ACPR shakes up FIs: Essential takeaways from Treezor and BRED rulings

On April 8, 2025, Ondorse and Linklaters hosted an exclusive, invitation-only breakfast event for a select group of fintech leaders, ops and compliance experts. This highly anticipated gathering, held at Linklaters' prestigious Paris office, brought together industry insiders to dissect and discuss the latest ACPR (Autorité de Contrôle Prudentiel et de Résolution) decisions, with a particular focus on the high-profile cases of Treezor and BRED.

The intimate setting allowed for candid discussions and deep insights into how these regulatory rulings are reshaping the financial compliance landscape. Attendees had the rare opportunity to engage directly with Marc Perrone, Partner, and Louis Degeorges, Senior Associate from Linklaters' Banking and Financial Regulation department, alongside Aymeric Boëlle, founder of Ondorse.

1. Risk scoring models need refinement

One of the most striking points from the Treezor decision was the ACPR's criticism of their risk classification model. The regulator found that Treezor's model was insufficiently discriminating, with 99.8% of clients classified as "low" or "moderately low" risk. This highlights the importance of developing more nuanced risk assessment models, especially for companies operating in the Banking-as-a-Service (BaaS) sector.

2. Data accuracy is paramount

The ACPR emphasized the critical nature of maintaining accurate client databases. In Treezor's case, misclassifications of business types (e.g., registering associations as SARLs) were flagged as a significant issue. This underscores the need for robust data verification processes and regular audits of client information.

3. Risk-based approach in onboarding

The regulator pointed out that Treezor's risk profile attribution didn't impact the nature and extent of information collected during onboarding. This serves as a reminder that a true risk-based approach should inform every step of the customer due diligence process, including initial onboarding.

4. Balancing GDPR and AML requirements

The BRED decision highlighted the ongoing challenge of balancing data protection regulations (GDPR) with AML/CFT requirements, particularly in the context of adverse media screening. Financial institutions must navigate this complex landscape carefully, ensuring compliance with both sets of regulations.

5. Transparency in AML processes

While the ACPR aims for transparency in its decisions to provide learning opportunities for the sector, it also recognizes the need to protect sensitive information about AML processes. This balancing act was evident in the redaction of certain details in the published decisions.

6. Proactive remediation strategies

The discussions emphasized the importance of timely and effective remediation efforts. Financial institutions should consider initiating remediation processes early, even if they disagree with some of the regulator's findings, to demonstrate their commitment to compliance.

As we move further into 2025, these insights from the ACPR's recent decisions will be crucial in shaping effective AML/CFT strategies. Fintech companies and financial institutions must focus on developing more sophisticated risk assessment models, ensuring data accuracy, implementing truly risk-based approaches, and balancing various regulatory requirements.

At Ondorse, we understand these challenges and offer cutting-edge solutions to help businesses navigate the complex world of financial compliance. Our platform provides tools for enhanced KYC/KYB processes, risk assessment, and ongoing monitoring, all designed to meet the evolving expectations of regulators like the ACPR.

Stay tuned for more insights and updates on regulatory trends, and don't hesitate to reach out to Ondorse for support in optimizing your compliance strategy for 2025 and beyond.