Legally bound persons and entities
Duties of legally bound persons and entities
Duty to file suspicious transaction reports
Record-keeping duties and exchange of information
Relevant supervisory authorities
Financial Intelligence Unit
Offences and penalties
On March 1 2012 the latest amendments to the Anti-money Laundering Code entered into force. The modifications were deemed necessary after the Financial Action Task Force (FATF) identified a number of deficits in the AML Code in its evaluation report of February 19 2010. The last substantial changes to German anti-money laundering (AML) law took place with the implementation of the EU Third Money Laundering Directive (2005/60/EC) and the related EU Directive 2006/70/EC in 2008.
Legally bound persons and entities
As in most jurisdictions, and following the EU Third Money Laundering Directive, German AML legislation covers banks, financial institutions, attorneys, notaries, chartered accountants, patent attorneys, tax advisers, property brokers and casinos. After the scope of application for so-called 'designated non-financial businesses and professions' had been publicly debated for several years, the legislature extended the duties to natural or legal persons trading in goods with the revision of the AML Code in 2008. In the past, the AML Code covered general commerce only in regard to accepting cash. However, the new provisions of 2011 and 2012 strictly enforced the AML duties of dealers in goods, thereby fully integrating the commercial sector into the AML regime.
The latest changes to the AML Code mean that issuers of e-money, e-money agents and persons distributing or repaying e-money are also subject to its provisions and must comply with the AML duties. As in most jurisdictions, e-money issuers and agents (including sales agents) are bound by the AML Code only in relation to tripartite e-money relationships (ie, the issuer and obligor of the e-money must be different persons or entities).
From an international perspective, the German courts take a relatively strict approach to constitutional restraints in regard to the right of criminal defence. In several rulings, the Constitutional Court has restricted the application of the AML rules with regard to attorneys and has partly declared the offence of reckless money laundering inapplicable to criminal defence lawyers who act within their usual scope of business.
Among other things, lending, leasing and factoring are considered to be banking businesses if performed on an industrial scale, and therefore require full compliance with the AML rules.
Duties of legally bound persons and entities
The duties of legally bound persons under the AML legislation are, due to Germany's EU membership, identical with most other European countries.
General customer due diligence measures
In the first instance, the AML Code requires general customer due diligence. These measures involve:
- identifying the customer and verifying the customer's identity;
- obtaining information on the purpose and intended nature of the business relationship;
- clarifying whether the contracting party is acting for a beneficial owner and, where applicable, identifying the beneficial owner and verifying the data though a risk-based approach; and
- conducting ongoing monitoring of the business relationship and ensuring that the documents, data or information held are kept up to date.
The requirements regarding the identification of the customer and the ultimate beneficiary of a transaction/business relationship, and the verification of their identities, are laid down in Sections 3 and following of the AML Code.
The identification and verification duty generally exists when:
- establishing a business relationship;
- carrying out occasional transactions amounting to €15,000 or more (whether the transaction is carried out in a single operation or in several operations which appear to be linked);
- there is a suspicion of money laundering or terrorist financing, regardless of any derogation, exemption or threshold; or
- there are doubts about the veracity or adequacy of previously obtained customer identification data.
Dealers in goods must identify their customers only in the latter two scenarios and when accepting cash in an amount of €15,000 or more. Furthermore, there is no identification duty if the legally bound person or entity has previously identified the customer and the ultimate beneficiary and may legitimately assume that the information is still valid (Section 4(2) of the AML Code).
Under the current AML regime, the identification of ultimate ownership is required for all legal entities, including trusts or investment funds – that is, all shareholders which own or control – directly or indirectly – more than 25% of the shares in the respective entity must be identified. With the latest revision of the AML Code, the definition of 'beneficial owner' has been extended to persons that otherwise exercise control over the management, administration or distribution of a fund's assets. In brief, the AML Code defines 'control' of a legal entity largely in line with International Financial Reporting Standards. As in most European jurisdictions, public registers that show the ownership structure of legal entities are not available in Germany.
Legally bound persons or entities are allowed to rely on documents and other reliable sources for identification purposes and must apply risk-appropriate measures for the verification of customers' identities (Section 4(5)). This point has long been debated in the legislative process. The final outcome is that, under the AML Code, an obligor need not necessarily obtain full documentation from any ultimate third-party beneficiaries, but must assess, under a risk-based approach, whether the information obtained on the ultimate beneficiary can be relied upon without proper documentation.
Simplified due diligence measures
The customer due diligence measures may be simplified in cases with low or no risk of money laundering or terrorist financing with regard to the relevant customers or products. However, the AML Code defines a minimum scope of due diligence measures that must still be applied. These are the identification duty and the duty to conduct ongoing monitoring of the business relationship.
Low-risk cases are exhaustively enumerated in Section 5(2) of the AML Code and include cases where the customer is:
- a credit or financial institution covered by the EU Third Money Laundering Directive;
- a credit or financial institution situated in a third country which imposes equivalent AML requirements;
- a listed company whose securities are admitted to trading on a regulated market; or
- a beneficial owner of pooled accounts held by notaries and other independent legal professionals – provided that the information on the identity of the beneficial owner is available, on request, to the institutions that act as depositary institutions for the pooled account.
While several other exemptions apply for banks and financial service providers, there is no specific law or any administrational practice in place which covers evidently low-risk products in the commercial sector. There is also no de minimis threshold provided for in the AML Code and its ancillary regulations.
However, the legally bound person must still apply a risk-based approach when assessing the appropriate due diligence measures. Thus, contrary to the legal provisions in place before the revision of the AML Code, the fact that a customer or product is listed in Section 5(2) does not automatically indicate a low risk of money laundering or terrorist financing.
Enhanced due diligence measures
In line with the EU Third Money Laundering Directive, the AML Code further requires enhanced due diligence measures in several cases.
Legally bound persons or entities must conduct enhanced due diligence measures if the customer or ultimate beneficiary is a politically exposed person (Section 6(2), No 2). Principally, these enhanced duties apply regardless of whether the politically exposed person is a foreigner or a German national. However, in case of national politically exposed persons and members of the European Parliament, general duties of care will suffice if there are no particular risks of money laundering (risk-based approach). A business relationship with a politically exposed person may be entered into only with a senior manager's approval. While the banking industry has developed extensive IT-based identification measures, such tools are yet to become popular among smaller and medium-sized enterprises. Whether the Commercial Supervision Authority will apply the same standards of diligence (ie, requiring non-financial businesses to make use of IT-based identification systems) remains to be seen.
Enhanced due diligence measures also apply:
- if the contracting party is not physically present for identification purposes; and
- in case of an order of the competent authority regarding transactions which involve non-cooperative third states.
Furthermore, the new draft code introduces particular duties of care regarding all unusual or dubious transactions (Section 6(2), No 3). This goes beyond the general duty to verify the identity of the customer or ultimate beneficiary in case of doubts concerning its identity (Section 3(2)1, No 4).
Internal procedures and measures
In order to monitor money-laundering risks and prevent money laundering, legally bound persons and entities must establish respective internal procedures and measures.
According to Section 9(2), No 2 of the AML Code, this comprises the development and application of:
- internal principles to prevent money laundering and terrorist financing; and
- adequate control systems.
Furthermore, some financial undertakings and casinos must appoint a money-laundering officer and a deputy (Section 9(2), No 1). Law firms, accountants, tax advisers and the commercial sector must appoint a money-laundering officer only if the competent authority orders them to do so. Such order generally lies in the discretion of the competent authority, which must consider the risk exposure to money laundering of a legally bound person or entity due to its size or business model. For dealers in precious goods, by contrast, the AML Code provides that the authority "shall" order the appointment of a money-laundering officer, thereby removing its discretion altogether. 'Precious goods' in this regard are precious metals such as gold, silver and platinum, precious stones, jewellery and watches, works of art and antiques, motor vehicles, ships, motor boats and aircraft. This list is not exhaustive.
Initially, the draft revision of the AML Code provided that the non-financial sector had to appoint a money-laundering officer only if the relevant company consisted of more than nine professionals. Following severe criticism from the industry, however, the legislature agreed on the simplified regime for all obligors that do not deal in precious goods. This solution has caused some degree of uncertainty with the regulators, which need to set up common practices on how to deal with the requirement for the appointment of a money-laundering officer outside the specially targeted industry.
The money-laundering officer must be subordinated to the management of the obligor and equipped with all rights and powers necessary to exercise his or her obligations (eg, information rights and the right to access all relevant data, records and systems). There is now a debate within the non-financial industry as to whether the position of the money-laundering officer needs to be remote from the 'front business units', as in the financial industry. While administrative procedures within the financial sector make it clear that the position of the money-laundering officer must be attached to a control or supervisory function, several industries have questioned the effectiveness of these structures of the financial industry.
Finally, the legally bound persons or entities must train their employees on money-laundering typologies and duties according to German law (Section 9(2), No 3), and monitor the trustworthiness of their employees ("Know your Employee", Section 9(2), No 4).
Duty to file suspicious transaction reports
Section 11 of the AML Code provides for a duty to file suspicious transaction reports with the respective criminal authority and the Financial Intelligence Unit (FIU) (see below). A report must be filed when there are facts which indicate that the relevant funds derive from money laundering. Accordingly, the suspicion need not be strong to trigger reporting duties. The legally bound person or entity must not tip off the customer or ultimate beneficiary of a suspicious transaction report (Section 12(1) of the AML Code).
Where a suspicious transaction has been reported, the legally bound person is allowed to execute the transaction if the FIU or the prosecutor does not forbid the transaction within two business days (Section 11(1a)). While this solution makes sense in some situations (eg, wire transfers), the provision is not helpful in the case of spot sales. As the AML Code provides for an exemption under which an obligor may execute a transaction – notwithstanding a suspicion – if a delay would make the transaction impossible (Section 11(1a), No 2), it is expected that most non-financial businesses and professions will take advantage this.
Record-keeping duties and exchange of information
Data collected for customer due diligence purposes must be recorded and retained for at least five years (Section 8), counted from the end of each calendar year.
Cases which have received wide publicity have shown that the use of 'terror lists', as well as the use of other data for screening and scoring systems, has come under pressure from data protection stakeholders. Therefore, the exchange of information between financial institutions and authorities is permitted only in exceptional cases (Section 12). Furthermore, cooperation between public authorities and between national and European authorities has increased since the latest amendments to the AML Code in 2011. Legally bound persons in the commercial sector, however, are not allowed to exchange information that has been collected in connection with AML duties. This has led to unreasonable results – for instance, car manufacturers are not allowed to obtain data on their customers, even if the car manufacturer is owned by a financial institution. It remains to be seen how different stakeholders will rationalise the handling of necessary exchange of data in the future.
Relevant supervisory authorities
The Federal Agency for Financial Market Supervision is the competent authority for the financial sector. The respective local bar associations, which also act as intermediaries between attorneys and the FIU, are responsible for professional oversight of attorneys (Section 62 of the Bar Law). The Federal Bar Association has issued rules of conduct for attorneys on its website. Patent attorneys are subject to oversight exercised by the Federal Patent Attorneys Association (Section 16(2), No 5 of the AML Code in connection with Section 54 of the Patent Attorneys Act), while notaries are subject to oversight by the president of the high court in the respective district (Sections 92 and following of the Federal Notary Act).
As far as other legally bound persons and entities (eg, property brokers, casinos and business people) are concerned, the relevant authority under state or federal law is also competent for the supervision of duties under German AML legislation. Due to a strict federalist set-up for the supervision of general commerce, the respective authority differs from state to state. While at the time of writing most states have determined which authorities have been tasked with AML supervision, some remaining states have not.
The FIU was established in August 2002 and is attached to the Federal Office of Criminal Investigation. The role of the FIU is non-investigatory, as federal police have limited powers in Germany. The FIU's tasks are limited to:
- processing data for statistical purposes;
- providing support to legally bound persons and entities in fulfilling their duties under the AML regime; and
- advising on new trends and typologies of money laundering and terrorist financing.
The FIU issues annual reports on the latest money-laundering statistics and trends in Germany, which are publicly available on its website. Suspicious activity reporting in Germany (reporting forms can be found on the Federal Criminal Police Office's website) is to be directed to the respective criminal prosecution authorities. The states have formed special units at their state police offices. A copy of the suspicious activity report must be sent to the FIU.
Unlike in many other jurisdictions, since the beginning of 2008, German law provides that the offence of tax circumvention constitutes a predicate money-laundering offence, if committed "on a commercial scale" or by a "member of a criminal gang" (see Section 261(1)2, No 4(b) of the Criminal Code in connection with Section 370 of the General Tax Law). Such a predicate offence is covered by the 'all-crimes-approach' of the EU Third Money Laundering Directive and the revised FATF 40 recommendations (2003). However, the scope of the predicate offence differs from jurisdiction to jurisdiction and thus may cause misunderstandings in the industry. Unlike, for instance, the legal position in Switzerland and Liechtenstein, tax circumvention in Germany (as defined by Section 370 of the General Tax Law) does not necessarily require the falsification of documents: it can also be accomplished by (recklessly) providing wrong or incomplete information to the tax authorities, which can lead to an objectively incorrect taxation. The new predicate offence is expected to trigger numerous practical problems for banks, especially in relation to general tax consultation and private wealth management matters.
Since 2011, insider trading and market manipulation, as well as counterfeiting and piracy of products, are also considered as predicate money-laundering offences. Through this change, Germany sought to comply with the FATF standards, following criticism in the 2010 FATF evaluation report.
A person convicted of concealment and laundering of assets of unlawful origin may be punished by imprisonment for between three months and five years. In cases involving money laundering on a commercial scale or involving a member of a criminal gang, the prison sentence may be for up to 10 years. Reckless commission of the offence is punishable, as is attempted commission. Convictions on charges of money laundering necessarily result in confiscation of the assets concerned.
The compliance or money-laundering officer who is responsible for the prevention of money laundering may commit the offence of money laundering by omission if he or she does not fulfil his or her prevention duties properly.
Beside penalties under criminal law, the AML Code further provides for administrative fines for natural and legal persons bound by the AML Code. Since legal entities – due to longstanding criminal law principles of guilt and responsibility – are not subject to criminal fines, prosecutors usually make use of the laws on administrative offences to impose monetary fines on legal entities. This applies to both financial and non-financial entities.
Non-compliance with the due diligence obligations under the AML Code is punished as an administrative offence. Under the revised code, fines have been raised from a maximum of €50,000 to a maximum of €100,000. Such high fines could lead to severe financial difficulties, especially for small and mid-sized enterprises.
The new rules for non-financial businesses are largely identified to those for the primarily regulated financial industry. While some inconsistencies deriving from an analogous application of the rules for non-financial businesses could be removed from the AML Code during the legislative process, there is still considerable uncertainty over several legal and practical issues. Therefore, non-financial businesses and professions are awaiting interpretative notes and practical advice from their supervisory authorities. German law obliges the supervisory authorities to assist the non-financial sector thus soon (Section 16(5)). It remains to be seen whether such practical help will resolve inconsistencies between financial and non-financial sector AML compliance.
For further information on this topic please contact Joachim Kaetzler or Sabrina Salewski at CMS Hasche Sigle by telephone (+49 40 37 63 00), fax (+49 40 37 63 040 600) or email ([email protected] or [email protected]).