Anti-Money Laundering and Countering Terrorism Financing: A new package to overhaul the European regulatory framework

On 20 July 2021, the European Commission introduced a new package consisting of four legislative proposals to strengthen the European regulatory framework on anti-money laundering and countering terrorism financing¹ (AML/CFT). With this package, the European Commission aims to improve the detection of suspicious transactions and activities and address the loopholes allowing the laundering of illicit proceeds and financing of terrorist activities through the financial system. The package also tackles emerging challenges linked to technological innovation (such as crypto-assets) and establishes a more consistent legal framework across Member States.

The package consists of the following legislative proposals:

• a sixth Directive on AML/CFT
• a Regulation on AML/CFT, containing directly-applicable rules, notably in the areas of customer due diligence and beneficial ownership
• a Regulation establishing a new EU AML/CFT Authority
• a revision of the Regulation 2015/847 on Transfers of Funds to trace transfers of crypto-assets

Background – necessity to reform existing AML/CFT framework

In recent years, substantial changes have been made to the AML/CFT regulatory framework at international, European and Belgian level. At European level, the current AML/CFT framework is established by Directive 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD IV), as amended by Directive 2018/843 of 30 May 2018 (AMLD V). This framework has been transposed into Belgian law through the Law of 18 September 2017 concerning the prevention of money laundering and terrorist financing and the Royal Decree of 10 December 2017 approving the regulation of the National Bank of Belgium of 21 November 2017 on the prevention of money laundering and terrorist financing.

Following several prominent cases of alleged money laundering involving credit institutions in the EU, the European Commission analysed the effectiveness of the EU AML/CFT framework in 2019 and concluded that regulatory reforms were required.² The EU’s Security Union Strategy for 2020-2025 highlights the importance of enhancing the European framework to protect Europeans from terrorism and organized crime.³ In 2020, the European Commission presented an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing, by which it committed to take measures to strengthen the EU’s rules on combating money laundering and terrorist financing and their implementation, including taking the necessary legislative actions.⁴ Accordingly, the present AML/CFT Package aims to implement the Commission Action Plan and create a new and more coherent AML/CFT regulatory and institutional framework in the EU.

The AML/CFT Package of the European Commission introduces a new AML/CFT Directive and a European Regulation on AML harmonizing European rules. The need for the combination of harmonized rules through a directly applicable Regulation and stronger national AML/CFT rules through a Directive follows from the 2019 report that identified a lack of consistent approaches to supervision of regulated entities, with divergent outcomes for operators providing services across the internal market. The European Commission also highlighted that Financial Intelligence Units (FIUs) have uneven access to information, which limits their capacity to cooperate, and that the FIUs lack common tools, which affects the detection of cross-border money laundering and terrorist financing cases. Finally, due to a lack of a legal basis, it has not been possible so far to interconnect national centralized bank account registers and data retrieval systems, key tools for FIUs and competent authorities.

AML Package: A new AML/CFT framework

To address the above issues, the European Commission has adopted the new AML/CFT Package. This section presents the major changes of this package.

AMLD VI

The proposal for a sixth directive on AML/CFT (AMLD VI)⁵ reworks the provisions of the current AMLD IV, which are not suitable to become directly applicable in the form of a Regulation, in particular with regard to the powers and tasks of competent authorities and the establishment and access to beneficial ownership and bank account registers. However, the proposal does not simply rework existing provisions, but also brings a number of substantive changes aimed at creating greater convergence in the practices of supervisors and FIUs and in relation to cooperation among competent authorities, more specifically to:

• clarify the powers and tasks of FIUs and the minimum information that FIUs should be able to access;
• ensure that FIUs are effectively able to cooperate by implementing a framework for joint analyses. Set up AML/CFT committees to improve cooperation among supervisors, and put in place mechanisms to ensure supervisory cooperation for cross-border services. Finally, clarify cooperation with other authorities by providing for specific cases in which a duty to cooperate arises to avoid inefficiencies due to silo approaches;
• harmonise the approach to risk-based supervision through a common risk categorisation tool to avoid divergent risk understanding in comparable situations;
• clarify the powers and tasks of supervisors to ensure all supervisors have the instruments to take adequate remedial action. Introduce the duty of oversight by a public authority on self-regulatory bodies that act as supervisors, with clear tasks defined for this public authority;
• clarify the powers of the registers of beneficial ownership to make sure they can obtain up-to-date, adequate and accurate information; and
• provide for an interconnection of the national centralized bank account registers.

Minor changes are also brought to the provisions related to risk assessments and the collection of statistics to cover the current inefficiencies identified. Several other provisions from the current AMLD IV are moved to (with amendments, as appropriate) the proposal for an AML/CFT Regulation.

Introduction of a new AML Regulation

A key element of this AML/CFT Package is the proposal for an AML/CFT Regulation,⁶ to which all rules that apply to the private sector are moved. The proposal brings a number of substantive changes creating more harmonisation and convergence in the application of AML/CFT rules across the EU. Content includes:

• expanding the list of obliged entities to include crypto-asset service providers but also other sectors, such as crowdfunding platforms and migration operators;
• including an EU-wide limit of EUR10,000 on cash payments;
• ensuring consistent application of rules across the internal market, by clarifying requirements in relation to internal policies, controls and procedures, including in the case of groups, and customer due diligence requirements being made more granular, with clearer requirements according to the risk level of the customer;
• reviewing the requirements in relation to third countries to ensure that enhanced due diligence measures are applied to those countries threatening the EU’s financial system;
• streamlining beneficial ownership requirements to ensure an adequate level of transparency across the EU, and introducing new requirements in relation to nominees and foreign entities to mitigate risks that criminals hide behind intermediate levels;
• clarify red flag raising suspicion to guide clearer reporting of suspicious transactions, whereas disclosure requirements and private-to-private sharing of information remain unaltered;
• strengthening the measures to mitigate the misuse of bearer instruments and inserting a provision limiting the use of cash for large transactions.

Having directly applicable AML/CFT rules should promote convergence of application of AML/CFT measures across Member States and will also provide a consistent framework against which the new Anti-Money Laundering Authority will be able to monitor the application of such rules in its function as a direct supervisor of certain obliged entities.

A new EU AML Authority

Central to the legislative package is the introduction of a new European Authority, the Anti-Money Laundering Authority (AMLA),⁷ a newly created decentralized agency of the Union that aims to address the current shortcomings in the Member State-based AML/CFT supervision. The practice and recent cases of alleged money laundering involving EU credit institutions showed that the methods to identify risks and to apply the risk-based approach to supervision diverge across Member States and the approach to cross-border situations is not consistent. The European Banking Authority also highlighted that not all competent authorities are able to cooperate effectively with domestic and international stakeholders.⁸

The AMLA would therefore become a key tool for an integrated AML/CFT supervisory system, consisting of the AMLA itself and the national authorities with an AML/CFT supervisory mandate. The establishment of direct European supervision of those entities that bear a high ML/FT risk should close the loopholes, in particular for cross-border supervision. At the same time, the AMLA will coordinate national supervisory authorities and assist them to increase their effectiveness in enforcing the single rulebook and ensuring homogenous and high-quality supervisory standards, approaches and risk assessment methodologies. Indeed, by directly supervising and taking decisions towards some of the riskiest cross-border financial sector obliged entities, the aim of the AMLA is to:

Finally, the AMLA would have powers to draft regulatory and implementing technical standards, guidelines and recommendations within the scope of its tasks, and to provide advice and input to the European Commission and co-legislators on many aspects of AML/CFT policy.

Application to the crypto-assets sector

Until now, only certain categories of crypto-asset service providers were included in the scope of EU AML/CFT rules, and transfers of virtual assets have remained outside of the scope of EU legislation on financial services. Therefore, holders of crypto-assets are exposed to money laundering and financing of terrorism risks, as flows of illicit money can be done through transfers of crypto-assets.

Given that virtual assets transfers are subject to similar money laundering and terrorist financing risks as wire funds transfers, it is logical to use the same legislative instrument to address these common issues. To that end, the AML/CFT Package introduces a proposal for a regulation on information accompanying transfers of funds and certain crypto-assets⁹ that recasts Regulation 2015/847 of 20 May 2015 on information accompanying transfers of funds¹⁰ (the Revised Regulation on Transfers of Funds), extending the information requirements currently applying to wire transfers to crypto assets transfers, with the necessary adjustments needed due to the differences in some of their features. To ensure the coherence of the EU legal framework, the Revised Regulation on Transfers of Funds will use the definitions of “crypto-assets” and “crypto-asset services providers” laid down in the Commission proposal for a regulation on Markets in Crypto-assets (the MiCA Proposal).¹¹

The Revised Regulation on Transfers of Funds will reform the current legal framework in a way that all the rules concerning AML/CFT will apply to the cryptocurrency sector. The following changes are envisaged:

• All the customers of crypto-assets service providers will be subject to a due diligence.
• Transactions will be fully traceable.
• Anonymous crypto-asset wallets will be prohibited, just as anonymous bank accounts are already prohibited under the current EU AML/CFT framework.

The crypto-asset service provider of the originator will therefore need to ensure that transfers of crypto-assets are accompanied by the relevant information on the originator (such as the name of the originator, the originator’s address, official personal document number, customer identification number or date and place of birth) and by the name of the beneficiary and the beneficiary’s account number (if applicable). In addition, the crypto-asset service provider of the beneficiary must implement effective procedures to detect whether the information on the originator is included in, or follows the transfer of crypto-assets as well as effective procedures, including, where appropriate, ex post monitoring or real-time monitoring, to detect whether the required information on the originator or the beneficiary is missing.

Next steps

The AML/CFT Package will now be submitted to the European Parliament and the Council. The Commission looks forward to a speedy legislative process with the aim of having this reform operational by 2024.