In the wake of several high-profile money laundering scandals involving European banks, the Council of the European Union recently adopted a new anti-money laundering initiative.1 The Sixth Directive on Combating Money Laundering by Criminal Law drastically expands potential penalties. Given the breadth of this initiative, companies should consider (1) whether the expanded penalties apply to them, (2) the amount of potential liability they face, and (3) how to modify existing anti-money laundering compliance programs to minimize their exposure.
The most significant changes to the EU’s prior Directives on anti-money laundering include:
- Establishing a standard definition of money laundering which criminalizes some conduct not currently illegal in all European Union Member States — namely, self-laundering, where the same entity that committed the predicate crime tries to disguise the funds’ source.2
- Enumerating twenty-two predicate crimes, including cybercrimes, fraud, insider trading, terrorism, tax crimes, environmental crimes, and corruption.3
- Companies and other legal entities may be held liable for individuals’ behavior when the individual has the power to represent the entity, authority to make decisions on behalf of the entity, or authority to exercise control within the entity.4
- Companies and other legal entities can be held independently liable for a failure to supervise or control individuals with the power to represent the entity, authority to make decisions on behalf of the entity, or authority to exercise control within the entity.5
- For cross-border cases, establishing information-sharing practices and a method for prioritizing which Member State has jurisdiction over a case.6
Perhaps most significantly, the Directive substantially increases penalties. As a baseline:
- Individuals convicted of money laundering face up to four years’ imprisonment.7
- Penalties for companies and other legal entities may include (1) exclusion from public benefits or aid; (2) exclusion from access to public funding, including tender procedures, grants, and concessions; (3) disqualification from practicing commercial activities; (4) judicial supervision; (5) a judicial winding-up order; and (6) closure of the establishments used to commit the offense.8
All of that is in addition to the previous penalties, including disgorgement of ill-gotten proceeds and instrumentalities used to commit the offense.
Moreover, the Directive establishes certain aggravating factors, including a mandatory aggravating factor when the offender is a person or entity subject to anti-money laundering reporting and due diligence requirements and the offense occurs in the course of professional activities. Because organizations routinely rely on legal and financial professionals to engage in certain transactions on their behalf, they may find themselves unexpectedly facing higher penalties when those individuals go rogue.
The Directive also establishes discretionary aggravating factors when the laundered property is of considerable value or derived from certain offenses, including corruption — an area where the penalties are already significant.10
Once the Directive is published in the EU’s official journal, Member States will have up to two years to incorporate the Directive into existing law. Companies should keep an eye on Member States’ incorporation of the Directive into national law wherever they have locations or agents, or do business.
As Member States codify the Directive into law, companies should consider supplementing current compliance efforts with additional trainings and internal controls directed at professionals who represent the entity, have authority to make decisions on behalf of the entity, or have authority to exercise control within the entity. In addition to the traditional focus on “know your customer” protocols, compliance programs should also address best-methods for supervising these individuals.