THE 4TH ANTI MONEY LAUNDERING DIRECTIVE AND ITS PROPOSED CHANGES, presentation given by Theodora Taoushanis

6 May 2016

  1. INTRODUCTION

    Money laundering, organised crime and terrorism financing still remain significant problems that jeopardise the soundness, integrity and stability of credit and financial institutions.

    Money launderers, criminals and their associates try to disguise the origins of criminal proceeds, or to channel lawful, or illicit money for terrorist purposes.

    Terrorist organisations and individual terrorists need financing in order to maintain their networks, to recruit and supply and to commit terrorist acts.

    Therefore, the aim of the European Union is:

    • to make it hard
      • for money launderers and criminals to launder their proceeds,
      • for terrorists to obtain sources of finance,
      • for all the above to escape detection when laundering or using these funds.
    • to make a powerful contribution to the fight against terrorism.

    In view of the above, the European Union drafted the 4th AML directive on the 26th of June 2015, which Member states will have until the 26th of June 2017 to implement into national law.

    This presentation will handle the following matters:

    • To whom the Directive applies
    • What are the key proposed changes
    • Analysis of the changes
    • Summing up
  2. TO WHOM THE DIRECTIVE APPLIES

    The Directive shall apply:

    • (i) to credit institutions (banks) and financial institutions (insurance undertakings, investment firms, insurance intermediaries)
    • (ii) to the following natural or legal persons in the exercise of their professional activities:
      (a) auditors, external accountants and tax advisors
      (b) notaries and other independent legal professionals where they participate, whether by acting on behalf of and for their client, in any financial or real estate transaction, or by assisting in the planning or carrying out of transactions for their client concerning the:
      • buying and selling of real property or business entities
      • managing of client money, securities, assets
      • opening/managing of bank accounts
      • organisation of contributions necessary for the creation/ operation/management of companies
      • creation/operation/management of trusts, companies, foundations or other similar structures
      (c) trust or company service providers not already covered under (a) or (b)1
      (d) estate agents
      (e) other persons trading in goods to the extent that payments are made or received in cash in an amount of euro 10000 or more, whether the transaction is carried out in a single operation or more
      (f) providers of gambling services.
  3. KEY PROPOSED CHANGES
    • Keeping of Register of Beneficial Owners
    • Simplified Due Diligence
    • Enchanced Due Diligence
    • Risk Assessments
    • Politically Exposed Persons
    • Senior Management Responsibility
    • Tax crimes
    • Sanctions
  4. ANALYSIS OF THE CHANGES
    1. Keeping of Register of Beneficial Owners
      (a) Who is a Beneficial Owner (BO)2 [Article 3(6)]

      A BO means any natural person who ultimately owns or controls the customer and/or the natural person on whose behalf a transaction or activity is being conducted.

      There is a distinction in the definition between a corporate entity and a trust:

      In the case of a corporate entity a beneficial owner means:

      The natural person who ultimately owns or controls a legal entity (other than a listed entity subject to disclosure requirements consistent with Union law or subject to equivalent international standards ensuring transparency) through a direct or indirect percentage of shares or voting rights or ownership interest (25% is considered an indication of indirect ownership).

      In the case of a trust, a beneficial owner means:

      The settlor, the trustee, the protector, the beneficiaries, natural persons exercising ultimate control over the trust.

      (b) Central Register for beneficial owners of Corporate Entities

      The new Directive provides that the information on the beneficial ownership of corporate entities3 , which should be adequate, accurate and current, is kept in a Central Register which will be accessible to:

      a. Competent Authorities and Financial Intelligence Units (FIUs)
      b. Obliged Entities within the framework of their carrying out their customer due diligence
      c. Any person or organisation that can demonstrate a legitimate interest.

      The Central Register shall ensure timely and unrestricted access by Competent Authorities and FIUs without alerting the entity concerned. Timely access should be allowed to Obliged Entities when they take out the customer due diligence.

      The access to the Register of persons or organisations demonstrating a legitimate interest will consist of a minimum of name, month and year of birth, nationality and country of residence of beneficial owner and nature and extent of the beneficial interest.

      Member states may provide for an exemption of access to Obliged Entities or persons or organisations demonstrating a legitimate interest, in the event where access would expose the beneficial owner to the risks of fraud, kidnapping, blackmail, violence or if the beneficial owner is a minor.

      (c) Central Register for beneficial owners of Trusts

      The new Directive provides4 that the trustees hold adequate and accurate and up to date information on the beneficial ownership in relation to trusts (settlor, trustee, protector, beneficiaries, natural persons exercising ultimate control over the trust) and this information should be made available to Obliged Entities when entering into a business relationship or carrying out an occasional transaction.

      The Directive imposes a requirement for the information to be kept in a central register when the trust generates tax consequences.

      The Central Register shall ensure timely and unrestricted access by Competent Authorities and FIUs without alerting the entity concerned. Timely access should be allowed to Obliged Entities when they take out the customer due diligence.

    2. Customer Simplified Due Diligence (SDD)5

      Up to now, the procedure is that Obliged Entities are permitted to apply SDD where a customer falls into a certain category, for example, if it is a bank or a financial institution listed on a regulated market.

      The 4th Directive has now removed this automatic entitlement to apply SDD for specified customers and requires Obliged Entities to determine the level of risk posed by the customer prior to applying SDD and to provide rationale and justification to their regulators if SDD is deemed appropriate.

      Therefore, every time that Obliged Entities will decide to apply SDD they must be in a position to show that the business relationship or the transaction presents a lower degree of risk of money laundering occurring.

      The potentially relevant risk factors, as set out in Annex II of the Directive include:

      • Customer risk factors, such as listed public companies subject to disclosure requirements, public administrations or enterprises.
      • Product, service, transaction or delivery channel risk factors, such as life insurance policies with a low premium, financial products or services that appropriately define and limit services to certain types of customers and products, where the risks of money laundering and terrorist financing are managed by other factors, such as purse limits or transparency of ownership.
      • Geographical risk factors, such as EU Member States, third countries with effective AML systems or third countries with a low level of corruption or other criminal activity.

      Article 17 of the Directive provides that guidelines on the risk factors will be issued by the European Supervisory Authorities to competent authorities, credit institutions and financial institutions.

    3. Customer Enhanced Due Diligence (EDD)6

      The 4th Directive has broadened the scope of EDD and Obliged Entities are now required to undertake EDD when dealing with companies in designated ‘’high risk’’ countries, in order to both manage and mitigate such risks.

      This includes the examining of ‘the background and purpose of all complex and unusually large transactions, and all unusual patterns of transactions, which have no apparent economic or lawful purpose7 .

      When assessing the risks of money laundering and terrorist financing, Member states and Obliged Entities are required to take into account, at least, the factors of potentially high risk situations as set out in Annex III of the Directive.

      • Customer risk factors, such as whether the business relationship is conducted in unusual circumstances, if customers are resident in an area which is considered geographically high risk, ownership structures appear unusual etc
      • Product, service, transaction or delivery channel risk factors, such as private banking, products or transactions that might favour anonymity, non-face-to-face transactions, payments received from unknown or non associated parties etc
      • Geographical risk factors, such as countries without effective AML systems or countries with significant levels of corruption or other criminal activity, countries subject to sanctions, embargos, countries providing funding or support for terrorist activities or have terrorist organisations operating within their country etc.

      The Directive provides that guidelines on the risk factors will be issued by the European Supervisory Authorities to competent authorities, credit institutions and financial institutions.

    4. Risk Assessments8

      The 4th Directive provides for three kinds of risk assessments:

      An assessment at the level of the Commission on the risks of money laundering and terrorist financing affecting the internal market and relating to cross border activities which should be updated every two years.

      An assessment at the level of the particular EU country. The Member State in preparing its country assessment shall make use of the findings of the Commission’s assessment report.

      An assessment at the level of the Obliged Entity.

      Member states shall make the results of their risk assessments available to the Commission, to the European Supervisory Authority and to other Member states.

    5. Politically Exposed Persons (PEPs)

      Obliged Entities (currently called “Designated Persons”) of a Member country are, under the current directive, required to satisfy themselves as to whether a customer or a beneficial owner of a customer is a politically exposed person, or a close associate or family member of a PEP. Where a Designated Person discovers a prospective or existing customer is a PEP, it is obligatory to apply enhanced customer due diligence approach to the identification and verification of the identity of that customer. Under the current directive, PEPs are defined as persons residing in a place outside of the particular Member country (foreign PEP).

      The 4th Directive proposes to extend the scope of the PEP regime by including citizens holding prominent positions in their home country, such as politicians, the judiciary, members of the boards of central banks, members of Parliament, Heads of State and senior members of the armed services. In other words, domestic PEPS as well as their family members, parents, spouses (or equivalent partners), children and their spouses or partners are to be treated as being PEPs under the new directive.

      For allowing an establishment or a continuing business relationship with a PEP, Obliged Entities must obtain senior management approval and take adequate measures to establish the source of wealth and funds.

      The new Directive provides that when a PEP is no longer entrusted with a prominent public function, the Obliged Entities must, for at least 12 months, consider the continuing risk posed by that person and apply appropriate and risk sensitive measures until such time as that person is deemed to pose no further risk specific to politically exposed persons.9

    6. Senior Management Responsibility10

      Obliged Entities will need to obtain approval from their senior management for the policies, controls and procedures that they put in place and to monitor and enhance the measures taken, where appropriate.

      The term senior management is defined in the Directive as ‘an officer or employee with sufficient knowledge of the institution’s money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting the risk exposure, and need not, in all cases, be a member of the board of directors’. The language of the Directive, thus, provides a strong indication that it is preferable to entrust this task to someone at board level.11

    7. Tax Crimes12

      The Directive defines what criminal activity means and includes, apart from drug offences, corruption and activities of criminal organisations, tax crimes as well.

      Although tax crimes have been predicate offences for some countries in Europe, this has not been the case with many other jurisdictions.

      The Directive adds tax evasion and other serious fiscal offences to the list of predicate offences. It includes tax crimes relating to direct and indirect taxes and as defined in the national law of the Member States, which are punishable by deprivation of liberty or a detention order for a maximum of more than one year or, as regards Member States that have a minimum threshold for offences in their legal system, all offences punishable by deprivation of liberty or a detention order for a minimum of more than six months.

    8. Sanctions13

      The current Directive (3rd AML Directive) did not define minimum penalties and required the Member States to ensure that appropriate administrative measures or penalties could be imposed on credit and financial institutions that would be effective, proportionate and dissuasive. The sanctions were mainly focused on credit and financial institutions.

      The 4th AML Directive sets out the penalties that apply to breaches by Obliged Entities, which are serious, repeated, and/or systematic in the areas of customer due diligence, suspicious transactions reporting, record keeping and internal controls.

      Administrative penalties for breaches by natural or legal persons include public reprimand, cease and desist from conduct, suspension of authorisation, temporary ban from managerial functions and maximum pecuniary sanctions of at least twice the amount of the benefit derived from the breach or at least Euro 1 million.

      For breaches concerning a credit or a financial institution, the pecuniary penalties for a legal person are at least Euro 5 million or 10% of the total annual turnover and at least Euro 5 million for a natural person.

      Sanction can be imposed not only against the Obliged Entities but also against members of the management of the Obliged Entities or any other individual who is responsible for the breach.

  5. SUMMING UP

    I have tried in this presentation to concentrate on the main changes proposed by the 4th AML Directive, which has to be implemented into national law by Member States by the 26th June 2017, though, following the last terrorist attacks in Europe, there is some discussion for bringing forward the date of transposition and entry into application by the end of 2016.

    Obliged Entities, like ourselves, should ensure that we are prepared for the changes, we are sufficiently resourced to effectively implement the measures required, have measures in place to train staff, update policies and procedures and implement new controls.

    The aim of the 4th AML Directive, as I said in the beginning of this presentation, is to make it hard for money launderers and criminals to launder their proceeds, for terrorists to obtain sources of finance, for all the above to escape detection when laundering or using these funds and to make a powerful contribution to the fight against terrorism.

    Whether this aim will be achieved and to what extent remains to be seen. One thing is, however, certain at least: the fight against terrorism concerns all of us. Yesterday it was France and Belgium tomorrow it may be England and Germany. Each one of us should be compliant to the Directive and act responsibly.

  • 1Trust or company service provider means any person that, by way of its business, provides any of the following services to third parties:
    (a) the formation of companies or other legal persons (b) acting or arranging of another person to act as director, secretary of a company, partner of a partnership, or similar position (c) providing of a registered office, business address, correspondence or administering address and other related services for a company, partnership or other legal person or arrangement (d) acting or arranging of another person to act as trustee (e) acting or arranging of another person to act as nominee shareholder (with an exception for listed companies on a regulated market being subject to disclosure)
  • 2Article 3 (6)
  • 3Article 30
  • 4Article 31
  • 5Article 15,16
  • 6Articles 18 to 24
  • 7Articles 18 (2)
  • 8Articles 6, 7 and 8
  • 9Article 22
  • 10Article 8
  • 11Article 2 (12)
  • 12Article 3 (4)
  • 13Article 58 to 62

Back to top