by Dalila DELORENZI (FREE Group Trainee)
After two years, the revision of the new EU Anti-Money Laundering (AML) framework has finally come to an end. The 20th May the European Parliament at its second reading has adopted the Fourth Directive AML (Directive (EU) 2015/849) along with the new Regulation on information on the payer accompanying transfers of funds (Regulation (EU) 2015/847).
The revision was triggered by the necessity to adapt the legal framework to counter new threats of money laundering and terrorist financing and to reflect recent changes due to revised Financial Actiont Task Force (FATF) Recommendations. In the following lines the new legal framework is presented by including some crucial measures which could represent a real step-up in the fight against money laundering, financing terrorism and tax evasion.
- Introduction of an European register of beneficial ownership
The creation of an European register of beneficial ownership has been one of the sticking point and the reason why the text has attracted much more political attention than the latest directives and the negotiations have taken much longer than it was expected.
1.1 Definition of beneficial ownership and the problems caused by “phantom firms”
A beneficial owner is a natural person – a real, live human being and not another company or trust – who stands behind a company (or trust) as the ultimate owner and controller, directly or indirectly exercising substantial control over the company or receiving substantial economic benefits (such as receipt of income) from the company. If the true owner’s name is disguised, we deal with “anonymous companies”. In a majority of countries, keeping unknown the true owner’s name is perfectly legal and there is typically no requirement to disclose that the names listed are merely front-people.
Such anonymous companies can be created by using “nominees”, people who front the company in place of the true owner, or by incorporating one or more of the companies in a country which does not make details of the beneficial owners publicly available. Also called “phantom firms”, they exist only on paper, with no real employees or office.
Now, it’s certainly true that such entities can also have legitimate uses, but the untraceable company can also be a vehicle of choice for crimes such as money laundering, tax evaders and financier of terrorism.
1.2 The role of anonymous companies in money laundering
Although there are countless ways to launder money, money laundering can be broken down into three stages:
- Placement: the initial entry of illicit money into the financial system. This might be done by breaking up large amounts of cash into less conspicuous smaller sums that are then deposited directly into a bank account.
- Layering: the second step consists in the process of separating the funds from their source. This purpose is often followed by using anonymous shell companies: for instance, wiring money to account owned by anonymous shell company.
- Integration: money re-enter the legitimate economy. For instance, by investing the funds into real estate and luxury assets.
- That being said, it is clear that these secretive “shell” companies and trusts play a central role in laundering and channelling funds, concealing behind a veil of secrecy the identity of corrupt individuals and irresponsible businesses involved in activities, including tax evasion, terrorist financing, and the trafficking of drugs and people. More precisely, it is impossible for law enforcement officials go back to the real individuals ultimately responsible for the company’s actions and to track the origin of illicit funds.
- 1.3 The importance of central registers
Broadly speaking, with a view to facing the risk of money laundering (along with financing terrorism and tax evasion), the solution may be to know who ultimately stands behind a company: the real owner or controller.
It’s then for this reason – and also following the FAFT’s recommendations, as said in the previous post – that the EU Commission’s draft proposal of the 4th AML directive has introduced a new chapter, titled Beneficial Ownership Information. The aim was to strengthen the information relating to the beneficial owner, making such information available to competent authorities and obliged entities in an adequate, accurate and timely manner.
After all, only few EU jurisdictions require structures to share such information with their national authorities and it is quite strongly felt then the need of filling these gaps representing a key loophole for money launderers.
1.4. Access to central register information…
Taking the first steps from the Commission’s draft proposal, the European Parliament and the Council have gone even further. Even if not envisaged in the European Commission’s initial proposal, the negotiators agreed on the necessity of establishing central registers of beneficial ownership information in every European State. Not without any difficulties inside the Council: the main sticking point dealt with administrative reasons more than political ones. Indeed, the fact that no MS has already a central register entails that they all have to create it, which is very costly at the administrative level.
However, even if at one with storing information on beneficial ownership, the European Parliament and the Council had a divergent point of view on another issue: whether details of beneficial owners have to be publicly accessible or not.
In particular, in March, the European Parliament approved a version of the Directive that would have required every EU country to establish ownership registers and make the information freely available to the public. “The public registers will make life more difficult for criminals trying to hide their money. Our economy currently loses huge amounts to tax evasion”, said Civil Liberties Committee rapporteur Judith Sargentini (Greens/EFA, NL).
Instead, the Council released its own draft in June that would also mandate central registers without requiring public access though. The Council’s approach was to restrict the access to competent authorities, Financial Intelligence Units (hereinafter FIU’s) and, if allowed by Member States, the obliged entity, e.g., banks and legal professions.
1.5. …a compromise has been reached
The final text strikes a compromise between these initial positions: on the one hand those who demand full transparency (such as the European Parliament, which voted 643-30 in favor of public registries and some Member States as UK, France, Netherlands and Denmark); on the other hand those who defend some secrecy for beneficial owners (some Member States led by Germany).
The compromise reached requires EU countries to provide access not only to law enforcement and financial institutions as the FIU’s, but also to members of the public who can demonstrate a “legitimate interest” in the information. They will be able to access beneficial ownership information – such as the beneficial owner’s name, month and year of birth, nationality, residency and details on ownership – and the access may be subject to online registration of the person and to the payment of a fee to cover administrative costs. Any exemption to the access would be possible only on a case-by-case basis in exceptional circumstances.
In conclusion, the collection of ownership information is certainly a big step in the right direction, but not as big as it should have been. In fact, even if the Directive does not prevent countries from going beyond the Directive’s requirements and opening their registries to full public access – as UK and Denmark have already announced to do –, “European leaders have missed an opportunity to show that the future of business in Europe is open and transparent”, as Robert Palmer, anti-money laundering campaign leader at Global Witness, said.
Besides, COM report on the interconnection of national registers is expected by June 2019.
1.6. A “legitimate interest” is required to access…
As result of the final compromise, the members of the public have the right to access registers only if they have a legitimate interest, narrowing in this way the number of people having the right to access registers. So, to those who have pointed out that this does not go far enough in terms of the EU’s ambitions on transparency, the co-rapporteur Judith Sargentini assured that they made sure that the proposal says that it’s up to the authority to prove that applicants do not have a legitimate interest.
Nevertheless, we still have an issue coming up: there is no indication of what interests will be considered legitimate. Indeed, the concept of “legitimate interest” itself is quite vague and the lack in a clear definition entails that it lies with Member States to decide what a legitimate interest should be, falling in short in having a unique access system for the register.
1.7. A different regulation for trusts…
A different regulation is provided for trusts, regarding in particular three aspects:
- the regulation expects that information will be collected in closed centralised registries available only to government bodies. This information includes the identity of the settlor, the trustee(s), the protector (if any), the beneficiaries or class of beneficiaries, and of any other natural person exercising effective control over the trust. Clearly the fact that such information will not be available to the public can create a loophole in the system which could significantly weaken the new directive, frustrating then the aim of improving transparency. A loophole due to London where trusts are quite common and who has been justified by the co-rapporteur Timothy Kirkhope saying: “I heard some concerns and if I may just say on the issue of trusts and wills: trusts and wills contain some of the most private and personal information that there is about a person, and we are a parliament that respects data privacy, hence disclosure for trusts has to be proportionate within our proposals.”.
- the registration of beneficial owners of trusts only when a trust “generates tax consequences”: such wording isn’t too broad and highly susceptible to evasion risk?
- the central registration of beneficial ownership information will be used where the trust generates consequences as regards taxation (article 30). Regarding to legal persons, instead, article 29 of the Directive foresees that the location of the beneficial owner register shall be the country by whose laws the legal person is governed. This is a key issue because if it is not made clear that trust registers need to be located in the countries by whose laws the trust is governed, there is a high risk for that any other location would not serve the purpose of enforcing transparency, especially considering the fact that trusts are not recognized in the majority of Member States!.
1.8. EU as a model to follow?
In closing on beneficial ownership information, we may say that even if the European institutions could have gone even further in terms of transparency, the agreement reached sharply contrasts with the lack of progress in the United States. The U.S. is, indeed, notorious internationally for allowing anonymous companies to be formed.
“So let us make this an example for other countries in the world. Would it not be fantastic if the USA were to follow us, would it not be marvellous in our fight against tax avoidance and tax evasion? I want everyone to help us reach that.”, said the co-rapporteur Judith Sargentini at the end of her intervention at the MEPs debate in plenary session.
- The Risk-Based Approach
The risk-based approach is another hot topic and a new element of the 4th AML directive. The idea is that the risk of money laundering is not exactly the same in every situation. It’s then important to be able to understand what the risks of money laundering and financing terrorism are in order to adapt CDD measures to different situations: focusing resources on those areas where is demonstrated that risks are higher and giving the possibility to obliged entities to apply simplified due diligence when risks are lower.
In other words, introducing a risk-based approach means that countries, competent authorities and reporting entities are expected to identify, assess and understand the money laundering as well as terrorist financing risks they are exposed to, so that they can develop the appropriate measures to mitigate and better target these risks. This activity will be supported at four different levels:
- European Union: supranational risk assessment, carried out by the European Commission, aimed to pinpoint risks related to the internal European market.
- Member States: national risk assessment to understand exactly where the risk appears, materialize or may exist within their specific jurisdictions.
- Institutions and persons covered by Directive
- Supervisors: supervisory authorities as ESMA, EBA.
Certainly, this is a main change in relation to the third AML Directive where we had three scenario: a simplified CDD, a normal one and an enhanced.
In the fourth Directive, instead, CDD-rules are more risk sensitive: it all depends on what kind of risks it is needed to face, simply discerning between enhanced measures where risks are greater and simplified measures where risks are demonstrated to be less.
Nevertheless, there are some particular cases where obliged entities shall be required to apply Enhanced Customer Due Diligence. More precisely when dealing with clients in third country identified as “high risk”; in case of cross-border correspondent relationship with third countries; transactions involving Politically Exposed Persons (and family members); complex and unusually large transactions which have no economic or lawful purpose.
In any other case, the risk-based approach returns to being applied, removing then the automatic entitlement to apply Simplified Customer Due Diligence when dealing with specified customers and products.
- Politically Exposed Persons (PEPs)
3.1. What is a Politically Exposed Person and what are the risks associated?
The Third AML Directive defines “politically exposed persons” as natural persons who are or have been entrusted with prominent public functions such as Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials. Immediate family members or persons known to be close associates of such persons are included in the definition.
Due to the position they hold, it is recognised that many PEPs are in positions that potentially can be abused for the purpose of committing money laundering offences and related predicate offences, including corruption and bribery, as well as conducting activity related to terrorist financing.
So, in case of business relationships with PEPs, it was felt necessary to put in place preventive measures, especially anti-money laundering and counter-terrorist financing measures.
3.2. The third AMLD and the FATF standards
To address such potential risks associated with PEPs, in 2003 the Financial Actions Task Force released obligatory requirements for foreign PEPs (whether as customer or beneficial owner). In particular, in addition to normal customer due diligence measures, financial institutions should be required to:
- have appropriate risk-management systems to determine whether the customer or the beneficial owner is a politically exposed person;
- obtain senior management approval for establishing (or continuing, for existing customers) such business relationships;
- take reasonable measures to establish the source of wealth and source of funds;
- conduct enhanced ongoing monitoring of the business relationship.
Following the international standards, the third AML Directive envisaged that obliged entities are required to apply enhanced customer due diligence measures with respect to PEPs, only regarding to PEPs who reside in another Member State or in a third country (i.e. foreign PEP).
3.3. Fourth AMLD enlarges PEPs regime…
Taking account of the FAFT recommendation adopted in 2012 and following the aim of enhancing due diligence, the fourth AMLD extends the requirements provided for foreign politically exposed persons to domestic PEPs and PEPs of international organizations. The difference between different type of PEP depends on who has entrusted the individual with the prominent public function, i.e. the own country or another country or an international organisation.
In particular, in cases of a higher risk business relationship with a customer or beneficial owner who is a domestic PEP or a person who is or has been entrusted with a prominent function by an international organisation, financial institutions should be required to apply the same measures as those that are applied to foreign PEPs. It should be also noted that a domestic PEP is subject to the foreign PEPs requirements if that individual is also a foreign PEP through another prominent public function in another country.
In brief, the 4th AML Directive does not make such distinction and automatic enhanced due diligence measures will be required in the case of any PEP, regardless of where they originate from.
- Coverage of gambling sector
Casinos and gambling services are often a target for money launders, attracted by their nature of “cash intensive business”, where the majority of transactions are cash based.
Therefore, another essential topic discussed concerns whether the scope of the Directive will cover all gambling operators (even those viewed as low risk) or only casinos and online gambling operators.
With a view to facing new emerging threats, it was felt the need to extend the scope of the third AMLD, in which only casinos were required to apply Customer Due Diligence (CDD). The new directive indeed brings into the scope all providers of gambling services when dealing with transactions of at least EUR 2,000.
Nevertheless, in the final compromise a proportionate risk-based approach has been introduced. Whether, after conducting a risk assessment, EU countries have found that there is a “proven low risk” of money laundering and terrorist financing, because of “the nature and, where appropriate, the scale of operations of such services”, they would be able to exempt certain gambling operators – although not casinos – from some or all requirements, in strictly limited and justified conditions.
- A new Regulation on the traceability of fund transfers
- The Regulation as part of the Anti-Money Laundering strategy
In parallel with the revision of Directive 2005/60/EC of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing, it has been approved also a Regulation on the transfer of funds.
The two legislative proposals pursue the common objective of revising the existing anti-money laundering and counter terrorist financing EU framework in order to improve its effectiveness while ensuring its compliance with international standards. In particular, the new Regulation is based on the Recommendation 16 on wire transfers adopted by the Financial Action Task Force.
Besides, the choice of a Regulation aims to ensure that this international standard is transposed uniformly throughout the Union and, in particular, that there is no discrimination between situations involving national payments within a Member State and cross-border payments between Member States.
5.2. What is about?
The Regulation is about tracking transfers of funds, in any currency, sent or received by a Payment Service Provider (PSP) established in the Union.
It’s done by placing certain requirements on the information that accompanies transfers and applicable to all the PSPs involved in the payment chain. The basic logic behind is: the higher the amount and the higher the risk of irregularity, the more checks and controls we should have in place.
Indeed, collecting basic information on the transfers may help appropriate law enforcement and/or prosecutorial authorities in detecting, investigating, prosecuting terrorists or other criminals and tracing the assets of terrorists. For this reason, it is essential ensuring that transfers of funds contain complete, accurate and meaningful information on the payer.
5.3. What changes from the current legislation?
The Regulation repealed (i.e. Regulation EC 1781/2006) already requires Payment Service Providers to accompany transfers of funds with information on the payer.
Nevertheless, new rules will also require information on the payee to be included, which means the person who receives the payment.
More precisely, the payer’s PSP must: a) ensure transfers of funds are accompanied by information about the payer (as name, payment account number etc.); b) verify the information on the payer, using “documents, data or information obtained from a reliable and independent source”; c) ensure that transfers of funds are also accompanied by the name of the payee and the payee’s account number.
The payee’s PSP, instead, must be able to detect a lack of presence of information on the payer when receiving transfers and take appropriate steps in order to correct this situation: in this way, received transfers of funds do not remain anonymous. In addition, it is required to verify information on the payee (as his name and his payment account number) when transfers of funds exceed €1000, before the PSP credits the payee’s account or makes the funds available to the payee. Verification of this information is not required in other cases, unless the payee’s PSP has reasonable grounds for suspecting money laundering or terrorist financing.
5.4. Not only recording information but also…
While verifying and recording information, it must exert a special vigilance regarding such transfers and, on a risk sensitive basis and taking into account other pertinent factors, report suspicious transactions to the authorities responsible for combating money laundering and terrorist financing. PSPs should also respond fully and rapidly to enquiries by such authorities.
- Cooperation between Financial Intelligence Units (FIUs)
6.1. What FIUs are?
In the early phases of the development of the AML regime it became obvious that skilled personnel were needed to understand trends in money laundering and to make sense of the huge amounts of information being produced by financial institutions under reporting obligations. In response to this need, and to the need for a centre of analysis and dissemination of financial intelligence, FATF Recommendation 26 called for the establishment of entities commonly referred to as “financial intelligence units” or “FIUs”.
Adjusting the European legal framework to the international standards, the Third AMLD requires each Member State to establish specialized governmental agencies to deal with the problem of money laundering and other financial crimes.
A FIU, quite simply, is a central, national responsible for receiving (and as permitted, requesting) financial information, concerning suspected proceeds of crime and potential financing of terrorism, or required by national legislation or regulation. A FIU is then responsible for processing it in some way and disclosing it to an appropriate government authority in support of a national anti-money laundering effort.
6.2. Strengthening of their role with the fourth AMLD
The Fourth AMLD aims to strengthen their role and the cooperation between Financial Intelligence Units (FIUs) of the Member States in respect of exchanging information. In particular, it has been made sure that the FIU shall be operationally independent and autonomous. In other words, the FIU shall have the authority and capacity to carry out its functions freely, including the autonomous decision to analyse, request and disseminate specific information. Also the FIU shall be provided with adequate financial, human and technical resources in order to fulfil its tasks.
Moreover, Member States shall ensure that the FIU is empowered to take urgent action, either directly or indirectly, when there is a suspicion that a transaction is related to money laundering or terrorist financing, to suspend or withhold consent to a transaction going ahead in order to analyse the transaction, confirm the suspicion and disseminate the results of the analysis to competent authorities.
Nevertheless, it is not made clear, as it wasn’t either in the third AMLD, the manner in which the FIUs can achieve their goals. The text does not clarify their nature which brings to the fact that the organisational nature of FIUs differs across Member States: they can be administrative, judicial, or police structures. The problem then is that having different powers can cause difficulties in exchanging information, including the possibility to access information, with consequences for the effectiveness of cooperation.
- Strengthening Data Protection
The last but not least issue discussed during negotiations concerns data protection rules. Especially, the need to enhance effectiveness of AML prevention, while ensuring a high level of protection of personal data.
Both public and private stakeholders have pointed to a number of difficulties regarding the compliance of the AML/CFT requirements with a high level of protection of personal data. Indeed, under the AML legislation, requirements oblige to collect and process data (e.g. to monitor transactions and customer relations against sanctions lists, to identify beneficial owners, to maintain records for criminal investigation purposes, etc.), increasing the amount of data being collected along with the possible consequences for data subject.
In the previous AML legislation, there was a lack of clarity about how these requirements were to be reconciled with rules on data protection, in particular at national level, which was leading to incoherent approaches across Member States.
So during negotiations for the Fourth AMLD, the European Parliament has voted for a significant number of amendments to enhance the protection of privacy. The key points are:
- How long can you hold Customer Due Diligence (CDD) data for: the time limit for holding data is five years and after that period you must delete the data. However, you may be able to retain data for a further five years: this possibility depends on Member State legislation and justified on a case-by-case basis (art. 40 of the AMLD).
- Informing clients about how the data may be used: the new clients have to be informed of the possible use of their personal data for money laundering prevention purposes before establishing a business relationship.
- Only using data for the purpose for which it was obtained: you should only use data for the original purpose and not for any other purpose, without consent.
- It has been made clear that data can’t be used for commercial purposes.
A positive feeling on the respect of data comes also from the co-rapporteur Judith Sargentini who said “we cleaned up the data protection […]. So we made sure that the data subject, the person who wants to know something – perhaps they have a feeling that something went wrong with their data – has rights to redress, without tipping off criminals, but they have the right to redress. We respect data retention rules.”.
Besides, Věra Jourová – as member of the Commission and responsible for the data protection reform, going to replace 28 national regimes by one strong pan-European regime for protection of personal data – added: “speaking about data protection in relation to the Anti-Money Laundering Directive and related things in the new legislation, I can say that we pay very high attention to protecting fundamental rights and especially the right to privacy and the right to the protection of personal data. These two pieces of legislation are very compatible and they can work together very well when they are introduced in practice.”.
- The impact on legal professions…
Certainly lawyers are involved in many activities which are vulnerable to money laundering as: a) use of client accounts; b) purchase of real estate; c) creation and management of trusts and companies.
Now, speaking about implications of this new legal framework for legal professionals, the new Directive seems to be so much better than the third one. Indeed, there is been a fight between law firms (and legal professions in general) and the European Commission for years and now most of the provisions of the new directive come from what the European Court of Justice (and the European Court of human rights as well) has said. The most important case law which we have to refer to is: Case C-305/05, OBFG v Council.
The Belgian Bar Association alleged that the extension, foreseen in the third AMLD, to lawyers of the obligations to inform the competent authorities when they come across facts which they know or suspect to be linked to money laundering and to transmit to those authorities additional information which those authorities consider useful, unjustifiably impinges on professional secrecy and the independence of lawyers, principles which are a constituent element of the fundamental right of every individual to a fair trial and to the respect of his rights of defence. So, at the request of the Belgian Court d’Arbitrage, the Court of Justice is been asked to clarify whether the imposition on lawyers of those obligations infringes the right to a fair trial.
The ruling, incorporated in the 4th AMLD, foresees that the obligations of information and cooperation apply to lawyers only in so far as they advise their client in the preparation or execution of certain transactions essentially of a financial nature or concerning real estate, or when they act for and on behalf of their client in any financial or real estate transaction. As a rule, those activities, by their very nature, take place in a context which has no link to judicial proceedings, and consequently, fall outside the scope of the right to a fair trial.
In any other case, the legal advice is subject to professional secrecy. So, as soon as a lawyer is called upon for assistance in defending a client or in representing him before the courts, or for advice as to the manner of instituting or avoiding judicial proceedings, that lawyer is exempt from the obligations of information and cooperation, regardless of whether the information has been received or obtained before, during or after the proceedings. An exemption of that kind safeguards the right of the client to a fair trial.
- Next priorities…?
Speaking about next political priorities, certainly it is quite essential to ensure transposition: the AMLD must be implemented as soon as possible. The European Commission, in order to ensure an effective and consistent application of the Directive, will accompany Member States in the transposition of the Directive by organizing workshops and clarifying interpretation of certain provisions.
It is also worthy to mention the new European Agenda on Security 2015-2020, adopted by the European Commission to support better cooperation between Member States in the fight against terrorism, organised crime and cybercrime. In the Agenda, indeed, there is an AML and a CT dimension, so that it may be possible to have some further measures in financing. The Agenda mentions specifically preventative measures regarding freezing assets of EU internal terrorists (article 75 of the treaty), but also expecting some further initiatives at the international level, especially the mandate of FAFT to carry out a revision of initiatives existing in terrorist financing to see the effective application of these existing rules and to come up with potential new initiatives in terrorism financing. FAFT may present a report in October this year, but it seems to be still in process.
 COM(2013) 45 final.
 In reference to a letter responding to a request made by 45 journalist from 23 countries and urging Jean-Claude Juncker to force through beneficial ownership public registers.
 Especially Austria is concerned about the abuse of trusts for the purpose of money laundering and terrorist financing. Reading to the declaration released by Austria read here: http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%205748%202015%20ADD%202.
 Other cases law: Case 212/11, Jyske Bank Gibraltar v Administración del Estado; Case T-187/11, Trabelsi v Council;
Case C-380/09 P, Melli Bank v Council; Case Michaud v France, 6 December 2012.