5AMLD: know your compliance changes
The 1st Anti-Money Laundering Directive (AMLD) was adopted by the EU in 1990. Nearly 30 years on, with new threats and increased digitalisation, regulators are changing the rules again to better protect consumers and businesses.
The 4th Anti-Money Laundering Directive (4MLD) had a deadline of June 2017 for the EU directives to become law in EU countries. The 5th Anti-Money Laundering Directive (5MLD) has a deadline of the 10 January 2020 for the same process. As for the 6th Anti-Money Laundering Directive (6MLD), proposals have already been published – and we can expect updated regulations in the next few years.
One of the biggest changes is in who AML legislation now affects. Previously, banks and money service businesses were the most affected, but now the scope is much wider than financial services. Letting agents and art dealers now must carry out checks on their customers and keep an audit trail. Cryptocurrency exchanges and wallets, previously unregulated by these laws, now have to follow the same rules as any other financial service.
For those regulated businesses, old and new, there are requirements which they will need to adopt by 10 January 2020 at the latest. We’ve identified 5AMLD’s key requirements and their impact on the customer due diligence and onboarding process for regulated firms transacting in Europe:
1. New registration demands
EU member states will each create a national register of beneficial ownership information on corporate and other legal entities, including trusts. These registers will be interconnected via a European central platform. All UK private limited companies and limited liability partnerships (LLPs) need to have their details registered, listing those people who have significant influence or control over a company.
By identifying who is pulling the strings, the thinking is that there is more chance of identifying someone using a business they only partly own for illegal activities. So rather than just listing a majority owner, the register will also list anyone who holds, directly or indirectly, more than 25% of the shares or more than 25% of the voting rights.
Proof of registration or an excerpt of the register must be collected before starting a new business relationship with a corporate or other legal entity, and public access will be granted for those with a legitimate interest in the beneficial ownership information.
While much of 4MLD was about know your customer (KYC), a big part of 5MLD is about know your business (KYB). The EU is keen to crack down on money laundering that uses business as a front. Just as a regulated business needs to perform checks on all of its individual customers, it needs to carry out checks on businesses too, identifying parent and subsidiary companies, shareholders, directors, and persons of significant control (PSCs) for a complete audit trail.
2. New understanding of risks
Also being updated is what constitutes a risky transaction. Payment companies are a major focus here with many being asked to perform KYC checks on a greater volume of their account holders. Prepaid companies, will need to carry out checks on customers using cards funded with more than €150 (down from €250). Payment service providers will make sure that those making a remote payment over €50 are identified. Three years after the deadline, KYC will apply to all remote payments.
As well as these reduced thresholds, there will also be a change in the way payments to high-risk third countries are dealt with. There will be new minimum requirements for enhanced customer due diligence including requirements to make the first payment to a verifiable account in the customer’s name and put in place additional security measures.
3. New punitive measures
Fail to get this right, and there will be sanctions. And – you’ve guessed it – the fines are higher than with 4AMLD.
Any fine levied will be twice the benefit derived from the transactions, €1m. For credit and financial institutions, this is increased to €5m or 10% of total annual turnover. The new fines are designed to give the regulations teeth, and make them something to be feared rather than just the cost of doing (shady) business.
It doesn’t stop with fines against the business. Management could be banned from running a regulated business and suffer a €5m fine. The business itself could be banned or suspended from activity. And even if a business avoids all of this, they could suffer reputational damage thanks to a public statement about the breach of regulation.
5AMLD may seem like a big step for the EU to take against those involved in money laundering, but it is in fact just one part of a process. The Panama papers and terrorist attacks on European cities has driven the appetite to further restrict the flow of capital to organised crime and terrorist funding. 5AMLD following fast on the heels of 4AMLD, and with 6AMLD already on the cards, shows that there are no plans for a lighter touch when it comes to risky transactions.
Regulated businesses, a term which becomes more inclusive with each iteration of regulation, need to stay ahead of these rules and obey both the spirit and the letter of the law. All the requirements significantly impact how businesses conduct due diligence and onboard new customers.
All regulated businesses will need to follow these rules – the ones that manage to do so without creating an onboarding nightmare will be in a far better position than their rivals.
By David Pope, marketing director, HooYu