knowledge | 12 June 2015 |
Here at Last - The Fourth Money Laundering Directive
On 5 June 2015 the Directive on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing (“MLD4”) was finally published in the EU’s Official Journal. This Directive seeks to strengthen the EU’s anti-money laundering framework and in doing so recasts and replaces the Third Money Laundering Directive (“MLD3”) which sets out the existing rules for combatting money laundering and terrorist financing. This Q&A focuses on the main changes introduced by MLD4, as compared to MLD3, and the consequences of those changes for credit and financial institutions.
Why has MLD4 been adopted?
MLD3 is based on the Recommendations of the Financial Action Task Force (“FATF”) which is the foremost international body in the fight against money laundering and terrorist financing. In 2012, the FATF revised its Recommendations in order to address new and emerging threats. MLD4 incorporates these revisions into EU law. It also seeks to promote consistency and clarity in EU Member States’ national antimony laundering (“AML”) and counter terrorist financing (“CTF”) rules and to ensure that those rules are adjusted to meet new threats. In some cases MLD4 goes beyond the FATF’s Recommendations, including in relation to scope, beneficial ownership information and sanctions.
What are the main differences between MLD3 and MLD4?
The two most significant changes introduced by MLD4 are first, the increased emphasis it places on the “risk-based approach” to AML/CTF, and, second, the approach taken to the issue of beneficial ownership, including the requirement to set up a central register of beneficial owners.
However MLD4 also differs from MLD3 as regards: its scope; customer due diligence (“CDD”) requirements; the approach taken to electronic money; the treatment of politically exposed persons (“PEPs”); third party equivalence; and record keeping, as well as a variety of other matters.
The Risk-Based Approach
What is the “risk-based approach”?
The risk of money laundering or terrorist financing differs for particular types of financial institutions or for particular types of customers, products, transactions or countries. The risk-based approach reflects the principle that resources should be directed so that the greatest risks receive the highest attention. It involves identifying the existence of a risk, assessing that risk and developing strategies to manage and mitigate it.
How does MLD4 deal with the risk-based approach?
MLD4 puts more focus on the risk-based approach than MLD3. In particular, MLD4 is less prescriptive as regards the concrete measures to be taken to combat money laundering and terrorist financing, thus enabling resources to be targeted in a way which is commensurate with the risks associated with particular sectors or activities.
MLD4 also provides for the carrying out of risk assessments and abolishes automatic exemptions from the CDD requirements.
What requirements does MLD4 impose in relation to risk assessments?
MLD4 requires risk assessments to be carried out at both EU and national level, as well as by entities falling within its scope (“Obliged Entities”). The purpose of these risk assessments is to “identify, assess, understand and mitigate the risk of money laundering and terrorist financing.”
At EU level, the Commission’s risk assessment must focus on risks affecting the internal market and cross-border activities while that of the European Supervisory Authorities must focus on the EU’s financial sector. Risk assessments carried out by Member States must deal with the risks affecting them individually, as must those carried out by Obliged Entities.
Having completed a risk assessment, what follow-on action must an Obliged Entity take?
Once an Obliged Entity has completed its risk assessment, it must put in place proportionate policies, controls and procedures to mitigate the identified risks of money laundering and terrorist financing.
How is the risk-based approach reflected in the CDD Requirements?
MLD3 provides for automatic derogations from the CDD requirements to be applied in the case of firms situated in EU or EEA countries. These derogations also extend to firms situated in third countries that impose AML/CTF requirements considered to be equivalent to those laid down in MLD3.
MLD4 abolishes these automatic derogations: Obliged Entities will have to carry out their own assessments in order to determine whether simplified CDD is appropriate.
How does MLD4 define “beneficial ownership”?
Like MLD3, MLD4 defines ownership in terms of ownership or control of the customer and/or the natural person on whose behalf a transaction or activity is being conducted. However in the case of corporate entities, MLD4 clarifies what constitutes an indication of “indirect ownership.” It also expands on the definition of beneficial ownership in the case of trusts.
What is an indication of indirect ownership of a corporate entity under MLD4?
According to MLD4, where a natural person controls a corporate entity which holds a shareholding of 25% plus one share or an ownership interest of more than 25% in the customer, this will be an indication of indirect ownership. This is also the case where the shareholding or ownership interest is held by multiple corporate entities which are under the control of the same natural person.
How does MLD4 attempt to regulate beneficial ownership of legal entities?
MLD4 requires Member States to ensure that corporate and other legal entities incorporated within their territory obtain and hold adequate, accurate and current information on their beneficial ownership, including details of the beneficial interests held. In addition, information on beneficial ownership must be stored in a central register.
How does MLD4 attempt to regulate beneficial ownership of trusts?
Member States must require trustees of any express trust to obtain and hold adequate and up-to-date information on beneficial ownership regulating the trust. They must also require this information to be held in a central register when the trust generates tax consequences. Moreover, trustees must provide beneficial ownership information to Obliged Entities in a timely manner, within the framework of the CDD requirements.
What is the scope of MLD4?
MLD4 has a more expansive scope than MLD3. Specifically, it applies to all persons trading in goods where cash payments in an amount of €10,000 or more are made or received. It also applies to providers of gambling services.
Like MLD3, MLD4 exempts from its scope persons that engage in a financial activity on an occasional or very limited basis, where there is little risk of money laundering. However, under MLD4 the application of this exemption is subject to the fulfilment of specific criteria. For example, the exemption only applies if the value of a single transaction does not exceed €1,000. In addition, the turnover from the financial activity must not exceed 5% of the total turnover of the natural or legal person concerned.
How does MLD4 affect CDD requirements?
MLD4 expands the situations in which Obliged Entities must carry out CDD to include: funds transfers exceeding €1,000; occasional transactions in cash amounting to €10,000 or more in the case of persons trading in goods; and transactions amounting to €2,000 for providers of gambling services.
In addition, Annex 1 to MLD4 contains a list of variables which Obliged Entities must take into consideration when assessing AML/CTF risks. MLD4 sets out additional CDD measures for life or other investment-related insurance businesses and for trusts or similar legal arrangements.
As mentioned above, MLD4 also abolishes the automatic exemptions from CDD, including for credit or financial institutions and for listed companies. While simplified CDD may still be carried out on the basis of a risk assessment, Obliged Entities must carry on “sufficient monitoring” to enable the detection of unusual or suspicious transactions.
MLD4 requires Obliged Entities to carry out enhanced CDD when dealing with persons established in countries designated by the Commission as high-risk third countries, subject to an exception for branches or majority-owned subsidiaries which are part of a group.
What is the main difference between MLD3 and MLD4 regarding the treatment of electronic money?
MLD4 narrows the scope of the exemption from certain CDD requirements for electronic money. Under MLD3, Member States have the option not to apply CDD in respect of electronic money subject to the fulfilment of certain criteria. While MLD4 also exempts electronic money from certain CDD requirements, the criteria which must be fulfilled for the exemption to apply are stricter in the case of rechargeable devices. For example, the maximum amount stored electronically on a rechargeable device cannot exceed €250. In addition, the device must be subject to a maximum monthly payment transaction limit of €250, which can be used only in that Member State. Moreover, the payment instrument must be used exclusively to purchase goods and services. MLD4 also specifies that in all cases, the issuer must carry out sufficient monitoring of the transaction or business relationship to enable the detection of unusual or suspicious transactions.
How does MLD4 impact on the treatment of PEPs?
MLD4 defines the term “PEPs” with considerably more precision than MLD3. In particular it lists a number of public functions which are to be considered as “prominent public functions” for the purposes of that definition. It also clarifies the terms “family members” and “close associates” and extends the concept of a PEP to cover resident PEPs: MLD3 only applies to non-resident PEPs.
Significantly, MLD4 specifies that an Obliged Entity must continue to take into account the continuing risk posed by a person who ceases to be a PEP for at least 12 months, and “to apply appropriate and risk-sensitive measures until such time as that person is deemed to pose no further risk specific to PEPs.”
How does MLD4 affect third party performance?
Like MLD3, MLD4 permits Obliged Entities to rely on third parties to meet certain CDD requirements, although ultimate responsibility for compliance rests with the Obliged Entity. In the case of third parties situated in a non EU Member State, the third party must likewise apply CDD and record-keeping requirements that are consistent with those laid down in MLD4. Nevertheless, as MLD4 has amended these requirements, it will be necessary to ascertain that existing reliance on third parties continues to meet the requirements of the Directive.
As is the case under the existing legislation, MLD4 specifically prohibits Obliged Entities from relying on third parties established in high-risk third countries. However, it also provides that Member States may exempt branches and majority-owned subsidiaries from this prohibition, where they fully comply with group-wide policies and procedures.
MLD4 stipulates that it is the responsibility of the Obliged Entity to ensure that it obtains the necessary information concerning CDD requirements from the third party, and that it takes adequate steps to ensure that the third party provides immediately, upon request, relevant copies of identification and verification data and other relevant documentation on the customer’s identity.
What are the consequences of MLD4 for record-keeping?
MLD4 specifies that documents relating to the CDD requirements, supporting evidence and records of transactions must be kept for a five year period and then deleted. Member States may extend this period if necessary for the prevention, detection or investigation of AML/CTF.
What happens next?
What is the scope of MLD4?
Member States must bring into force the laws, regulations and administrative provisions necessary to comply with MLD4 by 26 June 2017. As MLD4 is a minimum harmonisation directive, Member States remain free to impose stricter requirements than those specified in that directive. In addition, given the evolving nature of AML/CTF risks, it is clear from MLD4 that Member States are expected to engage with Obliged Entities on an on-going basis regarding the risks posed, including by issuing appropriate rules and making appropriate information available.
MLD4 provides for the adoption of delegated acts and technical standards by the European Commission. The European Supervisory Authorities are required to jointly produce guidelines in certain areas and it is generally acknowledged that the greater emphasis placed on the risk-based approach under MLD4 means there is more need for guidance for competent authorities and firms.
MLD4 expands the scope of the AML/CTF requirements as well as clarifying a number of issues in relation to the previous legislation. Obliged Entities will need to reflect these changes in their own policies and procedures, as well as the increased emphasis on the risk-based approach. They will also need to actively review those policies and procedures on an on-going basis to reflect the evolving nature of AML/CTF risks. In this respect, MLD4 is best viewed as a spring board for a new, risk-focused approach to AML/CTF.
This briefing is for general guidance only and should not be regarded as a substitute for professional advice. Such advice should always be taken before acting on any of the matters discussed.