The Fourth Money Laundering Directive (MLD4) was ratified by the European Parliament in 2015 and was implemented in all EU states on the 26th June 2017. It was transposed into UK law on the same date via the The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. Like previous iterations of the Money Laundering Directive, MLD4 aims to prevent the EU’s financial system being abused for the purposes of money laundering and terrorist financing.
The first Money Laundering Directive (MLD1) was enacted by the European Union (EU) in 1991. MLD1’s primary focus was drugs-related offences and it introduced requirements for credit and financial institutions to verify the identity of their customers and report any suspicions of money laundering.
MLD2 replaced the first Directive in 2001 and aimed to bring the EU’s anti-money laundering framework in line with the Financial Action Task Force (FATF) recommendations of the time. MLD2 expanded both the business covered and the predicate offences in relation to which money laundering could apply.
MLD3, introduced by the EU in 2005, extended the scope of the AML framework by including coverage of certain non-financial businesses and professions such as legal services and accountancy. MLD3 introduced the risk-based approach (RBA) to customer due diligence (CDD), and introduced the concept of simplified due diligence (SDD) and enhanced due diligence (EDD).
MLD4 bolsters various provisions of MLD3 in order to curb money laundering and terrorist financing, as well as increasing ownership transparency in firms. These steps bring the EU into compatibility with the latest guidelines from the FATF, helping to ensure global consistency across AML policies.
Wider Scope of Obliged Entities:
Many firms and individuals who previously went unregulated are considered to be “obliged entities” under MLD4 (referred to in the UK as the “regulated sector”). This means that more firms will have to comply with the Directive’s various regulations, including Customer Due Diligence requirements. Obliged entities under MLD4 include all credit and financial institutions, various Designated Non-Financial Businesses and Professions (DNFBPs), and gambling services (under MLD3, only casinos were covered).
Occasional transactions—that is, any transaction outside of a business relationship—of €15,000 or more are also covered under the regulations, as are transactions that the EU defines as a “transfer of funds” exceeding €1,000. Individual member states can set lower thresholds if they choose.
In short, MLD4’s revisions mean that more transactions will need to be monitored and CDD will have to be performed for more clients.
Additionally, e-money products are, for the first time, specifically regulated under MLD4. Countries do have discretion to allow some exclusions to this regulation as long as certain conditions are met. These include restrictions that the payment instrument, such as a pre-paid card, cannot hold more than €250, cannot enable more than €250 in monthly transactions, is used solely to purchase goods or services, and cannot be funded anonymously. If a country chooses to relax CDD requirements for e-money, it must still ensure that issuers carry out sufficient transaction monitoring and issuers must demonstrate that the risks associated with e-money are low.
Regardless of any thresholds or exemptions, CDD must always be performed if there is a suspicion of potential money laundering or terrorist financing. Moreover, CDD must be conducted again if there are any doubts about the adequacy and/or veracity of previously obtained information.
Updates to beneficial ownership:
EU countries must now require entities in their jurisdiction to keep up-to-date ownership information in a central registry that is accessible to authorities, obliged entities, and public persons with a legitimate interest, such as journalists or NGOs.
Additionally, the definition of an ultimate beneficial owner (UBO) has been modified. The key factor in determining who is the UBO is still owning or controlling more than 25% of the shares or voting rights in a legal entity, but MLD4 allows for senior managing officials to be treated as beneficial owners in cases where the above criteria cannot be determined.
Expansion of the Risk-Based Approach:
MLD4 further stresses the necessity of a risk-based approach (RBA) and strengthens RBA requirements. Obliged entities will need to identify and assess risk, considering factors such as customers, countries or geographic areas, products, services, transactions or delivery channels. These risk assessments will need to be kept up-to-date and made available to regulators. Larger companies may also be required to commission an independent audit of their compliance procedures.
MLD4 also removes blanket exemptions that allowed automatic use of Simplified Due Diligence (SDD). To use SDD, firms must now actively demonstrate low risk and provide a robust rationale for its use. The expectation is that fewer customers will qualify for SDD and more will require either CDD or EDD.
The revised regulations also mandate that obliged entities have in place risk-based procedures to determine whether customers or ultimate beneficial owners are politically exposed persons (PEPs). They clarify that Enhanced Due Diligence (EDD) must always be applied to PEPs and that senior management approval is required to establish or continue a business relationship with a PEP. In addition, both domestic and foreign PEPs are now covered under MLD4 (previously, domestic PEPs were not subject to EDD). EDD procedures must continue for at least 12 months after a PEP leaves office, although member states may impose a longer period.
MLD4 makes tax crimes predicate offences and brings tax advice provided by lawyers within the scope of their reporting obligations.
Trustees of express trusts are required to obtain and hold adequate, accurate and current information about the trust’s settlor, trustees, protector, and beneficiaries (or classes of beneficiaries) and to make this information available to obliged entities.
The sanctions for firms and individuals who don’t comply with the Fourth Money Laundering Directive have also been updated – and it is now mandatory for EU countries to impose these sanctions. Those who violate MLD4’s provisions will face a maximum fine of at least twice the amount of the benefit derived from the breach or at least €1 million.
For breaches involving credit or financial institutions, the penalties are even steeper: legal persons will receive a maximum fine of at least €5 million or 10% of total annual turnover, while natural persons will receive a maximum fine of at least €5 million.
EU legislators have already signalled plans for amendments to MLD4 in the form of the 5th Money Laundering Directive. These amendments were formally proposed in 2016 but are still being debated in the European Parliament and Council. Additions are expected to include:
- new rules to cover virtual currency, VC exchange platforms, prepaid cards, and “wallet providers”
- the creation of central registers or data-retrieval systems for bank and payment accounts
- better data sharing between national Financial Intelligence Units within the EU
- rules to ensure that EDD checks are carried out for transactions with countries that pose high risks for terrorist financing – the EU will devise a “blacklist” of these countries