respondents must detail the sources used - whether client-provided, official registries, or independent databases - and identify any discrepancies between registry data and internal records.
This approach reinforces the importance of data integrity and cross-checking in preventing misuse of corporate structures.
More robust transaction monitoring
The questionnaire now calls for the integration of specific scenarios related to terrorist financing within transaction monitoring systems. Firms must also report on alert types generated, including those related to politically exposed persons (PEPs), sanctions breaches, and unusual transactions.
These insights aim to assess not just the existence of monitoring systems, but their effectiveness and calibration of real-world risks.
Quantifying risk oversight
New statistical indicators are being introduced, including:
- The number of clients per risk level
- The rate of file reviews by risk level
These metrics will give regulators a clearer view of how institutions apply risk-based approaches in practice, and whether their efforts are consistent across client segments.
Sector-specific training and awareness
Training programmes must now be contextualised by sector and risk exposure, moving away from generic e-learning modules. Compliance officers are expected to align training content with their institution’s evolving risk map and the findings of internal assessments.
What does this mean for compliance teams?
Collectively, these changes imply a higher level of scrutiny, a need for more granular documentation, and an overall maturation of AML practices. Compliance functions will likely need to:
- Revisit their risk assessment frameworks
- Adapt internal procedures and documentation
- Strengthen staff training and sector awareness
- Allocate additional resources for monitoring and review activities
While the increased expectations may represent a significant operational effort, they also present an opportunity to reinforce trust and resilience in a complex risk environment.
If you would like support in assessing your current framework or adapting to these new requirements, our AML and regulatory specialists are available to help.
