What is the Commission proposing in the field of Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT)?
Today's AML/CFT package consists of four legislative proposals:
-A Regulation establishing an EU AML/CFT Authority in the form of a decentralised EU regulatory agency;
-A new Regulation on AML/CFT, containing directly applicable AML/CFT rules, including a revised EU list of entities subject to AML/CFT rules (known as Obliged Entities);
-A Directive on AML/CFT, replacing the existing EU AML/CFT Directive (Directive 2015/849 as amended) and containing provisions not appropriate for a Regulation and requiring national transposition, such as rules concerning national supervisors and Financial Intelligence Units in Member States;
-A recast of the 2015 Regulation on Transfers of Funds (Regulation 2015/847).
These four proposals together constitute an ambitious set of measures to modernise the EU's AML/CFT regime. They aim to establish a robust and future-proof enforcement system, which will contribute to improved detection of money laundering and terrorism financing in the Union. They follow up on the Commission's AML/CFT Action Plan of 7 May 2020.
Why is this package necessary?
Money laundering and terrorism financing (ML/TF) pose a serious threat to the integrity of the EU economy and financial system and to the security of its citizens. Europol estimated that around 1% of the EU's annual Gross Domestic Product is involved in suspect financial activity. In July 2019, following a number of prominent cases of money laundering in the EU, the Commission adopted a Communication on better implementation of the EU's AML/CFT framework and four reports on different aspects of AML/CFT policy. They analysed the effectiveness and efficiency of the current EU Anti-Money Laundering/Countering Financing of Terrorism (AML/CFT) regime, and concluded that reforms were necessary.
What is the basis of this package?
On 7 May 2020, the Commission presented an Action Plan for a comprehensive Union policy on preventing money laundering and terrorism financing. The Action Plan set out the measures that the Commission will undertake to better enforce, supervise and coordinate the EU's rules in this area, with six priorities:
-Ensuring effective implementation of the existing EU AML/CFT framework
-Establishing an EU single rulebook on AML/CFT
-Bringing about EU-level AML/CFT supervision
-Establishing a support and cooperation mechanism for FIUs
-Enforcing EU-level criminal law provisions and information exchange
-Strengthening the international dimension of the EU AML/CFT framework
Pillars 2, 3 and 4 of the Action Plan require legislative action, which has been proposed today.
What are the problems with the current AML/CFT regime?
The current framework takes the form of a Directive that requires transposition into national law. This often leads to delays in implementation and divergence in national rules, resulting in fragmented approaches across the EU. In addition, the current regime is not detailed or granular enough, which means there is not enough convergence. Finally, there is no central coordination body at EU level, which hinders cooperation between national supervisors and Financial Intelligence Units (FIUs), which is essential for a fully effective regime. These gaps are remedied in the current proposal.
How do the new proposals ease AML/CFT compliance for companies?
Cross-border obliged entities which fall under the direct supervision of the new Anti-Money Laundering Authority will benefit from having a single supervisor instead of a number of different national supervisors, simplifying their compliance. Cross-border obliged entities that do not fall under the direct supervision of the new Authority will still benefit from more harmonised rules with less divergence among different national regimes. All obliged entities, including domestic ones with no cross-border activity, should benefit from improved supervision (thanks to efforts by the EU Authority to help bring all national supervisors up to the level of the best performers) and from better feedback from FIUs which will enable more targeted reporting of suspicious transactions and activities.
EU AML Authority (AMLA)
What will the new EU AML/CFT Authority (AMLA) do?
The AML/CFT Authority will have two main areas of activity: AML/CFT supervision and supporting EU Financial Intelligence Units (FIUs).
AMLA will become the centre of an integrated system of national AML/CFT supervisory authorities, ensuring their mutual support and cooperation. The aim is supervisory convergence and a common supervisory culture. The Authority will have a coordination role in the non-financial sector. In the financial sector, it will also directly supervise financial sector entities that are exposed to the highest risk of money laundering and terrorism financing. Concerning FIUs, the Authority will facilitate cooperation, including by establishing standards for reporting and information exchange, supporting joint operational analyses, and by hosting the central online system, FIU.net.
How many staff members will the new Authority have?
It is envisaged that the Authority will have around 250 staff members. Of these, around 100 will work on direct supervision of certain obliged entities. They will work in joint supervisory teams that will include staff of the relevant national supervisors of these entities.
How will the new Authority be managed and take decisions?
The Authority will have a Chair and an Executive Director. The Executive Director will be in charge of the day-to-day management of the Authority and will be administratively responsible for budget implementation, resources, staff and procurement.
The Chair will represent the Authority and will run the two collegial governing bodies:
-Executive Board, composed of the Chair of the Authority and five permanent independent members;
-General Board, which will have two alternative compositions: a supervisory composition with heads of public authorities responsible for AML supervision and an FIU composition with heads of FIUs in the Member States.
The General Board will adopt all regulatory instruments. In its supervisory composition, it may also provide its opinion on any decision about directly supervised obliged entities prepared by a Joint Supervisory team before the adoption of the final decision by the Executive Board.
The Executive Board will take all decisions towards individual obliged entities or individual supervisory authorities where relevant. The Executive Board will also take decisions regarding the draft budget and other matters relating to operations and the functioning of the Authority. For this latter category of the decisions, the Commission will have a voting right on the Executive Board.
When will the new Authority start its work?
The Authority will be established in 2023 with the aim to start most of its activities in 2024, reach full staffing in 2026, and begin direct supervision of certain high-risk financial entities in 2026. Direct supervision can only start once the harmonised rulebook is completed and applies.
Will national supervisors and FIUs be abolished and replaced by the new EU body?
No. National supervisors and FIUs will remain in place as key elements of the EU's enforcement system for AML/CFT. The EU Authority will replace national supervisors only as a supervisor of a small number of cross-border financial sector entities in the highest risk category. The new package will create an integrated EU AML supervisory system closely involving national supervisors and the EU AML Authority. The Authority will also play a key role in supporting national FIUs in the conduct of joint analyses, but will not be an FIU itself and will not replace national FIUs.
Which entities will the Authority supervise directly, and how?
Directly supervised financial institutions will be determined in two ways:
-Financial sector Obliged Entities that are active in a significant proportion of Member States and have the highest risk profile in several of those Member States will be selected for ongoing direct supervision by the Authority. This selection will be based on objective criteria centred on risk categorisation and cross-border activity. The list will be reviewed periodically every three years. In order to ensure equal and fair selection, the methodology for risk categorisation of entities by national supervisors will be harmonised prior to the first selection. The first selection process based on harmonised methodology will be carried out by AMLA in 2025, with the selected entities transferred to EU-level supervision as of 2026.
-It will be possible for the Authority to request a Commission decision placing a financial sector Obliged Entity under its direct supervision, irrespective of criteria. This can happen if there is an indication that an entity is systematically failing to meet its AML/CFT requirements and that a significant ML/TF risk may materialise, should the national supervisor be unable to take quick, effective action to deal with such risks as recommended by the Authority.
Supervision of directly supervised entities will be carried out by Joint Supervisory Teams led by staff of the Authority and including staff of the relevant national supervisors. This model is drawn from the working methods of the EU Single Supervisory Mechanism for prudential supervision of banks.
Who will pay for the Authority?
Once the Authority has reached the necessary staff numbers, it will be funded 25% from the EU budget and 75% from financial contributions paid by a range of financial sector EU Obliged Entities. Non-financial Obliged Entities will not have to pay, nor will other financial sector Obliged Entities that do not meet the relevant selection criteria for direct supervision. The methodology for determining the list of entities subject to financial contributions and the calculation of contributions will be laid down in a Commission Delegated Act.
A Single EU Rulebook for AML/CFT
What is the “single EU rulebook” for AML/CFT?
The term “single EU rulebook” refers to a unified AML/CFT regulatory framework which includes directly applicable AML/CFT rules and requirements imposed on obliged entities. These rules will no longer need transposition into national law. The rules at EU level will be more detailed and granular than at present, and will include a number of Regulatory Technical Standards to be prepared by the future EU AML Authority (for example, on Customer Due Diligence). Member States will still be able to respond to specific risks, for example by requiring additional sectors at national level to apply AML/CFT rules if justified by specific risks in that Member State.
Who is on the list of obliged entities and who is being added to the list by the new rules?
Obliged entities are required to apply AML/CFT measures, including carrying out customer due diligence on clients and, in case of suspicions, to report these suspicions to FIUs.
Currently almost all financial institutions are obliged entities (banks, life insurance companies, payment service providers and investment firms) and various types of non-financial entities and operators, including lawyers, accountants, real estate agents, casinos, and certain types of Crypto-Asset Service Providers.
There will be a number of additions to the list of obliged entities, i.e. entities subject to EU AML/CFT rules:
-All types and categories of Crypto-Asset Service Provider. This will align EU legislation with the relevant FATF standards.
-Crowdfunding service providers falling outside the scope of the EU Crowdfunding Regulation (Regulation 2020/1503 of 7 October 2020). That Regulation already contains sufficient safeguards for crowdfunding services providers falling under its scope.
-Mortgage credit intermediaries and consumer credit providers that are not financial institutions, to ensure a level playing field between operators providing the same kind of services (given that financial institutions already qualify as Obliged Entities).
-Operators working on behalf of third country nationals to obtain a residence permit to live in an EU country (i.e. investor residence schemes), to mitigate any risk of the use of such schemes to launder money of criminal origin from outside the EU.
What is being proposed as regards beneficial ownership and registers?
The concept of beneficial ownership was introduced by Directive (EU) 2015/849 to increase the transparency of complex corporate structures. A beneficial owner is any natural person who ultimately owns or controls a legal entity, a trust or similar legal arrangement.
The provisions on beneficial ownership information in the Regulation clarify and expand those in the current EU AML/CFT legislation, including the concept of beneficial ownership and the requirement for all corporate and other legal entities to obtain and hold adequate, accurate and current beneficial ownership information.
The proposals include more detailed and harmonised rules to clarify the type of information needed to identify beneficial owner(s). The new rules clarify not only the obligations for legal entities and trustees to identify and verify their beneficial owners, but also their requirement to report that information to national beneficial ownership registers. Nominees are also required to report their status and the persons on whose behalf they are acting.
They also introduce an obligation for non-EU legal entities that have a link with the EU to register their beneficial ownership in the EU's beneficial ownership registers. In relation to the registers, the proposal still allows the collection of data in accordance with national systems, but will increase the adequacy, accuracy and timeliness of beneficial ownership data available in the registers through harmonised rules. In addition, the entities in charge of the national beneficial ownership register will receive more powers in order to verify that the information submitted to the beneficial ownership register is accurate, adequate and up-to-date, including on-site checks.
What about nominee shareholders and nominee directors?
Nominee arrangements may facilitate the concealment of the identity of the beneficial owner(s), because a nominee might act as the director or shareholder of a legal entity while the nominator is not always disclosed. Therefore, the proposal includes new disclosure requirements for nominee shareholders and nominee directors.
What is being proposed as regards bank account information?
The existing EU AML legislation requires Member States to establish registers or mechanisms to retrieve information about bank accounts and their owners. Now the Commission is proposing the establishment of a cross-border system between these national registers or mechanisms to enable FIUs to also access information from other Member States. This follows an extensive consultation carried out in the July 2019 AML package. A proposed amendment to the Directive on Access to Financial Information will ensure that law enforcement authorities can also access and search the system connecting the bank account registries. This will allow law enforcement authorities to swiftly identify whether a suspect holds bank accounts in other Member States, and therefore facilitates financial investigations and asset recovery in cross-border cases. All the robust safeguards of the Directive on access to financial information will also apply to law enforcement access to bank account information.
When will the new AML/CFT rulebook be effective?
Technical standards cannot be prepared by the AMLA before it exists. The full rulebook, including technical standards, is expected to be in place and apply by the end of 2025. To give the necessary time to AMLA to be up and running and complete the rulebook, the new regulatory framework will apply three years after its adoption.
What is being proposed regarding transfers of funds?
An amendment is being proposed to the 2015 EU Regulation on transfers of funds (Regulation 2015/847) to extend its scope to transfers of crypto-assets. This means that full information about the sender and beneficiary of such transfers will have to be included by crypto-asset service providers with all transfers of virtual assets, just as payment service providers currently do for wire transfers. The rationale is the same as for the original Regulation on funds: to identity those who send and receive crypto-assets for AML/CFT purposes, identify possible suspicious transactions and if necessary block them. Crypto-assets are increasingly used for money laundering and other criminal purposes, making this amendment urgent. It also aligns EU legislation with key standards of the Financial Action Task Force.
Summary: the rulebook (AML Regulation, AML Directive and recast of Fund Transfer Regulation)
Full application of the EU AML/CFT rules to the crypto sector
How are you ensuring that the crypto sector is now brought under the AML/CFT rules?
The application of AML rules to the crypto sector must be looked at in light of the Commission's recent package on digital finance. A first step to update the EU legal framework will be the adoption of the Markets in Crypto Assets (MiCA) Regulation, which will set requirements for EU issuers of crypto-assets and crypto-asset service providers wishing to apply for authorisation to provide their services in the Single Market. It also introduces a definition of crypto-assets and crypto-asset service providers encompassing a broad range of activities that corresponds to and even goes beyond the FATF requirements. The MiCA Regulation also introduces requirements for these service providers to be licensed and submit their senior management to fit and proper tests.
The new proposals on the AML/CFT framework will align the scope of the Anti-Money Laundering Directive - which already applies to exchanges of crypto-assets for money - with the activities covered by MiCA and notably exchanges of one crypto-asset for another. These proposed rules ban the possibility to open or use an anonymous crypto-asset account. They also broaden the possibility for Member States to require crypto-asset service providers established on their territory with a head office in another Member State to appoint a central contact point (as is currently already the case for electronic money issuers and payment service providers).
The Commission is also proposing an obligation for all crypto-asset service providers involved in crypto-asset transfers to collect and make accessible data on the originators and beneficiaries of the transfers of virtual or crypto assets they operate. This will be done via an amendment to the 2015 Regulation on Transfers of Funds (Regulation EU 2015/847). These new rules will significantly enhance the monitoring of crypto-asset service providers and ensure compliance with the relevant measures in the FATF Recommendations.
How do you ensure that the application of AML/CFT rules to the crypto sector will not stifle innovation?
Several law enforcement authorities indicated that ML/TF risks from crypto-assets have increased further since 2019, linked to the growth of the crypto-asset market. Credit institutions, investment firms, electronic money issuers and payment institutions are the sectors most exposed to these risks. These proposals have been designed to find the right balance between addressing these threats and complying with international standards while not creating excessive regulatory burden on the industry. On the contrary, these proposals will help the EU crypto-asset industry develop, as it will benefit from an updated, harmonised legal framework across the EU.
How is the Commission strengthening remote identification?
Digital identity solutions are essential for citizens and businesses to access digital services safely. They are a key step for finance to go digital and to more easily exploit the potential of the internal market.
As announced in the Digital Finance Strategy, the European Commission is working to establish a sound legal framework for the interoperable use of digital identity solutions to enable customers to access financial services quickly and easily. This includes putting in place an enabling framework to support the safe remote on-boarding of customers across the EU, in line with the AML/CTF risk-based approach. The proposals on the AML/CFT framework will assist in this, by harmonising CDD requirements, which will result in easier use of digital identity solutions and allow for greater cross-border operation. Moreover, the AML/CFT proposals further specify, by means of technical standards, aspects relating to detailed identification and authentication elements for on-boarding purposes. This will make it easier to identify and verify the identity of customers and check their credentials in a trusted and secure manner.
The changes to the AML/CFT framework will work seamlessly with the Commission's proposed framework for a European Digital Identity, which introduces significant improvements to the existing framework on electronic identification and will contribute to removing barriers to the cross-border use of digital identities in the financial sector.
Transactions in cash
What is the Commission proposing for cash?
Cash remains a preferred medium for criminals because it is hard to trace. Large cash purchases allow illegal proceeds to be invested in the real economy. Current EU rules already acknowledge the risk posed by large cash sums by requiring all operators trading goods that receive cash payments above €10,000 to apply AML/CFT requirements, while allowing Member States to adopt stricter measures. Two thirds of Member States have already gone beyond EU rules by setting limits on large cash transactions, ranging from €500 in Greece to just over €10,000 in Czechia.
The Commission is therefore proposing to introduce at EU level a maximum amount of €10,000 for large cash transactions. Member States will remain free to maintain lower limits at national level.
Such an upper limit will have a significant dampening effect on ML/TF in the EU, while maintaining the status of the euro as legal tender. Mechanisms are proposed to ensure that such a measure does not exclude citizens from the financial system.
Third countries policy and ML/TF threats from outside the Union
What is the Commission proposing as regards third countries and ML/TF threats from outside the EU?
The Commission proposes a revised approach to third countries, which aims at ensuring that external threats to the Union's financial system are effectively mitigated, by implementing a harmonised approach at EU level and ensuring more granularity and proportionality in the definition of the consequences attached to the listing, on a risk-sensitive basis.
Our proposed revised policy is based on the following elements:
-The Commission will identify third countries either taking into account the public identification by the relevant international standard-setter (the FATF) or on the basis of its own autonomous assessment. Third countries so identified by the Commission will be subjected to two different sets of consequences, proportionate to the risk they pose to the Union's financial system: (i) third countries subject to country-specific enhanced due diligence measures; and (ii) third countries subject to all enhanced due diligence measures and to additional country-specific countermeasures.
-In principle, third countries “subject to a call for action” by the FATF will be identified by the Commission as high-risk third countries (black list). Due to the persistent nature of the serious strategic deficiencies in their AML/CFT framework, all enhanced due diligence measures will apply to them as well as country-specific countermeasures to proportionately mitigate the threat.
-Third countries with compliance weaknesses in their AML/CFT regimes, defined as “subject to increased monitoring” by the FATF, will in principle be identified by the Commission and subject to country-specific enhanced due diligence measures, proportionate to the risks (grey list).
-The Commission may also identify third countries, which are not listed by the FATF, but which pose a specific threat to the Union's financial system and which, on the basis of that threat, will be subject either to country-specific enhanced due diligence measures or, where appropriate, to all enhanced due diligence measures and to countermeasures. In assessing the level of threat stemming from those third countries, the Commission may build on the technical expertise of AMLA.
Will this policy be more effective in addressing risks stemming from third countries?
The revised policy that the Commission is proposing will be more effective, as it will put in place a harmonised approach at Union level and a more granular determination of the Union's mitigating response to external threats, on a risk-sensitive basis. In turn, this will provide more clarity, consistency and proportionality in the implementation of the EU's AML/CFT policy towards third countries:
-The harmonisation of mitigating measures at EU level will ensure that the proper functioning of the internal market is protected in an efficient manner by a robust framework that is directly applicable to all obliged entities in the EU and which avoids divergences at Member State level, which would expose the entirety of Union's financial system to risks. The ability to calibrate the mitigating response on the basis of the specific risks posed by third countries will allow our framework to adapt to a fast-moving and complex international environment in which risks evolve rapidly, while ensuring the application of tailor-made and proportionate measures depending on the level of risk.
-Finally, the AML Authority will monitor specific risks, trends and methods to which the Union's financial system is exposed and will communicate with the Union's obliged entities about external threats. It will adopt guidelines defining external threats and inform obliged entities about them on a regular basis.
When will this new policy be implemented?
It will be implemented once the new legal framework starts applying (i.e. 3 years from the date of adoption), In the meantime, the current legal framework applies.
Will the Commission continue to do autonomous assessments of third countries?
Yes. The Commission will continue to undertake autonomous assessments to ensure that Money Laundering and Terrorist Financing (ML/TF) risks stemming from third countries which specifically threaten the Union's financial system are taken into account in a comprehensive and appropriate manner.
What will be the consequences of listing?
The consequence of listing will be commensurate with the level of risk. There are two set of consequences for third countries identified by the Commission:
-The application of country-specific enhanced due diligence measures harmonised at EU level. Those will apply to third countries identified by the Commission either because they are “subject to increased monitoring” by the FATF due to the compliance weaknesses in their AML/CFT regimes or on the basis of its autonomous assessment (grey list).
-The application of the whole set of enhanced due diligence measures and additional country-specific countermeasures harmonised at EU level. Those will apply to third countries identified by the Commission either because they are “subject to a call for action” by the FATF or on the basis of its autonomous assessment (black list). The more serious consequences in this case are justified by the heightened level of threat emanating from those third countries, which requires an effective, consistent and harmonised mitigating response at Union level.
In addition to these measures, the AML Authority will identify ML/TF risks, trends and methods at global level, going beyond the country-specific dimension. The AML Authority will issue guidelines to inform obliged entities about these risks so that they are aware of the evolution of the global situation on a regular basis.
For More Information