EU Commission assesses money laundering and terrorist financing risks at the supranational level


The European Commission published on 26 June 2017 a supranational assessment of the risks of money laundering and terrorist financing affecting the internal market and relating to cross-border activities, the first report of this nature carried out at a supranational level in the EU. The report explores money laundering and terrorist financing risks across a number of sectors and products, including newer areas such as the FinTech space, and makes recommendations for mitigating these risks. Michael McKee and Ian Mason of DLA UK LLP discuss the report, the risks highlighted therein and the report’s recommendations.

On 26 June 2017, the European Commission published its supranational assessment (SNRA) of the risks of money laundering (ML) and terrorist financing (TF) affecting the internal market and relating to cross-border activities. The Commission was mandated to produce the report under the terms of the Fourth Anti-Money Laundering Directive (4AMLD), which itself came into force on the same day, 26 June 2017.

The report reviews and analyses the risks in various sectors and products, and makes recommendations for mitigating them. The report identifies 40 products or services that are considered potentially vulnerable to ML and TF risks affecting the internal market. These cover 11 professional sectors, including the financial sector, the gambling sector, trust and company services providers, tax advisors, auditors, external accountants, notaries and other independent legal professionals, and Hawala banking.

Main risks to sectors

The report considers that the financial sector has a good awareness of its risks, given the long-standing EU AML/ CFT framework. However, the report identifies the following areas where the risk level remains "significant":

  • Private banking and institutional investment (especially through brokers). This is due to the overall higher exposure to product and customer risks, pressures of competition in the sector, and a limited understanding among supervisors of their operational AML/CTF risks
  • Safe custody services (such as safe deposit boxes), due to limitations in monitoring capacities for obliged entities, and the existence of nonregulated storage facilities
  • Electronic money or money value transfer services (i.e. money remittances) are considered as significantly and even highly significantly exposed to ML/TF risks - electronic money because of anonymity features, and money remittances because of uneven monitoring capacities among obliged entities. For currency exchange offices and money remittances, applying the AML/CTF rules to the limit of occasional transactions only above €15,000 seems problematic, since there is scope for criminal activity making smaller transfers
  • Crowdfunding platforms and virtual currencies
  • FinTech, where new technologies also offer new opportunities for criminals
  • Consumer credit/low value loans, which have been a recurrent practice in recent terrorist cases

The report identifies risks in other sectors. In the gambling sector, online gambling is viewed as high risk due to the huge volumes of transactions/financial flows and the non-face-to-face element. In the professional provider sectors (e.g. trust and company services providers, accountants, law firms), the identification of the beneficial owner of the customer seems to be the main weakness. Legal privilege can also impact on the implementation of AML/CTF rules.

The real estate sector is also exposed to significant ML risks, due to the variety of professionals involved in real estate transactions. The report also identifies non-profit organisations as being exposed to the risks of being misused for TF purposes. Transactions involving high volumes of cash or cash-like assets (e.g. gold, diamonds) or high-value, easily tradable assets (e.g. cars, watches) are unsurprisingly also regarded as high risk. The report also identifies a number of vulnerabilities common to all sectors, including:

  • Infiltration by criminals
  • The ease of forging documents is increased by modern technology
  • Insufficient information sharing between the public and private sectors
  • Insufficient resources, risk awareness and know how to implement AML/CTF rules
  • New risks emerging from FinTech, for example the use of online services is expected to increase further in the digital economy, boosting demand for online identification while presenting an increased risk from those non-face-to-face transactions

Mitigating measures - the 4AMLD

The report was prepared before the implementation of the 4AMLD. The report recognises that the implementation of the 4AMLD will help to mitigate a number of the risks identified. The new requirements under the 4AMLD include:

  • The scope of obliged entities has been extended to cover providers of gambling services, traders accepting cash payments above €10,000 and occasional transactions that constitute a transfer of funds (including money remittances) exceeding €1,000
  • The risk-based approach has been strengthened
  • Registers on beneficial ownership information to facilitate the identification of beneficial owners of legal entities and some legal arrangements
  • Anonymity of e-money products is reduced
  • The new level of sanctions is increasing the deterrent effect
  • A new regime for cooperation between Financial Intelligence Units (FIUs) in the EU is set

Other mitigating measures

The report also highlights a number of other mitigating measures already in place or in progress at EU level, both legislative measures and policy initiatives.

Although the 4AMLD has only recently been implemented, the Commission (in July 2016) has already published a proposed Directive to amend the 4AMLD. This is known as the Fifth Money Laundering Directive (MLD5), and includes the following amendments:

  • Enhanced due diligence (‘EDD’) measures and countermeasures relating to high risk third countries are clarified
  • Virtual currency exchange platforms and custodian wallet providers are brought within the scope of regulation
  • Concerns surrounding the anonymity of prepaid instruments are addressed
  • A new obligation is imposed on Member States to establish central mechanisms to identify holders and controllers of bank and payment accounts
  • FIUs are given new powers to request money laundering and terrorist financing information from firms
  • Access to beneficial ownership information is improved

The date for implementation of the MLD5 is not yet clear: it is still proceeding through the European legislative process.

Other relevant legislative proposals include:

  • Revision of the Cash Control Regulation, which will enable authorities to act on amounts lower than the current declaration threshold of €10,000 where there are suspicions of criminal activity
  • The Directive on combatting terrorism, which includes an EU-wide definition of the crime of financing terrorism
  • Proposals for a directive on countering money laundering by criminal law and a regulation on mutual recognition of freezing and confiscation orders, which will also complement the EU preventative approach by ensuring an appropriate law enforcement and judicial response when ML and TF are uncovered

In terms of policy initiatives, the Commission is currently looking into an initiative to enhance transparency of cash payments. The Commission has also set up an internal FinTech Task Force, whose work will cover crowdfunding, digital currencies, distributed ledger technology (DLT) and authentication/identification.

The Commission also proposes further supporting measures, including improving statistical data collection under the 4AMLD, further guidance to obliged entities on the concept of "occasional transactions and operations which appear to be linked," training for professionals carrying out activities subject to legal privilege, further analysis of the risks posed by Hawala and informal value transfer services, and further work to enhance AML/CFT supervision in the EU.


The report makes recommendations for the European Supervisory Authorities (ESAs), for non-financial supervisors and for EU Member States. The report recommends that the ESAs:

  • Raise awareness as to ML/TF risks and identify the appropriate actions to further build supervisors’ capacity;
  • Take further initiatives to improve cooperation between supervisors;
  • Work out further solutions for supervising operators acting under the "passporting" regime. The EBA joint task force for payment services/AML has already started working on this issue in order to:
  • Provide updated guidelines on internal governance so as to further clarify expectations around the functions of compliance officers in financial institutions
  • Provide further guidance on beneficial ownership identification for investment funds providers
  • Analyse operational AML/CFT risks linked to the business model in the corporate banking, private banking and institutional investment sectors on the one hand, and in money value transfer services (MVTS) and e-money on the other

In the non-financial sector, there is no ESA-like EU body or equivalent. The report recommends that self-regulatory bodies for professional advisers such as auditors, accountants and legal professionals should increase the number of thematic inspections and reporting, and also organise training to develop a better understanding of the AML/CFT risks.

The report makes a number of recommendations for Member States:

Scope of national risk assessments: Member States should give due consideration to the risks posed by the various products in their national risk assessments and define appropriate mitigating measures. These should include cash limits for payments and cash transaction reporting systems. Member States should also take into account the risks posed by anonymous electronic money products and should ensure that the exemption thresholds are as low as possible, to avoid their misuse.

Beneficial ownership: Member States should ensure that the information on the beneficial ownership of legal entities is adequate, accurate and current.

The 4AMLD rules on the transparency of beneficial ownership information should also be implemented quickly, with the introduction of beneficial ownership registers for all types of legal entities and legal arrangements.

Appropriate resources for supervisors: Member States must allocate "adequate" resources to their competent authorities, although the report recognises that it is difficult to pinpoint what this is.

Increase of on-site inspections by supervisors: on-site inspections should be focused on specific operational AML/CTF risks. This relates in particular to institutional investment (especially through brokers), private banking, currency exchange offices and money value transfer services, where supervisory inspections should include a review of training received by agents.

Supervisory authorities to carry out thematic inspections: these should focus on identifying beneficial ownership in areas such as institutional investment, company service providers, accountants and legal professionals. Inspections should be conducted within two years of publication of the report.

Considerations for extending the list of obliged entities: 4AMLD requires Member States to extend the scope of the AML/CTF regime to professionals particularly at risk. The report identifies crowdfunding, virtual currency exchange platforms and wallet providers as higher risk.

Appropriate level of CDD for occasional transactions: the €15,000 threshold level may be too high for occasional transactions. A €1,000 threshold similar to that for occasional transactions for transfers of funds can be considered commensurate to the risk. Member States should provide guidance on the definition of occasional transactions.

Appropriate level of CDD in case of safe custody services and similar services: Member States should ensure that safe custody services provided by financial institutions are offered only to holders of a bank account in the same obliged entity and should address appropriately risks posed by third parties’ access to safe deposit boxes.

Regular cooperation between competent authorities and obliged entities: enhanced cooperation should seek to make detecting suspicious transactions simpler and to increase the number and quality of suspicious transaction reports. In relation to the money value transfer services (MVTS) sector, competent authorities should provide further risk awareness and risk indicators on TF.

Special and ongoing training for obliged entities: training sessions should cover the risk of infiltration or ownership by organised crime groups. For the MVTS sector, obliged entities should provide mandatory training to agents to make them aware of their AML/CFT obligations and show them how to detect suspicious transactions.

Annual reporting from competent authorities/self regulatory bodies on the AML/CTF activities of the obliged entities: in sectors such as real estate, auditors, accountants and legal professionals, annual reporting should include the number of reports received by the self regulatory bodies and the number of on-site inspections carried out.


The report is the first report of this nature carried out at a supranational level in the EU. It is clear from the report and its conclusion that the EU internal market is still vulnerable to ML/TF risks. Although progress has been made in the financial sector given the measures introduced by the previous money laundering directives, the report makes it clear that there is still some way to go. However 4AMLD and the proposals in MLD5 will help to mitigate some of the risks.

Many of the findings and the recommendations are not surprising, but the mitigation steps in terms of greater cooperation, raising AML/ CTF awareness and more training will depend on the resources available to competent authorities. From firms’ perspective, the report may translate at a national level into more thematic visits, and an emphasis on particular risk areas such as reviewing due diligence carried out on beneficial ownership.

In the UK, the FCA has emphasised that tackling financial crime (including AML) is one of its strategic priorities. In its recently published Anti-Money Laundering Annual Report 2016-17, the FCA noted that it was planning to broaden the scope of its programme of visits to second tier higher risk AML firms from 75 visits over two years to 150 visits over four years.

The Commission will monitor the actions taken by Member States in response to the supranational report, and will report back on these findings at the latest by June 2019.