On 20 July 2021, the Commission presented a package of legislative proposals to strengthen the EU’s rules on anti-money laundering and countering the financing of terrorism (AML/CFT).
This package consists of legislative proposals for:
1/ a regulation establishing a new EU anti-money laundering authority (AMLA) which will have powers to impose sanctions and penalties;
2/ a regulation recasting the regulation on transfers of funds which aims to make transfers of crypto-assets more transparent and fully traceable;
3/ a regulation on anti-money-laundering requirements for the private sector, which will include all the rules applying to the private sector (hereafter the “Regulation”);
4/ a directive on anti-money-laundering mechanisms, dealing with the organisation of institutional AML/CFT systems at national level in the member states.
On 18 January 2023 it was announced that the Council and Parliament found a provisional agreement on parts of this package.
We set out hereafter the points on which, in relation to the Regulation, the Council and Parliament reached a preliminary agreement and which are of interest to the private sector.
Expansion of the list of obliged entities
with the provisional agreement it is confirmed that the Regulation will expand the list of the so-called “obliged entities”, i.e. the entities that are required to perform the customer due diligence and the transaction monitoring.
Crypto-asset service providers
The Regulation will cover most of the crypto sector entities, forcing all crypto-asset service providers (CASPs) to conduct due diligence on their customers. This means that they will have to collect, verify and document identification and other information about their customers (the so-called “customer due diligence”), and they will need to monitor and report suspicious transactions.
A threshold is proposed: CASPs will need to apply customer due diligence measures when carrying out transactions amounting to €1,000 or more.
Additional measures are also foreseen to mitigate risks in relation to transactions with self-hosted wallets.
Traders of luxury goods
It is proposed to expand customer due diligence, monitoring and reporting obligations to traders of luxury goods such as precious metals, precious stones, jewellers, horologists and goldsmiths.
The provisional agreement includes also the proposal to include in the list of obliged entities traders of luxury cars, airplanes and yachts as well as cultural goods (like artworks).
Given the high AML/CFT risk in the football sector, the provisional agreement accepts the proposal to expand the list of obliged entities to professional football clubs and agents (with an opt out possibility for low risk cases).
Enhanced due diligence
Specific enhanced due diligence measures are agreed to be introduced for :
- crypto-asset service providers in relation to cross-border correspondent relationships ;
- credit and financial institutions in relation to business relationships with very wealthy (high net-worth) individuals.
The provisional agreement sets the limit for cash payments on EU-wide basis to €10,000.
According to the provisional agreement, obliged entities will be required to identify and verify the identity of a person conducting an occasional cash transaction between €3,000 and €10,000.
High Risk Countries
The provisional agreement proposes to require obliged entities to apply enhanced due diligence measures to occasional transactions and business relationships involving high-risk third countries whose shortcomings in their national AML/CFT regimes make them represent a threat to the integrity of the EU’s internal market.
The provisional agreement encompasses the proposal to make the rules on beneficial ownership more harmonised and transparent.
Related rules applicable to multi-layered ownership and control structures are proposed to be clarified to make sure hiding behind multiple layers of ownership of companies won’t work anymore.
Practical implications and recommendations
The Regulation is still in the course of being adopted and hence it is currently not yet to be complied with.
It needs to be finalized and formally adopted by the Council and the Parliament in compliance with the EU legislative procedures. Its entry into force is also subject to the publication in the EU’s Official Journal and to the deadline foreseen for the entry into force (now set to 20 days after publication).
Once it enters into force the Regulation will be effective directly within the member states. There will be no need to transpose the rules into national law.
However, this doesn't mean that obliged entities would need to comply immediately with the new rules. A transition period of three years is now foreseen.
Although this may sound as a faraway future, ensuring compliance with the new rules implies the drafting and implementation of internal procedures and processes, assessment of current business processes which may need to be redesigned.
It may also require IT developments or entering into contracts with AML/CFT-compliance software application providers. The used tools will need to be implemented and integrated in the used IT environment.
You may also need to appoint a person at management level as being responsible for implementing the obliged AML/CFT policies, controls and procedures as well as an AML/CFT compliance officer, and to ensure that you have adequate ressources to ensure compliance.
All of this takes time and three years could, depending on your organization and business, in fact be quite short.
Failure to comply in time leads to administrative and criminal sanctions.
We thus advise to start already now with assessing the applicability of the new framework to your business, identifying what the action points are for your business and make your staff aware of the upcoming change.
We also recommend to stay engaged with regulatory updates and industry best practices by participating in relevant forums, attending conferences, or subscribing to updates from regulatory bodies.
With our team we can provide support for the different aspects of ensuring compliance with this new regulatory framework, such as assessing the applicability of the new framework to your business and identifying what needs to be done to ensure compliance in due time, drafting of the internal procedures and processes, drafting of the appropriate AML clauses for the contracts with your clients and suppliers, drafting/review and negotiation of contracts with AML/CFT software compliance service providers, assisting with preparing a retro-planning for the different activities to be done, as well as providing AML/CFT workshops.
Feel free to contact us if you have further questions.