The Fifth Money Laundering Directive (5MLD) will come into force on the 10 January 2020. It will address a number of weaknesses in the European Union’s AML/CFT regime that have come to light since the enactment of the Fourth Money Laundering Directive (4MLD) on 26 June 2017. The impact of the directive will be far-reaching; in this article we discuss the key changes and speak to industry experts about why they matter.
Although much of 5MLD’s content updates the 4MLD, it makes a significant new legislative step in the treatment of virtual currencies. In more detail, 5MLD introduces the following measures:
- A legal definition of cryptocurrency, which may broadly be regarded as “a digital representation of value that can be digitally transferred, stored or traded and is accepted… as a medium of exchange”.
- Cryptocurrencies and cryptocurrency exchanges are considered “obliged entities”, and face the same AML/CFT regulations applied to financial institutions under 4MLD. Practically, this involves an obligation to perform customer due diligence (CDD), and submit suspicious activity reports (SARs).
- 5MLD actually goes further than 4MLD in its reporting obligations, by giving Financial Intelligence Units (FIUs) a mandate to obtain the addresses and identities of owners of virtual currency – and so push back against the anonymity associated with the use of cryptocurrency.
- 5MLD also introduces regulation for providers of cryptocurrency exchanges and wallets – which must now be registered with the competent authorities in their domestic locations, for example, Germany’s BaFin, or the UK’s FCA (Financial Conduct Authority).
The introduction of regulations paves the way for EU operators to introduce more cryptocurrency products and, crucially, to compete with Asian markets. Remigio Bonguliemi, Chief Compliance Officer of Trade.io, points out that safety is key to cryptocurrency confidence: “If you’re launching centralised products, having regulations is incredibly helpful to be able to sleep at night, and know that you’re not doing anything illegal.”
After 4MLD cut the monthly transaction limit on prepaid cards to EUR 250 (a measure to combat terrorist financing), 5MLD sets an even lower limit of EUR 150 – this limit also applies to the amount which can be stored on the cards. Similarly, online transaction limits are reduced to EUR 50. Christopher Baines the Head of Compliance at Pockit said: “the directive is definitely a step in the right direction, it reduces the number of options for criminals”.
Prepaid cards issued outside the EU are now prohibited unless they were issued in a territory enforcing legislation equivalent to the EU’s AML/CFT and KYC standards. Obliged entities must review the way they handle prepaid card payments, and put mechanisms in place to identify (and refuse) transactions using cards from non-EU sources – which may involve significant revision of existing systems and procedures.
High Value Goods
5MLD expands the scope of legislation regarding other stores of value: art traders, for example, or those acting as intermediaries, now have AML/CFT reporting obligations and will have to perform due diligence procedures on customers. The directive specifically singles out high value works of art for the first time, by applying regulation to transactions involving art which amount to EUR 10,000 or more.
The scope of 5MLD is not limited to art: now, transactions involving a range of high value goods are considered high risk – including oil, arms, precious metals, and tobacco. Notably, historical, cultural and archaeological artifacts are included in the regulation – a move to specifically target funding for terrorist groups such as ISIS.
In 2017, 4MLD introduced a focus on ultimate beneficial ownership (UBO) for the purposes of risk mitigation and money laundering prevention. 5MLD builds on those steps, introducing the following measures:
- UBO lists (drawn up under 4MLD) are to be made publicly accessible.
- Trusts must observe beneficial ownership regulations and, like companies, will have that information made available to authorities or others demonstrating legitimate interest.
- UBO national registers must be inter-connected at an EU level in order to facilitate cooperation and the exchange of information between member-state authorities.
- Member-states are to strengthen their UBO verification mechanisms to ensure the information they carry is accurate and reliable.
- Members states must introduce separate UBO registers for bank accounts – unlike company UBO registers, these lists will not be publicly available and only accessible by authorities.
The requirement to register beneficial ownership and have that information publicly available is as Head of Financial Crime, at ComplyAdvantage, Livia Benisty said, “a vital first step in detecting some of the vast flows of illicit funds transmitted through the financial system, and places a handicap on the preferred instrument of money launderers globally.”
High-Risk Third Countries
Companies dealing with customers from high-risk third countries will be required to perform enhanced due diligence measures – specifically focused on addressing the risk posed by deficiencies in those countries’ AML protections. The measures include:
- Obtaining information on customers and UBO – including the reasons for proposed transactions, and details on the source of UBO funding and wealth.
- Reporting transaction details to senior management – and obtaining approval for establishing or continuing the business relationship.
- Increasing controls on business relationships, and selecting transactions which may need further scrutiny.
Politically Exposed Persons (PEPs)
5MLD requires EU member states to compile and publicly release a functional PEP list – made up of prominent politically exposed public functions. This requirement extends to accredited international organisations, and the EU will also release an EU-level version of the list.
Functional PEP lists are rare and so can need a little explaining. The list created by member states for 5MLD will feature the name of positions that are considered politically exposed but will not name the person fulfilling the function, which periodically changes. These lists are designed to make it easier for smaller compliance teams, or those with lower volumes of customers, to identify the PEPs that they should be screening against and monitoring for ongoing changes to risk.
Keeping a list of people filling these functions up to date may involve significant administrative effort as Joanna Jenkins, Chief Compliance Officer at Railsbank said “data discrepancies could cause issues” – meaning companies should take careful steps to ensure a sufficient level of compliance.
This article was first published by ComplyAdvantage, which works with some 350 firms globally to tailor a risk-based approach to compliance obligations relating to sanctions, money laundering and terrorist financing.