The Fourth Anti-Money Laundering Directive
On May 20, 2015, after two years of debate, the Fourth Anti-Money Laundering Directive (directive no. 2015/849/EU, hereinafter, the “Directive”) was passed by the European Parliament as a further step to strengthen the EU Anti-Money Laundering (“AML”) legal framework and enhance the protection of the integrity, stability and reputation of the financial sector from flows of illicit money related to money laundering, terrorism financing and organized crime.
The EU institutions have been trying to address the money-laundering issues for decades, looking for the best way to balance the advantages of freedom of capital movements and supply of financial services with the risks related to dirty money flows.
At the same time, the European Parliament has always been aware that attaining this purpose is of high complexity, and that it has to be achieved without imposing disproportionate compliance costs upon corporations.
The Directive and the EU Regulation on reporting obligations connected to money transfers, passed on 20 May 2015 (regulation no. 2015/847/EU, hereinafter, the “Regulation”), are the most recent attempts to improve the legal system to maintain and enhance the confidence that investors have in the EU financial system.
I. The Directive’s Innovations
A. The Central Register
The Directive confirms the so-called Know Your Customer duties and, in order to comply with international standards and best practices, introduces certain innovations to improve transparency in ownership structure and tackle issues relating to shell companies.
One of the main innovations provided under the Directive is that each EU Member State will be obliged to implement a central register
According to the Directive:
The register will be accessible not only to regulators, financial institutions and other entities subject to the AML legislation but also to anyone that has a legitimate interest.
The information collected in the register will be thatwhich legal entities have to collect from their customers’ beneficial owners—name, date of birth, nationality, country of residence, and the interests they have in the transaction.
B. The Exclusions
For the first time, the Directive provides criteria that will allow EU Member State to exclude certain entities
C. A New Approach to Politically Exposed People
The Directive provides a much more specific definition of politically exposed individuals.
The main innovation is that the enhanced due diligence established by the previous legislative framework is now indiscriminately applicable to nationals and foreign politically exposed people.
D. Due Diligence
With reference to Know Your Customer duties, the obliged entities must conduct due diligence on persons trading in goods, with regard to transactions of EUR 10k or more (whether the transaction is carried out in a single operation or in several operations).
Another innovation of the Directive is the provision regarding electronic money. Electronic money is defined as electronically, including magnetically, stored monetary value as represented by a claim on the issuer, issued on receipt of funds, for the purpose of making payment transactions, and accepted by a natural or legal person other than the electronic money issuer.
Accordingly, if the risk assessment demonstrates a low risk, certain customer due diligence obligations may be derogated, when the following conditions are met: (i) the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 250 which can be used only in that Member State; (ii) the maximum amount stored electronically does not exceed EUR 250;
E. Further Provisions
Important provisions are set forth in relation to cooperation duties. As a matter of fact, the Directive establishes a general obligation for the obliged entities to fully and promptly cooperate with the competent authorities, first by reporting any suspicious operation, then by providing relevant information.
The Directive establishes that the obliged entities belonging to groups must apply AML group policies. These must be efficiently applied in any branch and secondary seat of the group. Moreover, obliged entities having branches or secondary seats in third countries (outside EU) that impose lighter AML policies, must adopt therein the same AML policies they adopt in the seats they have in EU Member States.
Moreover, third countries outside EU that pose significant threats to the European financial system are to be identified. The EU Commission is empowered to adopt acts in order to identify said countries, in relation to: (i) the legal and institutional AML framework; (ii) the powers and procedures of their competent authorities; (iii) the effectiveness of the AML system.
Finally, the Directive imposes an obligation upon EU Member States to introduce a complex scheme of both criminal and administrative sanctions. The sanctions must be applied both to natural persons and to legal entities.
II. The Regulation
The European Parliament also passed a Regulation to improve the traceability of transfers.
In detail, the Regulation provides a definition of the entities subject to new rules: (i) credit institutions; (ii) electronic money institutions; (iii) post office giro institutions, which are entitled under national law to provide payment services; (iv) payment institutions; (v) the European Central Bank and national central banks, when they are not acting in their capacity as monetary authorities or other public authorities; (vi) EU Member States or their regional or local authorities, when they are not acting in their capacity as public authorities.
For every transfer, the payment service provider must provide the name of the payee and the payee’s payment account number (in addition to the payer data).
The Regulation provides for more detailed technical provisions regarding transfers of funds both within and outside the Union.
III. Data Privacy Issues
The implementation of the AML legislation, which is strongly based on data collection, must be coordinated with data privacy law.
In particular, both the Directive and the Regulation set forth that personal data collected for the implementation of AML legislation shall be processed only for the purposes of the Directive and the Regulation, and the processing of such personal data for any other purposes, such as commercial purposes, shall be prohibited.
The Directive will need to be transposed by the Member States into national legislation by 26 June 2017. The Regulation will be directly applicable in any Member States from the same date.
The Directive and the Regulation establish relevant innovations that will enable greater transparency in financial transactions. Central registers will be a significant instrument for identifying businesses involved in illicit activities while the enhanced due diligence obligations will raise significantly the level of attention required by the obliged entities, which will also need to prepare themselves to implement the new controls required.
We will also see how the significant data protection issues that the new rules raise will be solved in an effort to balance the protection of each individual’s personal data and the right to privacy with the transparency of the system.