An estimated two to five percent of the Global Gross Domestic Product ("GDP") is the result of money laundering. Money launderers prefer countries with solid financial markets and financial services, high GDP, high exports and imports and, of course, with a rather lax anti-money laundering regime and low fines.
According to a study from the European Parliament dated 2017, this issue poses a particular threat to large European countries. The United Kingdom tops the list with an estimated total of €282 billion laundered annually, followed by France, Belgium, Germany, Luxembourg, the Netherlands, and Austria. Compared to their GDP, the Baltic States, Luxembourg and Cyprus have a disproportionate volume of money laundering.
In Europe, a number of steps to combat money laundering have been undertaken, such as five EU Anti-Money Laundering Directives, the latest of which was enacted in May 2018 and entered into force on 9 July 2018 ("AMLD5"), only three years after its predecessor ("AMLD4") which was enacted in May 2015. The member states were required to bring into force the laws, regulations and administrative provisions necessary to comply with AMLD5 by 10 January 2020 ("AML laws"). However, the above-mentioned European Parliament study came to the conclusion that in order to reach a harmonized anti-money laundering policy in Europe, a ''one size fits all''-approach is not promising as European countries differ significantly in their administrative and economic (infra)structures to reach the same level of compliance. The study further concluded that the European Union could be subdivided into at least four groups of countries to be targeted differently. The study stressed the important role of advanced member states, in training less advanced countries to create a common understanding of the need for anti-money laundering.
In recent years, the competent local authorities have published general guidelines to inform the obliged entities about the applicable due diligence and organizational requirements. As a further step, several thousand audits have been performed in the member states to evaluate the status quo and pave the way for further action against those who do not comply with the requirements of the AML laws. The most recent reports demonstrate that administrative fines have been levied against traders of goods. The most common reasons have been:
- The official identification document was not fully copied during the customer identification process.
- The obliged entity cannot prove that it has obtained appropriate confirmation whether or not the contracting party is acting on behalf of a beneficial owner.
- The obliged entity cannot prove that it has verified the obtained customer data on the basis of an appropriate official identification document.
Obliged entities under AML laws
It is a widespread misconception that only financial institutions and the related industry must undertake appropriate measures in the European Union to comply with AML laws. So-called traders of goods are subject to the same legal requirements. Other affected parties are lawyers, auditors, tax advisors, real estate agents (including when acting as intermediaries in the letting of immovable property), casinos, art traders (i.e. persons storing, trading or acting as intermediaries in the trade of works of art) and operators and brokers of online gambling platforms as well as custodian wallet providers and virtual currency exchange service providers.
Criminal and administrative liability
The member states must ensure that obliged entities can be held liable for breaches of AML laws. Furthermore, the member states have the right to provide for and impose penalties under criminal law and must lay down rules on administrative measures to ensure that their competent authorities may enforce AML rules and regulations. In addition, member states must ensure that their competent authorities promptly report any identified criminal offences to their law enforcement authorities.
With regard to criminal liability, some member states previously excluded ''self-laundering'' from money laundering as a criminal offence. The reason for the previous exclusion was that if, for example, a person stole money and was prosecuted for both theft and money laundering, this was seen as an inadmissible double punishment. However, under strong pressure from the Financial Action Task Force on Money Laundering ("FATF"), all countries have meanwhile amended their laws, declaring self-laundering a money laundering crime. Germany was the last country to amend its laws accordingly in November 2015.
Administrative sanctions and measures apply to breaches on the part of obliged entities that are serious, repeated, systematic, or a combination thereof, of the requirements for
- Customer due diligence;
- Suspicious transaction reporting;
- Record-keeping; and
- Internal control measures.
Member states must ensure that in these cases, the administrative sanctions and measures include at least:
- A public statement which identifies the natural or legal person and the nature of the breach;
- An order requiring the natural or legal person to cease the conduct and to desist from repetition of that conduct;
- Withdrawal or suspension of the authorization where an obliged entity is subject to an authorization;
- A temporary ban against any person discharging managerial responsibilities in an obliged entity, or any other natural person, held responsible for the breach, from exercising managerial functions in obliged entities;
- Maximum administrative fines of at least twice the amount of the benefit derived from the breach where that benefit can be determined, or at least €1 million.
Supervision of AML laws
Member states are required to appoint competent authorities to effectively supervise obliged entities and in particular to monitor the adherence and take the measures necessary to ensure compliance with the AML laws. In this context it is important that member states provide to the competent authorities adequate powers of enforcement, including the power to demand any information that is relevant to monitoring compliance and to perform external audits.
More specifically, the standard under European AML rules requires that the competent authorities have on-site and off-site access to all relevant information on particular domestic and international risks associated with clients, products and services of the obliged entities. Regarding the frequency and intensity of on-site and off-site supervision, competent authorities will consider the individual risk profile of obliged entities and the risks of money laundering and terrorist financing in the respective member state.
Obligations under AML laws
Compliance with the requirements of the AML laws mainly consists of satisfying two high-level obligations:
- Organizational requirements; and
- Customer due diligence requirements.
Obliged entities are required to rate individual business relationships and transactions in light of their respective money-laundering risk (risk-based approach). The results of the risk assessment must be documented. It should describe the potential risks associated with the business of the obliged entity which can be divided into the following categories:
- Company risks;
- Customer risks;
- Product risks;
- Transactional risk; and
- Geographic risks.
The relevant risk factors were specified in Appendices I and II to AMLD4. As soon as the potential risks have been determined and described, it is the task of the obliged entity to determine to what extent they may actually materialize. Depending on the risk levels (i.e. risk-based approach), preventive measures and safeguards may be implemented. The risk assessment must also be updated at least once a year in order to ensure the effectiveness of the preventive measures and safeguards.
Money laundering reporting officer
The essential element of compliance with AML laws lies in an appropriate internal organization. Even if this is only required for certain entities (where appropriate with regard to the size and nature of the business), the appointment of a money laundering reporting officer ("MLRO") is recommendable, to bear responsibility for the development of internal policies, procedures and controls, including risk analysis and risk management measures, customer due diligence, reporting, record keeping, internal control, and employee screening. The MLRO is also entitled to report suspicious events to the central office for financial transaction investigations (Financial Intelligence Unit – "FIU"). The position of the MLRO was generally strengthened by the latest amendments of AMLD4, as the fulfilment of his or her duties may not lead to any disadvantages in the employment relationship. The clear organizational responsibility for this task is the foundation for compliance with the AML laws.
With the confidential risk assessment in place, the next element of the compliance structure – the AML manual – can be drafted and implemented. The AML manual describes the internal processes and activities to be implemented by the company to ensure compliance with legal requirements. Amongst other matters, the manual includes regulations for client identification, the document or software system to be used, the escalation process for on-boarding politically exposed persons, as well as record keeping and retention requirements and the internal procedure to report suspicious activities to the MLRO and other corporate governance provisions.
Each obliged entity must implement appropriate processes and train employees on the types and current methods of money laundering and terrorist financing. This requirement can be met through an AML policy where each employee receives general information on money laundering and appropriate obligations. The training should be repeated at regular intervals depending on the respective AML risk of the obliged entity; market standard is every two years. It is also important to document all employees' attendance of the training sessions to ensure compliance with the AML provisions.
With the AML manual and the AML policy in place, the company and all employees must implement the internal requirements in practice. One of the central tasks is the performance of customer due diligence. More generally, it is important to monitor the business activities and effectiveness of the implemented preventive measures and safeguards.
Central register of beneficial owners
In order to obtain and store information on beneficial owners, all member states are required to set up a central register of beneficial owners. All legal persons under private law as well as all registered partnerships must collect, hold, and provide beneficial ownership information and communicate this information to the central register. AMLD5 improved public access to beneficial ownership information. There is no longer a need to demonstrate a legitimate interest to access the central register. Public access to beneficial ownership information allows greater scrutiny of information by civil society, including by the press or civil society organizations, and contributes to preserving trust in the integrity of business transactions and of the financial system. However, some restrictions continue to apply as access to beneficial ownership information of trusts and similar legal arrangements should only be granted to any person that can demonstrate a legitimate interest.
In order to complement and reinforce the application of AMLD5, a directive on combating money laundering by criminal law was adopted on 23 October 2018 ("AMLD6"). It lays down minimum rules on criminal liability for money laundering. Member states are obliged to transpose the requirements into national law by 3 December 2020. In particular, AMLD6 harmonizes the definitions of money laundering and predicate offences, lays down minimum sanctions, and extends criminal liability to legal persons.
To meet AML compliance in practice, it is market standard that obliged entities produce three documents: a risk analysis, an AML manual and an AML policy, all tailored to their respective business model and the entailing AML risks. The risk-based approach allows an individual set of measures depending on the respective level of risk, i.e. fewer measures in case of lower risks. Most importantly, the documentation provides protection against reputational harm and external challenges by supervisory authorities.
|Dr. Richard Reimer
Hogan Lovells Frankfurt
T +49 69 962 36 414
|Richard Reimer advises German and international banks and financial institutions on all aspects of banking regulation and compliance, with a particular focus on payments and e-money law. Furthermore, Richard advises on regulatory aspects of M&A transactions involving banks and financial institutions (e.g. ownership control proceedings). He has dealt with major portfolio transactions of the firm involving bad banks. He is part of the investment fund team and contributes to all regulatory aspects in structuring investments (UCITS and AIF) in Germany. Richard leads a team which primarily advises on banking licence proceedings, own funds requirements and compliance projects including whistleblowing systems, anti-money laundering compliance and financial sanctions.
|Sarah Wrage, LL.M.
Hogan Lovells Frankfurt
T +49 69 962 36 421
|Sarah Wrage advises German and international banks and financial services institutions as well as other companies on all aspects relating to banking regulatory law, payment services law and investment law. The main focus of her work is to give advice on licensing, capital requirements, duty of care and organizational requirements, compliance, and regulatory implications of transactions. Furthermore, Sarah assists her clients in the implementation of new financial products, particularly in the payment area.
In investment law, Sarah primarily offers advice and support to asset management companies, investment fund managers and investors regarding the structuring and setting up of investment funds as well as the permissibility of investments and the distribution of funds.