Record keeping, disclosure and compliance

Record-keeping and disclosure requirements

What record-keeping and disclosure requirements apply to companies and relevant individuals under the anti-money laundering, terrorism financing and fraud legislation?

Record keeping Section 8(1) of the Anti-money Laundering Act requires that companies record details collected on:

  • contracting partners;
  • economically entitled parties;
  • business relationships; and
  • transactions.

Section 8(4) provides that these records must be kept for five years. This also applies to other business relationships and transactions. Upon request, companies must be able to provide the authorities with evidence that they took appropriate measures in line with the individual risk of the case.

Disclosure requirements Sections 18 to 26 of the Anti-money Laundering Act provide for the creation of an electronic central register known as the National Register of Beneficial Owners. Section 19 requires that legal persons, registered partnerships, trusts and similar legal structures provide the following information and keep it up to date:

  • the name, date of birth and place of residence of their beneficial owners;
  • the nature and scope of their economic interests;
  • details of other forms of control;
  • the functions of their legal representatives or managing partners; and
  • defined functions in case of certain legal constructions and incorporated foundations.

The agreement on control arrangements must be reported to the National Register of Beneficial Owners. This also involves voting trust agreements, consortium agreements and pool agreements. The aim of the National Register of Beneficial Owners is to be able to identify the economic beneficiaries of a potential contracting partner.

The new Anti-money Laundering Directive provides for cooperation between EU member states to achieve the interconnection of all national registers.

In addition, obliged persons must – in accordance with Section 43 of the Anti-money Laundering Act – disclose a transaction if the financial asset is suspected to derive from a predicate offence under Section 261 of the Criminal Code. The same applies if the transaction is associated with terrorism financing. The disclosure must be made to the Federal Office of Criminal Investigation and the responsible criminal prosecution authority.

Compliance

What internal compliance measures are required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?

According to Section 4 of the Anti-money Laundering Act, obliged persons must implement an effective and proportionate risk management programme that includes risk analysis (Section 5 of the act) and internal safety measures (Section 6). A member of management must be made responsible for the risk management programme. Furthermore, certain types of company are obliged to appoint an anti-money laundering officer. This applies to financial institutions, insurance companies, capital management firms and gambling service providers.

In general, a company should put in place a written policy that prohibits money laundering, terrorism financing and fraud, and that should be communicated throughout the company so that compliance becomes a duty of all employees. Not just the employees should be aware of the compliance standards, though: the compliance of third parties, such as business partners, should be ensured as well. Third parties should furthermore commit to the compliance standards of the company itself. Moreover, the senior management should support the company’s measures to prevent money laundering, terrorism financing and fraud. They should create a ‘tone at the top’ that promotes a compliance culture within the company. In addition, the compliance standards should be regularly reviewed and communicated to all employees of the company – for example, through internal audits or trainings. In case of an act against the compliance standards, the company needs to implement disciplinary measures.  

What customer and business partner due diligence is required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?

Each business relationship or transaction must be assessed individually with regard to the money laundering and terrorist financing risk. Appropriate safety measures must be taken as part of an effective risk management process that determines the level of due diligence. A distinction should be made between simplified and enhanced due diligence measures.

According to Section 14 of the Anti-money Laundering Act, the obliged persons must meet simplified due diligence measures only where the risk of money laundering or terrorism financing is low – for instance, regarding customers, transactions, services or products. In these cases, obliged persons can reduce the scope of measures to meet the general duty of care. However, the obligation to identify a customer under Section 11 of the Anti-money Laundering Act cannot be waived completely. Ultimately, obliged persons must always be able to show the competent authority that the scope of measures taken is appropriate to the risks.

Section 15 of the Anti-money Laundering Act provides that enhanced due diligence must be conducted in high-risk situations. High-risk situations can be assumed if the business partner is a politically exposed person or a person coming from a high-risk country. Major or unusual transactions, or transactions without an economic justification, will also be high risk. The same applies to relationships with respondents from a third country. In cases of enhanced due diligence requirements, the opening and continuation of business relationships need the approval of senior management. The origin of financial assets that are used in business relationships and transactions must be determined. The business relationship must be monitored continuously. Depending on the respondent, the obliged persons must also determine the circumstances of the business relationship, such as the nature of the business, its reputation or its anti-money laundering compliance.

According to the new EU Anti-money Laundering Directive, the obliged persons have to research the national register of beneficial owners to comply with the requirements of an efficient customer or business partner due diligence.