On July 20, the European Commission (EC) released an ‘ambitious’ package legislative consisting of four legislative proposals to strengthen the EU's AML/CTF rules which key provisions are highlighted hereunder.
Regulation establishing a new EU AML/CFT Authority (the ‘Authority’ or ‘AMLA’)
The AMLA will include tasks relating and not limited to:
Money laundering/terrorist financing (ML/TF) risks facing the internal market that include (1) monitoring developments and assess threats, vulnerabilities and risks, (2) collecting information on weaknesses identified in the application of AML/CFT rules by obliged entities, (3) establishing a central AML/CFT database.
Selected obliged entities, including (1) ensuring group-wide compliance with the requirements applicable to these entities, (2) carrying out supervisory reviews and assessments on individual entity and group-wide level to determine the adequacy of their ML/TF risk mitigation processes.
Financial supervisors, including (1) maintaining an up-to-date list of financial supervisors within the Union, (2) performing assessments of the strategies, capacities and resources of financial supervisors in the area of AML/CFT.
The Authority powers will include:
Supervisory and investigative powers on selected entities as well as the power to impose administrative pecuniary sanctions and periodic penalty payments.
With respect to supervisors and supervisory authorities, (1) requiring the submission of any information or document, (2) issuing guidelines and recommendations, (3) requesting data and analyses from Financial Intelligence Units (FIUs) that are relevant to the assessment of threats, vulnerabilities and risks facing the internal market, and (5) developing draft regulatory or implementing technical standards (RTS/ITS).
Regulation on the prevention of the use of the financial system for the purposes of ML/TF
The new regulation will be applicable to a wide range of stakeholders, i.e., obliged entities and will bring all service providers offering digital currencies into the scope of AML/CTF rules (so far only cryptoasset service providers are concerned).
Obliged entities will be subject to the following requirements:
Implementation of policies, controls and procedures in accordance with the Regulation.
Customer due diligence (e.g., identity verification, ongoing monitoring of the business relationship including scrutiny of transactions…): Obliged entities may be subject to simplified customer due diligence (CDD) measures when the business relationship or transaction present a low degree of risk (see Annex II and III for more details); for example, the requirement to verify the identity of the customer and the beneficial owner can be satisfied after the establishment of the business relationship. Enhanced CDD measures will apply when these are facing higher risks (e.g., third countries with compliance weaknesses, PEPs, etc.)
Beneficial ownership transparency: Identification, information, requirement related to nominees and foreign entities.
Reporting of suspicious transactions by, among others, using the format that will be provided by the RTS and by following the guidance on indicators of unusual or suspicious activity or behaviours that will be provided by the AMLA.
Data protection and record keeping, including the requirement to process personal data only to prevent ML/TF risks. Documents and information that should be retained by obliged entities include copy of the documents and information obtained during the CDD process. The retention period of personal data is reduced to 5 years.
Limits to large cash payments with an EU-wide limit of €10,000 or equivalent amount in national or foreign currency, whether the transaction is carried out in a single operation or in several operations which appear to be linked.
Sixth Directive on AML/CFT (AMLD6), replacing the existing Directive 2015/849/EU (the fourth AML directive as amended by the fifth AML directive)
AMLD6 includes requirements for:
The Beneficial ownership register: Access by competent authorities, self-regulatory bodies and obliged entities. Specific access rules to the registers for the public in regard to legal entities and trusts or similar arrangements.
Bank account registers and electronic data retrieval systems that will allow the timely identification of any natural or legal persons holding or controlling payment accounts and bank accounts with an IBAN.
Revision of the 2015 Regulation on Transfers of Funds to make it possible to trace transfers of crypto assets (Regulation 2015/847/EU).
The legislative package is yet to be discussed by the European Parliament and Council.
The AML authority is scheduled to be operational in 2024 and will start its mandate after the transposition of the directive and entry into force of the new rules.