In our previous article, we gave a swift analysis of the 4th AML Directive of the EU concentrating on the obligation of the financial institutions and the growing urge to adopt cutting edge software solutions. Our present article focuses on the state adaptation of the directive along with other prospect changes.
Even though the 4th AML Directive of the EU provides ground for standards, it leaves room for member states to take appropriate actions. The adaptation of the new rules and approaches introduced by the directive is in progress in most states, but it can take quite diverse forms and some countries may expect more radical changes in AML legislation as the present compliance level is quite divergent as well.
Mutual Evaluation Reports
As EU relies more and more on the mutual evaluation reports of international AML bodies, the easiest way to predict the forthcoming steps for compliance with the directive by country is to take a look at FATCA and MONEYVAL country evaluations. The mentioned bodies assess countries in several rounds. The fourth round of mutual evaluations of FATF are in progress with the first evaluation published in 2014, and MONEYVAL has started its fifth round of evaluations in 2015. As we are at the beginning of the evaluation rounds, only some of the states have been assessed yet, namely Austria, Belgium, Denmark, Hungary, Italy, Spain, and Sweden. Our quick overview is limited to these countries as far as evaluation report based prospects are concerned.
All of the evaluated countries performed well regarding responsibilities of law enforcement and investigative authorities. Record keeping was also a strong field, with most of the countries being compliant, while Denmark and Hungary only largely compliant. Similarly, in reporting of suspicious transactions, six of the countries were fully compliant, while Italy had quite good results as well, but was only largely compliant as financial institutions were not explicitly required to report suspicious activities related to money laundering. The evaluated countries reached relatively good results in all points related to international cooperation.
The evaluation reports highlighted some general weak points as well. All countries should work on the application of preventive measures in general, as all of them were marked as “moderate.” Wire transfers need special attention in this respect. The same tendency is observable with terrorist financing preventive measures and financial sanctions. According to the reports, targeted financial sanctions should also be strengthened both in case of terrorist financing and proliferation.
Spain and Italy
In the overall assessment, Spain has performed the best, as it was entirely or largely compliant in most major points, followed by Italy, which was largely compliant in most of the aspects investigated. Spain is the only evaluated EU state that achieved “high” rating in financial intelligence, where the richness of the relevant central database was particularly prized. Additionally to the general weaknesses, the only area that needs more attention in Spain is the prevention of moving, rising and using funds of persons and entities involved in the proliferation of weapons of mass destruction; as in this respect the country performed only moderately.
In international cooperation Sweden is the winner. Nonetheless, clearer determination of beneficial ownership of legal persons and arrangements seem necessary based on the mutual evaluation report published in April 2017. The country performed moderately in many other aspects including preventive measures and supervision. The report also urges the implementation of more adequate IT tools for financial intelligence units. Based on the recommendations, a more risk-based approach is expected to emerge also effecting financial institutional compliance requirements.
Austria received serious criticism regarding financial intelligence and ML investigation and prosecution both of them being marked as “Low level of effectiveness.” Additionally, several other major points were evaluated as only moderately effective. For instance, money laundering and terrorist financing risks were only partially understood, therefore the appropriate domestic measures to combat money laundering and terrorist financing were not entirely sufficient at the time of the evaluation. Risk assessment in connection with politically exposed persons (PEPs) also received slight criticism, as enhanced customer due diligence measures did not apply to domestic PEPs (a point also emphasized by the 4th EU directive on AML).
Hungary and the freshly evaluated Denmark received the most recommendations among the seven evaluated countries. Hungary performed low in four crucial areas, namely understanding money laundering and terrorist financing risks, prevention of legal persons and arrangements from misuse, money laundering investigation and prosecution, and confiscation of proceeds and instrumentalities of crime. Many of the key recommendations influence financial institutions as well. Hungary is urged to encourage the stakeholders of the private sector for their own risk assessments on customers. Service providers should also update their databases related to financing of terrorism more swiftly. According to the report, the legislative should be tightened up with regard to the definition of beneficial owner, verification of beneficial owners, and procedures in respect of domestic PEPs in high-risk business situations.
The effectiveness of supervision and preventive measures was low in Denmark, with numerous other major points rated only as moderate. Accordingly, the list of the recommended priority actions is quite long, many of them effecting financial institutions as well. Denmark is urged to have a more solid risk-assessment procedure in which the private sector is also involved. Financial institutions are specifically required to prepare internal risk assessments. Compliance in general is also criticised, so the relevant authorities should strengthen AML/CFT obligations and supervision with more serious consequences in case of non-compliance. According to the report, the legislative framework should also be adjusted to address PEPs, beneficial owners, and higher-risk scenarios more seriously, which, in all probability, means additional monitoring and enhanced due diligence measures for banks in the foreseeable future. Most of these recommendations has already left a mark on the fresh legislative framework.
Changes in Legislation
The legislation of most of the evaluated countries has, in some extent, reacted to the recommendations in the mutual evaluation reports, but the major changes in the AML regulations are primarily connected to the 4th EU Directive. First, we take a look at the three member states that has received the weakest evaluation before we glimpse at the general picture.
In Financial Markets Anti-Money Laundering Act (FM-GwG – Finanzmarkt-Geldwäschegesetz), Austria has adopted the Customer Due Diligence requirements for financial institutions with same thresholds and instances as described in the directive. The act entering into force on January 1, 2017 also enables video-based customer identification. Enhanced due diligence obligations has also been extended to the domestic politically exposed persons in accordance with the EU Directive and the FATF recommendations, while the penalties for non-compliance have also been risen.
A new AML Act also entered into force in Denmark on June 26, 2017. The major change introduced by the act is switching from rule-based approach to risk-based approach in customer identification and transaction monitoring. This provides a more flexible system, where financial institutions and other obliged entities can concentrate their resources on areas that they and the national risk-assessment consider more exposed to ML hazards. These areas mainly include transaction and business relation monitoring and stricter identification processes regarding PEPs, atypical transactions and high-risk countries like Iran and North-Korea.
Based on the not-so-flattering MONEYVAL mutual evaluation report, it didn’t come as a great surprise that the new Hungarian AML law has reshaped the compliance system of the country. Similarly to Austria, Hungary also enabled electronic CDD in safe and previously audited channels. The specific requirements of the electronic identification process will be defined in additional acts. There will also be a central register of beneficial owners. The most challenging part of the new AML law is the implementation of the risk-based approach. Service providers shall prepare their internal rules for own risk-assessment synchronized with the national risk-assessment by September 30, 2017, but penalties regarding the shortcomings of the internal procedures can be expected only from January 1, 2018. New CDD obligations are binding as well where, among other tasks, the customers’ identity and relevant data shall be revised and checked in every 5 year. Compared to the previous AML rules, the new legislation radically increases the responsibility as well as the administrational and monitoring burdens of the financial sector that requires quick software assistance. It is especially a must due to the stricter sanctioning system also introduced by the new AML law.
To-be-evaluated Member States
The member states who haven’t been assessed in the present evaluation round had and have to react to the 4th AML Directive of EU just as much as the already assessed states. Registration of the ultimate beneficial owners were introduced in numerous countries including France, Czech Republic, Finland, and Germany. The regulations also have shifted towards the risk-based approach. The German AML law also extends its scope to the gambling sector. Additionally to the general trend observable in the legislative changes EU-wild, Finland also puts great emphasis on the whistle-blowing channels of obliged entities. According to the new act, obliged entities shall establish independent and anonymous ways to report any breaches of the act with special attention to technical issues, preserving the privacy of the reporter, and data protection. While Finland focuses on secure ways of reporting, Czech AML law directs attentions towards the relatively new ways of payment as it is extended to cryptocurrencies such as Bitcoin. The new regulation requires the financial service providers to determine the identity of customers of virtual currency exchanges.
No doubt, the present take on AML necessitates innovative and robust software solutions. In most member states the existing banking software systems require way more adjustment than the modification of monitoring thresholds. One of the major challenges is to take a fully risk-based approach instead of the previous rule-based monitoring programs; and flawlessly adjust it to the workflow of the financial institutions. Another major factor is to establish the proper channels for video and alternative digital customer identification and CDD. The systems also need to be prepared for the stricter treatment of cryptocurrencies. It is needless to mention, all solutions must be secured and highly protected.
Part 2: The 4th EU Directive on Anti-Money Laundering
Part 1: The U.S. AML-Labyrinth