On 5 June 2015, the Fourth Money Laundering Directive (Directive (EU) 2015/849) ("MLD4") was published in the Official Journal of the EU. MLD4 extends and replaces the Third Money Laundering Directive ("MLD3"), which is the existing EU anti-money laundering ("AML") and counter terrorist financing ("CTF") regime.
Member States are obliged to transpose MLD4 into national law by 26 June 2017.
The introduction of MLD4 is largely driven by revisions to the FATF Recommendations which were adopted in February 2012 in order to address emerging AML and CTF concerns. The European Commission (the "EC") also published a report in 2012, which reviewed MLD3.
Consequently, the first draft of MLD4 was published in February 2013 and political agreement was reached at the end of 2014. MLD4 was published in the Official Journal following adoption by the EU Council in April 2015 and by the European Parliament in May 2015. MLD4 is designed to strengthen the EU's defences against money laundering and terrorist financing.
In this briefing, we propose to outline some of the important aspects of MLD4, namely, the risk-based approach, beneficial ownership, the scope of customer due diligence requirements, politically exposed persons ("PEPs"), reliance on third parties, enforcement, as well as the next steps involved.
Certain significant changes introduced by MLD4 are outlined below.
(i) Risk-Based Approach
MLD4 places a greater emphasis on utilising the risk-based approach as a mechanism to identify and lessen the risks associated with money laundering and terrorist financing. Risk assessments must be undertaken at EU level, by Member States and also by entities falling within the scope of MLD4, i.e., those listed in Article 2(1) of MLD4 ("Obliged Entities").
From an EU perspective, the EC's risk assessment must address cross-border threats that could affect the internal market, while that of the European Supervisory Authorities ("ESAs") should focus on the risks affecting the financial sector. Risk assessments carried out at national level by Member States, as well as by Obliged Entities, must focus on the risks that affect each of them specifically. The objective of the risk assessment is to identify, understand and mitigate the risk of money laundering and terrorist financing. Obliged Entities are also required to implement policies, controls and procedures in order to manage and mitigate the associated risks.
MLD4 removes the exemptions from Customer Due Diligence ("CDD") requirements in respect of certain entities (e.g. where firms are credit or financial institutions or listed companies whose securities are admitted to trading on a regulated market). Accordingly, Obliged Entities will have to carry out their own risk assessment to determine if simplified CDD is appropriate and engage in adequate monitoring to enable the detection of suspicious transactions.
(ii) Beneficial Ownership
MLD4 requires that Member States ensure that entities incorporated in their jurisdictions hold adequate, accurate and current information regarding their beneficial ownership. This information must be stored on a central register which can be accessed by competent authorities and EU Financial Intelligence Units ("FIUs"), Obliged Entities and others that can demonstrate a legitimate interest.
MLD4 also provides clarity around "indirect ownership" and introduces some new rules in respect of the beneficial ownership of trusts, including details of the beneficial interest held. For example, Member States are obliged to require trustees of any express trust to obtain and hold adequate and up-to-date information on beneficial ownership regarding the trust. MLD4 states that, when the trust gives rise to tax consequences, Member States must ensure that the beneficial ownership information held by trustees is held on a central register. Trustees must also provide beneficial ownership information to Obliged Entities in a timely manner, in accordance with CDD framework requirements.
(iii) Scope of Customer Due Diligence Requirements
MLD4 has a wider scope than MLD3 and therefore expands the circumstances in which CDD should be carried out by Obliged Entities, to include the following:
- Occasional cash transactions amounting to €10,000 or more in the case of persons trading in goods, i.e., persons trading in goods to the extent that they make or receive cash payments of €10,000 or more will be obliged to conduct CDD (whether the transaction is carried out in a single operation or in several operations which appear to be linked);
- Single transactions of €2,000 or more for providers of gambling services, i.e., providers of gambling services will be obliged to conduct CDD for single transactions, upon the collection of winnings, the wagering of a stake, or both, when carrying out transactions amounting to €2,000 or more (whether the transaction is carried out in a single operation or in several operations which appear to be linked). However, in proven low-risk circumstances Member States may discharge some gambling services from certain obligations under MLD4; and
- In addition, the scope of the exemption in respect of CDD for electronic money has become more strict in the case of rechargeable devices.
MLD4 clarifies the definition of a PEP and widens the categories of individuals who can be regarded as PEPs to include members of the governing bodies of political parties, and directors, deputy directors and members of the board or equivalent function of an international organisation.
The rules relating to PEPs are also extended to cover domestic PEPs. MLD4 requires that, when a person ceases to be a PEP, an Obliged Entity must consider the continuing risk imposed by that person for at least twelve months. Risk-sensitive measures must be applied until that person is deemed to pose no further risk specific to PEPs. Furthermore, Obliged Entities are not entitled to rely exclusively on PEP lists, they are responsible for making their own determination as to whether a customer is a PEP, or associated with a PEP.
(vi) Reliance on Third Parties
MLD4 will continue to allow Obliged Entities to rely on third parties for CDD requirements in order to ease the burden of compliance. Similarly, third parties that are situated in a non-EU Member State must apply equivalent CDD and record keeping requirements to those in MLD4. It will need to be ensured that reliance on third parties meets the obligations imposed by MLD4 as certain requirements in this regard have been amended.
As with MLD3, MLD4 explicitly prohibits Obliged Entities from relying on third parties established in high-risk countries. However, MLD4 provides that Member States may exempt branches and majority owned subsidiaries from this prohibition where they fully comply with group-wide policies and procedures.
MLD4 sets out that the onus lies with the Obliged Entity to ensure that it is provided with the required CDD information from the third party and that adequate steps are taken to ensure that the third party provides immediately, upon request, the relevant documentation regarding the customer's identity.
MLD4 places greater emphasis on enforcement and sanctions and sets out detailed provisions as to the type of administrative sanctions and measures that, at a minimum, should be implemented by Member States. Sanctions under MLD4 include pecuniary and non-pecuniary sanctions. A maximum administrative pecuniary sanction of at least twice the amount of the benefit derived from the breach (where that benefit can be determined) or at least €1,000,000 may be imposed. In respect of credit institutions and financial institutions, a maximum administrative pecuniary sanction of at least €5,000,000 or 10% of total annual turnover in the case of a legal person, and at least €5,000,000 in the case of a natural person may be imposed.
MLD4 provides that the ESAs, through their Joint Committee must publish guidelines on the risks of money laundering and terrorist financing affecting the EU financial sector. MLD4 also makes provision for the publication of delegated acts and technical standards by the European Commission. As outlined above, Member States must bring into force the laws, regulations and administrative provisions to comply with MLD4 by 26 June 2017. It should also be borne in mind that Member States may impose more stringent obligations than those outlined in the directive itself. Firms must now start preparing for compliance with the new rules and will need to consider the effect that MLD4 may have on their business.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.