Following the publication of the FAFT revised recommendations 2012 the EU set out to amend its own legal framework to combat money laundering (ML) and terrorist financing (TF). Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing was officially published on 5 June 2015. Member States (MS) must transpose it by 26 June 2017. The new legislation, known as 4AMLD, repeals the existing framework – Directives 2005/60/EC and 2006/70/EC – with effect from 26 June 2017.
It was complemented by Commission Delegated Regulation (EU) 2016/1675 of 14 July 2016 supplementing Directive (EU) 2015/849 by identifying high-risk third countries with strategic deficiencies. The Commission considered that any AML/CFT threat posed to the international financial system also represents a threat for the EU financial system due to the high level of integration of the international financial system, the close connection of market operators, the high volume of cross-border transactions to/from the EU, as well as the degree of market opening. As such it concluded that Afghanistan, Bosnia and Herzegovina, Guyana, Iraq, Lao PDR, Syria, Uganda, Vanuatu and Yemen should be considered third-country jurisdictions which have strategic deficiencies in their AML/CFT regimes that pose significant threats to the EU financial system. The list also includes Iran and the Democratic People’s Republic of Korea (DPRK) as per FAFT public statements. However, Iran is in a slightly different position as it has sought technical assistance to implement the FAFT plan whereas Korea is only identified as a high risk jurisdiction.
4AMLD in context and in a nutshell
The 4AMLD is part of a package of EU legislative measures aimed at preventing ML and TF that includes Regulation (EU) 2015/847 on information on the payer accompanying transfers of funds. As part of a broader EU strategy to tackle financial crime it also gives the Commission the task of conducting a supranational assessment of the ML and TF risks that could affect the EU’s internal market.
The 4AMLD applies to the financial sector and certain other actors such as lawyers, providers of gambling services and traders in goods (e.g. precious metals and stones), when payments of EUR 10,000 or more are made in cash. It requires that those subject to it:
a) identify and verify the identity of their customers and of the beneficial owners of their customers e.g. the identity of the person who ultimately owns or controls a company. Information on the beneficial ownership of companies will be stored in a central register, accessible to relevant bodies such as financial intelligence units (FIUs)
b) report suspicions of ML or TF to the public authorities, usually the FIUs
c) take supporting measures, such as ensuring the proper training of personnel and the establishment of appropriate internal preventive policies and procedures
d) take additional safeguards such as enhanced customer due diligence (ECDD) for situations of higher risk such as trading with banks situated outside the EU.
Amending the 4AMLD before it becomes applicable
On 2 February 2016, the Commission presented an Action Plan for strengthening the fight against TF focused on two main areas of action: tracing terrorists through financial movements and preventing them from moving funds or other assets; and disrupting the sources of revenue used by terrorist organisations by targeting their capacity to raise funds. The Action Plan announced a number of targeted operational and legislative measures to be put in place rapidly.
On 12 February 2016, the Economic and Financial Affairs Ministers Council called on the Commission to submit its proposal to amend the 4AMLD as soon as possible and no later than the second quarter of 2016. On 22 April 2016, the ECOFIN Council also called for action in to enhance the accessibility of beneficial ownership registers, to clarify the registration requirements for trusts, to speed up the interconnection of national beneficial ownership registers, promote automatic exchange of information on beneficial ownership and strengthen customer due diligence (CDD) rules.
In response, on 5 July 2016, the Commission published a proposal for a Directive amending the 4AMLD which also tackles company law rules via amendments to Directive 2009/101/EC.
All measures are aimed to enhance the efficiency of the current AML/CFT system and have been drafted to coherently supplement it. The proposal lays down rules that build on the experience of MS in transposing and implementing the 4AMLD (setting up central registers), answer the requests of those that effectively apply the rules (designation of new obliged entities, empower the national FIUs, harmonisation of the approach towards high-risk third countries) and reflect the newest trends observed in the fight against ML and TF (improve access to beneficial ownership information). As such, it provides a framework that should allow MS’ national legal orders to better face current challenges.
Article 2: add virtual currency exchange platforms and custodian wallet providers to the list of obliged entities
In addition to the above-mentioned inclusions a definition of “virtual currency” is also proposed for legal certainty reasons. From a data protection perspective, new obliged entities are designated, and they will have to process personal data (i.e. by performing CDD). This new obligation established for public policy considerations is counter-balanced by the insertion of clear definitions of the obliged entities, who are informed of the new obligations they become subject to (collection and processing of financial personal data online) and the data protection elements that are specific to these obligations.
Article 12: lower threshold for certain pre-paid instruments
At the moment any MS may allow obliged entities not to apply certain CDD measures with respect to e-money, under certain conditions. Currently acknowledged TF risks posed by pre-paid cards are linked to CDD exempted general purpose (reloadable or non-reloadable) pre-paid cards that run on domestic or international schemes and to the ease of using those cards online. The Commission proposes to lower (from EUR 250 to 150) the thresholds in respect of non-reloadable pre-paid payment instruments to which such CDD measures apply and suppress the CDD exemption for online use of prepaid cards.
Article 32: facilitate FIUs cooperation, aligning rules for their access to information with the latest international standards
FIUs play an important role in identifying the financial operations of terrorist networks across borders and in detecting their financial backers. The latest international standards emphasise the importance of extending the scope of and the access to the information available to FIUs. That information is currently limited in certain MS by the requirement that a prior suspicious transaction report (STR) has first been made by an obliged entity. FIUs should be able to obtain additional information from obliged entities, and should have access on a timely basis to the financial, administrative and law enforcement information they require to undertake their functions properly even without an existing STR. This will better equip FIUs to collect the necessary information to assess STRs more efficiently and speed up detection of TF and ML activities. The task of further defining the conditions under which such requests for information may be made is left to the MS that also retain the right to adequately set out effective and proportional rules in respect of processing the information received. A FIU must respect rules governing the security and confidentiality of such information, including procedures for handling, storage, dissemination, and protection of as well as access to such information.
Enable FIUs and competent authorities to identify holders of bank and payment accounts
Recital 57 of the 4AMLD encourages MS to put in place systems of banking registries or electronic data retrieval systems which would provide FIUs with access to information on bank accounts. Currently, such mechanisms are or have recently been put in place in a number of MS. However, there is no obligation at EU level to do so. As not all MS have mechanisms in place allowing their FIUs to have timely access to information on the identity of holders of bank and payment accounts, some FIUs are hampered in the detection of criminal and terrorist financial flows at national level. Moreover, the FIUs concerned are also unable to exchange such information with their EU and non-EU counterparts, which complicates cross-border preventative action.
The Commission proposes to require automated centralised mechanisms enabling to swiftly identify holders of bank and payment accounts. This will allow MS to choose between setting up (i) a central registry, containing the necessary data allowing for the identification of holders of bank and payment accounts, and granting their own national FIUs and AML/CFT competent authorities a full and swift access to the information kept in the registry, and (ii) other centralised mechanisms, such as central data retrieval systems, which allow the same objective to be met. This will lead to a faster detection – both nationally and internationally – of suspicious ML/TF transactions, and improve preventive action.
Article 18: ECDD and high-risk third countries
Obliged entities must apply ECDD when dealing with natural or legal entities established in high risk third countries. Article 9 empowers the Commission to identify high-risk third countries that have deficient AML/CFT regimes in place which constitute an important risk for terrorist financing (this was achieved by Commission Delegated Regulation (EU) 2016/1675). However, MS are not at present required to include, in their national regimes, a specific list of ECDD measures and thus, heterogeneous implementation regimes of ECDD towards countries with deficiencies exist. Harmonisation of these measures will avoid or at the least limit the risk of forum-shopping based on how jurisdiction apply more stringent or less stringent regulations towards high-risk third countries. Therefore, the regulatory gaps that could be exploited for ML/TF activities are addressed.
Articles 30-31: collection, storing and access to information on the ultimate beneficial owner(s) of companies, trusts and other types of legal arrangements
Corporate and other legal entities: Understanding the beneficial ownership of companies is at the heart of the risk mitigation of financial crime and prevention strategies for regulated firms. Within the EU framework, this aspect is at the core of a nexus between the preventive regime in the 4AMLD and company law, namely the Directive 2009/101/EC, the EU legal act that lays down the rules on disclosure of company documents. The Commission proposes to amend Directive 2009/101/EC so that MS will be required to ensure compulsory disclosure of some information on beneficial owners firms and legal entities engaging in profit-making activities as laid down in article 54 TFEU.
Trusts and other legal arrangements: The 4AMLD gives competent authorities and FIUs access in a timely manner to beneficial ownership of trusts and other legal arrangements. Obliged entities may have access to the information within the framework of CDD. The beneficial ownership information concerns a wide range of legal arrangements: express trusts specific to common law but also similar entities such as Treuhand, fiducies or fideicomiso and all assimilated legal arrangements such as foundations. Current rules require that, where a trust generates tax consequences, a MS must have in place a register containing the beneficial ownership information. Many of these trusts and similar legal arrangements are involved in commercial activities with a view to making profit like regular companies. Therefore, the same arguments in favour of public access to beneficial ownership information regarding this particular type of trusts remain valid. Non business-type trusts benefit from a different regime concerning privacy.
Corporate structures registered: the current threshold is for shareholding of 25% plus one share or an ownership interest of more than 25%. The Commission proposes to lower to 10% the threshold set out in the 4AMLD in respect of certain limited types of entities which present a specific risk of being used for ML and tax evasion. This would enable better detection of beneficial owner(s) with particular focus on entities that function as intermediary structures, do not create income on their own but mostly channel income from other sources (Passive Non-Financial Entities under Directive 2011/16/EU).
Existing customers: According to article 14(5) a settlor of a trust is identified once CDD is undertaken. The Commission proposes to request a systematic monitoring of beneficial owners of existing customers like trusts, other legal arrangements and legal entities such as foundations.
Place of monitoring and registration of trusts: MS must require that trusts “governed under their law” obtain and hold adequate, accurate and up-to-date information in particular on the trustee and to put in place, at national level, centralised registers of beneficial owners of trusts “which generate tax consequences”. The Commission proposes to clarify that the MS which is concerned by these obligations is that where a trust is “administered”.
The current criteria relating to “governing law” and “generating tax consequences” must be clarified as it might be considered, based on current article 31 that, as long as a MS does not recognise trusts under its law, that MS is not subject to any obligation of monitoring and registration of trusts administered on its territory. This risks creating gaps in registration therefore clarification is needed.
Interconnection of national registers: The 4AMLD stresses the need to ensure a safe and efficient interconnection of national beneficial ownership registers. The Commission must draw up a report by June 2019 to assess the conditions, technical specifications and procedure for ensuring the interconnection. It is of the utmost importance to urgently address the risks that may be presented by cross-border misuse of legal entities and legal arrangements. As such, the Commission proposes to set up a direct interconnection of those registers.
Clarification of existing provisions
It is thought necessary to clarify the term “competent authorities”; to exclude closed loop cards as e-money for 4AMLD purposes; and to achieve consistency with provisions on electronic identification i.e. eIDAS Regulation EU 2014/910.
Current state of play
As of mid-February 2017 the amending Directive has not yet been adopted, even though its text sets out 1 January 2017 as provisional transposition deadline. In fact, it seems it is facing opposition – at least some of its provisions are – from MS such as Austria, Slovenia, Italy and France as regards interconnection of registries, PEPs rules, transposition deadline, etc. More on COREPER conclusions of December 2016 here. In addition, there are some proposed amendments made by the ECB that are likely to make it to the final text and that means more delay in terms of the approval process.
The Directive could, in theory, be adopted before the transposition deadline for the 4AMLD elapses and both implementation deadlines could technically be aligned. However, the lack of political agreement at this stage indicates it may not be the case. More on the legislative procedure here.
And in the UK…
The UK Government has not yet implemented the 4AMLD perhaps hoping for the amending Directive to be adopted soon and with the view of tackling both transpositions simultaneously. Whichever the reasons may be at present there are only a couple of public documents that address the issue. A consultation paper on the implementation of the whole Directive whose responses are still, as of mid-February 2017, being assessed (even though the consultation closed on 10 November 2016) and another consultation titled “Discussion paper” on the implementation of article 30 on beneficial ownership of corporate and other legal entities issued by the Department for Business, Energy and Industrial Strategy in November 2016 (closed in mid-December 2016).
It is somehow perplexing that both documents have to spell out that the UK must implement this [meaning the 4AMLD and its amending Directive when it is adopted] and all EU legislation until such time it ceases to be a EU MS. However, the unequivocal two-liner is a firm statement from the Government and as such is welcome.