The EU’s Fifth Money Laundering Directive (5AMLD) came into force in January. It updates the European Union’s AML/CFT regime by building upon the regulations laid out in 4AMLD, ultimately seeking to better align regulations with ongoing issues and emerging trends. It also hopes to bring greater transparency to financial transactions, while balancing privacy and personal data concerns.
Implementation has followed suit with 4AMLD and had a rocky start. Many countries have faced challenges transposing this directive into effective laws. Even so, those companies affected must still make sure they comply with the directives. Further, with 6AMLD set to take effect this December, it’s more crucial than ever that financial institutions take steps to stay compliant now.
However, given the issues that EU Member States have had implementing the Directives, many companies are unsure of how to effectively incorporate them into their compliance process. We’ve come up with a list of ways to stay compliant with this difficult regulation:
Tip #1: Know your new limits
Under 4AMLD, the monthly transaction and total storage limit on anonymous prepaid cards was €250 — that limit has been lowered to €150. Financial institutions must perform identity checks on customers using cards to pay for physical transactions worth more than €150.
Remote or online transaction limits using prepaid cards were also reduced: those transactions cannot exceed €50. Lastly, transactions using cards issued outside of the EU are prohibited, with exceptions made only for those issued in jurisdictions that demonstrate they hold their institutions to the same AML/CFT standards.
So it’s important to stay alert to how much money is being moved onto prepaid cards. The required volume of transactions to reach similar levels of funding as the past has gone up significantly due to the new limitations. That type of activity is one that your compliance officers and transaction monitoring solution should pay close attention to for 5AMLD compliance.
Tip #2: Understand new virtual currency regulations
5AMLD attempts to address the rise in virtual currency use by bringing virtual currency providers under the EU’s existing AML/CFT regime. Those companies that hold, store and transfer these new electronic monies must abide by the same AML/CFT regulations as other, more traditional financial institutions.
This includes implementing robust identity verification and customer due diligence checks during customer onboarding as well as performing ongoing monitoring of all transactions. They must also file suspicious activity reports and regularly provide them to their country’s designated Financial Intelligence Unit (FIU).
Ensuring compliance with reporting requirements is challenging, especially for companies not used to collecting and providing this information regularly. Cryptocurrency firms generally operate with a smaller staff than traditional financial institutions, too, so it’s important that their partners in the financial space support them as they overcome a steep learning curve.
Tip #3: Get familiar with enhanced due diligence (EDD)
With 5AMLD, the EU has made changes to the criteria used to determine which countries are deemed to be high risk, given the quality of their AML/CFT regime. In addition, those companies that do business with customers in these countries will now need to perform enhanced due diligence measures. These include:
- Obtaining UBO information
- Determining a customer’s source of wealth
- Identifying why a customer would like to perform a transaction
This increased scrutiny on high-risk third countries extends to companies that have subsidiaries, branches or offices in jurisdictions that are deemed to be high risk, as well as correspondent banking relationships with institutions in these jurisdictions.
Therefore, it’s important that companies thoroughly assess not just new customers or partners, but also their current partner and client base, to determine if any pose an elevated risk under this new criteria. Given that business relationships are dynamic and evolve constantly, continual monitoring in the form of regular adverse media checks will also help minimize possible risks.
Tip #4: Keep up-to-date on UBO registers
The ease with which a company or trust’s owners can stay anonymous has long been exploited by bad actors looking to hide their illicit gains. With 5AMLD, however, the EU hopes it has made it that much harder to take advantage of this loophole. Beneficial ownership data now must be made accessible to the relevant authorities, and all country-level registers must be harmonized and ultimately must feed into an EU-level UBO register.
This has, however, proven to be one of the most challenging aspects of 5AMLD to implement. Financial institutions must keep up-to-date on developments and changes regarding the requirements for obtaining such information at account opening, as well as ensuring any changes to ownership are verified and recorded appropriately.
For now, it’s best to assume that the onus for collecting and storing this information lies with the reporting entities themselves, and taking initial steps to design processes that do so systematically on a company-level is best done now, especially as the country- and EU-level requirements are still being ironed out.
Tip #5: Continually monitor for politically exposed persons (PEPs)
EU member states must compile a list of functions or offices, both within their governmental structure and within relevant inter- or multinational organizations, that fit the criteria of “politically exposed.” Member states must also specify how those PEPs should be classified. Though guidance regarding PEP classification is likely welcomed, there are bound to be differences among the lists. The onus will be on the financial institution or reporting entity to comply with all lists that pertain to the jurisdictions it does business in.
Companies must be well versed in all of these lists in order to assess the level of risk appropriately for the jurisdictions in which they operate. Relatives and close associates must also be screened with extra due diligence, as their links to the identified PEP may not be readily apparent.
Awareness of these changes and how they may impact business decisions — high-level and day-to-day — is vital. Yet more important is the ability to translate that knowledge into new workflows and processes that compliance officers at every level of a company’s hierarchy can follow. Each employee must fully understand the importance of 5AMLD and what those changes mean for their company and their day-to-day duties. This is perhaps more important than any single tip for staying compliant.