CHAPTER 4
THE EC MONEY LAUNDERING DIRECTIVES

At the time of writing, the European Commission is proposing to introduce the Fourth Money Laundering Directive, while the Third Money Laundering Directive is currently in force. The proposed changes do not appear to be particularly radical. Instead, they are focussed on streamlining, clarifying and harmonising the current Directive. The proposals include expanding the scope of the risk-based approach, and harmonising the criminalisation of the money-laundering and terrorist-financing offences. There are also proposals to harmonise the CDD requirements across Member States, and to introduce clearer rules on reporting obligations.

The new package has two main elements which are intended to complement other actions taken or planned by the Commission in respect of the fight against financial crime, corruption and tax evasion; these consist of:

  • A directive on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing;
  • A regulation on information accompanying transfers of funds to secure “due traceability” of these transfers.

Both proposals fully take into account the latest recommendations of the Financial Action Task Force (FATF), the world anti-money-laundering body, and go further in a number of fields to promote the highest standards for combating money laundering and countering terrorism financing.

In the press release the EU states that the new Directive:

  • Improves clarity and consistency of the rules across the Member States
    • by providing a clear mechanism for identification of beneficial owners. In addition, companies will be required to maintain records as to the identity of those who stand behind the company in reality.
    • by improving clarity and transparency of the rules on customer due diligence in order to have in place adequate controls and procedures, which ensure a better knowledge of customers and a better understanding of the nature of their business. In particular, it is important to make sure that simplified procedures are not wrongly perceived as full exemptions from customer due diligence.
    • and by expanding the provisions dealing with politically exposed persons (i.e. people who may represent higher risk by virtue of the political positions they hold) to now also include “domestic” (those residing in EU Member States) in addition to “foreign” politically exposed persons and those in international organisations. This includes, among others, Heads of State, members of government, members of parliament and supreme court judges.
  • Extends its scope to address new threats and vulnerabilities
    • by ensuring, for instance, a coverage of the gambling sector (the former Directive covered only casinos) and by including an explicit reference to tax crimes.
  • Promotes high standards for anti-money laundering
    • by going beyond the FATF requirements in bringing within its scope all persons dealing in goods or providing services for cash payments of EUR7,500 or more, as there have been indications from certain stakeholders that the current EUR15,000 threshold was not sufficient. Such persons will now be covered by the provisions of the Directive including the need to carry out customer due diligence, maintain records, have internal controls and file suspicious transaction reports. That said, the Directive provides for minimum harmonisation and Member States may decide to go below this threshold.
  • Strengthens the cooperation between the different national financial intelligence units (FIUs) whose tasks are to receive, analyse and disseminate to competent authorities reports about suspicions of money laundering or terrorist financing.

The two proposals foresee a reinforcement of the sanctioning powers of the competent authorities by introducing, for instance, a set of minimum principle-based rules to strengthen administrative sanctions and a requirement for them to coordinate actions when dealing with cross-border cases.

One proposal sums up the whole of the proposed changes – “The Commission is considering improving co-operation between national FIUs”. Of course, this was highlighted as a major issue within the revised FATF Recommendations (see Chapter 3). Rather than implementing radical changes, the European Commission appears to be reasonably happy with the existing AML framework. Therefore, the impetus is on organisation and harmonisation rather than overhauling the Directive substantively.

This chapter will outline both the current Third and the proposed Fourth Money Laundering Directives.

4.1 THE THIRD MONEY LAUNDERING DIRECTIVE

4.1.1 Background to the Directive

The escalation of money laundering and terrorist financing together with tax evasion and national austerity programmes has had the effect of pushing combating money laundering and financial crime onto the European Union (EU) political agenda. This has prompted a wave of directives to be passed through the European Commission. The general aim of all these directives was protecting the global financial system from being used for illegal purposes. The various EU money-laundering directives are the way in which the EU incorporates the FATF's international standards in order to provide consolidated money-laundering legislation, while at the same time highlighting specific additional concerns which are of interest to EU lawmakers. As with all EU directives, the requirement is on national governments to transform these requirements into local law.

The First EU Money Laundering Directive (1991) focused on combating the laundering of drug proceeds through the financial sector. Specific obligations were placed on firms in the financial sector and the Directive introduced requirements relating to the maintenance of systems for customer identification, staff training, record-keeping and the reporting of suspicious transactions.

The Second Money Laundering Directive (2001) amended the First Money Laundering Directive by introducing changes in two main areas. Firstly, it expanded the scope of predicate offences for which suspicious transaction reporting was mandatory from drug trafficking (the First Directive) to all serious offences. Secondly, it also extended the scope of the Directive to include a number of non-financial activities and professions including lawyers, notaries, accountants, estate agents, art dealers, jewellers, auctioneers and casinos.

The final text of the Third EC Directive was published in the official journal of the European Union on 25th November, 2005. Member States had until 15th December, 2007 to implement the Directive. Many countries have already implemented the Directive whilst some are yet to fully implement it. The text of the Directive may be found on the European law website: http://eur-lex.europa.eu/

The Money Laundering Regulations 2007, which implement the Directive in the UK, came into force on 15th December, 2007.

4.1.2 Aims of the Directive

The Third Directive notes that money laundering, by its very nature, is an international problem and therefore must be addressed at an international level. It recognises that measures adopted on a national level can never fully counter money-laundering activity. Consequently, international coordination and cooperation is needed so that consistent action taken at an international level can effectively combat money laundering and terrorist financing. The European Community has taken particular account of the FATF Recommendations to provide a base in order to achieve their objectives.

The Third Directive provided a common basis for implementing the FATF Recommendations which were introduced in June 2003, although these have subsequently been revised in 2012 (see Chapter 3). The 2003 recommendations took into account the risks and practices which had developed since the previous Directive (the Second Directive). It was also the aim of the UK's then regulatory body, the Financial Services Authority, and other international regulatory bodies to implement a risk-based approach to combating money laundering. The Third Directive also aimed to ensure that these new requirements were feasible, proportionate and justified by conducting cost–benefit analysis.

4.1.3 The UK Implementation of the Directive

The Third Directive on Money Laundering was implemented into UK law on the 15th December, 2007 by the Money Laundering Regulations 2007. The Joint Money Laundering Steering Group (JMLSG) produced guidance to reflect the changes to the UK's legal framework as a result of the implementation of the Directive, as these were now legally binding. In many cases financial firms were already adopting the measures the Money Laundering Regulations 2007 had made mandatory. This is addressed in further detail in Chapter 6.

4.1.4 Key Provisions of the Directive

The new Directive recommended a number of changes. Some of the changes were new, whilst others developed and amended previous provisions. In this chapter we will look at key provisions which brought about substantial change and also the main provisions that the Third Directive recommends Member States to implement. These key provisions will, therefore, either be incorporated into domestic legislation of EU Member States directly, as seen with most of the relevant EU country legislation, or used as guidance.

For countries outside of the EU, the Third Directive can, to some extent, be considered international best practice and therefore it remains of interest. It also provides information relevant for financial institutions in overseas jurisdictions that are dealing with institutions and customers based within the EU.

4.1.5 Overview of the Directive

The Third Directive is actually Directive 2005/60/EC of the European Parliament and of the Council of 26th October, 2005 (“the Directive”) on the prevention and use of the financial system for the purposes of money laundering and terrorist financing. The Third EC Money Laundering Directive sets out guidance which consolidates previous EU treaties and legislation. As discussed above, the Directive is fundamentally based on the FATF Recommendations. The EU has adopted a risk-based approach to addressing money-laundering deterrence, which is encouraged throughout various provisions of the Directive, particularly within due diligence requirements. In this chapter we provide some brief details of the Directive, but for full information you will still need to refer to the Directive itself.

Scope of the Third Directive

of the guidance in the Directive extends the scope of the Directive to also combat the financing of terrorism. As such, it is picking up the nine special recommendations that the FATF issued in the aftermath of 11th September, 2001. As with any EU directive, there is a clear political element and in this case the Directive states that the misuse of the financial system to channel criminal or even clean money to terrorist purposes represents a clear risk to the integrity, proper functioning, reputation and stability of the financial system. Accordingly, the preventative measures in the Directive should cover not only the manipulation of money derived from crime but also the collection of money for terrorist purposes.

As we shall see later, the Directive creates a broad definition of terrorist financing. Of course, again we have the problem that a terrorist in one country might be considered a freedom fighter in another and, of course, such organisations do change over time. Accordingly, it will always be worth checking whether a particular body is considered a terrorist organisation at a particular point in time.

What is Considered to be Money Laundering by the Third Directive?

The Directive has the requirement that Member States must essentially ensure that money laundering and terrorist financing are prohibited to the maximum extent feasible. Of course, this sounds fine in principle, but in practice would be difficult to comply with. The maximum extent feasible might be so onerous as to impact legitimate activity. Indeed, it is the legitimate customer that is often put at a disadvantage by such regulation.

The Directive states that the following, when committed intentionally, shall be regarded as “money laundering”:

  1. The conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such activity to evade the legal consequences of his action.

    Consequently, it is clear that failing to provide information or assisting a family member to enable them to escape prosecution would be considered money laundering. Likewise, assisting a firm to provide financial statements that are inaccurate might also be caught by such rules.

  2. The concealment or disguising of the true nature, source, location, disposition, movement, rights with respect to, or ownership of property, knowing that such property is derived from criminal activity or an act of participation in such activity.

    While this requirement is quite broad, there is, in this case, still the requirement for knowledge, although in some jurisdictions there is the assumption that there should have been knowledge which impacts the “ignorance” defence. What this would mean in practice is that it would not be possible to claim that you tried to ignore the concerns which a reasonable man would have had.

  3. The acquisition, possession or use of property, knowing at the time of receipt that such property was derived from criminal activity or an act of participation in such activity.

    Consequently, if you did not know that an item had been purchased using laundered money, then you would not be guilty of an offence. For example, if someone sells you a stolen car without you being suspicious and you then sell it on to a third party, you would not be guilty of money laundering if you did not know at the time that the car had been stolen. This can be a useful “get out of jail” card since it would require the enforcement agencies to prove knowledge beyond reasonable doubt to get a prosecution.

  4. Participation in, association to commit, attempt to commit and aiding, abetting, facilitating and counselling the commission of any of the actions mentioned in the foregoing points.

    The implication of this is that you do not actually need to be successful in money laundering to have committed an offence. Even if you tried to commit the crime but failed to complete the transaction, you would still clearly be guilty.

Terrorist financing means the provision or collection of funds, by any means, directly or indirectly, with the intention that they should be used, or in the knowledge that they are to be used, in full or in part, in order to carry out any of the offences within the meanings of Articles 1–4 of Council Framework Decision 2002/474/JHA of 13th June, 2002 on combating terrorism. This has the effect of drawing the rules extremely broadly and you might notice it includes indirect means. For example, if you allowed your name to be used to encourage a person to provide funds to a terrorist organisation, then you would clearly still be guilty of an offence even though you might not know the person approached.

The Directive states that knowledge, intent or purpose, for the purposes of the above definitions, may be inferred from objective factual circumstances. This puts the onus onto the local agencies and financial institutions to undertake such work as they consider appropriate to build up a case based on the balance of probability. It does say objective factual information is required and therefore rumour and supposition would not be considered sufficient.

The Directive does include some useful definitions for each of the following:

  • Credit institutions
  • Financial institutions
  • Property
  • Criminal activity
  • Serious crime
  • Beneficial owners, including corporate entities
  • Trust and company service providers
  • Politically exposed persons
  • Business relationship
  • Shell bank.

However, there is no requirement for anyone to actually use these definitions and, in practice, many jurisdictions use their own definitions which are consistent with local rules and regulations.

Application of the Third Directive

The Third Directive has widened the application of the Second Directive to include all of the following:

  1. Credit institutions.
  2. Financial institutions.
  3. Legal and natural persons exercising professional activities including:
    1. Auditors, external accountants and tax advisors.
    2. Notaries and other independent legal professionals when they participate in acting on behalf of and for their client in any financial or real estate transaction, or by assisting in the planning and execution of transactions for their clients concerning:
      1. Buying and selling of real estate, property or business entities;
      2. Managing of client money, securities or other assets;
      3. Opening or management of bank, savings or securities accounts;
      4. Organisation of contributions necessary for the creating, operation or management of trusts, companies or similar structures.
    3. Trust or company service providers.
    4. Real estate agents.
    5. Other natural or legal persons trading in goods where payments are made in cash in the amount of EUR 15,000 or more, whether in a single or linked transaction.
    6. Casinos.

This is a major broadening of the types of business that are now caught by the rules and in particular catches quite a few consultancy and accounting firms. The managing client money rules will, in many cases, broaden the net to include fund management firms that might have been left out of the regime within some jurisdictions. The objectives are clear in that the Third Directive is seeking to ensure that anyone moving significant sums is now to be identified and reviewed. Whether such bodies have actually been involved with money-laundering identification is not an issue with which to concern ourselves. They are now part of the regime and will need to comply. The only question remaining is who is the relevant authority in such cases?

There is an even wider “catch-all” provision. Member States can extend the provisions of the Directive in whole to professions and to any category of undertaking which engages in activities likely to be used for money-laundering or terrorist-financing purposes.

The Third Directive also includes a range of more specific guidance which firms will be required to comply with once these have been transcribed into national law.

Customer Due Diligence

When should a firm carry out due diligence?

The general requirement to conduct due diligence applies in the following cases:

  1. When establishing a business relationship.
  2. When carrying out occasional transactions amounting to EUR 15,000 or more, whether the transaction is carried out in a single operation or several operations which appear to be linked.
  3. When there is suspicion of money laundering or terrorist financing regardless of any derogation, exemption or threshold.
  4. When there are doubts about the adequacy of previously obtained customer identification.

We shall consider this in more detail later (Chapters 13 and 22). Notice that the primary responsibility is at the start of the relationship, but continues throughout the relationship. Of course, money launderers and terrorist financers will know this and accordingly will attempt to appear legitimate at the start of the relationship, undertaking inappropriate activity at a later stage. As we will see, there are also ongoing monitoring requirements.

What due diligence measures are required?

There is a list of required due diligence procedures in the Directive which do tend to form the basis for requirements in European States. These are as follows:

  1. Identifying the customer and verifying the customer's identification on the basis of documents, data or information obtained from a reliable and independent source.

    Notice the requirement here is for independent sources, so you should not just accept documents provided to you by the customer – if they are undertaking criminal activity, they are likely to have perfect documents which are, in all probability, forged. Some form of independent confirmation should, where possible, be obtained. If it is not available then the firm will need to judge, using the risk-based approach, whether it has sufficient data to commence the relationship.

  2. Identifying, where applicable, the beneficial owner of the account and using risk-based measures to verify identity so that the institution is satisfied that it knows who the beneficial owner is, including trusts and similar legal arrangements.

    This will include taking risk-based measures to understand the ownership and control structure of the customer. The importance of beneficial ownership is that the person appearing as the owner may, in reality, just be acting on behalf of the actual owner. As such, they may be partners in law firms or similar service providers appointed purely to act on the instructions of the actual controller. The information required is who is really behind the transactions, since they are more likely to be the criminal elements.

    This due diligence should take place before the establishment of a business relationship or the carrying out of any transaction. To fulfil this requirement a firm or person can decide whether they make use of public records of beneficial owners, or whether they ask their clients for relevant data or information, or how else they obtain sufficient information to provide themselves with adequate due diligence information. In other words, they can almost do whatever they like. However, in all cases the procedures adopted should be specified by the rules and regulations of the firm and should also be consistent with the requirements of local law, which could be to a higher standard than that applied by the Directive.

  3. Obtaining information on the purpose and intended nature of the business relationship.

    This is required to enable the firm to subsequently identify transactions which are inconsistent with the purpose of the relationship to enable suspicious transactions to be identified. Without knowing what the account is to be used for, it will not be possible to identify transactions which are not consistent with the expectations for such a customer.

  4. Conducting ongoing monitoring of the business relationship including scrutiny of transactions undertaken to ensure that they are consistent with the institution's or person's knowledge of the customer, the business and risk profile.

    This review should include obtaining information, where necessary, of the source of funds and ensuring that documents, data or information held are kept up to date. There is actually no requirement to obtain independent evidence of the source of funds, just to record the source of funds. For example, if the customer says they sold a car and received cash, there is no requirement to see that they actually ever had a car and whether it could have been worth the amount of funds received. All the firm would need to do is record that they received cash from the sale of a car.

    Of course, that is all that is required to comply with the Directive. A firm will always seek to protect its reputation and, accordingly, may choose to undertake additional verification work. If funds were left to a customer in the will of a relative, for example a grandparent, were there to be subsequent grandparents that also provided such legacies, then at some stage you would expect the firm to identify that this might be suspicious.

The issue of legal confidentiality

Where notaries, independent legal professionals, auditors, external accountants and tax advisors are in the course of ascertaining the legal position for their client or defending or representing their client in judicial proceedings or advice on instituting or avoiding proceedings, they do not need to comply with these requirements. This is to make sure that the legal process is not prejudiced and also to enable the “expert” to discuss matters with their client appropriately. If they had to make a report every time their client said something that might be considered illegal, then the whole process under which the legal profession operates could be undermined.

Under the Directive, basic due diligence requirements are mandatory for the categories of customers listed below. The requirements are distinguished between the different types of customer as the Directive recognises the different levels of risk which different types of customers represent. Accordingly, the requirements on the various customers must vary in order for firms to fully protect themselves against ML/TF.

  1. Personal customers: Personal customers represent a lower level of risk to firms than that of other categories of customers. As a result, the due diligence requirements are not as onerous. In the first part of this section we set out the basic due diligence requirements as set out in Article 8.
  2. Corporate customers: Corporate customers represent a slightly higher level of risk than personal customers, as transactions involve larger amounts of money and can become quite complex. Again, these have been set out in the first part of this section which includes the basic due diligence requirements as set out in Article 8.

  3. Beneficial owners: The Directive places emphasis on the identification of beneficial owners, and verification of the beneficial owner's identity, as this category of customer is recognised as being a high-risk entity. The Directive advises Member States to introduce more specific and detailed provisions relating to the identification of the customer and of any beneficial owner and the verification of their identity. To that end, a precise definition of “beneficial owner” is essential. The Directive defines a “beneficial owner” as the natural person who ultimately owns or controls the customer and/or the natural person on whose behalf a transaction or activity is being conducted.

    Where applicable, the institution should identify the intended beneficial owner and take risk-based measures to verify their identity. Such work will include investigation into legal persons, trusts and similar legal arrangements, and the firm then taking risk-based measures to understand the ownership and control structure of the customer.

    Article 9 requires that the identification of the customer and the beneficial owner should take place before the establishment of a business relationship or the carrying out of a transaction. To fulfil this requirement, it is left to those institutions and persons whether they make use of public records of beneficial owners, or whether they ask their clients for relevant data or information, or how else they obtain sufficient information to provide themselves with adequate due diligence information.

Enhanced due diligence

Enhanced due diligence is required in all cases where the situation represents a higher money-laundering or terrorist-financing risk. Such procedures will apply particularly for non-face-to-face business, politically exposed persons and international correspondent banking relationships.

The Directive does provide some basic guidance, but we expand on this further in the relevant chapters of this book.

Problems associated with non-face-to-face customers

Where the customer has not been physically present for identification purposes, firms should apply one or more of the following measures:

  1. Ensure that the customer's identity is established beyond reasonable doubt by obtaining additional documents, data or information.
  2. Undertake supplementary measures to verify or certify the documents supplied.
  3. Ensure that the first payment is carried out through an account opened in the customer's name with a credit institution.

Whilst the Directive states “one or more”, in most cases we are finding that the expectation is that all three measures will be adopted unless there is a good reason why one or other is unsuitable in the circumstances. Even this is not ideal. Identification documents that show a picture cannot be compared to the actual customer themselves, since they are never met.

Problems associated with international correspondent banking

In respect of cross-frontier correspondent banking relationships with respondent institutions from third countries, the requirements are for credit institutions to:

  1. Gather sufficient information about a respondent institution to understand fully the nature of the respondent's business and to determine, from publicly available information, the reputation of the institution and the quality of supervision applied locally.

    This information is generally available in the market, and regulatory structures are even ranked by independent bodies to provide additional third party analysis.

  2. Assess the respondent institution's anti-money-laundering and anti-terrorist-financing controls.

    This is rather harder to obtain other than directly from the firm itself. Even then it will not be clear which of the policies and procedures presented are actually being complied with. However, firms may be required to complete a report to their regulators in respect of what is known as the Pillar 2 capital assessment (or ICAAP). This document is required for most banks, with a similar document also being required for insurance companies in Europe (the ORCA from the Solvency 2 Directive). Such documents will provide information on how the financial institution operates its control environment and will therefore be of benefit.

  3. Obtain approval from senior management before establishing new correspondent banking relationships.

    This will at least ensure that someone within the business has considered whether the relationship really is appropriate and consistent with the brand values of the firm.

  4. Document the respective responsibilities of each institution with regard to money-laundering deterrence.

    As a general rule, firms are now rarely relying directly on work being conducted by a third party and are often repeating such work for themselves. However, it should be noted that the revised FATF Recommendations (Chapter 3) do allow reliance to be placed on another member of the same group's identification procedures so long as they are consistent with those that would have been undertaken within your own jurisdiction.

  5. With respect to payable-through accounts, the firm needs to be satisfied that the respondent credit institution has verified the identity of, and performed ongoing due diligence on, customers having direct access to accounts of the correspondent and that it is able to provide relevant customer due diligence data to the correspondent institution upon request.

    This is to deal with cases where the customer is only passing through the correspondent relationship and not known in any other way, clearly an area of potentially heightened risk of money laundering. Whether it is actually even legal to provide the due diligence materials maintained will depend on the individual jurisdictional laws and rules which could inhibit the effectiveness of this rule.

Of course, trying to apply these rules within Europe where all countries in principle have implemented the same rules is rather different from applying them in non-European markets where different standards apply.

Problems associated with politically exposed persons

A “politically exposed person” (PEP) is defined as someone who is, or has been, entrusted with prominent public functions and their immediate family members, together with persons known to be their close associates.

In respect of transactions or business relationships with politically exposed persons residing in another Member State or in a third country, the requirement is for a firm to:

  1. Have appropriate risk-based procedures to determine whether the customer is a politically exposed person.
  2. Have senior management approval for establishing business relationships with such customers.
  3. Take adequate measures to establish the source of wealth and source of funds that are involved in a business relationship or transaction.
  4. Conduct enhanced ongoing monitoring of the business relationship.

As you will see, the definition applies to people that have been, or are in, office, therefore someone who has run for office, but not been elected, is not a PEP. Whilst this is what is stated in the Directive and is normally what has been transcribed into national law, it may well not be sufficient to provide the level of protection that a firm requires. Accordingly, many firms are adopting a wider definition that provides for additional investigation of a broader group of customers. The level of confirmation of wealth is clearly an issue, and in such cases just asking the customer cannot be sufficient. You know what the concerns are: the firm is concerned that the politically exposed person may have taken advantage of their position to increase their personal wealth. Additional enquiries independent of the customer will therefore be required to meet these demands.

Problems associated with anonymous accounts

There is particular concern over products or transactions that might favour anonymity. Effectively, the requirements have the aim of trying to prevent firms using numbered accounts or other secrecy approaches which may inhibit the identification of the actual or beneficial owner of an account. Basically, any firm should know the identity of the beneficial owners of all accounts that they are involved with.

Problems associated with casinos

Everything we have looked at so far in the Directive is related to banks and other types of financial institution. This section is rather different. There is a requirement that all casino customers should be identified and their identity verified if they purchase or exchange gambling chips with a value of EUR 2,000 or more. Casinos subject to State intervention shall be deemed, in any event, to have satisfied the customer due diligence requirements, if they register, identify and verify the identity of their customers immediately on or before entry, regardless of the amount of gambling chips purchased.

The requirement is easy to put into place, but the level of actual monitoring will be dependent upon the agencies that verify compliance by the casino. Of course, casinos are perfect for money laundering. You take cash in to the casino and there is no reason for you to have to say where the funds are from. You then provide some required identification documentation, but there is no need to provide any form of secondary identification. You purchase your chips and then go for a meal. Then you cash in your chips and receive laundered money. Perhaps this is a true case of having your chips and eating them. At least this regulation represents the starting point for effective regulation of the casino industry, although such regulation does vary considerably between jurisdictions.

What is simplified due diligence?

Simplified due diligence was introduced as an exemption to full due diligence where the customer is a credit or financial institution covered by the Directive or a credit or financial institution situated in a third country which imposes equivalent requirements and is appropriately supervised.

No requirement for due diligence at all

The Directive does not require customer due diligence to be conducted (at Member State discretion) in respect of:

  1. Listed companies whose securities have been admitted to be traded on a regulated market which are subject to disclosure requirements consistent with Community legislation.

    This is because they will have been verified by the listing authority. Of course, the firm will still need to confirm that the company is that listed firm and not a firm trying to steal the identity of that listed firm.

    In practice, rather than pretending to be the listed firm, the unscrupulous will take the identity of a subsidiary of the listed firm. The subsidiary is, of course, not listed and in such cases it is incumbent upon the firm to conduct due diligence procedures to establish that the listed firm does indeed have such a subsidiary and that the officers approaching the financial institution are who they say they are. They also need to have the required levels of authority to bind the firm.

  2. Beneficial owners of pooled accounts held by notaries and other independent legal professionals provided that they are subject to requirements to combat money laundering or terrorist financing consistent with international standards and are supervised for compliance.

    There is also a requirement that they will provide information on the identity of the beneficial owner, on request, to the institution that acts as the depository institution for the pooled accounts. Again, this exception is because the notary is under essentially the same identification obligation and has been reviewed in this regard by their regulator.

  3. Domestic public authorities.

    The reason for this is because they clearly could never be guilty of money laundering. However, I would still expect any firm to wish to identify the public authority if only to ensure that there are no political issues which they need to be aware of. The politically exposed person rules will still probably require some form of due diligence to be conducted.

  4. Customers representing a low risk of money laundering or terrorist financing.

    This is a consequence of the risk-based approach being applied and is purely because the regulators would wish the financial institution to concentrate on areas which are more likely to represent a significant risk. Such an example of a low-risk transaction or relationship might include payments taken directly from a salary by an employer. The financial institution would know exactly where the funds were from and who they were held by, which means the transaction clearly represents a very low risk of money laundering.

  5. Life insurance policies where the annual premium is no more than EUR 1,000 or the single premium is no more than EUR 2,500.

    While cancelled life insurance policies could be used for money laundering, the view is generally taken that the level of funds laundered would render this cumbersome and expensive for the launderer to manage, and accordingly the risk posed to the system is low. Furthermore, cancelled life insurance policies are always reviewed by the insurance company so that they can understand what has caused the cancellation, since such cancellations are essentially expensive to the insurance company.

  6. Insurance policies of pension schemes if there is no surrender clause and the policy cannot be used as collateral.

    This is because it is considered difficult to launder through such instruments. The absence of a surrender clause is an important consideration in coming to such a decision. In looking at such matters a distinction might be drawn between the pension scheme of a large or listed company and that of an SME or personally controlled company where the pension fund is only part of the real assets of the proprietor.

  7. A pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages and the scheme rules do not permit the assignment of a member's interest under the scheme.

Really this is all about applying the risk-based approach to supervision and investigation. What the Directive is really saying is that these types of product or service are not really suitable for money laundering or terrorist financing and therefore it would be onerous to impose the same level of regulation on them. Notice, for example, the references to surrender clauses or value. Surrender clauses can be used by money launderers, but in the absence of such a clause it is difficult to see how the product could be a suitable money-laundering vehicle for the criminal fraternity.

Reporting Obligations

The main obligation here is to create a financial intelligence unit (FIU). Reporting should concentrate on transactions which are particularly likely, by their nature, to be related to money laundering or terrorist financing, together with particularly complex or unusually large transactions and any unusual patterns of transactions which have no apparent economic or visible purpose.

Such suspicious transactions must be reported to the relevant FIU. The unit will be responsible for receiving, requesting, analysing and disseminating to the competent authorities and the disclosure of information which concerns potential money laundering, potential terrorist financing or is otherwise required. The Third Directive requires that the FIU must have access to the financial administrative and law-enforcement information that it requires to fulfil its tasks properly.

There is a safe harbour here for the reporting employee at the financial institution. The disclosure of information by an employee or director of an institution does not constitute a breach of any restriction on the disclosure of information imposed by contract or by any legislative, regulatory or administrative provision, and shall not involve the institution or person or its directors or employees in liability of any kind. This protects the whistleblower and enables (indeed perhaps even encourages) reporting of relevant information.

Tipping Off

There is an important prohibition from disclosing to customers or third persons (other than regulators) the fact that information has been transmitted to the relevant FIU or that a money-laundering or terrorist-financing investigation is being, or may be, carried out. Disclosure of information may also be made between institutions of different Member States, provided these countries meet the conditions laid down in Article 11(1).

This effectively enshrines the principle of tipping off, which therefore becomes an offence. Clearly, tipping off, as we discuss in Chapter 23, is a significant risk for any investigator and limits both the questions that may be asked and also the way in which they are posed.

Record-keeping

In terms of record-keeping, the requirements of the Third Directive are as follows:

  1. Customer due diligence: A copy of, or the references requested of, the evidence required for a period of at least five years after the business relationship with their customer has ended.
  2. Business relationships and transactions: The supporting evidence and records, consisting of the original documents or copies admissible in court proceedings under the applicable national legislation, for a period of at least five years following the carrying out of the transactions or the end of the business relationship.

There is a requirement that Member States must review the effectiveness of their systems to combat money laundering by maintaining comprehensive statistics on matters relevant to the effectiveness of such systems.

Such statistics shall, at a minimum, cover the following:

  1. The number of suspicious transaction reports made to the FIU.
  2. The follow-up given to these reports.
  3. On an annual basis, the number of cases investigated.
  4. The number of persons prosecuted.
  5. The number of persons convicted for money-laundering or terrorist-financing offences.
  6. How much property has been frozen, seized or confiscated.

Reporting is only a small part of the issue and can surely not really judge effectiveness, since the size of the sampled population will not be known. If a country improves its money-laundering procedures it will probably identify more money laundering, but it will never know what has not been discovered. Regardless of this, Member States are required to ensure that a consolidated review of these statistical reports is published.

As you can see, much of the Directive actually relates to the operation of the relevant FIU, with much of this being of interest, but of limited direct relevance to, the MLRO.

Internal Procedures, Training and Feedback (Articles 34–35)

Institutions and persons covered by the Directive must establish adequate and appropriate policies and procedures for the following:

  • Customer due diligence
  • Reporting
  • Record-keeping
  • Internal control
  • Risk assessment
  • Risk management
  • Compliance management
  • Communication in order to prevent operations related to money laundering or terrorist financing.

They must also communicate relevant policies and procedures to branches and majority-owned subsidiaries in third countries. There is also a requirement that relevant training must be provided for relevant employees. This may involve participation in special ongoing training programmes to help them recognise which operations may be related to money laundering and terrorist financing and instruct them as to how to proceed with such cases.

The requirements regarding training and understanding money laundering and terrorist financing are clearly crucial. By emphasising the importance of understanding how the criminal operates, the Directive is seeking to improve the quality both of skills within the deterrence industry and also perhaps the introduction of more thoughtful detection of inappropriate activity.

The Broadening of Supervision in the Third Directive

In broadening the nature of firms caught by the regulations, there is now a requirement for currency exchange offices, money transmission or remittance offices and trust and company service providers and casinos to be licensed or registered and licensed to operate their business legally.

The key issues here relate to the extension of the regime to additional types of organisation. The trust and company services are the major area where approaches differ between countries. Clearly, an organisation has to be designated to monitor adherence to these obligations and then have the skills and staff necessary to undertake such work.

If you are a trust or company service company then you will need to see if you fall within the structure of your local rules and regulations and, if so, identify the body with which you are required to register. With such registration there is likely to be a series of additional responsibilities and requirements with which you will be required to comply. These will then need to be expressly transferred into the policies and procedures of your firm and notified as appropriate to your relevant employees and, where relevant, clients.

Penalties Under the Third Directive

Article 39 concerns itself with penalties and whilst not being too specific provides guidance which local jurisdiction legislatures have been taking into account. It states that natural and legal persons must be held liable for infringement of national provisions adopted pursuant to the Directive and that the penalties must be effective, proportionate and dissuasive.

Article 39 further provides that in addition to a Member State's right to impose criminal penalties, they must also have appropriate administrative measures or administrative sanctions which can be imposed against credit and financial institutions for infringement of national provisions adopted pursuant to the Directive. However, such measures or sanctions must be effective, proportionate and dissuasive.

Risk-based Approach

As set out earlier, the Third Directive recognises the concept of a risk-based/risk-sensitive approach to combating money laundering. Accordingly, the implementation of a risk-based approach is encouraged throughout various provisions of the Directive, particularly, as we have seen, in the due diligence requirements. This is to ensure that institutions direct their attention and resources to those areas where they are most likely to identify cases of inappropriate activity.

The principle is that actual customer due diligence requirements may be determined on a risk-sensitive basis depending on the type of customer, business relationship, product or transaction. However, there is the requirement for the firm to be able to demonstrate that the extent of the measures taken by it is appropriate in view of the risks posed by money laundering and terrorist financing.

The effect of the clarifying requirements is to apply the risk-based approach more carefully in practice. Institutions will be required to document their approaches in clear guidance notes and policies and procedures within their organisation. Such procedures will then need to be followed rigorously in practice, without bias, to justify the appropriateness requirement.

Reliance on Third Parties

The Third Directive also allows Member States to permit institutions and persons covered under the Directive to rely on third parties to meet certain requirements such as customer due diligence. Where a Member State permits currency exchange offices and money transmission or remittance offices situated in its authority to be relied on as third parties domestically, that Member State shall permit them to recognise and accept the outcome of the customer due diligence requirements outlined in the Directive by the same category of institution in another Member State. However, as discussed earlier, this has been restricted in the revised FATF Recommendations issued in 2012 (see Chapter 3).

Conclusions

The Third Directive provides Member States with the regulatory framework that they require for dealing with money-laundering deterrence and terrorist financing. The individual Member State then needs to develop specific approaches to be applied locally to implement these requirements. As such, any international jurisdiction could use the Directive as a basis for framing their own rules and regulations. Consequently, you may well consider the Directive to be international best practice even if you are not based in one of the Member States.

It is important for any jurisdiction to recognise that the Directive only provides outline guidance and will always need to be supplemented by additional local guidance, together with being transcribed into local law. As such, while it provides the framework, it cannot provide the details due to the differences inherent in local rules, regulations and structures. In the detailed chapters of this book we look at some of the specific areas where additional guidance is required and set out the key issues that will need to be considered.

4.2 THE FOURTH MONEY LAUNDERING DIRECTIVE

The Commission planned to bring forward a proposal for a fourth Anti-Money Laundering Directive (AMLD) in Autumn 2012, which was released in February 2013 and is not expected to be implemented in the UK until 2015/16. Some of the key changes are outlined below:

  1. Transactions greater than EUR 7,500: The threshold for traders in high-value goods dealing with cash payments and traders carrying out occasional transactions to carry out due diligence will be reduced from EUR 15,000 to EUR 7,500. This is in response to reports by Member States that the EUR 15,000 threshold was being abused by criminals, and it is intended that by halving it, the opportunity for criminals will be significantly reduced.
  2. Information on the beneficial owner: The revised Directive proposes new measures in order to provide enhanced clarity and accessibility of beneficial ownership information. It requires legal persons to hold information on their own beneficial ownership. This information should be made available to both competent authorities and obliged entities. For legal arrangements, trustees are required to declare their status when becoming a customer and information on beneficial ownership is similarly required to be made available to competent authorities and obliged entities. This requirement represents a crackdown on the use of corporate structures to disguise financial crime, and is introduced at a time when piercing the corporate veil is frequently being tested in the courts.
  3. Risk-based approach: The concept of the risk-based approach is introduced in the Fourth Money Laundering Directive, as a balance between financial crime deterrence and economic stability. While this has been the UK position since the introduction of the Money Laundering Regulations 2007, taking a risk-based approach brings the Directive into line with the FATF Recommendations.
  4. Simplified and enhanced due diligence: In the proposal, obliged entities would be required to take enhanced measures where risks are greater and may be permitted to take simplified measures where risks are demonstrated to be lower.
  5. Politically exposed persons: The definition of PEPs will be expanded to include domestic PEPs – in recognition of the risk involved with dealing with PEPs.
  6. The gambling sector: The requirements for customer due diligence are extended to the entire gambling sector, broadening from merely casinos. Given the rapid growth of the mobile/in-play gambling market, this is not surprising.

The proposed update of the legal rules will have to be adopted by the European Parliament and the Council of Ministers under the ordinary legislative procedure. However, it is not anticipated that there will be any significant changes proposed during this process.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset