EU Fifth AML Directive: How Banks Can Prepare for Five Key Changes
The European Union’s Fifth Anti-Money Laundering Directive (5AMLD) was born from the tumult that was 2016. In April, Wikileaks released the Panama Papers, documents detailing how wealthy Europeans laundered money and avoided sanctions to skip paying taxes. In that same year, Europe suffered a string of terrorist attacks, the most deadly of which occurred in July in the French resort town of Nice. The loathsome act killed eighty-seven people and injured 434 more. Reeling from these events and simultaneously recognizing the need to address the rapid adoption of cryptocurrencies, the European Commission (EC) developed 5AMLD.
Per the EC, the new 5AMLD amendments will:
- enhance transparency about who really owns companies and trusts to prevent money laundering and terrorist financing via opaque structures by setting up publicly available registers for companies, trusts, and other legal arrangements;
- improve the work of Financial Intelligence Units by providing them with access to broad information through centralized bank account registers;
- tackle terrorist financing risks linked to anonymous use of virtual currencies and of prepaid instruments by limiting the anonymity of those currencies, wallet providers, prepaid cards companies;
- broaden the criteria for the assessment of high-risk third countries and improve the safeguards for financial transactions to and from such countries;
- set up central bank account registries or retrieval systems in all Member States;
- improve the cooperation and enhancement of information between anti-money laundering supervisors between them and between them and prudential supervisors and the European Central Bank.
When is the 5AMLD compliance deadline?
The 5AMLD went into effect on July 9, 2018, but EU Member States have 18 months to comply with the new rules. That makes January 10, 2020, the deadline to implement 5AMLD.
Who must comply with 5AMLD?
All financial institutions in EU member states must comply with the Fifth AML Directive. It’s also likely that the UK government, regardless of the Brexit outcome, will adhere to 5AMLD as they share the EU’s goal of preventing money laundering and terrorist financing.
What are the key changes in 5AMLD?
5AMLD made key changes in three areas: beneficial owners, politically exposed persons (PEPs), and customer due diligence (CDD).
What do banks need to do to prepare for 5AMLD?
If the question is ‘When do banks need to prepare for 5AMLD,’ the answer is in 2017, when the UK adopted 4MLD. However, it’s not too late to ensure an organization’s compliance under 5AMLD.
Here are five key areas of change under 5AMLD and steps banks can take to prepare for them now.
The 4th Anti-Money Laundering Directive (4AMLD) required companies in EU Member States to obtain and hold “adequate, accurate, and current information” regarding their beneficial owners. That information had to be housed in a central electronic registry, accessible to regulators and authorities.
The 5AMLD maintains these requirements and strengthens them by requiring FIs to prove they’ve conducted acceptable CDD throughout the customer lifetime.
Also, banks must make their customer registries available to the general public. Further, centralized bank account and corporate ownership registers must be able to interconnect and be accessible to all member states.
The only caveat regards trusts. When trusts are the beneficial owners of a company, information must be available “without any restrictions to competent authorities,” but the public must demonstrate a legitimate interest via a written request to access such information.
HOW TO PREPARE:
- Review your internal beneficial ownership information against information contained in central registers.
- Update all internal beneficial ownership information
- Develop a written policy for identifying and updating internal registers and add that to the bank’s formal AML program.
- Invest in visual analysis tools that can assist analysts to find ultimate beneficial owners (UBOs) in an easier way, which often exposes relationships that the bank was not aware of.
Politically Exposed People
5AMLD widens the definition of a PEP to people who hold “prominent public functions,” e.g. a politician, and their immediate family members and close associates. EU member states must publicly issue a list of offices and functions that qualify as “prominent public functions.” Note that the actual name of the person fulfilling the prominent public role is not included because the individuals in those roles will likely change every few years. But once a person is identified as a PEP, they must be monitored for a minimum of 12 months after leaving office.
The purpose of the lists is to make it easier for smaller organizations to identify, monitor, and screen politically exposed persons (PEPs) — individuals with jobs and roles that may make them vulnerable to corruption — for ongoing risks.
Maintaining an accurate PEP list and monitoring the persons on the list for ongoing risk can require significant resources. Beware that data discrepancies can make banks vulnerable to AML non-compliance.
HOW TO PREPARE:
- Assess and make available the administrative resources needed to accurately maintain PEP monitoring.
- If your resources aren’t adequate, address that concern now.
- Update your financial institution’s PEP classification system.
- Implement processes and procedures to ensure the accuracy of your data.
Prepaid Cards and Remote Payments
5AMLD takes a phased approach to stricter KYC requirements. By the 2020 deadline, payment companies must review customers using prepaid cards worth more than €150. That’s a lower threshold than the €250 amount under 4AMLD. Additionally, payment service providers must identify anyone authorizing a remote payment for over €50.
By 2023, all remote payments will require KYC (Know Your Customer) validation. Further, prepaid cards issued outside the EU will be prohibited unless they are issued from a country that enforces legislation equivalent to the EU’s Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), and KYC standards.
HOW TO PREPARE:
- Review how your FI handles prepaid cards and remote payments.
- Establish and incorporate policies and procedures to identify transactions from cards issued outside the EU.
- Assess the strength of your KYC program and make changes as necessary
- Schedule regular reviews of your KYC program
5AMLD aligns EU member states with US cryptocurrency rules by officially designating cryptocurrency exchanges and cryptocurrency wallet services as obligated entities. This is the same designation reserved for banks and brings with it the same sanctions and requirements that banks have, which means these businesses must implement anti-money laundering programs. Additionally, persons involved in trading works of art or real estate property valued at €10,000 or more become obligated entities.
HOW TO PREPARE:
- Assess the adequacy of existing controls or implement an AML program. Organizations need to understand and prepare for:
- data completeness and reliability;
- the needed KYC attributes to measure AML risks; and
- how data is mined, converted, and processed into various compliance systems for the customer lifecycle.
Risk of Higher Fines
5AMLD does not technically increase fines. However, it does allow member states to determine and enforce AML-non compliance fines. This means that although 4AMLD specified penalties up to two times the amount benefited by the transactions, 5AMLD leaves the limits up to member states. Germany, for example, allows fines that are 20 times the amount benefited from money laundering.
The fact that there may be increased fines, amongst other reasons, will facilitate banks that breached money laundering regulations to agree on settlements to avoid the fines, which will improve the cooperation between financial institutions and the authorities.
HOW TO PREPARE:
- Increase awareness in the organization
- Educate MLROs and senior analysts on regulatory updates – both for 5AMLD and local jurisdiction
- Ensure all data is considered in the AML detection process (a determination of noncompliance has been made even though the AML transaction monitoring systems worked properly when all data was not considered)
Even as institutions prepare for the full implementation of 5AMLD, the EC has already published proposals for the 6th Anti-Money Laundering Directive (6AMLD). And with good cause. Afterall, anti-money laundering efforts must be as sophisticated as the criminals who necessitate them.
Here’s a printable infographic with steps on how to prepare for 5AMLD compliance. Download your copy today.
Latest posts by Ken Bui (see all)
- EU Fifth AML Directive: How Banks Can Prepare for Five Key Changes - November 18, 2019
- AI Best Practices to Improve Enterprise Risk Outcomes - October 22, 2019
- Why It’s So Hard for Challenger Banks to Fight Financial Crime - September 24, 2019
Subscribe to stay infomed