On 17 September 2017, Act no. 83/2017 of 18 August (L 83/2017), will come into force, providing new measures to prevent and combat money laundering and terrorist financing, partially transposing Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 and Council Directive (EU) 2016/2258 of 6 December 2016. The previous statute regarding this subject matter, Act 25/2008 of 5 June, is fully repealed, as well as the rules concerning the duty to report fund transfers under Decree-law no. 125/2008, of 21 July.
The new statute lays down a rather more dense and complex regime than its predecessor, and will have a considerable impact on the policies, procedures and controls of the obliged entities.
Prima facie, L 83/2017 clearly and unequivocally sets forth that the company directors are accountable for the application of the policies, procedures and controls with respect to prevention of money laundering and terrorist financing.
It goes on to set out a long list of the specific duties and obligations regarding internal control and risk management systems, from which we highlight the following:
— The obligation to designate, whenever required by law or by the dimension and complexity of the activities of the obliged entity, a compliance officer responsible for monitoring compliance with applicable AML/CFT legislation and the duty to report suspicious operations and to collaborate with the authorities;
— The obligation to have formal systems and processes in place for the collection, processing and filing of information relating to analysis and decision making and the discharge of reporting and collaboration duties;
— The obligation to create information tools or systems appropriate for risk management;
— The obligation to put in writing the policies, procedures and controls, as well as any updates thereof, and to keep a written record of actions taken to comply with applicable AML/CFT legislation;
— The obligation to implement mechanisms that allow for regular monitoring, testing and periodical review of the quality, suitability and effectiveness of existing policies, procedures and controls, and also for updating of such policies, procedures and controls;
— The reinforced obligation to provide continuous training to employees in AML/CFT rules;
— In respect of employees whose functions are relevant to the effects of the prevention of money laundering and terrorist financing, the obligation to: (i) have in place screening procedures to guarantee high standards in the hiring practice; (ii) make available accessible and updated information on internal rules to those employees; and (iii) implement mechanisms to control their performance;
— The obligation to create a direct and anonymous channel for the protection of whistle-blowers;
— The obligation to develop a personal data protection policy and procedure;
— The obligation to identify, assess and mitigate concrete risks of money laundering and terrorist financing existing in the context of their specific operational reality;
— The obligation to adopt specific risk management procedures in the use of new technologies and products that favour anonymity;
— The obligation to implement measures that ensure compliance with restrictive measures adopted by the United Nations’ Security Council or the European Union in respect of freezing assets and economic resources related to terrorism and the proliferation of weapons, or the financing thereof, against a designated person or entity;
— Within the scope of the obligation to identify “Beneficial Owner”, the duty to consult periodically the information published in the central register of beneficial owners and, where appropriate, to report to the Institute of Registries and Notaries any irregularities identified during the identification procedure.
A further obligation, for entities that are a part of a group, is to implement group-wide policies, procedures and controls whilst implementing information-sharing systems within the group.
The identification and due diligence obligations that already applied to occasional transactions equal to or greater than EUR 15.000,00 (regardless of whether the transaction is carried out in a single operation or in several operations which appear to be linked), shall now apply to any a transfer of funds exceeding EUR 1.000,00. Exception made for providers of gambling services where the obligations apply to transactions equal to or greater than EUR 2.000,00.
In the spirit of the Fourth Anti-Money Laundering Directive, the new statute adopts a “holistic, risk-based approach”, determining that adopted measures must (i) be proportional and suitable to the nature, dimension and complexity of the obliged entities and their activities; (ii) be suitable to the risks associated to the business relationship or occasional transaction and (iii) simplify or strengthen costumer due diligence in light of the reduced or increased risk of money laundering or terrorist financing in the business relationships, occasional transactions or operations executed.
The spectrum of obliged entities has been broadened, now including: (i) bingo licence holders; (ii) entities engaged in real estate rental activities; (iii) professionals engaging in the sale or purchase of professional sportsmen’s rights; (iv) economic operators engaging in auction activities; or (v) importers or exporters of rough diamonds; and (vi) entities engaged in transport, storage, treatment and distribution of funds and valuables.
At the same time, L83/2017 introduces new definitions and expands or narrows certain definitions already existing in the previous statute.
Specifically, we would highlight the introduction of the concept of “Correspondence Relationships” which determines the adoption of reinforced due diligence measures for financial institutions that provide services to another financial institution, such as the availability of a current or another liability account and related services, such as cash management, processing of fund transfers and other payment services on behalf of the respondent, cheque clearing, corresponding transfer accounts, exchange services and securities transactions;
The concept of “Politically Exposed Person” is broadened to the extent that in determining a politically exposed person, “close family members “and “persons recognized as strictly associated” must also be taken into consideration.
Finally, one should note that qualifications of “High Risk Third Countries” are hardened so that any country not possessing a system similar to that of the European Union will be of higher than standard risk, imposing on obliged entities the fulfilment of reinforced due diligence obligations.