On 17 January 2024, the European Council and European Parliament reached a provisional agreement on parts of the European anti-money laundering package. With this agreement, new rules on anti-money laundering are one step closer.
The changing landscape of the European AML framework, involving increased scrutiny of suspicious transactions and increased powers to Financial Intelligence Units (“FIUs”), is likely to affect directly the risk exposure of the non-financial sector. For organisations such as crypto-asset service providers, professional football clubs and traders of luxury cars, aircraft and yachts, it is time to prepare for the increased regulatory burden expected to result from these developments. For others, it is time to revisit their risk exposure and establish compliance systems and controls to address the growing risks.
1. Background
In 2021, the European Commission announced a package of legislative proposals to strengthen the EU’s rules on anti-money laundering and to counter the financing of terrorism. Since then, the AML package has been part of the legislative process. The objective of the AML package is to modernise the EU AML framework and address the challenges of ever-evolving money laundering practices in the EU.
The AML package consists of:
- A regulation creating a new EU anti-money laundering authority, which will have supervisory powers over some obliged entities.1 On 13 December 2023, the Council and Parliament reached an agreement on the creation of this new authority.2
- A regulation recasting the 2015 regulation on transfer of funds, which aims to make transfers of crypto-assets more transparent and fully traceable.3 The regulation was formally adopted and published in 2023.
- A regulation on anti-money-laundering requirements for the private sector (the “AML Regulation”).4
- A directive on anti-money-laundering mechanisms (the “AML Directive”).5
Since the recent agreement between the Council and the Parliament relates to the AML Regulation and AML Directive, this alert focuses on these parts of the AML package.
2. Key aspects of the recent agreement
AML Regulation as an ‘EU single rule book’
The majority of the current AML rules are laid down in the fourth and fifth AML directives.6 EU directives require transposition into national laws, which creates a potential for discrepancies between EU member states. With the introduction of the AML package, all AML rules currently applicable to the private sector will be restated in the AML Regulation. Since the AML Regulation has direct effect in national legal systems, this will create a more harmonised AML framework across the EU.
Expansion of list of ‘obliged entities’
The majority of current AML rules, such as the obligation to conduct customer due diligence and report suspicious transactions, apply only to so-called ‘obliged entities’. Obliged entities are gatekeepers to the domestic and international monetary systems and are instrumental in the fight against money laundering. There are broadly two groups of obliged entities: financial and credit institutions (e.g., banks and insurance companies) and natural or legal persons acting in the exercise of their professional activities (e.g., lawyers and accountants).7 In recent years, the list of obliged entities has expanded to include, amongst others, casinos and traders in precious metals.
The Council and Parliament have now agreed that the list of obliged entities will be further expanded. If the agreement is legislated for, the list will also cover, for example, crypto-asset service providers, professional football clubs and traders of luxury cars, aircraft and yachts. This means that these entities will have to carry out AML obligations such as customer due diligence, transaction monitoring and reporting unusual transactions.
Although AML rules do not yet apply to these entities, they should now start preparing for compliance. This can be done, for instance, by obtaining advice on the content of AML rules and taking organisational and internal control measures to ensure compliance in the future.
Harmonisation of rules on beneficial ownership
Under the current AML framework, rules on beneficial ownership have not been implemented consistently by the EU member states, which creates a space for potential abuse. The Council and Parliament have now agreed to clarify and harmonise the rules regarding who is to be considered a beneficial owner. In particular, the AML Regulation will address the rules relating to multi-layered ownership and control structures. The purpose is to ensure that money-laundering criminals will no longer be able to hide behind multiple layers of ownership of companies.
In addition, the AML Regulation will set the threshold for beneficial ownership at an interest of 25%.8 This could have a serious impact on obliged entities that are required to conduct AML/KYC checks on the beneficial owners of their customers because persons holding exactly 25% must also be identified as beneficial owner and obliged entities must verify that they are being supplied with up-to-date information on beneficial ownership. The adjusted threshold could also have consequences for non-obliged entities, for which we have included suggestions in paragraph 3 below.
Extended accessibility of Ultimate Beneficial Ownership (“UBO”) registers
The fourth AML Directive introduced UBO registers, which are databases containing information about persons who control or derive benefits from, e.g., companies and foundations. Since then, companies have been required to file and update information regarding their UBO in these registers.
The fifth AML Directive, enacted in 2018, attempted to make UBO registers publicly accessible. However, in a judgment on 22 November 2022, the Court of Justice of the European Union declared the requirement for public access to UBO registers invalid.9 According to the Court, public access is an unnecessary and disproportionate interference with rights, with respect to private life and to the protection of personal data.10
The Council and Parliament have now agreed to extend the accessibility of the UBO registers in the AML Regulation, while still seeking to incorporate the directions of the Court. Instead of making UBO registers publicly accessible, they have agreed that access will be granted to supervisory and public authorities, obliged entities and other “persons of the public with legitimate interest”, such as press or NGOs.
Cash limit of EUR 10.000
Cash payments are used by criminals to launder dirty money. Currently, the limits on payments that can be made in cash vary significantly across the EU.11 Therefore, the Council and Parliament have agreed to set an EU-wide limit of EUR 10.000 for cash payments. Individual member states are free to impose an even lower limit. In addition, it is agreed that obliged entities will have to identify and verify the identity of any person carrying out an ‘occasional transaction’ in cash between EUR 3.000 and 10.000.
Enhanced due diligence
Obliged entities must perform enhanced due diligence if a business relationship or transaction, by its nature, represents a higher risk. An obliged entity should determine, based on a risk assessment prior to entering into a business relationship or transaction, whether such a higher risk exists. The Council and Parliament have now indicated that enhanced due diligence is also required, amongst other things:
- When there is a transaction or business relationship with very wealthy (high net-worth) individuals involving a large amount of assets.
- In respect of transactions and/or business relationships with parties in high-risk countries. The EU’s list of high-risk countries will likely be brought in line with the high-risk country list of the Financial Action Task Force, a global anti-money laundering watchdog.
Increased powers of FIUs
All EU member states have FIUs, which collect and review suspicious transaction reports and notify law enforcement authorities, if required. The Council and Parliament have agreed to increase the powers of FIUs in certain areas. First, if the agreement is legislated for, FIUs will have immediate and direct access to financial, administrative and law enforcement information (e.g. tax information, customs data etc.). This will boost the FIUs’ ability to analyse reports of suspicious transactions. Additionally, FIUs will have the power to suspend or withhold a proposed transaction, after it has been reported as unusual. This power has currently only been introduced in some member states.
3. Impact of the agreement on the non-financial sector
The key aspects discussed above have an impact on obliged entities. However, the recent agreement will also have significant consequences for non-financial businesses that are not designated as obliged entities. Such non-financial businesses should consider the following actions in relation to the agreement on the AML Regulation and AML Directive.
Keeping UBO information and documents up to date
As mentioned, the AML Regulation will clarify the rules on who is to be considered a beneficial owner. Non-financial businesses are regularly requested by their service providers (i.e., obliged entities, such as banks and lawyers) to provide information and documents regarding UBOs. Non-financial businesses should keep information in the UBO register up-to-date and ensure that this information matches with any information submitted to service providers. This is particularly important as the AML Directive will grant authorities responsible for the UBO registers the power to carry out inspections at the premises of legal entities registered in case of doubts regarding the accuracy of the information in their possession.
Considering the impact of the access to UBO registers on the relevant stakeholders
As mentioned, the AML Directive will make UBO registers more widely accessible, including to “persons of the public with legitimate interest”, such as NGOs or the media. Non-financial businesses should consider informing the relevant people whose details in UBO registers will become accessible to such a wider group of people.
Incorporating limits on cash payments
The AML Regulation will set an EU-wide limit on cash payments. Most non-financial businesses are unlikely to deal with large cash amounts on a daily basis. Nonetheless, it could still be prudent for non-financial businesses to establish internal rules regarding the use of cash by employees and the withdrawal/deposit of cash in the company's bank account.
Monitoring of transactions and business relationships
Non-financial businesses should review whether they have been or are involved in transactions and business relationships with entities in countries considered to be high-risk and/or with high-net-worth individuals. The obligation for obliged entities to perform enhanced due diligence may mean that their non-financial business clients will be required to provide more documents if they want to engage in a transaction considered to be ‘high-risk’. Moreover, clearing such a transaction or business relationship may take more time. Non-financial businesses should consider inquiring with their service providers about what information they will be expected to provide to ensure that they satisfy the enhanced due diligence requirements. Non-financial businesses should also take into account possible delays if a transaction is flagged as suspicious by the service provider.
4. Next steps
In the coming weeks, the agreement between the Council and Parliament will be reflected in updated texts of the AML Regulation and AML Directive. After that, texts of the AML package will be finalised and must be approved by the European Committee of Permanent Representatives and the European Parliament. If adopted, it is expected that the AML package, including the AML Regulation and AML Directive, will enter into force in 2027. Although this still seems far away, it is important for both obliged entities and non-financial businesses to prepare in time.
Please feel free to reach out in case of any remarks and/or questions.