We finished the first part of this blog with the introduction of 3AMLD in 2005. At this point, the EU had in place an already extensive framework of AML and CFT obligations, including Customer Due Diligence (CDD)/Know Your Customer (KYC) measures, and requirements to monitor for and report suspicious activity.
These obligations had originally centered on banks, but by 2005, they covered many sectors, both financial, professional and in some cases, recreational, such as casinos. However, after the first three AMLDs, and a relative flurry of activity between 2001 and 2005, AML fell down the list of priorities for the EU.
A Decade of Silence
Indeed, the next decade saw no new AMLDs emerge. Explaining the silence is challenging, as the activities of organized crime groups (OCGs), terrorists and corrupt politicians in higher risk jurisdictions remained significant political issues in the EU.
It may have been due to a lack of appetite for more change, but AML issues remained a subject of policy discussion amongst officials in Brussels and parliamentarians in Strasbourg. The much more likely explanation is distraction; politics is driven by ‘the latest crisis’, and shortly after the introduction of 3AMLD, institutions were shifting their focus towards preventing an economic deluge following the Global Financial Crisis (GFC) of 2007-8.
However, the aftermath of the GFC also helped create the seeds for a further spate of change. Although the crisis was not linked to AML specifically, the period of bank collapses and bailouts raised significant questions about the behavior of banks and banking executives, and whether they were fulfilling social obligations to do the ‘right thing.’
This sense of unease was reinforced by a wave of US and other ‘Deferred Prosecution Agreements’ (DPAs) and other regulatory censures against big banks — led primarily by the Obama administration and hinged on AML failings. Although this did not lead to immediate action in the EU, it did create an atmosphere that suggested AML as an issue would need to be revisited in the coming years.
A New Burst of Activity
That point came in 2015 when the EU initiated a new burst of activity in the AML space which saw the relatively rapid creation and transposition of three further AMLDs.
Along with the sense that AML had been left in abeyance for too long, there were a number of other influences which catalyzed this, from a growing recognition of the pace of developing sophistication of money laundering and typologies, as well as a need for specific financial measures to challenge the growing threat from Islamic State, both in the Middle East and in Europe.
Rapid developments in technology added further impetus. Not only was it now easier for criminals to move money around at speed, thanks to the emergence of faster payment technology, but there were also now opportunities for FIs and DNFBPs to leverage their own data and increasingly available external data streams, via new types of Regulatory Technology, in their fight against financial crime.
4AMLD: Tackling New Risks
4AMLD was agreed by the EU in 2015 and required transposition into national laws by June 2017. Following its predecessors, it again followed the precedent set by FATF, drawing upon its refreshed Recommendations from 2012, which provided more detailed guidance on taking a risk-based approach (RBA) in the implementation of CDD.
As with previous directives, it also continued to widen the scope of AML/CFT obligations, including many exceptions from the financial and DNFBP sectors that had previously escaped inclusion, such as all gambling based firms. Certain ‘occasional transactions’ over €10,000 outside of a business relationship also became subject to AML regulation, although member states found this a difficult requirement to implement.
4AMLD as a whole was a difficult directive for many member states to transpose and only 11 were able to do so by the deadline of 26 June 2017.
In addition to this widening of scope, 4AMLD put a new emphasis on creating more transparency around structures launderers could use to hide the proceeds of bribery, corruption and tax evasion – crimes that were generating increasing media interest in the wake of the GFC. The directive thus included the requirement that Ultimate Beneficial Owners (UBOs), determined as those who owned 25% or more of a legal entity, appear on national registries, produced and maintained by member states’ competent authorities, in order to reduce the opacity of corporate structures behind which some financial criminals had hidden.
The directive also looked at Enhanced Due Diligence for Politically Exposed Persons (PEPs), while expanding the scope of the term to include not only foreign nationals but domestic politically-linked individuals as well.
5AMLD: Responding to Terrorism
Just over a year later – a record turnaround time for the EU – the fifth Anti Money Laundering Directive (5AMLD) came into force on 9 July 2018, requiring transposition by 10 January 2020. CFT concerns shaped much of the content and framing of the directive, as Europe faced a succession of Islamic State-inspired terrorist attacks, from the Bataclan and Charlie Hebdo attacks in Paris in 2015, through to the London Bridge attack in June 2017. Such was the psychological impact of these attacks on the EU, the Commission began drafting 5AMLD before it had even implemented its predecessor – an unprecedented action.
A prominent element of the directive was directed at reducing the financial options that had been used by the attackers to help conduct their attacks. The most prominent change in this regard was the reduction in prepaid card limits, a product that had played a significant role in the preparation for the Bataclan attack.
In keeping with the desire to expand upon the commitments of previous directives, 5AMLD also made further extensions to the range of obligated entities, bringing in crypto exchanges involved in the exchange of fiat and cryptocurrencies, as well as crypto wallet providers.
Moreover, the directive added further detail to its ‘transparency agenda,’ requiring that national UBO registers go public in March 2020, and creating national functional PEP lists to identify the roles which qualified as ‘PEPs’ (and by exclusion, those which did not). However, as with previous directives, the process of implementation in some jurisdictions has proved bumpier than in others, perhaps not helped by the arrival of the COVID-19 pandemic early in the year.
Network Effects and the AMLDs
An unfortunate failing of the AMLDs is that, in their formulation, they are unable to recognize that while money launderers commit a crime that benefits from network effects, FIs are unable to share detailed information with each other to supply a networked response. It’s a serious weakness as money laundering can only truly be seen and understood from a network perspective.
That is a major advantage that criminals have over businesses, they can exploit the financial system from multiple points but FIs are unable to respond in kind.
Automation with rules-based systems has made it so that compliance officers doing manual checks are no longer necessary in order to find one instance of money laundering. Machine learning has refined this process and made it significantly faster.
False positives and true negatives are able to be drastically reduced by having automated processes tackle vast quantities of data so that compliance officers can focus on doing the investigative work and more importantly now have the time to match customers to the risk-based approach.
6AMLD and the Future
5AMLD is not the end of the story for 2020, however. 6AMLD came into force in June 2018, with transposition required by December 2020, and an implementation deadline of June 2021.
Interestingly, it returns to many of the basic issues in the original AMLD – what is ‘money laundering’ as an offense, who is liable, and how should it be punished – a revisiting borne of the many problems generated over previous decades by ongoing legal variations amongst member states, which have impeded cross-border investigations. The centerpiece of the new directive is the codification of 22 predicate offenses, including new predicate offenses such as cyber and environmental crimes, which should make cooperation around the same offenses much easier to achieve.
For compliance officers, however, it will drive the need to look again at their company risk assessments and the configuration of their AML controls, to ensure that the risks from these predicate crimes are appropriately covered. You can read more about this new directive and how it will affect you in our new report.
What does the future hold next for the EU and AML? The directives have changed, broadened in scope, and refined requirements over the years thanks to an increased understanding of vulnerabilities in the financial system, as well as the need to be seen to be taking action to deal with pressing political issues of the day (such as terrorism, or weapons proliferation). This trend is unlikely to change – in fact, it is likely to accelerate. Crypto and other Virtual Assets will almost certainly become subject to greater regulation, as will other channels with the capacity to affect digital value transfer, such as online gaming.
As we noted at the outset of this blog, there might also be significant changes in the next couple of years which will give EU-level authorities wider discretionary powers to revise the rules at greater speed than currently possible, and intervene against AML failures at institutional levels.
So for any business operating in the EU, it remains vital to stay aware and ahead of the requirements that might be placed upon them by new AMLDs or new regulatory instruments. It is also essential to make sure your business is ready for that change, able to react to it, and better still take advantage of it when it comes. Knowing what is coming is part of that, but in our experience, having the right kind of technology – flexible, risk-configurable and agile – is crucial too.Read more about what 6AMLD entails with our report