The implementation date for the 6th Anti-Money Laundering Directive (6AMLD) is quickly approaching. Member states have now transposed the directive into their national laws, and the implementation deadline for obligated businesses and other organisations will follow on June 3rd 2021.
EU directives do not have direct applicability, and therefore each member state must take steps to implement the rules they set out into their national legal frameworks. This means that each country’s laws may contain nuances and derogations, causing them to differ slightly from the 6AMLD.
Between now and June 2021, there is a lot of work to be done to get ready for the full implementation of the 6AMLD. Impacted firms should be proactive and take steps to ensure compliance by the implementation deadline of June 2021.
Carrying Out an Enterprise-Wide Risk Assessment
It’s essential for firms, as it is with any new piece of important regulation, to carry out an enterprise-wide risk assessment. In order to identify and effectively mitigate risk, a comprehensive risk assessment should consist of three main elements.
- Determine the “Inherent Risks”: The first phase of a risk assessment should aim to identify how the introduction of 6AMLD will impact a firm’s inherent risk profile.
- Examine Internal Controls: The next step is to look at the current internal controls in order to determine if they are sufficient in mitigating any inherent risks that arise due to 6AMLD. This is an essential exercise as it helps obligated entities identify where potential weaknesses may arise and which existing controls need to be updated or strengthened.
- Determine the Level of Residual Risk: In doing so, it’s useful to look at various types of risk that the obliged entity may be subject to, including regulatory, reputational and liability risk. Based on the outcome of the risk assessment and resulting risk profile, an organisation can then go on to make necessary updates and remediate any potential deficiencies.
Updating Policies, Procedures and Other Relevant Documents
To set the “tone from the top” and affirm the seriousness of the changes to AML rules brought about by the directive, firms should also begin to update their AML, KYC, CDD and any other related polices and procedures, so they are fully compliant.
It’s also worth reviewing processes for the approval and monitoring of third party relationships. Existing third party or vendor risk management programmes may need to be updated to take account of the changes and to identify risks associated with new offences in the directive.
People, Training and Education
Due to the extension of liability to include corporate entities, it’s now become more important than ever for regulated firms to have robust governance and reporting structures in place. This might include having an AML representative on the board, in order to ensure that AML related issues are embedded into the firm’s culture.
Transparency is also key and this should be facilitated through regular and comprehensive reporting, which enables senior officers of obligated firms to have sufficient oversight to determine whether the measures in place are effective to identify and deter the risk of money laundering.
Another essential element in getting ready for 6AMLD is ensuring all staff are properly trained and educated in respect of the new directive. Firms should begin to review and update training accordingly. It’s vital that staff are in a position to identify risks and potential criminal behaviour, especially relating to the 22 new predicate offences as set out in the 6AMLD.