Time's up: EU companies need to reckon with new AML rules
Anti-Money Laundering (AML), one of the fastest moving areas of financial regulation, returns to the fore for organizations operating in the European Union (not that it had ever gone away, one could point out).
The new EU AML Directive - which is the sixth since 1991 (but came into force less than a year after the previous one) - was scheduled to be transposed into national laws by December 3rd, 2020. The deadline for companies within EU markets to adjust their internal procedures accordingly is June 3rd, 2021. Therefore, financial institutions, auditors, accountants, and other obliged entities only have another six months to get ready and upgrade their KYC processes.
Once again, it’s time to focus on a new legal development and ensure full compliance. On top of that, the changes introduced by the directive specifically affect companies like never before. So, it’s ever more true that the price of non-compliance would cost much more than any investment made to achieve it.
AML as 2020’s head and tail
2020 has been another eventful year in terms of AML initiatives, actions, and news.
Many Member States had not yet managed to implement the 4th AML Directive at a national level when the European regulators realized that wasn’t enough to keep up and effectively counter the trillion-dollar money-machine that money laundering is. Soon after, further amendments were added - and the 5th Anti-Money Laundering Directive (5AMLD) came to light.
This is how 2020 began: with the EU Member States having to include the 5AMLD into internal legislation. And, similarly, the year is ending with the 6AMLD due to be implemented into national laws.
What were the main highlights of the 5th AML Directive?
It's worth remembering how the 5AMLD was a political success and a big step forward in terms of regulatory tightening. Here is a quick overview to refresh our memory with its main points:
It extended the scope of obliged entities (and included the cryptocurrency sector at a cross-national level).
It required more Customer Due Diligence (CDD) checks and raised the bar in terms of Enhanced Due Diligence (EDD).
It regulated domestic PEPs (Politically Exposed Persons).
It improved the central registrars of beneficial ownership to facilitate the identification of UBOs (Ultimate Beneficial Owners).
It extended AML checks to majority-owned subsidiaries outside the European Union.
It explicitly promoted and encouraged the use of electronic signature and digital identification means as standardized by eIDAS to verify customers’ identity.
Why was a 6th AML Directive needed?
Considering the frequency of the EU revisions to the Anti-Money Laundering legislation, one might rightly wonder why new amendments were necessary. The answer is as simple as it is alarming. The measures in place were clearly not effective enough as prevention means, nor severe enough as a deterrent. And this became evident after a series of outstanding money laundering scandals involving several major Northern European banks since 2018.
International investigations in the last few years uncovered a shocking amount of illicit funds coming from abroad and laundered via German, Nordic, and Baltic banks. These findings prompted doubts about the effectiveness of the legal framework and its capacity to withstand the widespread increase in financial crimes worldwide.
Moreover, the recent banking scandals have reinforced the need for promoting good practice and global effort throughout the private sector, open to heavy abuse by money launderers. Companies play a significant role in the fight against economic crime, so they need stronger incentives for meeting AML requirements.
What’s new in the 6th AML Directive - and what does it mean for companies?
To help you become familiar with the changes, we outlined the five major takeaways that matter most to businesses:
1. Harmonized list of predicate money laundering offenses across the EU
Generally speaking, a predicate offense is a crime that is a component of a larger crime. In a financial context, the larger crime in question is money laundering, and predicate offenses are any crime generating monetary proceeds that may become the subject of money-laundering (i.e., corruption and bribery, fraud, tax crimes, etc.).
The EU Directive outlined 22 predicate offenses for money laundering, providing clear definitions of each specific illegal act. Such a list was devised to pursue two goals:
To achieve an EU-wide homogeneous framework of what constitutes a predicate money laundering offense. All EU member states are now required to criminalize the same predicate offenses.
To better reflect the evolving criminal landscape. The risks-scenario needed updates to include modern threats - whose primary example is cybercrime. This is the first time that cybercrime pops up in the AML law context.
EU organizations need to ensure that their AML programs can deal with the new risk environment. This may translate into better employee training to fight cyber-threats and adjustment of internal procedures to ensure the detection of suspicious activities linked to the predicate offenses.
2. Expanded regulatory scope to punish even those who have only had an “enabling” role
The previous directives mainly focused on those who actually commit money laundering and profit directly from the crime itself.
Under the 6AMLD, criminal liability (and penalties) is extended to those who act as accomplices in money laundering schemes. The specific expressions used in the official text are “aiding and abetting” and “attempting and inciting”. Consequently, anybody who intentionally assists, facilitates, or instigates the crime or hides or disguises illicit assets will be held legally responsible for their cooperation in the unlawful activity.
Therefore, the need for businesses operating in the EU to reinforce their compliance programs is once again stressed. EU firms should now make sure they can spot and prevent atypical “enabling” activities. To this end, they need to be able to unveil and react to any scams originating from fraudulent individuals or companies hiding in second-tier business relationships.
3. Extension of criminal liability to businesses
Prior to the 6AML Directive, only individuals could be convicted for committing financial crimes. The new rules extended the criminal liability to legal entities, such as companies and partnerships, as well as to their executives. Simply put, when an organization is caught involved in money laundering, the responsibility will not be placed only on the employees acting separately. The criminal liability will be ascribed on management and on the company itself as well. In such an event, the business may be subject to civil punishments - ranging from a temporary ban on operations, judicial supervision, or exclusion from accessing public funding, to permanent shut-down.
This is another critical shake-up to the traditional AML framework, as it’s the first time ever that a firm can be held accountable for money laundering. The Directive allows financial authorities to better target organizations by providing wider grounds for businesses’ prosecution. The failure to effectively prevent economic crimes, for instance, qualifies business leaders to experience penalties themselves, if they are found culpable of lack of supervision, control, and compliance.
4. Harsher penalties
The 6AMLD amended the punishment system regarding both imprisonment and economic fines. The maximum prison sentence term has been increased from one to four years (excluding aggravating circumstances). Besides, many EU member states already exceeded this limit and imposed longer sentences. Additional penalties may include exclusion from public benefits or aid, disqualification from commercial activities, judicial supervision, freezing or confiscating the property concerned, and more. Moreover, any sentence may be supplemented with sanctions and fines (up to €5Million), including the complete closure of a business.
5. Member-state (and companies) cooperation
The new update acknowledges that measures adopted solely at a national level, without taking into account international coordination, would have minimal effect. Hence, the 6AMLD aims at enabling more efficient and swifter cross-border collaboration between competent authorities in situations of dual criminality – i.e., where a financial crime takes place across two different Member States. In such a case, both jurisdictions need to be involved in the prosecution, assist each other, exchange information, and work together to centralize legal proceedings within a single jurisdiction.
The same cooperation must be addressed on a business level as combining efforts in a joint action is key to improve our chances in the battle against AML-related crimes. In the event that a crime embroils two companies, they are now required to co-act to identify the offender and prosecute them in one single way.
What should companies do to ensure compliance with the 6th AML Directive?
Start with a good understanding
The broader liability, the extended scope, and the more severe penalties should set alarm bells ringing in all firms operating within the European Union borders that need to take their AML obligations seriously. During the upcoming transition period, organizations should focus on implementing robust and automated Know-Your-Customer mechanisms. The first step is getting acquainted with the news the 6AMLD brings, to start off with a clear understanding of the new requirements and responsibilities.
Foster employees' awareness and better allocate resources
Companies will now have fewer legitimate excuses if it turns out that they have (even inadvertently) allowed money laundering. More than ever, senior managers need to be confident in the transparency and accountability throughout the business. At the end of the day, it all comes down to the organization’s culture. For a healthy security strategy, the right investments and an educated workforce can make a big difference. Therefore, smarter resource allocation and staff training are pivotal.
Employ the right technology solutions to level up your AML procedures
A thorough review of the measures in place is to be prioritized to identify and address current shortcomings - and make informed decisions when it comes to technology deployment. Companies need to examine their existing processes with a critical eye and open up to alternatives that better meet their new transaction monitoring and screening obligations. Automated systems allow businesses to source and scan information about the wider range of predicate crimes, better detect suspicious activities, and establish more effective risk management.
Proactivity is key: get ready for what comes next
AML is one of the most ever-changing regulatory areas and doesn't seem to slow down anytime soon. As a matter of fact, it’s no secret that the EU made AML/CFT one of its priorities until 2024. Much of the media's attention is being paid to the potential creation of a central EU AML agency to be entrusted with the regulatory compliance assessment at an institutional level.
So it’s safe to expect that we will likely witness frequent updates to widen its scope and stiffen the sanctions in the near future. After all, less than a year was the time-gap between the deadline for member states to implement the 5th and 6th directive - and this suggests that a 7th AML Directive might not be so far either.
It follows that we can no longer just cover the holes and hope for the best. A future-proof approach needs to be taken on in re-configuring your workflows: to get the most out of this compliance exercise, you should look at it as a chance to seek (and address) potential loopholes in your business.
It’s here that the importance of tooling up your company with a cutting-edge solution lies. Implementing a flexible and agile system will let you rapidly and effortlessly adapt to any subsequent change in the legal landscape. Fast adjustment and better compliance convert into market dominance and better chances to wipe away the competition.
How can Penneo help you with your AML-compliance?
Efficiency, security, and compliance are the cornerstones our KYC solution is built on. Everything you might need to collect documents, assess risk-profiles, track and monitor information is expertly built into our software. It can be easily integrated with your ERP system to let you effortlessly import your customer information with just one click. And all this is available for you and your customers wherever you are and at any time - as your smartphone is all you need to complete the process in just a few minutes.