A Guide to Anti-Money Laundering for Crypto Firms
Over the last twelve months, the European Union (EU) has been considering how to renew its attack on money laundering, following a wave of anti-money laundering (AML) control failures at Northern European banks and linked scandals about potential illicit flows through those banks.
Discussions have so far included the potential creation of an AML enforcement agency at EU level, with direct powers of intervention at the state level, as well as the use of ‘regulations’ – EU created rules with direct force in member states – as opposed to ‘directives’, which allow governments to transpose their requirements into national laws in their own way, over a longer period of time.
This would be a major change in approach for the EU, who, over the past thirty years, have relied on a succession of directives – known as Anti-Money Laundering Directives (AMLD) to drive their AML strategy. But what exactly are these ‘AMLD’, and what do you need to know about AML history?
The first Anti Money Laundering Directive, issued in 1991, predates the transformation of the original ‘European Community’ into the EU in 1993. Arguably, 1AMLD was one of the major political fruits of that pivotal time, as the European Commission, the Community’s bureaucracy, sought to expand its areas of political competence. Historically, AML had seen episodic inter-governmental action by European governments in the 1980s, but the Commission saw it as a prime area where it could create additional value by taking a multilateral approach.
At the same time, the broader political zeitgeist in Europe was also encouraging international cooperation and action on AML history because of rising political concerns about the drug trade. The European Parliament had passed multiple resolutions that asked for “the establishment of a global community program to combat drug trafficking, including provisions on the prevention of money laundering,” mirroring concerns across member states’ governments and legislatures.
The scale of the problem – and the need for action – were also recognized at a global level, too; the UN had agreed its ‘Convention Against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (‘the Vienna Convention’) in December 1988, and in July 1989, the G7 group of leading industrialized nations, joined by the President of the Commission, had created the Financial Action Task Force (FATF) as an international standard-setter on AML.
1AMLD was agreed by the European Council of Ministers on 10 June 1991, with the deadline of its transposition into the national laws in member states on 1 April 1994. This transposition process – common to all ‘directives’ – allowed national governments to consider how to implement the directive’s requirements into national law, including periods of consultation with affected parties. This meant that the resulting national laws and regulations would have a common ‘family resemblance’, as minimum standards were required, but allowed some flexibility, especially in making laws more stringent if the member state so required.
1AMLD was as much a rhetorical tool as a policy directive, enjoining member states to take the problem of AML seriously. It recognized and stressed that an international approach to money laundering was vital, and that although nation states had obvious responsibilities, a solely national approach, “without taking account of international coordination and cooperation, would have very limited effects.”
FATF had issued its first set of 40 Recommendations in April 1990, and they were a significant influence of the content of the first (and subsequent) AMLDs. The foundational aspect of 1AMLD was the requirement for member states to criminalize money laundering, but it also began the process of placing specific AML obligations on elements of the private sector deemed best placed to act as ‘gatekeepers’ for the financial system. Much as with the 40 Recommendations, 1AMLD targeted banks as the primary ‘obligated entities’ in the private sector (termed ‘credit and financial institutions (FIs)’ in the AMLD).
The directive required members states to legislate to ensure that such obligated entities undertook consistent Customer Due Diligence (CDD) and Know Your Customer (KYC) procedures at onboarding, as well as at regular intervals thereafter, and – importantly kept records of the relationship up to five years after it had ended.
It also required that the obligated entities monitor the activity of its clients to ensure that their transactions matched CDD obligations, as well as identifying ‘suspicious’ transactions and reporting them to national authorities via a suspicious activity report (a requirement which itself also had roots in the US Banking Secrecy Act (BSA) of 1970).
These two obligations, although not specifically requiring a technological response, effectively created what we now know as the ‘transaction monitoring’ requirement. Although many obligated entities sought to meet this through manual checks at first, it soon became clear that the volume of transactions going through retail and commercial banks needed some kind of automated answer. To start, however, such platforms were extremely rudimentary, and based on basic rule sets to detect ‘suspicion.’
A Directive with Limitations
1AMLD was a positive first step to identify and mitigate a problem that had been largely ignored as a major and consistent policy issue in Europe until the late 80s. However, its limits soon became obvious.
As professional understanding of money laundering grew, it became clear that the directive’s focus on banks was too narrow, as launderers used a wide variety of sectors and businesses other than the financial industry to place, layer and integrate illicit funds into the legitimate financial system. Other forms of ‘predicate’ criminality – crimes that generated funds which required laundering – such as illegal smuggling of weapons into the Balkans conflicts of the 1990s – also became more politically prominent.
The more that European authorities looked at the activities of Organised Crime Groups (OCGs), the more they saw how such groups were involved in multiple crime types as well as drugs, all of which generated significant revenues. It was clear that AML history needed to evolve.
The EU’s authorities agreed 2AMLD in December 2001, around three months after the September 11 terrorist attacks in the US. However, the content of the directive, which had been agreed sometime before, was framed more by the need to fill the gaps in the first directive identified over the previous decade, than by the terrible events across the Atlantic.
Following the revision of the FATF 40 Recommendations in 1996, expanded and defined the range of predicate offenses of money laundering, and made specific that suspicious reporting needed to be reported to a dedicated national ‘Financial Intelligence Unit’ or FIU.
It also recognized that money launderers were not just using banks to move illicit money, by widening the scope of obligation to include non-bank FIs.
This included Money Service Bureaus (MSBs), known collectively as ‘Non-Banking Financial Institutions’ (NBFIs), as well as designated non-financial business and professions (DNFBPs) who might be involved in financial transactions. Lawyers were an especially notable addition, their right of professional secrecy was no longer a protection if they were involved in assisting in money laundering directly or providing information on how to launder money.
The EU began to tackle issues around the financing of terrorism in the next directive, 3AMLD, which came into effect in 2005. It arrived notably quicker than 2AMLD, primarily as a result of the need to respond quickly (by EU standards) to the new ‘War on Terror.’
Some EU member states had already taken some individual legislative actions in this area prior to and in the wake of 9/11, such as the UK’s Terrorism Act 2000, and in 2003, FATF had revised its Recommendations further to take into account new responsibilities as the international standard setter for Countering the Financing of Terrorism (CFT) as well as AML, creating nine ‘Special Recommendations’ on terrorist financing. These new Recommendations shaped the relevant CFT content and history of 3AMLD, including due diligence measures to ensure obligated entities were not providing services to designated terrorists or terrorist groups.
Alongside terrorism, 3AMLD also continued the trajectory of change that had started with the shift between the first and second directive, expanding historical AML obligations across further sectors, including accountants and casinos. This new iteration also saw the introduction of the risk-based approach (RBA) to AML procedures, which allowed some variation to the application of CDD depending on the risk profile of the client, the product, and several other factors.
This meant that CDD was more of a spectrum, ranging from simplified due diligence (SDD) through to enhanced due diligence (EDD) measures, which took greater interest in a risky client’s sources of wealth and income.
Recognizing the need to ‘motivate’ obligated entities, 3AMLD also introduced penalties for AML breaches for the first time in history. Speaking in 2005, Mariano Salas, of the Commission’s Directorate General for the Internal Market and Services, noted that these would be: “effective, proportionate and dissuasive.”
However, the directive was silent on the calculation of these penalties, leaving the matter to domestic legislation. Penalties would prove to be a matter of future contention which the EU would have to return to eventually, and one we will explore further in the forthcoming ‘part two’ of this blog post on AML history.
Originally published August 18, 2020, updated August 25, 2022
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).