The Fourth Money Laundering Directive comes into effect on 26 June 2015. EU Member States are required to implement the Directive into their domestic law within two years. The Directive adopts proposals made by the Financial Action Task Force, published in 2012.

It has been a decade since the passing of the Third Money Laundering Directive. Within that time the regulated financial sector has faced substantial challenges. The speed of technological development and the increase in scrutiny from regulators have placed significant pressure on institutions.

If a firm is currently subject to the Money Laundering Regulations it is unlikely that the transposition of this Directive will demand that the firm make substantial changes to its AML model. There are two reasons for this. First, most of the changes are relatively modest. Second, whilst the Directive does introduce several important developments, many of the provisions are already enshrined in UK law. For example, the Directive expressly includes 'tax crimes' within the definition of 'criminal activity'. Tax evasion has been a predicate offence to money laundering since the coming into force of the Proceeds of Crime Act 2002.

Two aspects of the Directive warrant closer attention: changes to the provisions regarding simplified customer due diligence; and the obligation on Member States to have legal entities (including trusts) obtain and provide adequate and accurate information on their beneficial owners.

Simplified Customer Due Diligence

The Third Directive set out circumstances in which firms were exempted from applying customer due diligence requirements. Those exemptions were relatively prescriptive: they applied to specified categories of customer and financial product (e.g. life insurance policies of relatively low value). The Third Directive also reserved the right for the Commission to set out technical criteria considered indicative of lower risk customers and transactions—see Articles 11(2) and (5) and Article 40 (1)(b). The Fourth Directive removes those prescriptive exemptions and reverses the onus of responsibility, giving Member States and entities the discretion to apply simplified customer due diligence measures to business relationships and transactions deemed to be of low risk.

That discretion is, however, restricted: it must be exercised after consideration is had to a list of specified factors. Those factors are not novel but largely well-established money laundering risk factors. To that extent, the apparent changes to simplified customer due diligence are effectively an extension (and expression) of the existing risk-based model that AML and compliance professionals are tasked to apply.  However, the Directive warns that, "before applying simplified customer due diligence measures, [firms] shall ascertain that the business relationship or the transaction presents a lower degree of risk"—a reminder that firms must assess each transaction independently and in light of all available and material information.

Register of Ultimate Beneficial Interest Holder

The Directive places an obligation on the Member States to ensure that legal entities incorporated within their territory are 'required to obtain and hold adequate, accurate and current information on their beneficial ownership, including the details of the beneficial interest held' (Article 30). The Directive demands that the information can be accessed 'in a timely manner' by the authorities and once obtained be held in a central register. As well as the relevant authorities, information regarding the beneficial owners of companies must be accessible to 'any person or organisation that can demonstrate a legitimate interest'. What constitutes a 'legitimate interest' is not clarified in the text of the Directive, but a press release suggests that an investigative journalist would certainly qualify. Such persons must have access to at least the name, month and year of birth, nationality and county of residence, as well as the nature and extent of the beneficial interest itself.

For the most part these provisions have already been transposed into domestic law. The Small Business, Enterprise and Employment Act 2015 ("the Act"), once in force, will require information, regarding the identity of a company's beneficial owners, to be provided to Companies House (see this WilmerHale W.I.R.E. UK post). As such the information will be publically available. The scope of the Directive, however, is wider than the Act: it applies not just to companies but to all legal entities and express trusts. These provisions appear to have been driven, in part, to counteract the anonymity afforded through offshore companies and the money laundering risks associated with them. One rapporteur commented:

"For years, criminals in Europe have used the anonymity of offshore companies and accounts to obscure their financial dealings. Creating registers of beneficial ownership will help to lift the veil of secrecy of offshore accounts and greatly aid the fight against money laundering and blatant tax evasion."  

Under the Directive Member States can exempt companies and individuals from the requirement to provide information regarding beneficial owners. This, however, must be considered on an ad hoc basis and can only be granted in circumstances where the holder of the beneficial interest would otherwise be exposed to the risk of fraud, kidnapping, blackmail violence or intimidation—Article 30(9). This exemption is already catered for in the Act, which allows for individuals not to be subject to their disclosure obligation where 'special reasons' exist. No further guidance is provided as to the meaning of 'special reasons', but given the text of the Directive it will have to be interpreted narrowly.

Until the draft Regulations are published we will not know the extent to which the UK Government will go beyond the requirements of the Directive. However, it is unlikely that this Directive will give rise to a sea change in the regulatory requirements imposed on financial institutions. Firms must, though, ensure that they have adequate systems in place for the efficient capture and retention of information relating to the holders of beneficial interests; and that when capturing and retaining this information, they apply data protection rules rigorously.