The new EU Anti-Money Laundering legal framework: the race has started again…

by Dalila DELORENZI (FREE Group Trainee)*

After two years, the process of revision of the new EU Anti-Money Laundering (AML) framework finally came to an end on 20 May, when the European Parliament at its second reading adopted the Fourth AML Directive  (Directive (EU) 2015/849) along with the new Regulation on information on the payer accompanying transfers of funds (Regulation (EU) 2015/847).

The revision was triggered by the necessity to adapt the legal framework to counter new threats of money laundering and terrorist financing and to reflect recent changes due to revised Financial Actiont Task Force (FATF) Recommendations. The following blog post presents the new legal framework, including some crucial measures which could represent a real step-up in the fight against money laundering, financing terrorism and tax evasion.

1.      Introduction of an European register of beneficial ownership

The creation of an European register of beneficial ownership was one of the sticking points of the negotiations, and was the reason why the text attracted much more political attention than the previous directives and why the negotiations took much longer than was expected.

1.1 Definition of beneficial ownership and the problems caused by “phantom firms”

A beneficial owner  is a natural person – a real, live human being and not another company or trust – who stands behind a company (or trust) as the ultimate owner and controller, directly or indirectly exercising substantial control over the company or receiving substantial economic benefits (such as receipt of income) from the company. If the true owner’s name is disguised, we deal with “anonymous companies”. In a majority of countries, keeping unknown the true owner’s name is perfectly legal and there is typically no requirement to disclose that the names listed are merely front-people.

Such anonymous companies can be created by using “nominees”, people who front the company in place of the true owner, or by incorporating one or more of the companies in a country which does not make details of the beneficial owners publicly available. Also called “phantom firms”, they exist only on paper, with no real employees or office. While it’s certainly true that such entities can have legitimate uses, the untraceable company can also be a vehicle of choice for crimes such as money laundering, tax evasion and financing of terrorism.

1.2 The role of anonymous companies in money laundering

Although there are countless ways to launder money, money laundering can be broken down into three stages:

§  Placement: the initial entry of illicit money into the financial system. This might be done by breaking up large amounts of cash into less conspicuous smaller sums that are then deposited directly into a bank account.

§  Layering: the second step consists in the process of separating the funds from their source. This purpose is often followed by using anonymous shell companies: for instance, wiring money to account owned by anonymous shell company.

§  Integration: money re-enters the legitimate economy, for instance, by investing the funds into real estate and luxury assets.

That being said, it is clear that these secretive “shell” companies and trusts play a central role in laundering and channelling funds, concealing behind a veil of secrecy the identity of corrupt individuals and irresponsible businesses involved in activities, including tax evasion, terrorist financing, and the trafficking of drugs and people. More precisely, it is impossible for law enforcement officials go back to the real individuals ultimately responsible for the company’s actions and to track the origin of illicit funds.

§  1.3 The importance of central registers

Broadly speaking, with a view to facing the risk of money laundering (along with financing terrorism and tax evasion), the solution may be to know who ultimately stands behind a company: the real owner or controller.

For this reason – and also following the FATF’s recommendations, as discussed here  – the Commission’s proposal for the 4th AML directive introduced a new chapter, titled Beneficial Ownership Information. The aim was to strengthen the information relating to the beneficial owner, making such information available to competent authorities and obliged entities in an adequate, accurate and timely manner. After all, only few EU jurisdictions require structures to share such information with their national authorities and the need to fill these gaps (a key loophole for money launderers) was strongly felt.

1.4.      Access to central register information…

Taking the first steps from the Commission’s draft proposal, the European Parliament and the Council went even further. Even though this was not envisaged in the initial proposal, the negotiators agreed on the necessity of establishing central registers of beneficial ownership information in every European State. This was not without difficulties inside the Council: the main sticking point was administrative issues more than political ones. Indeed, the fact that no Member State already has a central register entails that they all have to create one, which is very costly at the administrative level.

However, even though they agreed on storing information on beneficial ownership, the European Parliament and the Council had a divergent point of view on another issue: whether details of beneficial owners have to be publicly accessible or not.

In particular, in March 2014, the European Parliament approved a version of the Directive that would have required every EU Member State to establish ownership registers and make the information freely available to the public. “The public registers will make life more difficult for criminals trying to hide their money. Our economy currently loses huge amounts to tax evasion”, said Civil Liberties Committee rapporteur Judith Sargentini (Greens/EFA, NL).

Instead, the Council released its own draft in June 2014, that would also have mandated central registers, but without requiring public access. The Council’s approach was to restrict the access to competent authorities, Financial Intelligence Units (hereinafter FIUs) and, if allowed by Member States, the obliged entity, e.g., banks and legal professions.

1.5. …a compromise was reached

The final text struck a compromise between these initial positions: on the one hand those who demand full transparency (such as the European Parliament, which voted 643-30 in favour of public registries and some Member States as UK, France, Netherlands and Denmark); on the other hand those who defend some secrecy for beneficial owners (some Member States led by Germany).

The compromise reached requires EU countries to provide access not only to law enforcement and financial institutions like the FIUs, but also to members of the public who can demonstrate a “legitimate interest” in the information. They will be able to access beneficial ownership information – such as the beneficial owner’s name, month and year of birth, nationality, residency and details on ownership –  and the access may be subject to online registration of the person and to the payment of a fee to cover administrative costs. Any exemption to the access would be possible only on a case-by-case basis in exceptional circumstances.

In conclusion, the collection of ownership information is certainly a big step in the right direction, but not as big as it should have been. In fact, even if the Directive does not prevent countries from going beyond the Directive’s requirements and opening their registries to full public access – as UK and Denmark have already said they will do – “European leaders have missed an opportunity to show that the future of business in Europe is open and transparent”, said Robert Palmer, an anti-money laundering campaign leader at Global Witness, Furthermore, a Commission report on the interconnection of national registers is expected by June 2019.

1.6. A “legitimate interest” is required to access…

As result of the final compromise, the members of the public have the right to access registers only if they have a legitimate interest, narrowing in this way the number of people having the right to access registers.  So, to those who have pointed out that this does not go far enough in terms of the EU’s ambitions on transparency, the co-rapporteur Judith Sargentini assured that they made sure that the proposal says that it’s up to the authority to prove that applicants do not have a legitimate interest.

Nevertheless, there is an important issue left open: there is no indication of what interests will be considered legitimate. Indeed, the concept of “legitimate interest” itself is quite vague and the lack of a clear definition entails that it lies with Member States to decide what a legitimate interest should be.

1.7. A different regulation for trusts…

A different regulation is provided for trusts, regarding in particular three aspects:

§  the regulation expects that information will be collected in closed centralised registries available only to government bodies. This information includes the identity of the settlor, the trustee(s), the protector (if any), the beneficiaries or class of beneficiaries, and of any other natural person exercising effective control over the trust. Clearly the fact that such information will not be available to the public can create a loophole in the system which could significantly weaken the new directive, frustrating then the aim of improving transparency. This loophole was due to the UK, where trusts are quite common, and it was justified by the co-rapporteur Timothy Kirkhope saying: “I heard some concerns and if I may just say on the issue of trusts and wills: trusts and wills contain some of the most private and personal information that there is about a person, and we are a parliament that respects data privacy, hence disclosure for trusts has to be proportionate within our proposals.”.

§  the registration of beneficial owners of trusts only when a trust “generates tax consequences”: such wording is arguably too broad and highly susceptible to evasion risk

§  the central registration of beneficial ownership information will be used where the trust generates consequences as regards taxation (Article 30). Regarding legal persons, instead, Article 29 of the Directive foresees that the location of the beneficial owner register shall be the country by whose laws the legal person is governed. This is a key issue because if it is not made clear that trust registers need to be located in the countries by whose laws the trust is governed, there is a high risk for that any other location would not serve the purpose of enforcing transparency, especially considering the fact that trusts are not recognized in the majority of Member States! (See also the declaration by Austria expressing concern about trusts).

1.8.            EU as a model to follow?

In closing on beneficial ownership information, we may say that even if the EU institutions could have gone even further in terms of transparency, the agreement reached sharply contrasts with the lack of progress in the United States. The U.S. is, indeed, notorious internationally for allowing anonymous companies to be formed.

“So let us make this an example for other countries in the world. Would it not be fantastic if the USA were to follow us, would it not be marvellous in our fight against tax avoidance and tax evasion? I want everyone to help us reach that.”, said the co-rapporteur Judith Sargentini at the end of her intervention at the MEPs debate in plenary session.

2.      The Risk-Based Approach

The risk-based approach is another hot topic and a new element of the 4^th AML directive. The idea is that the risk of money laundering is not exactly the same in every situation. It’s then important to be able to understand what the risks of money laundering and financing terrorism are in order to adapt customer due diligence (CDD) measures to different situations: focusing resources on those areas where is demonstrated that risks are higher and giving the possibility to apply simplified due diligence when risks are lower.

In other words, introducing a risk-based approach means that countries, competent authorities and reporting entities are expected to identify, assess and understand the money laundering as well as terrorist financing risks they are exposed to, so that they can develop the appropriate measures to mitigate and better target these risks. This activity will be supported at four different levels:

1.   European Union: supranational risk assessment, carried out by the Commission, aimed to pinpoint risks related to the internal market.

2.   Member States: national risk assessment to understand exactly where the risk appears or may exist within their specific jurisdictions.

3.    Institutions and persons covered by the Directive

4.   Supervisors: supervisory authorities such as ESMA and EBA (the EU’s financial services regulatory agencies).

Certainly, this is a main change compared to the third AML Directive where we had three scenarios: simplified, normal and enhanced CDD rules. In the fourth Directive, instead, CDD-rules are more risk sensitive: it all depends on what kind of risks exist, discerning between enhanced measures where risks are greater and simplified measures where risks are demonstrated to be less. Nevertheless, there are some particular cases where obliged entities shall be required to apply Enhanced Customer Due Diligence. More precisely, this applies: when dealing with clients in third country identified as “high risk”; in cases of cross-border correspondent relationships with third countries; in transactions involving Politically Exposed Persons (and family members); and in complex and unusually large transactions which have no economic or lawful purpose. In any other case, the risk-based approach is applied, removing the automatic entitlement to apply Simplified Customer Due Diligence when dealing with specified customers and products.

3.      Politically Exposed Persons (PEPs)

3.1. What is a Politically Exposed Person and what are the risks associated?

The Third AML Directive defines “politically exposed persons” as natural persons who are or have been entrusted with prominent public functions such as Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials. Immediate family members or persons known to be close associates of such persons are included in the definition.

Due to the position they hold, it is recognised that many PEPs are in positions that potentially can be abused for the purpose of committing money laundering offences and related predicate offences, including corruption and bribery, as well as conducting activity related to terrorist financing. So, in case of business relationships with PEPs, it was felt necessary to put in place preventive measures, especially anti-money laundering and counter-terrorist financing measures.

3.2. The third AMLD and the FATF standards

To address such potential risks associated with PEPs, in 2003 the Financial Actions Task Force released obligatory requirements for foreign PEPs (whether as customer or beneficial owner). In particular, in addition to normal customer due diligence measures, financial institutions should be required to:

§  have appropriate risk-management systems to determine whether the customer or the beneficial owner is a politically exposed person;

§  obtain senior management approval for establishing (or continuing, for existing customers) such business relationships;

§  take reasonable measures to establish the source of wealth and source of funds;

§  conduct enhanced ongoing monitoring of the business relationship.

Following the international standards, the third AML Directive envisaged that obliged entities are required to apply enhanced customer due diligence measures with respect to PEPs, only regarding to PEPs who reside in another Member State or in a third country (i.e. foreign PEP).

3.3. Fourth AMLD enlarges PEPs regime…

Taking account of the FATF recommendation adopted in 2012 and following the aim of enhancing due diligence, the fourth AMLD extends the requirements provided for foreign politically exposed persons to domestic PEPs and PEPs of international organizations. The difference between different type of PEP depends on who has entrusted the individual with the prominent public function, i.e. the country in question or another country or an international organisation.

In particular, in cases of a higher risk business relationship with a customer or beneficial owner who is a domestic PEP or a person who is or has been entrusted with a prominent function by an international organisation, financial institutions should be required to apply the same measures as those that are applied to foreign PEPs. It should be also noted that a domestic PEP is subject to the foreign PEPs requirements if that individual is also a foreign PEP through another prominent public function in another country. In brief, the fourth AML Directive does not make such a distinction, and automatic enhanced due diligence measures will be required in the case of any PEP, regardless of where they originate from.

4.      Coverage of the gambling sector

Casinos and gambling services are often a target for money launderers, attracted by their nature of “cash intensive business”, where the majority of transactions are cash based. Therefore, another essential topic discussed concerns whether the scope of the Directive will cover all gambling operators (even those viewed as low risk) or only casinos and online gambling operators.

With a view to facing new emerging threats, it was felt the need to extend the scope of the third AMLD, in which only casinos were required to apply Customer Due Diligence (CDD). The new directive indeed brings into the scope all providers of gambling services when dealing with transactions of at least €2,000.

Nevertheless, in the final compromise a proportionate risk-based approach was introduced. If, after conducting a risk assessment, EU Member States find that there is a “proven low risk” of money laundering and terrorist financing, because of “the nature and, where appropriate, the scale of operations of such services”, they are able to exempt certain gambling operators – although not casinos – from some or all requirements, in strictly limited and justified conditions.

5.      A new Regulation on the traceability of fund transfers

In parallel with the revision of the money laundering Directive, a Regulation on the transfer of funds was also approved. The two legislative measures pursue the common objective of revising the existing anti-money laundering and counter terrorist financing EU framework in order to improve its effectiveness while ensuring its compliance with international standards. In particular, the new Regulation is based on Recommendation 16 on wire transfers adopted by the Financial Action Task Force.

Besides, the choice of a Regulation aims to ensure that this international standard is transposed uniformly throughout the Union and, in particular, that there is no discrimination between situations involving national payments within a Member State and cross-border payments between Member States.

5.2 What is it about?

The Regulation is about tracking transfers of funds, in any currency, sent or received by a Payment Service Provider (PSP) established in the Union. The tracking is implemented by placing certain requirements on the information that accompanies transfers and applies to all the PSPs involved in the payment chain. The basic logic behind is: the higher the amount and the higher the risk of irregularity, the more checks and controls we should have in place. Indeed, collecting basic information on the transfers may help appropriate law enforcement and/or prosecutorial authorities in detecting, investigating, prosecuting terrorists or other criminals and tracing the assets of terrorists. For this reason, it is essential ensuring that transfers of funds contain complete, accurate and meaningful information on the payer.

5.3. What changed from the previous legislation?

The Regulation which was repealed (i.e. Regulation EC 1781/2006) already required Payment Service Providers to accompany transfers of funds with information on the payer. New rules also require information on the payee (the person who receives the payment) to be included. More precisely, the payer’s PSP must: a) ensure transfers of funds are accompanied by information about the payer (as name, payment account number etc.); b) verify the information on the payer, using “documents, data or information obtained from a reliable and independent source”; c) ensure that transfers of funds are also accompanied by the name of the payee and the payee’s account number.

For its part, the payee’s PSP must be able to detect a lack of presence of information on the payer when receiving transfers and take appropriate steps in order to correct this situation: in this way, transfers of funds received by the payee do not remain anonymous. In addition, the Regulation requires verification of information on the payee (such as his name and his payment account number) when transfers of funds exceed €1000, before the PSP credits the payee’s account or makes the funds available to the payee. Verification of this information is not required in other cases, unless the payee’s PSP has reasonable grounds for suspecting money laundering or terrorist financing.

5.4. Not only recording information but also…

While verifying and recording information, the PSP must exert a special vigilance regarding such transfers and, on a risk sensitive basis and taking into account other pertinent factors, report suspicious transactions to the authorities responsible for combating money laundering and terrorist financing. PSPs should also respond fully and rapidly to enquiries by such authorities.

6.      Cooperation between Financial Intelligence Units (FIUs)

6.1. What are FIUs?

In the early phases of the development of the AML regime it became obvious that skilled personnel were needed to understand trends in money laundering and to make sense of the huge amounts of information being produced by financial institutions under reporting obligations. In response to this need, and to the need for a centre of analysis and dissemination of financial intelligence, FATF Recommendation 26 called for the establishment of entities commonly referred to as “financial intelligence units” or “FIUs”.

Adjusting the EU legal framework to the international standards, the Third AMLD required each Member State to establish specialized governmental agencies to deal with the problem of money laundering and other financial crimes. A FIU, quite simply, is a central, national body responsible for receiving (and as permitted, requesting) financial information, concerning suspected proceeds of crime and potential financing of terrorism, or other information required by national legislation or regulation. A FIU is then responsible for  processing that information in some way and disclosing it to an appropriate government authority in support of a national anti-money laundering effort.

6.2. Strengthening of their role with the fourth AMLD

The Fourth AMLD aims to strengthen the role of FIUs and their cooperation in respect of exchanging information. In particular, the Regulation requires the FIU to be operationally independent and autonomous. In other words, the FIU must have the authority and capacity to carry out its functions freely, including the autonomous decision to analyse, request and disseminate specific information. Also the FIU must be provided with adequate financial, human and technical resources in order to fulfil its tasks.

Moreover, Member States must ensure that the FIU is empowered to take urgent action, either directly or indirectly, when there is a suspicion that a transaction is related to money laundering or terrorist financing, to suspend or withhold consent to a transaction going ahead in order to analyse the transaction, confirm the suspicion and disseminate the results of the analysis to competent authorities.

Nevertheless, it is not made clear, as it wasn’t either in the third AMLD, the manner in which the FIUs can achieve their goals. The text does not clarify their nature which brings to the fact that the organisational nature of FIUs differs across Member States: they can be administrative, judicial, or police structures. The problem then is that having different powers can cause difficulties in exchanging information, including the possibility to access information, with consequences for the effectiveness of cooperation.

7.      Strengthening Data Protection

The last but not least issue discussed during negotiations concerns data protection rules – especially the need to enhance effectiveness of AML prevention while ensuring a high level of protection of personal data. Both public and private stakeholders have pointed to a number of difficulties regarding the compliance of the AML requirements with a high level of protection of personal data. Indeed, under the AML legislation, the requirements to collect and process data (e.g. to monitor transactions and customer relations against sanctions lists, to identify beneficial owners, to maintain records for criminal investigation purposes, etc.) increase the amount of data being collected, along with the possible consequences for data subject.

In the previous AML legislation, there was a lack of clarity about how these requirements were to be reconciled with rules on data protection, in particular at national level, which was leading to incoherent approaches across Member States. So during negotiations for the Fourth AMLD, the European Parliament voted for a significant number of amendments to enhance the protection of privacy. The key points are:

1.      How long can you hold Customer Due Diligence (CDD) data for: the time limit for holding data is five years and after that period you must delete the data. However, you may be able to retain data for a further five years: this possibility depends on Member State legislation and justified on a case-by-case basis (Article 40 of the AMLD).

2.      Informing clients about how the data may be used: the new clients have to be informed of the possible use of their personal data for money laundering prevention purposes before establishing a business relationship.

3.      Only using data for the purpose for which it was obtained: you should only use data for the original purpose and not for any other purpose, without consent.

4.      It has been made clear that data can’t be used for commercial purposes.

A positive feeling on the respect of data comes also from the co-rapporteur Judith Sargentini who said “we cleaned up the data protection […]. So we made sure that the data subject, the person who wants to know something – perhaps they have a feeling that something went wrong with their data – has rights to redress, without tipping off criminals, but they have the right to redress. We respect data retention rules.”.

Besides, Věra Jourová – as member of the Commission and responsible for the data protection reform, going to replace 28 national regimes by one strong pan-European regime for protection of personal data – added: “speaking about data protection in relation to the Anti-Money Laundering Directive and related things in the new legislation, I can say that we pay very high attention to protecting fundamental rights and especially the right to privacy and the right to the protection of personal data. These two pieces of legislation are very compatible and they can work together very well when they are introduced in practice.”.

8.      The impact on legal professions…

Certainly lawyers are involved in many activities which are vulnerable to money laundering, such as: a) use of client accounts; b) purchase of real estate; c) creation and management of trusts and companies. In fact, the implications of this new legal framework for legal professionals are much better than the third AML Directive. Indeed, there has been a fight between law firms (and the legal professions in general) and the Commission for years on these issues, and now most of the provisions of the new Directive come from what the European Court of Justice (as well as the European Court of Human Rights) has said.

The most important judgment is Case C-305/05, OBFG v Council. In this case, the Belgian Bar Association alleged that the extension, foreseen in the third AMLD, to lawyers of the obligations to inform the competent authorities when they come across facts which they know or suspect to be linked to money laundering and to transmit to those authorities additional information which those authorities consider useful, unjustifiably impinges on professional secrecy and the independence of lawyers, principles which are a constituent element of the fundamental right of every individual to a fair trial and to the respect of his rights of defence. So, at the request of the Belgian Cour d’Arbitrage, the Court of Justice was asked to clarify whether the imposition of those obligations on lawyers infringed the right to a fair trial.

The Court’s ruling, incorporated in the 4^th AMLD, stated that the obligations of information and cooperation apply to lawyers only in so far as they advise their client in the preparation or execution of certain transactions essentially of a financial nature or concerning real estate, or when they act for and on behalf of their client in any financial or real estate transaction. As a rule, those activities, by their very nature, take place in a context which has no link to judicial proceedings, and consequently, fall outside the scope of the right to a fair trial.

In any other case, the legal advice is subject to professional secrecy. So, as soon as a lawyer is called upon for assistance in defending a client or in representing that client before the courts, or for advice as to the manner of instituting or avoiding judicial proceedings, that lawyer is exempt from the obligations of information and cooperation, regardless of whether the information has been received or obtained before, during or after the proceedings. An exemption of that kind safeguards the right of the client to a fair trial.

9.      Next priorities…?

As for the next political priorities, certainly it is quite essential to ensure transposition: the AMLD must be implemented as soon as possible. The European Commission, in order to ensure an effective and consistent application of the Directive, will assist Member  States in the transposition of the Directive by organizing workshops and clarifying the interpretation of certain provisions.

It is also worthy to mention the new European Agenda on Security 2015-2020, adopted by the European Commission to support better cooperation between Member States in the fight against terrorism, organised crime and cybercrime. In the Agenda, indeed, there is an AML and a counter-terrorism dimension, so that it may be possible to have some further measures on financing. The Agenda mentions specifically preventative measures regarding freezing assets of EU internal terrorists (Article 75 of the treaty), but also expects some further initiatives at the international level, especially the mandate of FAFT to carry out a revision of initiatives existing in terrorist financing to see the effective application of these existing rules and to come up with potential new initiatives in terrorism financing. FATF may present a report in October this year.

*Reblogged from the FREE Group blog

Photo credit: www.gfintegrity.org