In an attempt to improve the integrity, stability and sustainability of the European financial markets, legislators are storming ahead with regular revisions of the European Union’s (EU) anti-money laundering (AML) and criminal law framework. In 2018, a record number of actions were undertaken by the European Commission (EC). Besides the new topics—which have arisen as a result of innovation in the financial services sector—a number of scandals, public outcry and large-scale money laundering investigations have been the drivers for the increased speed of action to improve safeguards necessary to protect the overall stability of the EU and that of the financial sector.

Whilst discussions and working groups in 2018 focused on the implementation of the Fifth AML Directive (5AMLD), the proposed EU regulation strengthening the role of the European Banking Authority (EBA) in supervising the financial institutions, and the European Council’s action plan for non-legislative AML measures, the passing of the EU Criminal Law Directive in October 2018 and its official journal entry into law in November went almost unnoticed. This will be a busy year of striving to meet implementation deadlines for 2020. This article will summarize these developments and provide an outlook on what will be the main topics for discussion in 2019.¹

Revising the EU’s Governance Framework

The recent scandals implicating both smaller and larger institutions across the EU financial sector have affected the reputation of the EU’s financial system and have seen the EC increasingly under pressure to address shortcomings—in particular those resulting from a lack of harmonization across the EU’s legal systems. Other EU governing bodies also echoed these concerns. The European Parliament has held several hearings in response to the money laundering and terrorist financing activities and other scandals. The need to reduce risks in the EU’s financial system was also raised by the EU’s finance ministers within the European Council.²

The table above shows the time frame of when the various directives, regulations and action plans at the EU level were passed and the subsequent implementation timelines, showcasing an increased number of initiatives facing shorter implementation deadlines.

Whereas the 5AMLD and the new EBA regulation and action plan expand on customer and country risk topics and set the foundation for a more coordinated exchange amongst supervisory bodies and central registries, the EU Criminal Law Directive is far reaching. It calls for reforms of the EU member states’ criminal justice system, addressing one of the key inhibitors to financial crime prevention—the lack of harmonization of criminal law across the EU—impeding an effective enforcement and prosecution of money laundering and other financial crimes. The EU Criminal Law Directive goes back to basics to define money laundering and expands on the list of predicate offenses as well as money laundering offenses. Increased penalties and a call for corporate criminal liability are part of the new directive.³

5AMLD

The 5AMLD took a big step in bringing innovative payment methods and digital currencies into scope, developing a framework to increase transparency around corporate entities across the EU, and in strengthening the overall supervision and exchange of information in relation to money laundering issues across the EU.⁴

Key points are covered in the 5AMLD fact sheet⁵ published by the EC on December 15, 2017. The main topics include the ultimate beneficial owner (UBO) register, dealing with high-risk countries, scoping in virtual currencies, tax advisors and dealers in art works, and finally strengthening the supervisory authorities and financial intelligence units (FIUs) by improving access and the exchange of information. The details are summarized in the table below.

Some key points and developments since the passing of the directive are summarized in the following sections.

UBO Registries

There has been much progress across the EU regarding the implementation of the UBO registers and most countries have introduced the register at the time of writing. However, individual countries have, based on the national legislation and legal systems, implemented the UBO registers under varying conditions. Therefore, there is no common ground on which the UBO registries have been implemented. In addition, there has been criticism of the UBO documentation requirements, quality of data and varying degrees of accessibility.¹⁰

High-Risk Countries and Customer Due Diligence

5AMLD seeks to harmonize enhanced due diligence (EDD) measures that financial institutions and other obliged entities must apply to business relationships or transactions involving high-risk third countries. The harmonization was deemed necessary to prevent different approaches amongst the EU member states, thus creating “weak spots” in the EU-wide management of business relationships involving high-risk third countries. The main requirements include the following:

• Obtaining additional information on the customer and on the beneficial owner(s)
• Obtaining additional information on the intended nature of the business relationship
• Obtaining information on the source of funds and source of wealth of the customer and of the beneficial owner(s)
• Obtaining information on the reasons for the intended or performed transactions
• Obtaining the approval of senior management for establishing or continuing the business relationship
• Conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selection patterns of transactions that need further examination

This will be a busy year of striving to meet implementation deadlines for 2020

In its explanatory section, 5AMLD states that business relationships or transactions involving high-risk third countries should be limited when significant weaknesses in the AML/CTF regime of the third countries of concern are identified, unless adequate additional mitigation measures or countermeasures are applied.¹¹ In addition, the relationship with correspondent banks should be reviewed, amended and if necessary, terminated.

Virtual Currencies

The EC has included virtual currency exchange platforms and custodian wallet providers under the scope of the Fourth AML Directive (4AMLD),¹² whereas, virtual-to-virtual currency exchanges fall outside the scope of the amended 4AMLD.¹³ Following the Financial Action Task Force Recommendations published on virtual currencies in October 2018, the EBA published a paper on January 9, 2019, with advice for the EC.¹⁴

Given its concerns about the future expansion of virtual currencies and assets, the EBA has announced that it will continue to monitor the developments in the virtual asset marketplace closely in 2019 and set out its supervisory powers, which it will use in order to ringfence any emerging risks.¹⁵

Supervisory Authority—Information Sharing

Despite the strengthened supervisory framework embedded in the 5AMLD, the 2018 banking scandals that spanned numerous jurisdictions within and beyond the EU have called for immediate measures to ensure a more effective and harmonized implementation of the legislative framework by the EU’s network of different supervisors. The identified 5AMLD key weaknesses included the following:¹⁶

• Delayed and insufficient supervisory actions to tackle weaknesses in financial institutions’ AML risk management
• Shortcomings with respect to cooperation and information sharing both at a domestic level, between prudential and AML authorities, and between authorities in different member states
• Lack of common arrangements for the cooperation with third countries in relation to the AML supervision of financial institutions

A lack of resources to enforce AML regulations at the EU level is seen as an enforcement inhibitor

Regulation Entrusting the EBA With New Supervisory Powers

Shortly after 5AMLD was passed, incidents of financial crime impacting financial institutions throughout the EU captured the headlines of financial and business news across national and international media. The main cases were linked to incidents of money laundering at Danske Bank, ABLV, ING and Deutsche Bank. The scale of the cases led the EC to announce that it would make tackling AML deficiencies a top priority. On September 12, 2018, the EC proposed a regulation to give the EBA more AML enforcement powers, as well as resources to conduct its own investigations into EU banks that are suspected of AML inadequacies. The Council adopted a position on the proposed regulation on December 17, 2018; following the agreement with the European Parliament the regulation is expected to enter into force in 2019. The new proposal is based on the acknowledgment that the fundamental weakness of the EU’s AML framework is linked to the responsibility for AML enforcement and supervision being in the hands of the individual member states. This is problematic for smaller countries within the EU, who lack the resources to effectively enforce the implementation of AML regulations. In addition, the separation between different national authorities and EU Supervisory Authorities has created confusion over how the different entities are supposed to cooperate with one another, and how appropriate information sharing can be ensured. Furthermore, a lack of resources to enforce AML regulations at the EU level is seen as an enforcement inhibitor.

In May 2018, the EC set up a joint working group including the EC services, the single supervisory mechanism (SSM) and the three European Supervisory Authorities (EBA, European Securities and Markets Authority and European Insurance and Occupational Pensions Authority). It was created to identify specific actions for the respective authorities to take in order to improve the practical coordination of AML supervision of financial institutions, in the short term and beyond. Within this context, the EC has proposed a three-pronged approach to reinforce the AML supervisory framework:

• Commitment to further develop guidelines and best practices in terms of AML supervision, which do not need any legislative changes
• Strengthening the AML supervisory framework by entrusting the EBA with new powers and more importantly by requiring the EBA to act in certain domains
• Conducting a more fundamental review of the AML supervisory framework (i.e., possible need for a new EU body) at a later stage, in accordance with the review clause of the 5AMLD (January 2022)

In response to the discussion, the EC proposed to further strengthen the supervision of EU financial institutions to better address money laundering and terrorist financing threats on September 12, 2018. The aim is to ensure that breaches of AML rules are consistently investigated; national AML supervisors comply with EU rules and cooperate properly with prudential supervisors; the quality of supervision as well as the exchange of information and cooperation is improved, also in a cross-border context; and a new permanent committee bringing together national AML authorities is set up.¹⁷

European Council AML Action Plan

On December 4, 2018, the European Council adopted conclusions on an EU Action Plan on AML measures. The non-legislative short-term measures concern eight objectives, including: the identification of the factors that contributed to the recent money laundering cases in EU banks; a map of relevant money laundering and terrorist financing risks and the best supervisory practices to address them; enhanced AML supervisory convergence; effective cooperation between prudential and money laundering supervisors; criteria for the withdrawal of a bank’s authorization in case of serious breaches; improved supervision and exchange of information between relevant authorities; best practices and grounds for convergence among national authorities; improving European Supervisory Authorities’ capacity regarding existing powers and tools.

The European Council requests the Commission to report on the implementation of these measures every six months starting in June 2019 and also to present an overall assessment of the existing legal AML framework in the course of 2019.

Time to Untangle—Back to Basics

The regulatory developments indicate that AML is considered to be a key priority that will see increased scrutiny on financial institutions going forward. Due to these trends, financial institutions should focus on reassessing and recalibrating their risk models and on ensuring cross-border consistency in customer information and rating.

One of the key takeaways for financial institutions from the investigations, which took place in 2018, is that risk assessment models and the underlying key risk indicators will have to be updated. An in-depth analysis published by the European Parliament’s Economic Governance Support Unit in November 2018 criticized existing risk indicators used by financial institutions. Financial soundness and compliance with regulatory requirements were assessed as not being adequate. In addition, it was highlighted that both ABLV¹⁸ and Versobank would have—according to existing risk indicators—“both been indicated as being in good financial health when assessed against those key financial indicators.”¹⁹ The same paper makes suggestions for additional indicators based on the lessons learned from the cases mentioned above in order to better identify systematic money laundering activities. Some of the risk indicators mentioned include high ownership concentration, a large part of the deposit base coming from non-resident clients and a large share of deposits made in non-euro currencies.

Not only has the definition of key risk indicators been lacking, but there has also been a lack in effectively operationalizing know your customer (KYC) procedures. This affects organizations’ ability to identify high-risk customers and the interconnected risks across an organization. In addition, more third-party risks calling for integrity due diligence (IDD) on high-risk customers should be taken into consideration. Therefore, when dealing with high-risk jurisdictions it is increasingly important to go beyond standard EDD and undertake an in-depth IDD on a customer’s background, the origins of the funds, the nature and purpose of the business, and the transactions.

Although the EU has been proactive in taking a methodological approach and aiming to provide more granular guidance for assessing high-risk countries, it should be noted that each organization has its own eclectic mix of customers and countries of operation that require a risk-based calibration of the risk assessment model. In addition, questions need to be raised on the effective implementation of transaction monitoring systems.

Europe’s AML Regime—Collaboration, Calibration, Consolidation

Europe’s financial institutions and regulatory authorities have their work cut out to meet the 2020 deadlines. There needs to be increased collaboration and knowledge exchange across the financial services sector (e.g., KYC utilities); calibration and recalibration of new and existing models and systems (effective risk modelling, transaction monitoring and KYC); consolidation of a fragmented regulatory landscape; and dismantling of silo structures within financial institutions (harmonization of criminal law, discussion around AML regulations as opposed to directives, integrated approach to managing anti-financial crime within financial organizations).

Attempts at harmonizing and consolidating anti-financial crime legislation and supervision are well overdue. Consistency across the EU to combat financial crime more effectively and protect the integrity of the European financial system should be developed. In addition, the requirements of the drivers of innovation should be met, namely the fintech companies that will ultimately ensure the competitive advantage of the European market.

Jennifer Hanley-Giersch, CAMS, managing partner, Berlin Risk Ltd., Berlin, Germany, jennifer.hanley@berlinrisk.com

1. For interested readers, former ACAMS Today articles on the Third AML Directive and the Fourth AML Directive can be found here: Jennifer Hanley-Giersch, “The Third EU Directive—Customer due diligence and risk-based approach,” ACAMS Today, June 2010, https://www.globalriskaffairs.com/wp-content/uploads/2010/11/Third_EU_Directive.pdf; Jennifer Hanley-Giersch, “Europe’s Fourth AML/CFT Directive” ACAMS Today, December 2014, https://www.globalriskaffairs.com/wp-content/uploads/2014/12/EUFourthAMLCFTDirective_01_12_2014.pdf; Jennifer Hanley-Giersch, “The Fourth EU AML/CTF Directive: A holistic risk-based approach” ACAMS Today, September 2015, https://www.globalriskaffairs.com/wp-content/uploads/2015/09/The-Fourth-EU-AML-Directive_A-Holistic-RBA-Approach.pdf
2. “Strengthening the Union framework for prudential and anti-money laundering supervision for financial institutions,” European Commission, December 9, 2018, https://ec.europa.eu/commission/sites/beta-political/files/soteu2018-anti-money-laundering-communication-645_en.pdf
3. “Directive of the European Parliament and of the council on combating money laundering by criminal law,” European Council, September 19, 2018, http://data.consilium.europa.eu/doc/document/PE-30-2018-INIT/en/pdf
4. “Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (Text with EEA relevance),” EUR-Lex, June 19, 2018, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018L0843
5. “Strengthened EU rules to prevent money laundering and terrorism financing,” European Commission, July 9, 2018, http://ec.europa.eu/newsroom/just/document.cfm?action=display&doc_id=48935
6. Jennifer Hanley-Giersch, “Regulating a Game Changer—Europe’s Approach to Cryptocurrencies,” ACAMS Today, June 26, 2018, https://www.acamstoday.org/regulating-a-game-changer-europes-approach-to-cryptocurrencies/
7. Ibid.
8. “EU Methodology for Identifying High-Risk Third Countries,” Global Risk Affairs, July 11, 2018, https://www.globalriskaffairs.com/2018/07/eu-methodology-for-identifying-high-risk-third-countries/
9. Sam Pothecary, “Time for Action in the EU’s Battle Against Money Laundering,” ACAMS Today, December 20, 2018, https://www.acamstoday.org/time-for-action-in-the-eus-battle-against-money-laundering/
10. Jennifer Hanley-Giersch, “Ultimate Beneficial Ownership,” ACAMS Today, December 12, 2017, https://www.acamstoday.org/ultimate-beneficial-ownership/
11. Ibid
12. Jennifer Hanley-Giersch, “Regulating a Game Changer—Europe’s Approach to Cryptocurrencies,” ACAMS Today, June 26, 2018, https://www.acamstoday.org/regulating-a-game-changer-europes-approach-to-cryptocurrencies/
13. Ibid
14. “Report with advice for the European Commission on crypto-assets,” European Banking Authority, January 19, 2019, https://eba.europa.eu/documents/10180/2545547/EBA+Report+on+crypto+assets.pdf
15. Sam Pothecary, “Time for Action in the EU’s Battle Against Money Laundering,” ACAMS Today, December 20, 2018, https://www.acamstoday.org/time-for-action-in-the-eus-battle-against-money-laundering/
16. J. Deslandes, C. Dias and M. Magnus, “Money laundering—Recent cases from a EU banking supervisory perspective,” European Parliament, November 2018, http://www.europarl.europa.eu/RegData/etudes/IDAN/2018/614496/IPOL_IDA(2018)614496_EN.pdf
17. Ibid
18. Sam Pothecary, “Time for Action in the EU’s Battle Against Money Laundering,” ACAMS Today, December 20, 2018, https://www.acamstoday.org/time-for-action-in-the-eus-battle-against-money-laundering/
19. J. Deslandes, C. Dias and M. Magnus, “Money laundering - Recent cases from a EU banking supervisory perspective,” European Parliament, November 2018, http://www.europarl.europa.eu/RegData/etudes/IDAN/2018/614496/IPOL_IDA(2018)614496_EN.pdf