Since 2008, regulators have been plugging the gaps revealed by the global financial crisis and have just put another brick in the financial services wall – the 4th Money Laundering Directive.
Last month, the much anticipated ‘IV’ was published in the official journal and will become the law of the land in 2 years’ time. Fortunately, CDMG celebrated this 510 days early to work out the big deltas with a number of large firms and their suppliers.
AMLD IV will expand the scope of customers and entities subjected to due diligence, require firms to maintain flexible risk processes and demand reporting to beneficial ownership registries. The most notable deltas are:
- Tax crime is now included as a predicate offence
- The extension of those who are considered PEPs
- The identification of the beneficial ownership of companies and trusts intended to be simplified through access to newly created beneficial ownership
- The introduction of risks assessments at EU and national level
- The AMLD III equivalency list of countries is now removed.
What does all this mean? As usual, more operational shifts required to systems that are already adapting to other regulations in parallel.
A predicate crime is a crime which underlies the crime itself, in this case money laundering. AMLD III introduced terrorism as its focus for predicate offences, and now tax crime is explicitly included as a predicate offence in AMLD IV.
Firms will need to assess tax evasion risk, amongst other additional criteria, when assessing the risk level of a customer before determining whether Simplified Due Diligence (SDD) or Enhanced Due Diligence (EDD) should apply.
Politically Exposed Persons
Under AMLD III, Politically Exposed Persons (PEPs) were defined as persons outside of the state. AMLD IV has expanded the definition. PEPs are now defined as those who are domestic PEPs, and those classified as international organisations.
It was proposed to limit the scope of the definition of PEPS to exclude certain family members, however, this has not materialised in the adopted text. Moreover, there was a proposed rule to extend the coverage of PEPs, after their removal from the position, to 18 months … again this has not occurred and it has remained at 12 months.
As a result, there is not the overhaul that that was initially expected. In addition, JWG analysis has established that a number of firms already track and monitor domestic PEPs.
Therefore, the central questions to ask are: who is already tracked and how much will the scope expand? If you already track domestic PEPS, then this may be an area which will need little change.
Simplified due diligence
AMLD IV requires firms to determine the level of risk posed by a customer before applying the appropriate level of customer due diligence. AMLD IV thus introduces a more measured application of this exemption by placing the onus on the firm to carry out a risk assessment.
When called upon, firms must be able to produce the evidence and reasoning behind their decisions. The threshold of what is acceptable evidence and reasoning remains somewhat hazy, and is a matter of interpretation for your policy folks. And, if you don’t already have a well-documented risk assessment matrix, you may want to consider revisiting the policy handbook sooner rather than later.
Beneficial ownership information
AMLD IV requires the establishment of beneficial ownership registries. How beneficial ownership information will be reported, refreshed and checked remains unclear.
Potentially, firms could be required to maintain beneficial ownership information held at the registry. However, firms will not be able to rely upon registry information as part of their due diligence procedures. Instead, they must use this beneficial ownership information alongside other criteria – which will sit in other databases – and will then need to reconcile the inevitable discrepancies.
One source of discrepancy will be that Member States can alter the beneficial ownership threshold of 25%.
The big question for the registries is: how do we manage the reporting?
Potentially, firms must update the register of beneficial owners if they know, or might reasonably be expected to know, that a change in beneficial ownership has occurred. Beneficial owners will also be under obligation to inform the company of any changes.
Furthermore, any person or organisation who can prove a legitimate interest in the information may also be able to access such information provided to the beneficial ownership registry, thus offering a level of transparency not previously provided.
Since firms cannot rely upon registry information, and there is a limited level of public access, there is still, at best, a blurred understanding of how useful registries will be.
AMLD IV requires that the European Commission issues a supranational risk assessment of the AML risks facing the EU and keeps it updated. Likewise, risk assessments will need to be undertaken on a national and firm level.
These risk assessments shall include an analysis of the highest risk structures by which criminals launder proceeds. In addition, Member States – individually – will be required to undertake assessments of the AML risks in their jurisdiction. These must be shared with firms to assist them in implementing effective and appropriate AML processes.
The assessment reports will help firms to establish and undertake an evidence based determination of the customer risk category and, consequently, whether simplified or enhanced due diligence needs to be applied. In addition, a third country report will be undertaken to help best assess the risks of 3rd countries and the implementation of appropriate AML processes.
At the firm level, there will be a requirement to document and keep up to date risk assessments on their clients, and make them available on request to regulators and supervising authorities.
This is a much negotiated piece of legislation and whether it’s a robust enough brick in the wall to tackle global financial crime, only time will tell.
What is certain is that AMLD IV requires firms to implement changes in how they tracks PEPs, determine control and report data to registries and align themselves with the tax department. New policies and procedures will have to be put in place and this will take time, money and resources where firms will not only have to step back and re-evaluate current processes, but will potentially have to reassess internal structures and train (or retrain) staff in the compliance obligations.
Firms should consider their own risk appetite, resources available and current procedures and ask themselves the hard questions early.
Despite the costs involved and a high possibility of a 5th Money Laundering Directive appearing, firms have to begin to work out how to get this done in addition to the rest of the KYC regulatory challenges taking place.