Wolters Kluwer: EU’s new money laundering rules create fog of uncertainty
Posted: 6 January 2016 | Author: Michael Imeson | Source: Wolters Kluwer
The EU’s rules on the prevention of money laundering and terrorist financing are already tough, but they are about get tougher. The 4 th Anti-Money Laundering Directive (AMLD) “entered into force” in June 2015 and will become “applicable” when member states have transposed it into national law by June 2017.
As with most EU laws, “entering into force” is quite different from being “applicable”, which is confusing to say the least. But at least banks and other firms preparing to meet the requirements have two years to get their house in order.
The related Transfers of Funds Regulation also entered into force in June 2015 and will apply from June 2017. However, as it is a Regulation it will be “directly applicable” in all member states, meaning that it cannot be amended, unlike the Directive which can be changed slightly when being written into national law.
The Directive and Regulation will apply not just to banks and other financial institutions, but also to auditors, accountants, all businesses that make or receive cash payments for goods worth more than €10,000, and other entities such as trusts. Gambling operators could also be subject to the new rules but whether they are or not will be left to each state to decide.
The European Supervisory Agencies (ESAs) – the EBA, ESMA and EIOPA – have drafted detailed guidelines on how the new rules should be applied. They are currently consulting on them with industry bodies like the British Bankers’ Association and the European Banking Federation, whose staff are scratching their heads trying to interpret exactly what the Directive will mean for their members.
The Directive in summary
The 4 th AML Directive’s main requirements are as follows. It:
- Refines the rules on customer due diligence (CDD), placing a greater emphasis on banks and other firms to conduct customer risk assessments, in line with the Financial Action Task Force (FATF) recommendations of 2012. The CDD rules vary depending on the risk – more vigilance is required where the risks are greater (in other words, enhanced CDD), and less where the risks are lower (simplified CDD). It contains explicit lists of the risks to be taken into account when conducting risk assessments of customers, and determining whether enhanced CDD or simplified CDD is required.
- Requires the European Commission to conduct a risk assessment of money laundering and terrorist financing. The first report will be published by June 2017.
- Requires all member states to conduct their own national risk assessments (NRAs) of money laundering and terrorist financing taking place in their jurisdiction. The UK government – HM Treasury and the Home Office – published its NRA this October.
- Requires EU member states to keep central registers of information on the ultimate “beneficial” owners of companies, trusts and other legal entities. These registers will be open to the authorities, to “obliged entities” (entities covered by money laundering rules, such as banks conducting customer due diligence) and to people with a “legitimate interest”, such as investigative journalists.
- Requires banks, auditors, lawyers and other organisations to comply with specific reporting obligations on suspicious transactions made by their clients.
- Clarifies the rules on “politically-exposed persons” (PEPs) – people at a higher than usual risk of corruption due to the political positions they hold, as well as their family members – and requires domestic PEPs to be given the same risk status as foreign ones and so subject to enhanced CDD.
- Widens the scope of entities and transactions covered by the EU’s AML rules. For example, companies providing gambling services are now covered by the Directive, though it will be up to individual states to decide whether they are actually covered by national law. It also lowers the cash transaction threshold for trade in goods, from €15,000 to €10,000).
- Empowers the European Commission to identify non-EU countries with slack anti-money laundering and counter terrorist financing regimes. This will have the effect of “naming and shaming” these countries, as well as placing a greater burden on banks to keep a closer eye on its customers in those countries.
The Regulation in summary
The Transfers of Funds Regulation requires payment service providers (PSPs) to collect information accompanying fund transfers so the transfers can be traced, thus making it easier to assess at any point if they are illicit.
The Regulation states: “The full traceability of transfers of funds can be a particularly important and valuable tool in the prevention, detection and investigation of money laundering and terrorist financing, as well as in the implementation of restrictive measures.” It has therefore created a system that obliges PSPs arranging funds transfers to ensure that comprehensive information on the payer and payee is included in the transfer.
Guidelines from the European Supervisory Authorities
The Joint Committee of the three European Supervisory Authorities (ESAs) – the European Banking Authority, European Insurance and Occupational Pensions Authority, and European Securities and Markets Authority – in October launched a public consultation on two sets of anti-money laundering (AML) and countering the financing of terrorism (CFT) guidelines. They set out how the Directive should be applied by banks, other financial firms and national authorities across the EU.
The ESAs will hold a public hearing on the draft guidelines at the EBA’s offices in London on 15 December. The consultation closes on 22 January 2015.
The consultation paper on the “Risk-Based Supervision Guidelines” is for national authorities responsible for supervising credit and financial institutions’ compliance with the new rules. The guidelines specify the characteristics of a risk-based approach to AML/CFT supervision and state what the authorities should do to ensure that their allocation of resources is commensurate to the level of AML/CFT risk in the financial sector.
The consultation paper on the “Risk-Factors Guidelines” is for financial institutions and their national supervisors. It gives guidance on the factors firms should consider when assessing the money laundering and terrorist financing risk of their customers, and how they should adjust their customer due diligence measures as a result. The paper also helps supervisors assess whether firms’ risk assessment and management systems are adequate.
Industry reaction – non-bank payment service providers
While supportive of measures to clampdown on money laundering and terrorist financing, banks and other payment service providers are concerned about the burden of compliance.
“Perhaps the most significant aspect of the Directive is the increased breadth of the risk assessments that have to be carried out for money laundering and terrorist financing risks, says Dr Thaer Sabri, Chief Executive of the Electronic Money Association. The EMA is the trade body for Europe’s electronic money issuers and innovative payment service providers. Members include Airbnb, American Express, Facebook Payments International, Google Payment, PayPal Europe and Worldpay UK.
“Member states have to perform national risk assessments, which the UK government has done and it published the results in October,” explains Dr Sabri. “A pan-European risk assessment is also required and is being carried out by the European Commission, which will be ready by June 2017. Similarly the ESAs have published draft Guidelines on the risk factors that have to be taken into consideration.
“Individual organisations who already carry out their own risk assessments, will now have to incorporate the national risk assessments, the pan-European assessment and the EBA guidelines into their own reviews. This will then inform the degree of customer due diligence and other controls that they apply in relation to customers and transactions.
“Firms need to be aware that individual member states have the capacity to exceed the requirements of the Directive. In the wake of the recent terrorist attacks in Paris, there will be pressure on governments to do this, so the rules may change over time and may differ from state to state.”
Dr Sabri is disappointed that the Directive does not address the de-risking phenomenon, where banks are refusing to open accounts for payment service providers (PSP) whom they regard as posing too high a risk. This heightened risk comes from banks interpreting their obligations as extending to ‘knowing their customer’s customer’, a concept founded in correspondent banking where a bank must satisfy itself that its correspondent’s systems are compliant. However, Dr Sabri believes this concept should not be applied outside correspondent banking, particularly where a PSP is regulated in the same jurisdiction as the bank.
“Regulators across Europe have sought to lessen the impact of this phenomenon by stating that banks should not assess risks based on an entire sector, but rather on individual relationships,” says Dr Sabri. “They cannot however force banks to enter into commercial relationships with individual businesses if they don’t want to.
“The EMA has proposed that regulators provide comfort or safe harbour letters that clarify the extent of banks’ obligations in respect of other payment service providers, a compromise that may resolve the current impasse. The alternative – of banks turning away other payment service providers when they are both regulated by the same, or equivalent regulators – is unreasonable. But it’s happening.”
The Association of UK Payment Institutions (AUKPI), which represents money service businesses (MSBs) – also known as money transfer shops or bureaux de change – says it is not clear what practical effect the Directive will have on its 120 members, most of which are FCA Authorised Payment Institutions, and the rest FCA Registered Payment Institutions.
“We will need to wait for clarification from the FCA on the new Money Laundering Regulations that will implement the Directive in the UK,” says Dominic Thorncroft, Executive Chairman of AUKPI.
Industry reaction – banks
The British Bankers’ Association (BBA) was closely involved in the European Commission’s consultation on the Directive and also engaged with EU parliamentarians. “The Directive is necessary to bring the revised FATF standards into EU law,” says Matthew Allen, Director of Financial Crime at the BBA. “It will help bring greater coherence to the EU’s approach to AML.
“However, there are some areas where we require greater clarity, in particular on politically exposed persons (PEPs), correspondent banking and the enhanced due diligence that has to be applied to these and other customer categories.”
He says that the ESA guidelines currently being consulted on do provide a great deal of clarity on how the Directive’s requirements should be implemented, but they do not go far enough.
Take, for example, PEPs. “All PEPs whether domestic or foreign, are deemed as high risk under the Directive, and therefore there is an expectation of enhanced due diligence,” says Mr Allen. “The question is, how much enhanced due diligence will have to be applied, and how do banks develop a risk-based approach to it?”
Take correspondent banking. “The Directive provides a broader definition than usual of what correspondent banking is,” he says. “The question is, when should enhanced due diligence apply? Will it have to be applied to all correspondent banking relationships, even though most are relatively low risk?”
The ESA guidelines set out a range of risk factors that firms must consider, such as geographical risk, where certain countries are deemed to pose a greater risk than others. “Under the Directive, banks are expected to take into consideration geographical risk when deciding on the level of due diligence that should to be applied to customer relationships,” says Mr Allen. “But how should geographical risk be measured? Where will the information allowing them to assess the risks come from?”
Although official guidance is needed, banks are in danger of being swamped by it. In addition to the ESA guidance, the European Commission is undertaking a supranational risk assessment, and banks will have to take into consideration its findings when they are published.
Banks will also have to base their AML procedures on the national risk assessments produced by every EU member state, as well as on the national money laundering regulations that each state will publish.
“There will also be industry guidance to follow, such as that provided in the UK by the Joint Money Laundering Steering Group (JMLSG),” says Mr Allen. “Yet another challenge is that there are several international bodies outside the EU that are producing texts on AML – the Basel Committee, for instance. All of this could prove too confusing. There is a lot of guidance out there and we are looking for coherence.”