Preparing to implement the fourth AML directive

Money laundering and the increasing role it plays in terrorist financing is almost never out of the news.

The extent to which terrorist groups are able to mobilise support has risen significantly and many, such as the Islamic State of Iraq and the Levant (ISIL), are clearly very well-financed. Thanks to continuing property market buoyancy, London has been labeled as a major money laundering capital, and financial institutions, law enforcement authorities and EU member states are working together globally to halt further advances by enhancing existing anti-money laundering (AML) legislation.

As the most significant legislative change to affect member states across Europe, Jennifer Hanley-Giersch and John Byrne outline the principal changes being introduced and what the compliance implications are.

What are the key legislative changes?

Enhanced AML-related legislation was introduced within the UK and other EU member countries in February 2015 with the Fourth AML Directive. This was designed to tighten cross-border controls, and countries have until 2017 to implement the changes required into their legislation.

Although ultimate accountability for AML activity within an institution continues to primarily be the preserve of dedicated AML compliance officers, the extent of personal responsibility and liability has widened for all compliance professionals as a result of the new directive. In particular, the legal obligations have been strengthened in the following ways:

• A tighter, more risk-based approach to customer due diligence/know your customer (CDD/KYC) controls is required, with enhanced efforts for higher risk sectors. For example, ‘obliged entities,’ such as banks, are required to take enhanced measures where the risks are greater and can take simplified measures where risks are demonstrated to be smaller. Governance and compliance professionals need the ability to ascertain the levels of risk presented and adapt procedures accordingly
• New rules have been introduced requiring individuals (natural persons) having ultimate beneficial ownership to be identified, with records maintained on a beneficial ownership registry. Beneficial ownership information will be held in a ‘specified location’ and unlimited access will be available for competent authorities and financial intelligence units (FIUs). In addition, depending on the member state’s individual policies, banks and other obliged entities will have access to the registry. For AML compliance purposes, a beneficial owner of a company entity has a minimum of 25% direct or indirect ownership
• The definition of a politically exposed person (PEP) has been expanded to include domestic and foreign PEPs and those within international organisations. The rule would apply to heads of state, government and parliament members, members of the judiciary and directors of state-owned enterprises, among others such as close family members
• Tax crimes have been added to expand list of predicate offenses for money laundering-related offences
• The threshold to trigger AML procedures from cash payments has been lowered from 15,000 to 7,500 euros and individual member states have the option to set their own thresholds even lower based on risk perception levels. Added to this, the scope of rules relating to the disclosure of all payments made in excess of 7,500 euros under the ‘obliged entities’ rules has been expanded beyond casinos to include the entire gambling sector
• Cooperation between national FIUs that are involved with the analysis and dissemination of information about suspected money laundering or terrorist financing has been strengthened
• Administrative sanctioning powers of the national authorities have been reinforced and cooperation between national authorities on cross border cases is now required
• A minimum level pecuniary fine of at least 1 million euros has been set. In cases of breaches involving credit or financial institutions, a minimum of 5 million euros or equivalent in sanctions has been set as a penalty level
Of key relevance when implementing the new Fourth AML Directive, far greater emphasis has been placed on ensuring a new enhanced risk-based approach as opposed to allowing individual states the flexibility to decide whether the rules could be simplified in accordance with the perceived risk. Now an enhanced risk-based approach coupled with multilevel interconnected risk assessment requirements have been set at the country, institutional and customer levels.

It will, therefore, be necessary to adopt evidence-based measures when implementing the revisions to the Fourth AML Directive, which are supplemented with a minimum list of factors to be developed by the European Supervisory Authorities (ESAs). This new risk-based approach and the way existing systems should be adapted accordingly, is at the core of the implementation challenges facing institutions. For example, enhanced due diligence (EDD) procedures will be required that go beyond existing CDD, but which approach should apply and under what circumstances? On what basis will the new, more risk- and evidence-based decision making requirement be made? New methods, information sources and monitoring approaches will inevitably be required, which will necessitate the development of more sophisticated and flexible risk assessment tools.

Practicalities of implementing the Fourth AML Directive

From a practical standpoint, one of the biggest changes required to comply with the Fourth AML Directive will be the process optimization required to meet the stricter new CDD/KYC requirements. Since the IRS provided a two-year window for institutions to become FATCA (Foreign Account Tax Compliance Act) compliant when the new legislation was introduced in 2014, many of the changes required will currently be undergoing implementation. Those organisations that have already implemented the revised Financial Action Task Force (FATF) standards, as outlined in the original recommendations made in 2012, will most likely only need to make some minor adjustments to adequately implement the changes required in the Fourth AML Directive. The most significant of these will be implementing the necessary risk assessments required by policy regulators, since the AML directive is significantly more risk-based than the FATCA requirements.

Conversely, if within an organisation, its processes are more in keeping with the requirements of the Third AML Directive, major reforms will be required, in particular with regard to the broader criteria of PEPs, lower threshold for reporting cash transactions and addition of a beneficial ownership registry for all connected individuals associated with a company.

Potential further implications due to Serious Crime Bill

Within the UK, specifically, additional legislation has been introduced in the form of the Serious Crime Bill, which has just received Royal Assent. As defined by the UK government, the Serious Crime Bill is designed to “send a clear signal to discourage corrupt and complicit professionals and others who provide the materials, services, infrastructure, information and other support that organised crime groups (three or more people working together to pursue criminal activity) need.”

Importantly, the bill contains an important new offence of “participation in the criminal activities of an organised crime group.” It carries a maximum sentence of five years imprisonment and is specifically targeting professional advisors who may provide support indirectly, at arm’s length. This is worthy of mention, because of the interaction and interplay between the requirements outlined in the Fourth AML Directive and implications of the Serious Crime Bill. Legal and compliance professionals could unwittingly, be involved in the provision of materials, services, infrastructure, information and other support to facilitate organised crime if they fail to adhere to the requirements of the Fourth AML Directive.

An opportunity for process re-design

Therefore, with the introduction of the Fourth AML Directive, comes an opportunity for institutions to include FATCA requirements for high-risk clients into an all-round amended framework based on a comprehensive, risk-based approach and re-designed KYC procedures. The challenge will be to simultaneously cater for the increased and predominantly rules-based requirements of FATCA, whilst at the same time, making provisions for the risk-based due diligence requirements, which will come into force with the Fourth AML Directive. Assuming both can be mastered, organisations will have the opportunity to benefit from both increased efficiencies and improved compliance processes and procedures.