Tackling financial crime is increasingly becoming a bigger priority throughout the European political spectrum. Further legislation is anticipated, particularly in the areas of tax fraud, evasion and avoidance, and to bring transparency to the financial dealings of individuals and companies.
Regulatory compliance is an important priority for firms. A strict Anti-Money Laundering (AML) regime is crucial to the integrity of the financial system and helps to facilitate a successful financial environment in which we all work.
Looking to the future, the new AML rules may be only one of many more changes to come. However, the final text of the fourth Anti-Money Laundering directive is yet to be finalised by the European Parliament and Council, so nothing is certain yet.
What are the key points?
The current draft of the fourth Anti-Money Laundering Directive makes some significant changes to the current European AML regime and it will also impact how money laundering and terrorist financing (ML/TF) risks are managed. The changes are important for the regulated sector given the increasing focus on AML compliance in the current regulatory environment. In addition AML procedures play a fundamental part in ensuring risks to firms are minimised. The new European directive, yet to be finalised, tightens the obligations placed on firms under the existing rules and places greater emphasis on sanctions for breaches. We set out below some of the key changes which could affect the way the regulated sector deals with money laundering risks.
See below the current European legislative process for the 4th AML Directive:
The Risk Based Approach
The proposed directive increases the emphasis on the use of the risk based approach by firms when assessing client acceptance. It also now defines specific factors which point towards the client being low or high risk to a firm, and therefore circumstances when simplified or enhanced due diligence needs to be applied. This echoes the Financial Action Task Force (FATF) recommendations which encourage firms to use an assessment of risk to determine what identification and verification procedures are used. These permit the regulated sector to focus their resources where the risks are highest, such as where there are high risk jurisdictions or the nature of the transaction poses particular risks. If properly adopted, the risk based approach can save time for staff by simplifying procedures for low risk clients and business.
The key differences are:
Introduction of a requirement for Member states to carry out a risk assessment at national level to identify, understand and mitigate the risks facing them. This can be supplemented by risk assessment work which will be undertaken on a supra-national level.
The regulated sector will be required to identify, understand and mitigate their risks, and to document and update the assessment of risk that they undertake. This will allow the supervisory authorities to review and understand the decisions made by them.
Listing of defined factors which indicate potentially high or low risk. These detail types of customer risk, product, service, transaction or delivery channel risk, and geographical risk.
Risk-sensitive approach to supervision- the resources of supervisors can be used to concentrate on areas where high risk is evident.
Tax crimes as predicate offence
One change which will have limited impact on the UK is the introduction of tax crimes as a predicate offence which can underline a money laundering offence. Tax crimes are already defined as a predicate offence in the UK, but the adoption of this by other member states in the European Union (EU) will provide clarity and a level playing field. The change reflects the changing political landscape which is now focused on and looking towards new ways to clamp down on financial crime, in which the focus on tackling tax crimes continues to be a recurring theme. The OECD in particular has advocated a policy of improved international tax cooperation between governments and has launched an action plan on base erosion and profit shifting (BEPS). Firms should consider whether their policies and procedures will identify tax crimes.
Identifying the Beneficial Owner
Further changes have been made to the rules regarding the identification of beneficial owner requirements. Under current rules if there are no beneficial owners that own or control 25% of the shares, voting rights, capital or profits then someone who otherwise exercises control of the management of the body or trust can be identified, such as a dominant shareholder that directs activities. However the new rules have adjusted this so that a senior manager could be identified instead if no ultimate owner or controller can be found, and this would be sufficient for a firm to meet its obligations.
Although this could make it easier for firms to meet their AML requirements, this change appears to weaken the AML regime. It could put firms in risk of pursuing business relationships without a full understanding of the ownership and beneficiaries, and therefore into situations which increase reputational risk. Firms should consider how this will fit into their risk based approach.
Change in definition of a politically exposed person
Under the proposals there will in future be two categories of PEPs, this includes a domestic PEP incorporating all politically exposed persons in the European Union; and a foreign PEP which includes those from a third country. Current AML rules exclude UK PEPs, and these are now to be included under the UK AML regime. This means businesses will have to check to see if a client is a politically exposed person anywhere in the EU. Enhanced awareness of staff will also be needed to ensure that enhanced due diligence (EDD) measures are applied for UK PEPs. It is fair to say that the level of due diligence required for domestic PEPs is lower than those for foreign PEPs. Businesses will need to consider and build into their processes and procedures how they wish to approach such individuals and in particular whether it is appropriate to treat all EU PEPs in the same way.
The latest text of the European Council does delete the reference to domestic and foreign PEPs and refers only to PEPs in general. This would mean all PEPs would be treated the same under enhanced due diligence measures, including UK PEPs. This is subject to change once negotiations start with the European Parliament and we will keep this under review.
The 4th directive recommends the development of a list of domestic PEPs for use by obliged entities. Although a central PEP list would be a useful instrument for the regulated sector, there must be questions as to the feasibility and reliability of such a list. Defining and pin pointing PEPs throughout the European Union and then ensuring their details populate the list and remain accurate seems unrealistic. It is unlikely this would be a reliable source of information to identify a PEP. Further verification of this information would still be required.
Privacy concerns
One of the most pressing matters that have surfaced with the publication of the new European rules is the issue of data protection and the accessing of private information.
The current draft of the 4th directive introduces public registries of beneficial ownership information for both companies and trusts throughout Europe. This is both a positive and a negative for the regulated sector. On the positive side it could ease the burden when identifying beneficial owners during the Know Your Customer process. On the negative side, there is a loss of privacy for those required to release this information.
Firms cannot become too reliant on these registries; they will have to obtain additional verification using a risk based approach. Public registries cannot provide real time accuracy and this should be taken into account when using them.
The register of trusts is very controversial and it is not yet clear that disclosure of such private information will win sufficient support and remain in the final legislative text. This will be kept under review.
Sanctions
The directive introduces specific minimum sanctions that Member States should ensure are available for systematic breaches of the key requirements, namely client due diligence, record keeping, and suspicious activity reporting and internal controls. Obligations for breaches can apply to any individuals who under national law were responsible for the breach and include public reprimands, removal from practice and administrative sanctions of up to 10% of total annual turnover or a 5 million fine. Sanctions were not included under the 3rd directive so this is a significant change.
In Conclusion
The European Parliament must come together with the European Council to negotiate a final text. This is unlikely to begin until late June or July at the earliest, but will most likely take place in September as a result of the European elections in May which will see new representatives elected to Europe. Completion of the final text could take 1 or 2 months depending on how long it takes consensus to be reached. The European Parliament will then vote on the final text.
The increased emphasis on the risk based approach is potentially positive. Assuming the trust register is removed, the other changes were inevitable following the FATF recommendations.
Transposition into UK law is unlikely for at least a couple of years which provides time for UK based firms to establish how AML policies, procedures and systems will need to be adjusted to incorporate the new changes.
The regulated sector should begin to consider how the 4th directive could affect the way ML/TF risks are dealt with in their own business. Assessment should be made as to what changes the directive could bring in and also how it could affect the way business is conducted with clients. Current systems and procedures should be reviewed and new measures implemented in preparation for the application into law.
About the Author
Angela Foyle leads BDOs UK financial services tax practice, providing tax structuring and advisory services to investment funds and fund managers including advice on offshore funds reporting, fund structuring, investment manager exemption and transaction taxes as well as managing the delivery of general tax compliance services.
LinkedIn profile uk.linkedin.com/in/angelafoyle
Angela joined BDO UK in 2005 and is a partner in BDO