Two-thousand-eighteen saw the fifth and sixth Anti-Money Laundering Directives (5AMLD and 6AMLD) published in the EU’s Official Journal. Since then a host of accompanying regulatory and legislative measures have been published.
This article is the first in a series of three examining these recent anti-money laundering (AML) and counter terrorist financing (CFT) legislative developments. This first article summarizes the 5AMLD requirements that will go live in January 2020. The following articles will tackle 6AMLD and the other related legislative developments that have arisen in the last year.
While AML laws are not a new phenomenon for “obliged entities”, the suite of upcoming changes are, since they impose a host of additional obligations on firms in relation to client due diligence and relationship and transaction monitoring processes, together with tougher, more-uniform criminal sanctions and penalties for non-compliance. As the EU seeks to tighten the screws on financial crime with these new rules, firms will need to ensure that their internal policies, procedures and technologies remain up-to-date and up to the standards set by these new measures.
Recital 2 of 5AMLD states that the EU was compelled to modify its framework AML/CFT Directive (4AMLD) within just a year of its transposition deadline due to recent terrorist attacks which “have brought to light emerging new trends, in particular regarding the way terrorist groups finance and conduct their operations.”
4AMLD introduced an evidence and risk-based approach to AML/CFT compliance processes. 5AMLD expands on this platform with more prescribed measures including further due diligence measures that must be taken in high-risk situations.
The 5AMLD measures form part of the European Commission's much broader February 2016 Action Plan on terrorist financing, which in addition to 4AMLD amendments, covers topics as diverse as the illicit trade in cultural goods, illegal wildlife trafficking, harmonization of money laundering offences and several tax related initiatives.
5AMLD modifies virtually every section and chapter within 4AMLD, in some instances simply tweaking words and in others, overhauling parts of the regime. Overall, the changes can be grouped into several broad thematic categories as summarized below.
The original 5AMLD European Commission Proposal cited significant gaps in the transparency of financial transactions, especially where offshore intermediary entities were used to distance true owners from their assets, often to evade tax, or secrete laundered money.
5AMLD’s measures seek to bring additional transparency to this landscape by granting the public right of access to information on beneficial owners of firms operating within the EU, thereby assisting in the identification of letterbox companies used to launder money, avoid taxes, and hide wealth. Similar access to information regarding beneficial owners of trusts and trust-like arrangements is to be provided to those who can demonstrate a “legitimate interest,” which should include investigative journalists and NGOs.
The above innovations are achieved by mandating Member States to develop separate national registers of beneficial owners of companies (including corporates, NGOs, foundations, etc.) and of trusts and trust-like arrangements, which in due course are to be interconnected through a European Central Platform.
In addition to trusts and corporates, Member States are required to establish similar registers for bank and payment accounts and safe deposit boxes (so called centralized automated mechanisms). Not accessible to the public, these registers will be available to Member State Financial Intelligence Units (FIUs) and regulatory supervisors.
Equally, Member States must grant these agencies access to beneficial ownership information of real estate, also in the form of a central registry where available. The bank account registries are to be interconnected centrally within the EU by March 10, 2021, and proposals for the interconnection of real estate registers is to be reported on by the Commission by December 31, 2021.
The full list of deadlines is as follows:
Article 30 Registers of Corporate and Legal Entities Jan 10, 2020
Article 31 Registers of Trust Arrangements Mar 10, 2020
Article 32a Centralized Automated Mechanisms Sep 10, 2020
Article 30-31 Interconnection of Registers Mar 10, 2021
Article 32b Real Estate Register Interconnection Report Dec 31, 2020
These measures constitute around a quarter of the changes made by 5AMLD and are designed to open access to data and facilitate cooperation between EU institutions, FIUs and competent authorities, including prudential supervisors.
5AMLD requires the Commission and Member States to publish periodic risk assessment reports (minus any confidential or sensitive information) with the objective of providing the public with the background and context to current AML/CFT threats.
Under 5AMLD, Member State reports must first be submitted to the Commission and must contain data on the volume of supervision and enforcement activity undertaken and the amount of resources deployed to meet the objectives of the Directive. The purpose of this measure is to arm the Commission with sufficient data to oversee Member States’ compliance with the Directive – a matter which resurfaced in late 2018 following a Commission report on certain Member States’ deficient implementation of 4AMLD.
5AMLD also seeks to ameliorate the risks arising from the anonymity associated with virtual currencies. Like financial institutions, virtual currency exchange platforms and custodian wallet providers will be classified as ‘obliged entities’ under 5AMLD, subjecting them to due diligence and reporting obligations.
The Directive also lowers the threshold for triggering due diligence for prepaid card holders from €250 to €150 in terms of the amount stored and monthly spend. Due diligence will also be required for cash redemptions or withdrawals and remote payments above €50. Moreover, sub-threshold prepaid cards must only be used to purchase goods or services, cannot be funded with anonymous electronic money, and issuers must carry out transaction monitoring to enable the detection of suspicious activity.
Meanwhile, credit and financial institutions may only accept payments carried out with anonymous prepaid cards issued in third countries where those jurisdictions meet requirements equivalent to EU laws. As such, banks will have to carry out checks and refuse payments made with cards from high risk countries that do not have equivalent AML/ CFT rules.
Under the current regime, there is no definitive set of enhanced due diligence measures that Member States must impose on firms dealing with high-risk third countries. This inconsistency has led money launderers and terrorist financers to forum-shop for the jurisdictions with the least rigorous arrangements, creating weak spots within the regime.
5AMLD addresses this weakness, in part, by establishing uniform enhanced due diligence measures across the Union where business relationships and transactions involve high-risk countries. These measures include requirements to obtain additional information on (i) customers and beneficial owners, (ii) the intended nature of business relationships, (iii) the sources of funds and wealth, and (iv) the reasons for transactions. 5AMLD also introduces enhanced monitoring of business relationships in high-risk situations. The list of high risk countries for the purposes of these requirements is set out in Regulation (EU) 2016/1675, as amended most recently in 2018.
5AMLD further extends the application of the regime to all forms of accountancy, auditor and tax advisory services, irrespective of the formal capacity under which a person/ entity operates, as well as, to estate agents undertaking lettings in property above certain thresholds, to art dealers trading in items above certain thresholds, and to electronic wallet providers and virtual currency exchange service providers. These ‘obliged entities’ will now have to undertake due diligence, ongoing monitoring and reporting of suspicious transactions just as financial institutions and other in-scope professions must.
Electronic wallet and virtual currency exchange service providers will also have to be registered, as will standard currency exchanges, check cashing offices, and trust and company services providers.
There are a host of other amendments introduced by 5AMLD, some more impactful than others. Of these, notable changes include substantially enhanced protections for individuals that make suspicious transaction reports and a requirement for Member States to maintain up-to-date lists of prominent public functions for the purposes of identifying Politically Exposed Persons, together with a concomitant obligation on the Commission to publish a cross-Union consolidated list of such functions.
The 5AMLD rules take effect on January 10, 2020. Between now and then, firms should ensure they enhance their policies, procedures, systems, and controls and adopt updated technological solutions to ensure they meet these new obligations and avoid the stricter sanctions regime introduced by 6AMLD: the topic of the next article in the series.