The European Union issues anti-money laundering directives (AMLDs) as a way to ensure that all member states adhere to a common set of financial compliance regulations. The European Parliament introduces new AMLDs periodically, and every government in the EU is expected to implement them by passing appropriate domestic legislation. Although the UK left the EU in 2020, it has implemented similar anti-money laundering legislation in order to keep pace with the compliance standards set out by the AMLDs.
EU AMLDs reflect the changing global financial landscape: each AMLD contains measures to address emerging criminal trends and methodologies, integrate new technologies and Financial Action Task Force (FATF) recommendations, and to address deficiencies in previous directives. When the EU announces a new AMLD, it gives member states a time period in which to make the necessary changes to domestic anti-money laundering (AML) and counter-financing of terorrism (CFT) legislation, and to allow banks and financial institutions to adjust their compliance and risk management solutions. After the implementation deadline the new AML/CFT regulatory environment is considered law across the EU.
The EU’s most recent AMLD was the Sixth Anti-Money Laundering Directive (6AMLD) – which built on the AML/CFT measures introduced in the 4AMLD and 5AMLD respectively. With the EU having announced a new anti-money laundering ‘legislative package’, it is important that obligated entities within the bloc understand their new obligations.
To help your business stay on top of its AML/CFT obligations, read our guide to the most recent EU AMLDs.
The Fourth Anti-Money Laundering Directive came into effect across the EU on 26 June 2017. The directive focused on strengthening the risk based approach to AML/CFT recommended by the FATF. 4AMLD’s key measures included:
Enhanced beneficial ownership: 4AMLD introduced a requirement for member states to compile a national register of beneficial owners. The definition of ‘beneficial owner’ was expanded to include members of a firm’s senior management.
Risk assessments: Under 4AMLD, companies had to factor in new customer data as part of their AML risk assessment process, including customers’ locations and the types of products and services they were using.
Politically exposed persons: 4AMLD adjusted the definition of politically exposed person (PEP) to include ‘domestic PEP’.
Noncompliance penalties: 4AMLD introduced a ‘name and shame’ requirement for firms found to be in violation of AML/CFT regulations. The directive also increased mandatory AML/CFT noncompliance penalties in the following ways:
- A maximum fine of €5 million or 10% of annual turnover for legal persons
- A maximum fine of €5 million for natural persons
5AMLD was implemented across the EU on 10 January 2020 and built on many of the measures introduced in 4AMLD. It introduced a new focus on fintech products and services, including the growing use of cryptocurrencies. Key 5AMLD measures included:
Beneficial ownership transparency: After 4AMLD introduced beneficial ownership registers, 5AMLD introduced a public right of access to the information they contained. Similarly, member states had to ensure that their registers were interconnected with others across the bloc to enable centralised verification.
PEP lists: Like 4AMLD’s beneficial ownership lists, 5AMLD introduced publicly available PEP lists, setting out a list of domestic ‘politically exposed’ roles.
Risk assessments: 5AMLD introduced a requirement that member states publish periodic risk assessment reports in order to raise public awareness of AML/CFT threats.
Virtual currencies: 5AMLD expanded existing EU AML/CFT regulations to cryptocurrencies and cryptocurrency service providers. The new rules meant that cryptocurrency exchanges had to register with domestic authorities and share information with Financial Intelligence Units (FIU).
Prepaid transaction limits: 5AMLD included measures to address the AML/CFT threat posed by prepaid credit cards. Under the new rules, transaction limits on prepaid cards were reduced to €150 (from €250) for in-person transactions, and to €50 for online transactions. 5AMLD also prohibited companies from accepting prepaid cards issued in countries that did not meet the EU’s compliance standards.
High risk due diligence: 5AMLD introduced a uniform set of mandatory enhanced due diligence measures to be applied to transactions involving high risk countries.
High value transactions: 5AMLD extended AML/CFT reporting obligations to transactions of high value goods amounting to values of €10,000 or more. The measure was intended to address money laundering in certain ‘boutique’ industries, such as the art trade.
6AMLD came into effect on 3 June 2021 and is the most recent EU anti-money laundering directive. While 5AMLD expanded the scope of the EU’s AML/CFT regime, 6AMLD is broadly intended to harmonise and clarify regulatory detail, and to help companies in the EU do more to directly address financial crimes. With that in mind, the key measures of 6AMLD include:
Harmonised predicate offences: 6AMLD sets out a harmonised list of 22 predicate offences for money laundering, including offences such as human trafficking, fraud, and counterfeiting. The list includes the two new money laundering predicate offences of cybercrime and environmental crime.
Aiding and abetting: Under 6AMLD, the definition of the crime of money laundering has been expanded to include aiding and abetting.
Liability: Before 6AMLD, only individuals could be prosecuted for the crime of money laundering. Under 6AMLD, that criminal liability is extended to legal persons such as corporations. In practice, this means that organisations can also be punished for money laundering offences committed by their employees.
Penalties: 6AMLD harmonises money laundering criminal penalties and punishments across the EU. The new rules introduce a minimum prison sentence of 4 years for individuals found guilty of money laundering (from the previous minimum of 1 year).
Dual criminality: Under 6AMLD, member states are required to share information and facilitate cooperation in order to prosecute money laundering crimes that span international borders. These dual criminality prosecutions have required some member states to criminalise certain predicate offences, regardless of whether they were already illegal.
HOW TO COMPLY WITH ANTI-MONEY LAUNDERING DIRECTIVES
Any new money laundering directive requires companies within the EU to review their AML/CFT compliance and risk management solutions, and adjust to the new regulatory environment where necessary. This process may require the following steps:
- A review of risk exposure under the new regulatory environment, followed by any necessary adjustments to risk management solutions. Under 6AMLD, for example, companies need to ensure their risk management solutions take into account cybercrime and environmental crime predicate offences.
- A review of customer risk assessment procedures. A new AMLD may alter the risk profiles of both new and existing customers.
- New training procedures for compliance employees. The introduction of new regulations means that compliance employees may need to update their regulatory knowledge in order to continue to meet their obligations.
- A review of internal compliance technology deployments to ensure ongoing compliance.
FUTURE EU ANTI-MONEY LAUNDERING DIRECTIVES
The EU will continue to issue anti-money laundering directives in response to a changing threat landscape. In July 2021, the European Commission announced that it would be overhauling its AML/CFT rules with ‘an ambitious package of legislative proposals’. In addition to strengthening its existing AML/CFT framework, the package will specifically take into account the money laundering challenges posed by technological innovation.
As part of the package, the EU has announced a new directive which ‘repeals and replaces’ AML/CFT rules introduced in 6AMLD (and previous AMLDs). The directive includes a range of key measures and provisions, including:
The introduction of national supervisory bodies in all member states.
- A requirement for member states to carry out national risk assessments every 4 years.
- More robust protections for corporate whistleblowers.
- A framework to allow FIUs across the EU to perform joint analysis of suspected criminal activity.
- Clarification on the information which should be included in beneficial ownership registers to ensure that FIUs can ‘obtain up-to-date, adequate and accurate information’.
- New requirements for the processing of personal data to ensure consistency with EU data-processing rules.