Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.
Record keeping, disclosure and compliance
Record-keeping and disclosure requirements
What record-keeping and disclosure requirements apply to companies and relevant individuals under the anti-money laundering, terrorism financing and fraud legislation?
Record-keeping requirementsThe institutions and persons listed in Article L 561-2 of the Monetary and Financial Code (covered institutions and persons) have an obligation to maintain all documents and information about their customers for five years from the closure of the account or the termination of their business relationship (Article L 561-12 of the Monetary and Financial Code). They must also maintain all documents and information about transactions carried out by their customers for five years from their execution.
Disclosure requirementsCovered institutions and persons must report without delay the funds recorded on their books or transactions that they know, suspect or have good reason to suspect to be the result of an offence that carries an imprisonment sentence of more than one year or that relate to terrorism or tax evasion to the Financial Investigation Unit of the Ministry for the Economy and Finance (Tracfin) (Article L 561-15 of the Monetary and Financial Code). They must also report any information that could invalidate or modify the initially reported information.
There is also an obligation to systematically report covered institutions and persons regarding large cash or electronic currency transfer transactions (amounts exceeding €1,000 or €2,000 per customer over one calendar month) to Tracfin (Article D 561-31-1 of the Monetary and Financial Code). A similar obligation is applicable to cash payments or withdrawals to or from a deposit or payment account exceeding €10,000 over one calendar month.
Financial institutions are also required to automatically report on transactions presenting a high risk of money laundering or terrorism financing due to the country to or from which the funds are transferred, the nature of the transaction or scheme surrounding it (Article L 561-15-1 of the Monetary and Financial Code).
For tax fraud, platforms must provide:
- honest, clear and transparent information on the tax and social obligations of the users carrying out transactions; and
- an electronic link to the tax administrations’ website to enable customers to comply with these obligations (Article 242-2 bis of the General Tax Code).
Every year such platforms must send:
- a statement of the operations carried out by the users of the platform; and
- a document summarising all the information of all users to the tax authorities (Article 242-2 bis of the General Tax Code).
What internal compliance measures are required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?
The institutions and persons listed in Article L 561-2 of the Monetary and Financial Code must set up internal risk assessment and management programmes (Article L 561-32 of the Monetary and Financial Code).
These compliance programmes should include:
- the designation of a person responsible for implementing the anti-money laundering and terrorism financing system;
- an assessment of money laundering and terrorism financing risks;
- the development and implementation of anti-money laundering and terrorism financing procedures (eg, risk management, customer due diligence, detection of suspicious transactions and reporting obligations);
- the implementation of internal controls; and
- the organisation of relevant employee training.
What customer and business partner due diligence is required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?
The institutions and persons listed in Article L 561-2 of the Monetary and Financial Code (covered institutions and persons) must carry out thorough due diligence depending on the risks associated with their business.
Before entering into a business relationship with a customer, businesses must gather the following information as part of the know-your-customer obligations:
- verify the identity of the customer based on any reliable written document (for a natural person, any official document with a photograph of the individual and, for a legal person, an extract from the official register less than three months old);
- where applicable, identify the beneficial owner and verify their identity; a beneficial owner is the individual who either controls, directly or indirectly, the client or on behalf of whom a transaction is carried out; and
- collect information about the purpose and nature of the business relationship, and any other relevant information (Articles L 561-5, L 561-5-1 and R 561-1 of the Monetary and Financial Code).
In addition, covered institutions and persons must also verify the identity of their occasional customers and, where appropriate, of their beneficial owners if they suspect that a transaction presents a risk of being linked to money laundering or terrorism financing, or:
- when the amount is over €15,000 for any person other than money changers and legal representatives of casinos and other related institutions;
- when the amount is over €8,000 for exchange offices; or
- in case of money transfer or money changing transactions, if the client or its legal representative are not physically present (Articles L 561-5 and R 561-10 of the Monetary and Financial Code).
In a business relationship, covered institutions and persons must:
- collect all of the relevant information and keep all documents and risk profiles;
- keep records of all documents and information for five years from the account closure or the termination of the business relationship; and
- monitor transactions undertaken to ensure their consistency with their knowledge of the customer (Article L 561-12 of the Monetary and Financial Code).
There is also a simplified duty of due diligence when the risks of money laundering or terrorism financing are deemed to be low. These cases are listed in Articles R 561-15 and R 561-16 of the Monetary and Financial Code (eg, the clients are banks and credit institutions established in the European Union or in third countries which impose equivalent anti-money laundering and terrorism financing requirements).
Conversely, there is an enhanced duty of due diligence when risks are particularly high (eg, the risky nature of the transaction, the customer is not physically present during the identification process or the customer is a politically exposed person) (Article L 561-5 of the Monetary and Financial Code).
Moreover, according to Article L 561-46 of the Monetary and Financial Code, certain legal entities must also:
- obtain and hold accurate information about their beneficial owners; and
- file documents providing information on the identity and domicile of their beneficial owner with the commercial court registry.
Click here to view full article.