Sector regulation

As is known, anti-money laundering legislation in Italy is contained in Legislative Decree no. 231 (hereinafter the “Decree“).

Legislative Decree no. 90 of 25 May 2017, which transposes Directive (EU) 2015/849 (the so-called fourth anti-money laundering directive) into national law, amends and innovates the rules laid down in the Decree. The following paragraphs describe, without claiming to be comprehensive, the most important news introduced by Legislative Decree no. 90/2017, in relation to the main issues regulated by the Decree.

Politically exposed persons

New Article 1, paragraph 2, letter dd), of the Decree redefines the category of politically exposed persons (the so-called PEPs), including among others: regional assessors; mayors of metropolitan cities; mayors of municipalities with a population of not less than 15 thousand inhabitants; European parliamentarians; exponents of companies controlled, even indirectly, mainly or in full, by municipalities, provincial capitals and metropolitan cities and by municipalities with a total population of not less than 15 thousand inhabitants, as well as general managers of ASL (Local Health Authorities) and hospitals, of university hospitals and of other entities of the national health services.

Obliged entities

New Article 3 of the Decree includes among obliged entities also SICAFs (investment companies with fixed capital), microfinance providers, credit consortia, independent financial advisors and financial advisory companies.

Banking and financial intermediaries and insurance companies with registered office and administration in another Member State established without a branch in Italy are also subject to anti-money laundering legislation.

Customer due diligence requirements

With regard to the customer due diligence requirements, new Article 17 of the Decree now provides that the obliged entities must proceed to the proper verification of the customer and of the beneficial owner when establishing the business relationship or, by a new clarification, when assigning the task.

In addition, the proper verification of the customer and of the beneficial owner must be carried out, as regards occasional transactions, not only for movements equal to or above Euro 15,000, but also for the transfer of funds above Euro 1,000 (e.g. money transfer).

It is further established that, when providing payment services and issuing and distributing electronic money, banks, Poste Italiane S.p.A, payment institutions and electronic money institutions, including those established in another Member State, as well as branches, must comply with the customer due diligence requirements even for occasional transactions below Euro 15,000.

New provisions concerns also the customers’ obligations in relation to the due diligence measures. New Article 21 of the Decree provides for companies with legal status obliged to register in the Register of Enterprises and private legal entities other than the companies obliged to register in the Register of Private Legal Entities, the obligation to communicate to the Registry the information concerning their beneficial ownership. The Decree further establishes the obligation to register in a special section of the Register of Enterprises for trusts producing significant legal effects for tax purposes.

Pursuant to Article 22 of the Decree, companies with legal status and private legal entities must obtain and keep, for at least five years, adequate, accurate and up-to-date information on the beneficial ownership of their organizations and provide them to the obliged entities, during the fulfilments instrumental to the customer due diligence.

Companies directors must obtain information on the basis of the accounting records and financial statements, of the shareholders’ ledger, of the declarations relating to the ownership structure or to the control of the entity that the enterprise must keep in accordance with the provisions in force as well as on the basis of the communications received from shareholders and of any other data at their disposal.

If directors fail to obtain full clarity about the company’s beneficial ownership, even after submitting an express request to the shareholders, administrative sanctions for defaulting shareholders are imposed. Indeed, the shareholders’ unjustified inactivity or refusal to provide directors with the information they deem necessary to identify the beneficial owner or the provision of clearly misleading information, prevent the exercise of the relevant voting right and, pursuant to Article 2377 of the Italian Civil Code, imply the possibility to challenge any resolutions adopted with the decisive vote of said shareholders.


Banking and financial intermediaries are no longer required to keep the centralised computer archive.

New Articles 31 and 32 of the Decree merely set out that, with reference to disclosure requirements, documents, data and information retention systems must allow the unambiguous reconstruction of certain essential elements such as the date of establishment of the business relationship or of the assignment of the task; the identification data of the customer, of the beneficial owner and of the performer, and information on the purpose and nature of the relationship or of the service; date, amount and cause of the transaction; the means of payment used. Such document retention systems must also ensure compliance with the rules on the protection of personal data.

Reporting obligations

Old Article 41 of the Decree provided the obligations for banking and financial intermediaries to report suspicious transactions to the FIU (Financial Intelligence Unit) whenever there was suspicion that money laundering or terrorist financing operations were ongoing or had been carried out or attempted.

An element of suspicion – pursuant to the old legislation – was the frequent or unjustified use of cash transactions and, in particular, the withdrawal or cash payment with financial intermediaries for amounts equal to or above Euro 15,000.

As to the report timing, it had to be done without delay, where possible before performing the transaction, as soon as the obliged entity became aware of grounds for suspicion. Pursuant to new Article 35, the frequent or unjustified recourse to cash transactions and, in particular, the withdrawal or cash deposit of amounts not consistent with the client’s risk profile (the reference to the amount of Euro 15,000 has been deleted) is now considered as ground for suspicious.

Moreover, as a rule, the reporting must be transmitted to the FIU before carrying out the transaction.

Disclosure requirements

The previous version of Article 52 of the Decree established a number of disclosure requirements for the supervisory bodies of the obliged entities (board of statutory auditors, supervisory board, management control committee, supervisory body and all the persons entrusted with management control, however named) in relation to all acts or facts that may potentially represent a breach of the relevant legislation, which they had become aware of in the exercise of their duties.

Pursuant to new Article 46 of the Decree, the obligation to report potentially suspicious transactions and facts that may potentially represent breaches of the obligations provided for by the Decree is incumbent only on the board of statutory auditors, the supervisory board and the management control committee, hence the supervisory body (“organismo di vigilanza”) under Legislative Decree no. 231 is now excluded.

Reporting of breaches

New Article 48 of the Decree introduced the obligation to adopt internal procedures aimed to encourage the reporting of potential or actual breaches of anti-money laundering provisions (“whistleblowing”).


Finally, in relation to the sanction system, new Article 55 of the Decree, concerning criminal sanctions, distinguishes more clearly criminal offences from misdemeanours: only behaviours seriously breaching due diligence requirements, document-retention requirements and the provision of false data for verification, carried out with fraud or falsification, are considered criminal offenses.

When the breach of disclosure requirements does not establish the elements of falsification or fraud, the criminal offense is a misdemeanour.

New Articles from 56 to 69 of the Decree are dedicated to administrative sanctions. Compared with the old discipline, which referred the procedure of determination and imposition of the sanction to Decree no. 689 of 24 November 1981, the new text lays down a specific sanction procedure and special provisions on the criteria for the determination of sanction and on payment in a reduced form.