Tightening the net: the new EU AML Package & Implications

Stemming from the anti-money laundering directives implemented within the European Union over the past 20 years, the new EU AML Package includes the new Anti-Money Laundering Regulation (AMLR – “EU Single Rulebook”), a revision of the Anti-Money Laundering Directive (AMLD6) along with the establishment of a pan European authority known as AMLA (The Anti Money Laundering Authority). The new package was adopted on the 30 May 2024.

Arguably, the most important change is the introduction of a Regulation that will apply directly in all Member States without the need for national transposition into local laws. This means that most of the provisions in the AML Law will be replaced by the Regulation and exhaustively harmonises AML rules throughout the EU.

The new AML Directive focuses on the responsibilities of the financial intelligence units (i.e. MOKAS in Cyprus) and the improvement of cooperation between regulatory authorities and must be transposed into national law.

As to implementation, the Regulation will apply from mid-2027 and the Directive must be implemented into national law by mid-2027 as well.

Significant Features of the New AML Regulation EU “Single Rulebook”

• exhaustively harmonises anti-money laundering rules?for the first time throughout the EU, closing loopholes for fraudsters.
• extends the anti-money laundering rules to new obliged entities, such as most of the crypto-sector, traders of luxury goods, crowdfunding service providers and football clubs and agents. From 2029, top-tier professional football clubs involved in high-value financial transactions with investors or sponsors, including advertisers and the transfer of players, will also have to verify their clients' identities, monitor transactions and report any suspicious transaction to their governments.
• the EU-wide threshold for the application of CDD for occasional transactions has been lowered to EUR 10,000, but, there are some, more limited, CDD requirements that remain applicable even to transactions below this threshold, notably when carrying out occasional cash transactions amounting to a value of at least EUR 3,000. E.g. crypto-asset service providers: these entities are now required to apply some limited CDD measures, even for occasional transactions below EUR 1,000.
• sets detailed, directly-applicable rules in the area of beneficial ownership, and on accessibility of information on beneficial owners. Streamlining the beneficial ownership requirements to ensure an adequate level of transparency across the EU.
• clarification of some requirements concerning internal policies, controls, and procedures. The AMLR now specifies in greater detail the scope of such policies, as well as necessary internal measures to be adopted (including aspects pertaining to the compliance manager and officer). Two years after the entry into force of AMLR, the AML Authority (AMLA) shall issue guidelines on the elements that obliged entities should take into account when adopting their internal policies, procedures and controls and as regards?group-wide requirements, the scope of the policies, procedures and controls to be put in place by groups, notably with respect to guarantees concerning confidentiality, data protection and information sharing for AML/CFT purposes, the minimum content of which should be specified by the AMLA in regulatory standards. Internal controls and an independent audit function to test the internal policies and procedures referred to above and the controls in place in the obliged entity should be in place. In the absence of an independent audit function, obliged entities may have this test carried out by an external expert.
• creation of new categories of high-risk profiles clients to be detected by financial institutions.
• broadening of the definition of “politically exposed persons”. New criterion now includes,?inter alia,?the heads of regional and local authorities and groupings of municipalities and metropolitan regions. additionally, siblings of politically exposed persons are also included in the list of relevant family members, but further distinctions are to be applied with regard to when siblings are to be taken into account in cases concerning PEPs.
• deepening of the requirements to perform simplified due diligence on low-risk clients. Obliged entities will now have to take into account the increased list of risk variables and factors before being able to apply simplified customer due diligence to a given business relationship.
• adding guidance for the reporting of suspicious transactions (red flags raising suspicion are clarified).
• amendments regarding third-country policy measures and requirements regarding AML/CFT threats from outside the EU. The AMLR confers new powers on the EU Commission to adopt delegated acts in this field. In addition to the option to also adopt specific countermeasures, the AMLR distinguishes between different types of third countries. Depending on which third country category is relevant to the specific case, obliged entities will have to apply either all or only some selected enhanced due diligence measures.
• specific EDD for certain types of cross-border correspondent business relationships in addition to the existing requirements (for detailed requirements for specific types of cross-border correspondent relationships, for example, when involving crypto-asset service providers or where the third country faces increased concerns from an AML/CFT perspective.
• integration of a regulatory framework for the organisation of outsourcing activities and third-party reliance in the framework of AML/CFT tasks and client due diligence.
• appointment of the EU Commission to carry out a compliance assessment of third countries' policies with EU AML/CTF regulations, to establish a list of "high-risk countries" for enhanced due diligence.
• people with a legitimate interest, including journalists, civil society organisations, competent authorities and supervisory bodies, will have 'immediate, unfiltered, direct and free' access to beneficial ownership information held in national registries and interconnected at EU level.

The 6AMLD & Critical Changes

The 6th AML Directive EU is aimed at?removing loopholes from domestic legislation of Member States by harmonising the definition of money laundering across the EU.

For the first time in an EU AML directive 6, cybercrime and environmental crimes have been listed as a predicate offence.

Based on the current text, AMLD6 will be required to be transposed into national law within three years of the date on which it enters into force (likely to be mid-2027), subject to certain derogations.

• Increased Regulatory Scope. Addition of a number of offences that qualify as money laundering, including “aiding and abetting.” Prior to 6AMLD, EU money laundering regulations attempted to prosecute only those who profited directly from the act of money laundering; however, the new rules hold so-called “enablers” legally liable.??
• Clarification of Money Laundering Penalties. Penalties are clearly defined for both people and corporations engaging in ML activities.? Previously, only individuals could be prosecuted for money laundering. Criminal culpability now expands to legal entities like corporations or partnerships so that a legal person can be held liable for the crime of ML if it is proven that they failed to prevent a “directing mind” from within the corporation from carrying out the illicit conduct. Practically, the new laws impose AML/CFT duty on management staff as well as employees operating independently.?
• Enhanced Collaboration Among EU Members. Emphasis on greater cooperation aiming to develop a more cohesive and interconnected strategy to addressing money laundering concerns across the EU in an attempt to promote seamless coordination among EU member states by adopting uniform provisions for investigative instruments and jurisdictional rules.?One important issue addressed by 6AMLD is the idea of dual criminality and the directive establishes precise information-sharing standards between jurisdictions, allowing criminal prosecution of related offences in various EU member states.? Essentially, this means criminalising specific predicate offences such as terrorism, drug trafficking, human trafficking, and corruption, regardless of their legality in individual states. What's more, 6AMLD establishes criteria for authorities to consider when determining how and where prosecutions should be conducted, such as the victims’ country of origin, the offender’s nationality or residence, and the jurisdiction where the offence occurred, ensuring a comprehensive and coordinated approach to combating money laundering in the EU.?
• FIUs. Apart from access to central beneficial ownership registers, FIUs will gain direct access to financial, administrative and law enforcement information, including tax information and information on funds and assets frozen pursuant to financial sanctions. A framework for FIUs to suspend or withhold consent to a transaction that raises suspicions of ML/TF will be introduced to enable FIUs to assess the transaction and suspicions and share the results with the relevant national competent authorities to allow for appropriate action to be taken.
• National supervision. Each Member State will be required to ensure that obliged entities are subject to adequate and effective supervision under a risk-based approach. National competent authorities will be required to report suspicions of ML/TF with a cross-border element to FIUs.
• Beneficial ownership. Enhanced rules regarding beneficial ownership information and their recording in UBO Registers. To ensure adequate, accurate and up to date beneficial ownership information, AMLD6 prescribes further powers to the authorities in charge of the central registers to verify the beneficial ownership information submitted to them such as: the power to perform on-site inspections at the premises of legal entities that are registered in circumstances where there are doubts regarding the accuracy of the information submitted and in cases of inconsistencies or inaccuracies detected, Registers shall ‘withhold or suspend the proof of registration in the Central Register, until the failures have been corrected’. Furthermore, the data shall be screened against designations in relation to targeted financial sanctions. In order to reduce the risks associated with legal entities that are established outside of the EU, the new rules require non-EU legal entities to register their beneficial ownership in the central beneficial ownership register where they have a link with the EU, for example if they own real estate in the EU.
• Centralised bank account registers. Member States must create centralised bank account registers recording who owns which bank account and where an such information must be made available to FIUs through a single access point.

AMLA: The Guards of the Guardians!

The new Pan European Anti Money Laundering Authority will be seated in Frankfurt. It will be charged with, among other things, directly supervising the largest financial institutions, intervening in case of supervisory failures, acting as a central hub for supervisors and mediating disputes between them. It is expected to start its operations in mid-2025 and will begin direct supervision after the new EU AML/CFT framework applies, in 2028.

Objective: ‘to protect the public interest, the stability and the integrity of the Union’s financial system and the good functioning of the internal market’.

Mission and goals

A decentralised EU agency that will coordinate national authorities to ensure the correct and consistent application of EU rules.?

Aim is to transform the AML/CFT supervision in the EU and enhance cooperation among FIUs.

Governance

Two collegial bodies

1.The Executive Board, composed of the Chair and five full-time members, including the Vice-Chair.

2.The General Board, which will have two alternative compositions: a supervisory composition with heads of public authorities responsible for AML supervision and an FIU composition with heads of Financial Intelligence Units (FIUs) in the Member States.?

Functions

Two main areas of activity

1.AML/CFT supervision

2.Supporting EU FIUs

In the non-financial sector, the aim is supervisory convergence and a common?supervisory culture, having a coordination and convergence role.

In the financial sector, it will also directly supervise a number of selected financial sector entities that are exposed to the high risk of ML/TF and operate on cross border basis in at least six Member States.

It will be able to take over supervision of any obliged entity on request from the national supervisor, or on its own initiative, where there is a Union interest to do so.

Concerning FIUs, AMLA will:

• Facilitate cooperation, information exchange and identification of best practices among FIUs.
• Establish standards for reporting and information exchange, by initiating or organising and supporting joint operational analyses, organising peer reviews among FIUs, and by hosting and developing the FIU.net system used both by FIUs and Europol to exchange and cross-match information. AMLA will itself be an end-user of the system and its functionalities.

Impact & Preparation

So what do all these new rules mean for us professionals? The AMLAR, AMLR and AMLD 6 augment the obligations related to AML and CFT. As such, we must establish a good understanding of the new regulatory landscape, ensuring our staff and management are trained accordingly. We should also examine our AML technology capability to ensure it meets the increased regulatory scope, update our AML/KYC compliance program, standards, and policies and manual to reflect the enhanced regulatory environment and increased legal risk, taking into account the latest updates from?the EU, FATF, re-evaluate existing risk scoring methodologies and Key Risk Indicators (KRIs) across internal procedures and processes, identify issues and geographies where the greatest change will be required, to prioritise efforts to ensure compliance.

Final Comments

There is still a long road ahead before the requirements are finalised and firms need to implement changes in their control frameworks. Implementation dates will depend on the swiftness of the legislative process.

The net has been tightened by this landmark reform.

?

?

?