KYC and the imperative for digital transformation
Download the whitepaper

10 key changes within the 4th EU Money Laundering Directive (4AMLD)

By Alex Ford | July 11th 2017
10 key changes within the fourth EU money laundering directive | encompass blog

The 4th EU Money Laundering Directive (4AMLD) will encompass the use of a risk based approach to customer onboarding, a named individual who sits at board level and changes to the due diligence process.

The new regulations are not completely new, and on the whole build upon legislation that has already been passed at national and supra-national level. They look to move away from money laundering requirements being a box ticking exercise, and more towards a risk based approach, tailored to the customer’s business.

There are, however, a number of new requirements which will all require time and resource to ensure compliance. These can be broken down into ten different requirements, each with corresponding pressures and challenges.

1. Risk assessments

The changes to risk assessments will be a major challenge, particularly for smaller firms or those who have not conducted risk assessments in the past. A National Risk Assessment will be published in 2018, replacing the 2015 assessment. In the interim, UK supervisory bodies will be producing their own, looking at their respective industry verticals. Below that, each firm must also ensure that they carry out their own respective risk assessment. These written risk assessments must be kept up to date and be available to the regulator upon request.

2. Due diligence

Prior to AML4, we had been accustomed to certain customers only being subject to Simplified Due Diligence (SDD). Under 4AMLD this carte blanche approach to groups of customers will disappear, with firms taking a risk based approach to each customer on their individual merits. Critically, this must be justifiable to regulators. When onboarding customers that pose a lower risk of money laundering, firms must still be able to illustrate how the customer presents a lower degree of risk. This allows for resource to be focused on those customers or transactions that pose a higher degree of risk. When onboarding customers from countries that are deemed to be at a high risk of money laundering, Enhanced Due Diligence (EDD) must be used.

3. People with significant control register

A public record of Persons with Significant Control (PSC) of companies must be created. The UK has already enacted this piece of legislation (from 2016) and the information is available to regulators, banks, law firms and other entities that have a legitimate interest in the information. Similar registers must now be created by all member states. The information on this register must be kept up to date for regulators to maintain accurate and current information on beneficial ownership.

4. Politically exposed persons (PEPs)

The definition of a Politically Exposed Person (PEP) has altered and expanded slightly and takes into consideration the families of known PEPs. EDD will be required on all PEPs for at least 18 months after they have ceased to be so, up from the current 12 months. Moreover, domestic based PEPs will now be treated in the same manner as foreign PEPs. Previously foreign based PEPs had been subject to EDD, but firms will now take a risk based approach for both foreign and domestic to determine the level of due diligence required. Firms also cannot discriminate or turn away customers on the basis that they are PEPs. One of the key requirements of AML4 is that a risk based approach must be applied to every customer and controls put in place to monitor and deal with that risk.

5. Recording keeping

Firms must keep records of all their customers up to five years after their business relationship has ended. In certain circumstances this can be increased to ten years.

6. Risk based approach

Undoubtedly one of the key changes is the move towards operating a risk based approach. Prior to the introduction of 4AMLD, it was possible for MLROs or Compliance Managers to decline a customer on the basis that their threat level was too high. This is no longer permissible. Each customer’s risk level must be determined and then the relevant controls put in place to manage that level of risk. As well as executing a risk based approach, the assessments themselves must be documented and kept up to date, with risk factors such as jurisdiction and source of wealth captured.

7. Ultimate beneficial owners

It is well known that money launderers will use complex structures and base companies in foreign jurisdictions where it is difficult or in some cases impossible to determine the ultimate beneficial owner (UBO) of a company. This was highlighted by the Panama Papers release, which showcased how far wealthy individuals can go to hide their wealth. To be included as a UBO, individuals must have a 25% shareholding in a company.


Ultimate beneficial ownership

Exploring ultimate beneficial ownership and the role it plays in laundering illicit funds.

8. Responsible parties

The new directive states that the individual ultimately responsible for compliance should be a board member with sufficient influence to be able to make recommendations and drive change where required.

9. Penalties

We have already seen significant fines being handed down to banks and financial service institutions who have failed to adhere to their own money laundering policies. Following the introduction of 4AMLD, the same sanctions will also now be feasible in the legal and professional service space – with the introduction of OPBAS reflecting the intent to standardize supervision and regulation across verticals. As well as naming and shaming of individual firms, they can also be fined up to 10% of annual turnover. The importance of having a senior professional at board level is also highlighted here as individuals can face fines of up to €5,000,000.

10. Third-party providers

Firms can still use Customer Due Diligence (CDD) provided by a third party, as long as they are covered by the Money Laundering Regulations. However, the rules for using a third party are strict. As well as being covered by 4AMLD the third party must also hand over all information, and confirm in writing that they have undertaken appropriate levels of due diligence.

Ensuring compliance

The above ten points highlight that for all firms, and especially those that have not been subject to regulations such as 4AMLD in the past, that without careful planning and strict adherence to the regulations as they have been written, it is very easy to fall foul of the new regulations.

While supervisory bodies are keen to help those that reach out for assistance, any divergence from the letter of the law can lead to sanctions. It is therefore imperative that firms in the regulated sectors, such as legal and professional service firms, have plans in place now to ensure their continued adherence to the new regulations.

Both the UK and EU have made it clear that they are determined to clamp down on money laundering and the sectors must now respond with concrete proposals in place that will adequately take into consideration each of the above ten points.


How banks benefit from regulation

Examining the impact of the EU's Fourth Anti-Money Laundering Directive (4AMLD) on bank valuations.

Author: Alex Ford

Alex drives business growth in North America, working with customers, partners and the Encompass team to transform KYC with automation in financial institutions and other regulated entities. Joining in 2012, Alex has held Executive responsibility for business functions including Customer Success, Operations, Marketing, Product and Delivery. From 2015 to 2020 Alex was based in Glasgow with the launch and expansion of the UK operation, before taking up leadership of the North America business.

LinkedIn Profile | Alex Ford

You also might be interested in