Following years of discussion, the European Commission finalised the European Union's anti-money laundering (AML) package in April, marking a significant legislative advancement. This initiative, part of an ambitious plan started in 2021, aims to enhance financial crime prevention and detection.
Contributor
Liz McKillop leads the policy team at Delta Capita with twenty-five years of experience in financial services.
This article was originally published by Thomson Reuters Regulatory Intelligence.
Following years of discussion, the European Commission finalised the European Union's anti-money laundering (AML) package in April, marking a significant legislative advancement. This initiative, part of an ambitious plan started in 2021, aims to enhance financial crime prevention and detection.
EU AML package
The package includes regulations to establish the European Union's Anti-Money Laundering and Countering the Financing of Terrorism Authority (AMLA) and new AML/CFT regulations, including beneficial ownership, cryptoassets and updates to the 6th Money Laundering Directive (AMLD6).
At the heart of the package is AMLA, the new AML authority. Based in Frankfurt, Germany, it will centrally coordinate the activities of each EU member-state authority, ensuring a uniform process with consistent application of rules across the bloc.
AMLA will provide direct supervision to the riskiest credit and financial institutions and those providing crypto services. The new regulations will impose a single AML rulebook for member states, to create consistent standards and reduce ambiguity about requirements.
It is an exciting time for AML. The key to success will be greater collaboration between the financial services industry and national financial intelligence units (FIUs).
Through the new regulations, new sectors will be caught by due diligence and reporting requirements, including the crypto sector, traders in luxury goods and professional football clubs and agents.
Financial intelligence units
While each EU member state has already established a financial intelligence unit, the FIUs will have more power to share information, analyse data and suspend transactions. They will work jointly with AMLA to facilitate cross-border investigations alongside the promise of investment in better data analytics.
Such investment in systems and support to FIUs will create a valuable source of information for law enforcement agencies.
Beneficial ownership
There are new measures for investigating both ownership and control, with provisions for multi-layered ownership structures being clearer and more transparent. They aim to prevent companies from using complexity to hide ownership.
Negotiations have agreed to a 25% ownership threshold (unless there is a heightened risk). Company information will be more readily available, and it will be shared more easily with all member states.
Ownership registries should improve their maintenance as authorities will need to investigate and verify reported information. The agreed proposals also require foreign legal entities to register beneficial ownership when they do business in the EU. As a result, trust information should be easier to find.
Single rulebook
Firms should expect "single rulebook" regulation that will remove inconsistencies across the EU. Accordingly, institutions will not have multiple, differing rulesets governing their policies for each office or business location. Harmonisation across the EU should enhance cooperation and make processes and decisions quicker and easier for local authorities working with the industry.
The exact criteria for AMLA supervision remain to be determined, but it is expected to affect firms operating across borders, those deemed higher-risk and certainly crypto-asset providers. More broadly, firms will need to familiarise themselves with the rules and prepare for tougher regulatory standards and potentially more intensive supervision.
Implications for the UK
Even though the UK has left the EU, many of its firms operating in the EU will be impacted by the legislation. There is also potential for regulatory divergence. The UK has so far opted out of transposing the 6th AML Directive, largely due to overlap with local law.
UK firms may need to amend their processes to satisfy the new requirements. Operations may change to meet the new obligations, and compliance professionals in the UK will certainly need to read through the legislation and understand the effect it will have on EU business lines.
How firms can prepare
It is essential that firms assess the impact of the regulations where they have business in the EU.
Country by country
Firms would be well-advised to conduct a detailed analysis of existing standards across each of their operations in the EU. Changes may be required vis-à-vis locations with greater disparity, such as where EU law is taking longer to implement.
This could include a detailed assessment of country policies and consolidation of separate policies into a coherent governance and control framework with an underpinning policy.
Stay current
Firms should monitor AMLA guidelines and stay current with what is coming.
While related regulatory activities are unlikely to commence in earnest until 2025, with direct supervision unlikely until 2028, it is worth staying abreast of notices and consultation results. An AMLA chair is likely to be announced and an office opened during 2024. Operations may start in 2025, but any direct supervision and rules implementation (still to be agreed) is unlikely to take place until 2026 and beyond, such as beneficial ownership and oversight of risky institutions.
Governance
Firms should ensure that their internal governance is effective, that AML/CTF risk assessments receive serious consideration and that they evaluate jurisdiction, products, delivery channels and client types. Firms may want to consider a more aligned approach across their EU footprint. Decision-making must be robust across the firm, at a level that covers all EU business lines, that risk decisions are carefully recorded and that escalation is effective where needed.
Customer data records
Customer data records could be affected, with refresh standards likely becoming uniform. It may be time to invest in know-your-customer (KYC) technology where automation can help. Firms will likely start to focus on simplifying KYC processes, automating lower-risk files and testing how they refresh their KYC data. Such data will be key to effective reporting, and firms should prioritise KYC outreach to higher-risk clients. EU authorities have consistently pushed for industry technology capable of managing AML/CTF risk, including KYC processes.
Anti-money laundering has never been in such sharp focus. The AMLA will start operating in 2025, and while it may take time to have an effect, with many financial crime officers at the forefront of discussion, the hard work for firms starts now.