The reverberations of the coming into force of the 4th EU Money Laundering Directive and its transposition into the German Money Laundering Act have not yet died away and already the European Parliament has adopted the 5th EU Money Laundering Directive with various amendments to the wording of its predecessor; it was published in the Official Journal of the European Union on 19 June 2018 and will enter into force on the 20th day after its publication, with Member States having until 10 January 2020 to transpose the Directive into national law.
Response to recent terrorist attacks
Again the recitals are awash with grand words:
“Recent terrorist attacks”, they say, have brought to light emerging new trends, in particular regarding the way terrorist groups finance and conduct their operations. Modern technology services and alternative financial systems, in particular, benefit from exemptions that “might no longer be justified”. The integrity of the Union financial system is dependent on the transparency of corporate and other legal entities, trusts and similar legal arrangements. The new Directive therefore aims, it says, not only to “detect and investigate money laundering, but also to prevent it from occurring”. Enhancing transparency could be a powerful deterrent.
Objectives that are to be implemented with, naturally, “due regard” to the fundamental right to the protection of personal data, as well as the observance and application of the proportionality principle.
Objectives of the new Directive
One of the objectives of the new Directive is virtual currencies, providers engaged in exchange services between virtual currencies and fiat currencies (that is to say coins and banknotes that are designated as legal tender and electronic money, of a country, accepted as a medium of exchange in the issuing country) as well as custodian wallet providers. All of them will be subject to increased monitoring.
The “anonymity of virtual currencies” allows their potential misuse for criminal purposes, says the Directive, whilst assuring that these are not to be confused with electronic money or related services and means of payment. The aim of the Directive is to cover all the potential uses of virtual currencies, especially their possible use as means of exchange, investment, store-of-value products or use in online casinos.
Business relationships or transactions involving high-risk third countries should be limited when significant weaknesses are identified in the anti-money laundering/combating the financing of terrorism (AML/CFT) regime of the third countries concerned. The Commission will be empowered to adopt delegated acts in order to identify “high-risk third countries”. When dealing with such cases of high risk and with such business relationships or transactions, Member States should in future require obliged entities to apply enhanced customer due diligence measures to manage and mitigate those risks.
A new Article 18a sets out the enhanced customer due diligence measures to be applied in dealings with customers from high-risk third countries. Especially detailed by comparison with the current German Money Laundering Act is the point “conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination”.
Implementing the new rule remains a matter for the Member States at national level, however. It remains to be seen, therefore, what kind of enhanced customer due diligence vis-à-vis high-risk third countries the German legislator will incorporate into the German Money Laundering Act.
For what are known as anonymous prepaid cards which, the Directive says, are “easy” to use in financing terrorist attacks and logistics, the threshold triggering an obligation for customer due diligence is to be lowered to EUR 50. This threshold is, it says, appropriate in order to identify the customer in the case of remote payment transactions while having due regard to consumers’ needs in using general purpose prepaid instruments and “not preventing the use of such instruments for promoting social and financial inclusion”.
It is clear from the recitals that the Directive seeks to serve all conceivable purposes, cater for all possible reservations, and reconcile all aspects of financial policy and the financial system that could potentially have any relevance whatsoever.
Another core objective is for corporate and other legal entities to “obtain and hold adequate, accurate and current information on their beneficial ownership”.
Trusts and similar “legal arrangements” are a main theme of the recitals, with transparency seen as a key factor in tracing criminals who might otherwise be able to hide their identity behind a corporate structure.
The enhanced public scrutiny of information “by civil society” – the Directive specifically mentions the press and civil society organisations – will contribute to preventing the misuse of legal entities and legal arrangements, including “tax avoidance”. All this with the aim, mind you, of “ensuring a proportionate and balanced approach and guaranteeing the rights to private life and personal data protection”. The Member States are therefore called upon in their national law to define “legitimate interest” as a criterion for accessing beneficial ownership information.
And how is this all supposed to happen?
First of all, the group of obliged entities will be expanded:
Auditors, external accountants and tax advisors that undertake to provide “material aid, assistance or advice on tax matters” as principal business or professional activity are included in the list of obliged entities.
For estate agents, the Directive states that they will also be included in the list of obliged entities not only when selling, but also when acting as intermediaries in the letting of, immovable property, but only in relation to transactions for which the monthly rent amounts to EUR 10 000 or more. But also persons who trade in or act as intermediaries in the trade of works of art, including persons who store works of art for export through free ports, are to be included where the value of the transaction or a series of linked transactions amounts to EUR 10,000 or more.
Reloadable payment instruments must have a maximum monthly payment transaction limit of EU 150, which can be used only in the Member State in which it was issued. The maximum amount stored electronically therefore should not exceed EUR 150.
The scope of the obligation to identify the customer and verify their identity is newly defined as part of customer due diligence: On the basis of documents, data or information obtained from a reliable and independent source, including, where available, electronic identification means, relevant trust services as set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council or any other secure, remote or electronic identification process. It sounds complicated and it is complicated: Under the guise of facilitating various new electronic means of identification, an additional administrative burden is being imposed on the obliged entities because, where possibilities are available to improve identification and verification, the obliged entities will not be able to content themselves in future with simpler, but perhaps less safe means – such as having someone send a copy of their ID.
Obtaining a register excerpt whenever entering into a new business relationship with a corporate or other legal entity is being made a standard element of customer due diligence.
Special precautions are also needed in future if the person identified as the beneficial owner of a company is at the same time a member of that company’s senior management. Then the obliged entities have to take the necessary reasonable measures to verify the identity of the natural person who holds the position of senior managing official and keep records of the actions taken as well as any difficulties encountered during the verification process. In other words: Owners of family-owned companies, regardless of their legal structure, who are actively involved in the management will have to be fully identified in future and the actions taken to establish their identity documented. The German legislator will probably not want to miss out on the chance to specifically include violations of this important rule in the list of finable offences.
Member States must require obliged entities to also apply their customer due diligence measures at appropriate times to existing customers on a risk-sensitive basis in future, i.e. especially if the relevant circumstances of a customer change, or when the obliged entity has any legal duty to contact the customer, the details about the identity of the relevant person(s) must be verified and updated. It remains to be seen whether this will be fleshed out to create a formal rule in the German Money Laundering Act on how to deal with, and possibly verify the identity of, existing customers.
What makes the change to the enhanced customer due diligence especially critical is not the list of cases that need to be investigated, which already exists in section 15(5) German Money Laundering Act, but the addition of the following words: “In particular, obliged entities shall increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear suspicious.” Here one can expect the obliged entities to be required to document the actions they take to improve their processes and to regularly repeat those actions, which, one would assume, goes beyond “enhanced continuous monitoring” within the meaning of section 15(5), no. 2 German Money Laundering Act.
Conclusions and comments
40 pages of Directive setting out improvements of questionable effect, but puffed up with strong words, good intentions and noble objectives.
What would be more important would be for the German legislator to iron out the inconsistencies in the current version of the Money Laundering Act and cut back on all the bureaucracy. The most important example: Industrial holding companies are absurdly defined as “financial companies”, bringing them within the ambit of the Money Laundering Act even if the holding does not perform any operational activities whatsoever for the corporate group that it heads.
Another nonsensical example is the currently customary interpretation placed by the Federal Ministry of Finance on section 9 of the German Money Laundering Act, which deals with the obligations of group parents, which it sees as being obliged to carry out a risk assessment pursuant to section 4(2) and section 5 German Money Laundering Act even if all the members of the group avail themselves of the exemption pursuant section 4(4) of the Act and are therefore exempted from the obligation to verify the identity of their customers pursuant to section 10(6) of the Act.
Otherwise, the Directive contains a lot of fanfare about cooperation between Member States, setting up registers akin to the German Beneficial Ownership Register, and statistics aimed at evidencing the effectiveness of the systems to be put in place to counter money laundering and terrorist financing in the Member States.
In light of the debacle around the transfer of responsibility for the Financial Intelligence Unit from the Federal Criminal Police Office to the customs authority, it will be interesting to see the first national German statistics and the details as to “human resources allocated to competent authorities responsible for AML/CFT supervision” (Article 44(2)(e)) as well as “human resources allocated to the FIU”.
Only very recently the Federal Ministry of Finance announced to the German public that everything was going to be fine at the FIU because “changes had been made at management level” (Frankfurter Allgemeine Zeitung, 29 June 2018, p. 21). In football, too, quite a few teams have been brought back from the brink of relegation by a new trainer...