Updating the existing rules in the fight against money laundering and terrorist financing.
The draft Fourth EU Anti Money Laundering Directive (AMLD4) is designed to update and improve the EU's Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) laws. The changes are in line with the recommendations issued in 2012 by the Financial Action Task Force (FATF), the international global AML and CTF standard-setting body. AMLD4 also takes account of a report of the European Commission on the operation of the existing Third EU AML Directive (AMLD3), which is set to be repealed by AMLD4.
AMLD4 is currently making its way through the EU's legislative process. In March 2014 the European Parliament voted on a number of proposed reforms to the original draft published by the European Commission.
AMLD3 was transposed into Irish law by the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (the 2010 Act). The 2010 Act requires that certain categories of persons and businesses (referred to as Designated Persons) apply a series of AML and CTF measures in the conduct of their business relationship with customers. The defined term “Designated Person” is proposed to be replaced by the term “Obliged Entity” under the current proposals set out in AMLD4. For the purposes of this article we use the existing more recognised term, Designated Person.
Key proposed changes under AMLD4
AMLD 4 sets out a number of proposals which will seek to drive changes in the way Designated Persons undertake their AML/CFT compliance obligations.
The following is a high level list of the most notable changes proposed under AMLD4:
- The extension of the Politically Exposed Person (PEP) regime to cover domestic PEPs and persons entrusted with a prominent function by an international organisation.
- The removal of the automatic entitlement to apply Simplified Customer Due Diligence (Simplified CDD) when dealing with specified customers and products.
- An increased range of sanctions which may be imposed for breaches by Designated Persons of their AML and CTF obligations.
- The identification of the beneficial ownership of companies and trusts is intended to be simplified through access to newly created registers of ownership information.
- It is proposed that lists of PEPs and their family members and close associates will be available to help Designated Persons in the identification process of such individuals.
- The introduction of risk assessments at EU and national level. It is proposed that these risk assessments will be shared with Designated Persons to assist them in preparing their own risk assessment of their business and customers.
Politically Exposed Persons
Designated Persons, under AMLD3, are required to satisfy themselves as to whether a customer or a beneficial owner of a customer is a PEP, or a close associate or family member of a PEP. Where a Designated Person discovers a prospective or existing customer is a PEP, it is obligatory to apply an Enhanced Customer Due Diligence (Enhanced CDD) approach to the identification and verification of the identity of that customer. Under AMLD3, PEPs were defined as persons residing in a place outside of the State.
AMLD4 is proposing to extend the scope of the PEP regime by making it a requirement that Designated Persons determine whether domestic customers are PEPs. That said, the rules in relation to PEPs are proposed to be softened somewhat by allowing Designated Persons to take a risk based decision to limit the number of years that an individual can be considered a PEP.
The European Parliament voted in March 2014 to amend the draft AMLD4 so that a customer of an Designated Person would only be considered a "family member" of a PEP if that customer was a spouse or partner to a PEP. Thus, children and parents of PEPs would no longer be caught by the definition if the European Parliament’s proposals are accepted.
Simplified Due Diligence
Currently, Designated Persons are permitted to apply Simplified CDD where the customer or product falls within certain categories, e.g. where the customer is a credit or financial institution or a company listed on a regulated market as defined in the Act.
It was felt that many Designated Persons have sought to rely automatically on this exemption, known as the 'Specified Customer' or 'Specified Product' exemption without sufficiently examining the appropriateness of applying the exemption.
AMLD4 would require Designated Persons to first determine the level of risk posed by a customer before applying Simplified CDD. AMLD4 thus proposes to introduce a more measured application of this exemption by placing the onus on the Designated Person to carry out a risk assessment notwithstanding the customer would, on the face of it, fall within the scope of the Simplified CDD client category.
Increased requirements on Designated Persons
- AMLD4 proposes placing an increased focus on the resources which should be employed by Designated Persons when seeking to comply with AML/CTF obligations. AMLD4 also recognises that it would not be appropriate to impose the same requirements on all Designated Persons. Thus, Member States will have discretion to apply the following requirements where it is appropriate based on the size and nature of the Designated Person:
- the appointment of a Compliance Officer; and
- the appointment of an Independent Audit Function.
Large credit and financial institutions should already have a dedicated Money Laundering Reporting Officer (MLRO) and an Internal Audit function with responsibilities for testing the adequacy of AML policies and procedures.
- AMLD4 proposes placing a number of requirements (which were previously only applicable to credit and financial institutions) on all Designated Persons:
- the requirement that a Designated Person ensures that branches and majority-owned subsidiaries in third countries where the AML and CTF laws are less strict than those of the EU, apply the EU's AML and CTF rules, and the requirement to take additional measures where local law does not permit the application of EU level standards;
- the requirement to have systems in place to respond rapidly to requests from Financial Intelligence Units and other competent authorities as to whether the Designated Person has, or has had, a business relationship with a certain person, and the nature of that relationship.
Interestingly, AMLD4 currently provides that where a Designated Person has a branch or majority-owned subsidiary in a third country which does not permit application of EU AML and CTF requirements, and where the Designated Person has, as a consequence, taken additional measures which have not proved sufficient to handle the risk of money laundering or terrorist financing, the competent authority of that Designated Person may request the Designated Person to close down its operations in the relevant third country.
AMLD4 specifies a number of administrative sanctions which it is proposed may be available to Member State competent authorities to penalise Designated Persons who fail in meeting their AML/CFT obligations. The following is an example of what is proposed pursuant to AMLD4:
- Publishing statements in the media in relation to instances of a Designated Person's breaches of AML requirements.
- Making orders requiring a Designated Person to cease and desist specified conduct.
- Withdrawal of a Designated Person’s regulatory authorisation.
- Fines of up to 10% of the turnover of a legal person, or a fine of up to €5 million in the case of natural persons, and fines of up to twice the amount of any profits gained or losses avoided.
Under the AMLD3, administrative sanctions were focused on credit and financial institutions, but the above measures will apply to all Designated Persons including lawyers, letting agents, casinos etc. Legislators are of the view that the range of administrative sanctions available to competent authorities in each Member State should be sufficiently broad to allow Member States take account of the differences between Designated Persons, in particular between financial institutions and other entities, as regards their size, characteristics and areas of activity.
AMLD4 will allow Member States to impose sanctions not only against the Designated Person, but also against members of the management of the Designated Person or any other individual who is responsible for the breach.
Beneficial Ownership Information
Controversially, AMLD4 also includes proposals which would require registers to be created within each Member State to record details of the beneficial ownership of inter alia companies and trusts.
The original European Commission proposal was for companies, other legal entities and trusts to maintain information on beneficial ownership which would be available to Designated Persons and competent authorities on request. However, this provision was criticised for not going far enough and the European Parliament subsequently voted for the introduction of mandatory registers. It was noted by the European Parliament that there is increasing international recognition of the need for transparency behind the ownership of legal persons and arrangements, as the use of shell companies with opaque ownership structures are seen in some circles to be facilitating tax evasion and other covert activity.
There are already a number of publicly accessible business registers in the EU but with limited information on beneficial ownership. The new registers envisaged by AMLD4 in each Member State would be interconnected.
The proposal in relation to these registers also provides for certain safeguards including the proviso that only Designated Persons and competent authorities will be permitted access to the registers.
Lists of Politically Exposed Persons
Designated Persons have primarily relied on databases, internet searches and declarations from customers as to whether new or existing non-resident customers are PEPs. The European Parliament's proposed amendments to AMLD4, published in March 2014, include a requirement that lists of PEPs be developed by the European Commission, in cooperation with Member States. Such lists would then be accessible by competent authorities and Designated Persons.
Designated Persons would not be entitled to rely exclusively on the lists and would still be responsible for making their own determination as to whether a customer is a PEP or a close associate or family associate of a PEP.
AMLD4 proposes that the European Commission issues a supranational risk assessment of the AML risks facing the EU and keeps it updated. The Commission's Risk Assessment would include an analysis of the most widespread means by which criminals launder illicit proceeds. Member States would individually be required to undertake an assessment of the AML risks in their jurisdiction. This assessment would then be shared with Designated Persons to assist them in, inter alia, identifying areas of greatest AML and CTF risk in their own businesses.
The expectation is that these risk assessments will be useful for Designated Persons in a number of ways:
- to determine the extent of the CDD applicable to a particular customer;
- to decide whether to apply CDD to existing customers;
- to identify a customer as one to which it would be appropriate to apply Simplified CDD; and
- to determine whether a customer, or a beneficial owner associated with such a customer, is a PEP.
The current AML legislation includes a requirement for Designated Persons to adopt policies and procedures to govern the way in which the organisation complies with its AML and CTF obligations. AMLD4, when introduced, will necessitate these policies and procedures being updated.
Designated Persons which are large and/or have a cross jurisdictional aspect to their operations may have to consider employing greater AML resources in the form of compliance and internal audit personnel if they have not already done so and if it is deemed to be warranted by the perceived risk to their business posed by AML/CFT. The proposed changes under AMLD4 may also necessitate re-training existing staff.
Designated Persons will also need to be aware of the range of additional sanctions available to competent authorities proposed under AMLD4 and the potential for reputational damage if a failure in AML compliance is identified.
When the final text of AMLD4 is adopted it is likely that Member States will be given up to two years to implement it into local law. Designated Persons will need to take a close look at their internal AML procedures during that time to ensure they are in compliance at the end of the transitional period.