Funds and asset managers take note: the Fourth Money Laundering Directive (“MLD4”) has finally been agreed and will come into effect no later than June 2017. This directive amends the EU’s existing anti-money laundering (“AML”) and counter terrorist financing (“CTF”) legislation in several respects. Some of these amendments will present particular challenges for funds and asset managers.
The EU’s existing AML/CTF framework is set out in the Third Money Laundering Directive (“MLD3”) and is based on the Recommendations of the Financial Action Task Force (“FATF”) which is the foremost international body in the fight against money laundering and terrorist financing.
In 2012, the FATF revised its Recommendations by clarifying and strengthening many existing obligations, in particular those relating to higher risk situations. MLD4 incorporates these revisions into EU law. It also seeks to promote consistency and clarity in EU Member States’ national AML rules and to ensure that those rules are adjusted to meet new threats.
MLD4 introduces a stronger risk-based approach to combatting money laundering and terrorist financing. It also extends the scope of the EU’s AML/CTF framework to cover traders in goods to the extent that they make or receive cash payments in excess of €10,000 (currently the threshold is €15,000) as well as providers of gambling services. In addition, MLD4 strengthens customer due diligence (“CDD”) requirements, including those relating to politically exposed persons (“PEPs”). It also provides increased clarity around the issue of beneficial ownership, and, significantly, obliges Member States to maintain central registers listing information on the beneficial owners of corporate and other legal entities. Other changes affect the issues of data privacy, enforcement and sanctions.
Implications for Funds and Asset Managers
A number of the changes introduced by MLD4 are likely to have implications for funds and asset managers, in particular: the increased focus on the risk-based approach; the removal of automatic exemptions; amendments to the rules on reliance on third parties; and the provisions regarding beneficial ownership.
The Risk-based approach
MLD4 puts the risk-based approach at the centre of AML/CTF measures. This means that entities falling within its scope (“Obliged Entities”), including funds, must carry out a risk assessment for the purpose of: identifying the existence of a risk; assessing that risk; and developing strategies to manage and mitigate it. While carrying out such an assessment is already best practice, MLD4 places it on a firm statutory basis. In particular it explicitly requires Obliged Entities to carry out a risk assessment, to document that assessment, keep it up-to-date and to make it available to the competent authorities. Obliged Entities must have in place policies, controls and procedures to mitigate and manage effectively the risks of money-laundering and terrorist financing both at the level of the entity and also at EU and Member State level.
Removal of automatic derogations
MLD3 contains a number of automatic derogations from the CDD requirements, such as for other credit/financial institutions and listed companies whose securities are admitted to trading on a regulated market. MLD4 does not provide for these types of derogations: in each case a decision to apply simplified CDD must be based on a risk assessment of the relevant situation.
This is likely to have implications for the treatment of intermediary or nominee accounts. In particular it will no longer be possible to automatically apply simplified due diligence to regulated nominees.
Reliance on third parties
MLD4 permits Obliged Entities to rely on third parties to meet certain CDD requirements, although ultimate responsibility for compliance rests with the Obliged Entity. In the case of third parties situated in a non EU Member State, the third party must likewise apply CDD and record-keeping requirements that are consistent with those laid down in MLD4. While this is consistent with the approach adopted in the existing legislation, asset managers will need to ascertain that the third parties with whom they currently have relationships also meet the amended requirements.
In addition, it is noteworthy that while MLD4 specifically prohibits Obliged Entities from relying on third parties established in high-risk third countries, it also provides that Member States may exempt branches and majority-owned subsidiaries from this prohibition, where they fully comply with group-wide policies and procedures. MLD4 stipulates that it is the responsibility of the Obliged Entity to ensure that it obtains the necessary information concerning CDD requirements from the third party, and that it takes adequate steps to ensure that the third party provides immediately, upon request, relevant copies of identification and verification data and other relevant documentation on the customer’s identity.
MLD4 also clarifies that the rules relating to third party performance do not apply to outsourcing or agency relationships where, on the basis of a contractual arrangement, the outsourcing service provider or agent is to be regarded as part of the Obliged Entity.
Like MLD3, MLD4 defines ownership in terms of ownership or control of the customer and/or the natural person on whose behalf a transaction or activity is being conducted. However in the case of corporate entities, MLD4 clarifies what constitutes an indication of “indirect ownership.” Specifically, it provides that where a natural person controls a corporate entity which holds a shareholding of 25% plus one share or an ownership interest of more than 25% in the customer, this will be an indication of indirect ownership. This will also be the case where the shareholding or ownership interest is held by multiple corporate entities which are under the control of the same natural person. MLD4 also expands on the definition of beneficial ownership in the case of trusts.
MLD4 seeks to promote transparency over beneficial ownership and for this purpose it requires Member States to ensure that corporate and other legal entities incorporated within their territory obtain and hold adequate, accurate and current information on their beneficial ownership, including details of the beneficial interests held. In addition, information on beneficial ownership must be stored in a central register.
Member States must require trustees of any express trust to obtain and hold adequate and up-to-date information on beneficial ownership regarding the trust. They must also require this information to be held in a central register when the trust generates tax consequences. Moreover, trustees must provide beneficial ownership information to Obliged Entities in a timely manner, within the framework of the CDD requirements.
The beneficial ownership requirements are likely to pose particular challenges for funds and asset managers. Specifically, the requirement to hold adequate, accurate and current information on beneficial ownership is likely to prove extremely difficult in a funds context, particularly in the case of nominee accounts, which pool together several investor accounts.
Member States must bring into force the laws, regulations and administrative provisions necessary to comply with MLD4 by 26 June 2017. As MLD4 is a minimum harmonisation directive, Member States remain free to impose stricter requirements than those specified in that directive. In addition, given the evolving nature of AML/ CTF risks, it is clear from MLD4 that Member States are expected to engage with Obliged Entities on an on-going basis regarding the risks posed, including by issuing appropriate rules and making appropriate information available.
MLD4 provides for the adoption of delegated acts and technical standards by the European Commission. The European Supervisory Authorities are required to jointly produce guidelines in certain areas and it is generally acknowledged that the greater emphasis placed on the risk-based approach under MLD4 means there is more need for guidance for national authorities and Obliged Entities.