10 key changes within the fourth EU money laundering directive
The new regulations will encompass the use of a risk based approach to customer onboarding, a named individual who sits at board level and changes to the due diligence process.
The new regulations are not completely new, and on the whole build upon legislation that has already been passed at national and supra-national level. They look to move away from money laundering requirements being a box ticking exercise, and more towards a risk based approach, tailored to the customer’s business.
There are, however, a number of new requirements which will all require time and resource to ensure compliance. These can be broken down into ten different requirements, each with corresponding pressures and challenges.
1 risk assessments
As my colleague Graeme Port covered last week, the changes to risk assessments will be a major challenge, particularly for smaller firms or those who have not conducted risk assessments in the past. A National Risk Assessment will be published in 2018, replacing the 2015 assessment. In the interim, UK supervisory bodies will be producing their own, looking at their respective industry verticals. Below that, each firm must also ensure that they carry out their own respective risk assessment. These written risk assessments must be kept up to date and be available to the regulator upon request.
2 due diligence
Prior to AML4, we had been accustomed to certain customers only being subject to Simplified Due Diligence (SDD). Under AML 4 this carte blanche approach to groups of customers will disappear, with firms taking a risk based approach to each customer on their individual merits. Critically, this must be justifiable to regulators. When onboarding customers that pose a lower risk of money laundering, firms must still be able to illustrate how the customer presents a lower degree of risk. This allows for resource to be focused on those customers or transactions that pose a higher degree of risk. When onboarding customers from countries that are deemed to be at a high risk of money laundering, Enhanced Due Diligence (EDD) must be used.
3 people with significant control register
A public record of Persons with Significant Control (PSC) of companies must be created. The UK has already enacted this piece of legislation (from 2016) and the information is available to regulators, banks, law firms and other entities that have a legitimate interest in the information. Similar registers must now be created by all member states. The information on this register must be kept up to date for regulators to maintain accurate and current information on beneficial ownership.
4 politically exposed persons (PEPs)
The definition of a Politically Exposed Person (PEP) has altered and expanded slightly and takes into consideration the families of known PEPs. EDD will be required on all PEPs for at least 18 months after they have ceased to be so, up from the current 12 months. Moreover, domestic based PEPs will now be treated in the same manner as foreign PEPs. Previously foreign based PEPs had been subject to EDD, but firms will now take a risk based approach for both foreign and domestic to determine the level of due diligence required. Firms also cannot discriminate or turn away customers on the basis that they are PEPs. One of the key requirements of AML4 is that a risk based approach must be applied to every customer and controls put in place to monitor and deal with that risk.
5 recording keeping
Firms must keep records of all their customers up to five years after their business relationship has ended. In certain circumstances this can be increased to ten years.
6 risk based approach
Undoubtedly one of the key changes is the move towards operating a risk based approach. Prior to the introduction of AML4 it was possible for MLROs or Compliance Managers to decline a customer on the basis that their threat level was too high. This is no longer permissible. Each customer’s risk level must be determined and then the relevant controls put in place to manage that level of risk. As well as executing a risk based approach, the assessments themselves must be documented and kept up to date, with risk factors such as jurisdiction and source of wealth captured.
7 ultimate beneficial owners
It is well known that money launderers will use complex structures and base companies in foreign jurisdictions where it is difficult or in some cases impossible to determine the ultimate beneficial owner (UBO) of a company. This was highlighted by the Panama Papers release, which showcased how far wealthy individuals can go to hide their wealth. To be included as a UBO, individuals must have a 25% shareholding in a company.
8 responsible parties
The new directive states that the individual ultimately responsible for compliance should be a board member with sufficient influence to be able to make recommendations and drive change where required.
We have already seen significant fines being handed down to banks and financial service institutions who have failed to adhere to their own money laundering policies. Following the introduction of AML 4, the same sanctions will also now be feasible in the legal and professional service space – with the introduction of OPBAS reflecting the intent to standardise supervision and regulation across verticals. As well as naming and shaming of individual firms, they can also be fined up to 10% of annual turnover. The importance of having a senior professional at board level is also highlighted here as individuals can face fines of up to €5,000,000.
10 third party providers
Firms can still use Customer Due Diligence (CDD) provided by a third party, as long as they are covered by the Money Laundering Regulations. However, the rules for using a third party are strict. As well as being covered by AML 4 the third party must also hand over all information, and confirm in writing that they have undertaken appropriate levels of due diligence.
The above ten points highlight that for all firms, and especially those that have not been subject to regulations such as AML4 in the past, that without careful planning and strict adherence to the regulations as they have been written, it is very easy to fall foul of the new regulations.
While supervisory bodies are keen to help those that reach out for assistance, any divergence from the letter of the law can lead to sanctions. It is therefore imperative that firms in the regulated sectors, such as legal and professional service firms, have plans in place now to ensure their continued adherence to the new regulations.
Both the UK and EU have made it clear that they are determined to clamp down on money laundering and the sectors must now respond with concrete proposals in place that will adequately take into consideration each of the above ten points.
about Alex Ford
Alex has worked with encompass since 2012 and re-located to Glasgow in 2015 for the company’s launch in the UK and establishment of the UK operation. As Vice President of Operations, Alex oversees Customer Success, Product, Business Systems and Security from the head office in Glasgow. Previously, Alex was
Founded in 2011 by entrepreneurs Roger Carson and Wayne Johnson, and operating from the UK, encompass is the creator of unique, innovative Know Your Customer (KYC) software for banking, finance, legal and accountancy that enable better, faster commercial decisions. The company is driven by the belief that the best decisions are made when people understand the full picture.
want to turn regulatory compliance
in to a competitive advantage?
Contact us today to arrange your personalised consultation of encompass. Discover how our KYC automation software can help your business accelerate onboarding and give you peace of mind that you are regulator ready.