AMLD6 – EU unveils tougher anti-money laundering rules: key highlights
AMLD6 is set to address the organisation of the institutional AML/CFT framework at national level. The new directive transfers the rules applying to the private sector from AMLD6 to the newly adopted regulation on AML/CFT in order to ensure a consistent level of compliance across the EU.
AMLD6 is set to address the organisation of the institutional AML/CFT framework at national level. The new directive transfers the rules applying to the private sector from AMLD6 to the newly adopted regulation on AML/CFT (AMLR) in order to ensure a consistent level of compliance across the EU.
What changes are brought by AMLD6?
AMLD6 aims to repeal and replace the earlier AML/CFT directives, as amended (AMLD 4[1] and AMLD5[2]), by developing an even broader AML/CFT framework. The key changes in AMLD6 are detailed as follows:
Enhanced requirements regarding supra-national and national risk assessments
Under AMLD4 and ALMD5, the EU Commission was required to conduct periodic assessments of AML/CFT risks affecting the internal market and relating to cross-border activities. AMLD6 now extends this requirement to also cover risks resulting from the non-implementation and evasion of targeted financial sanctions. The frequency with which the EU Commission shall carry out the periodic assessments and publish its relevant reports is now extended to four years.
These reports will be accompanied by recommendations to Member States on the measures suitable for addressing newly identified risks. AMLD6 brings up a new feature in this respect. From now on, the Commission will be assisted by the new AML/CFT Authority which will also issue opinions on AML/CFT risks every two years.
See Arendt’s Newsflash on the AMLA Regulation here:
At national level, Member States will now need to include the risks of non-implementation and evasion of targeted financial sanctions affecting them into their national risk assessment. Member States will not only have to keep that risk assessment up to date, as already required, but now need to also review it at least every four years. As AMLD6 provides a minimum harmonisation framework, Member States may decide to review their national risk assessment more frequently or conduct ad hoc sector-specific risk assessments.
The results of these assessments, including their updates, shall now also be made available to the AMLA. A summary of the findings of the assessment will continue to be published.
Under AMLD4 and ALMD5, Member States could identify particularly exposed sectors at national level (in addition to those already covered by obliged entities) and subsequently decide to subject them to all or part of the requirements of AMLD4 and ALMD5. AMLD6 now extensively details any information and documentation that needs to accompany the notification made by the Member States to the Commission in this respect. Obliged entities shall provide: i) a justification of the AML/CFT risks underpinning such intention, ii) an assessment of the impact that such application will have on the provision of services within the single market, iii) the AMLR requirements that the Member State intends to apply to those entities, and iv) the text of the draft national measures, as well as any update thereof where the Member State has significantly altered the scope, content or implementation of those notified measures.
AMLD6 also extends the scope of a Member State’s national risk assessment to encompass AML/CFT risks linked with each type of legal person established on its territory and each type of legal arrangement which is governed under its national law, or which is administered on its territory.
With the new directive, the EU Commission will also publish a list of the designated national financial intelligence units (FIUs).
Changes concerning registers and mechanisms of beneficial ownership, bank accounts and real estate
AMLD6 includes new provisions allowing Member States to require additional information in the event of doubt about the accuracy of data pertaining to beneficial ownership. It also outlines further clarification on identifying and reporting inconsistencies in beneficial ownership information to the manager of the central beneficial ownership registers. As such, appropriate actions to stop such inconsistencies must be taken within 30 working days of the reporting.
As regards the powers of the manager of the central beneficial ownership registers, AMLD6 entrusts them with new verification powers. The Directive provides that Member States should ensure that the manager of the central registers, whether directly or through another authority, has the powers to carry out checks, which includes on-site inspections at the business premises or registered office of the legal entity to identify the rightful beneficial owners of the entity and to verify that the information submitted to the central register is accurate, adequate and up-to-date.
The provisions on access to such central registers and the possible access restrictions in justified cases are further amended, especially following the outcome of the ruling by the Court of Justice of the EU of 22 November 2022. In this context, AMLD6 provides for general and specific rules regarding access to beneficial ownership registers.
The general rules concern access to the registers by competent authorities, self-regulatory bodies and obliged entities. More authorities have now been specifically granted access to the register, such as tax authorities, AMLA, the European Public Prosecutor’s Office, the European Anti-Fraud Office, Europol and Eurojust.
On the other hand, there are specific rules governing the access to the registers by persons with a legitimate interest.
AMLD6 provides that any natural or legal person that can demonstrate a legitimate interest in preventing and countering money laundering and financing of terrorism (ML/FT) shall be granted access to any central beneficial owner register, including central registers of trusts and legal arrangements. AMLD6 specifies to what beneficial owner information such persons may have access and how such access can be granted. It also establishes a list of persons deemed to have a legitimate interest in preventing and countering ML/FT, such as journalists, civil society organisations, persons likely to enter into a transaction with a legal entity or legal arrangement and who wish to prevent any link between such transaction and ML/FT, etc.
In this context, AMLD6 also provides for an extensive procedure for the verification and mutual recognition of a legitimate interest to access the beneficial ownership information.
As such, the existence of a legitimate interest to access beneficial ownership information will be determined by taking into consideration, among others, the function or occupation of the applicant and the link with the specific legal entities or legal arrangements whose information is being sought. In the event of refusal of access by the manager of the central register, Member States should ensure that there are judicial or administrative remedies available to challenge the refusal or revocation of access.
With respect to real estate registers, competent authorities shall have immediate and direct access to information contained therein, including that which allows for the identification of any land or real estate property and their owners, as well as the identification and analysis of transactions involving real estate.
Enhanced powers and cooperation between the FIUs
AMLD6 builds on the provisions of the previous AML/CFT framework, which required Member States to create operationally independent FIUs at national level, granting them regular access to the financial, administrative and law enforcement information they require to undertake their functions properly, even without a suspicious activities’ or transactions’ report having been filed.
The new features now include some clarifications on the financial analysis function of FIUs, underlining their operational independence, resources, security and confidentiality. Moreover, Member States will have to ensure that FIUs have in place secure and protected channels for communicating and exchanging information electronically with competent authorities and obliged entities.
AMLD6 also institutes the Fundamental Rights Officer. This new body can be a member of the existing staff of the FIU and their responsibilities will include promoting and monitoring the FIU’s compliance with fundamental rights.
The new directive also establishes an extensive list of minimum categories of information which must be accessible to FIUs to fulfil their tasks properly. This includes financial, administrative and law enforcement information, such as information on mortgages and information contained in national registers and databases.
With regard to the powers of the FIUs to suspend or withhold their consent to transactions that are suspected to be related to ML/FT, AMLD6 specifies the terms of such suspension or withholding. The blocking instruction shall then be imposed on the obliged entity within three working days of receiving a report of a suspicious transaction or activity and shall not exceed 10 working days from the day of the imposition of such measure – allowing Member States to set out a longer period during which, pursuant to national law, FIUs perform the function of tracing, seizing, freezing or confiscating criminal assets.
Where the suspicion of ML/FT is specifically related to bank, payment or crypto-asset accounts or a business relationship, the duration of such measure applicable for the FIUs analytical work shall not exceed five working days, giving Member States some leeway to define a longer period.
In this context, AMLD6 also empowers FIUs to apply monitoring measures on obliged entities. FIUs can now instruct obliged entities to monitor, for a given period of time, transactions or activities that are being carried out through bank, payment or crypto-asset accounts.
Lastly, AMLD6 enhances cooperation between FIUs and other competent authorities, such as the AMLA.
Clarifications of general provisions on AML/CFT supervision
AMLD6 extends the previous AML/CFT supervisory framework by adding further requirements, such as a new obligation for the AMLA to develop regulatory technical standards setting out benchmarks and a methodology for assessing and classifying the inherent and residual risk profile of obliged entities.
AMLD6 also gives additional supervisory powers to supervisors in charge of gambling operators, including the power to investigate the business premises of the obliged entity without prior announcement where the proper conduct and efficiency of the inspection so require.
Furthermore, AMLD6 brings up new requirements for supervisors in charge of the supervision of a group. Supervisors for the home and host Member States will not only have to cooperate with each other to the greatest extent possible, as already provided for by AMLD4 and AMLD5, but will now also exchange any information that could significantly influence the assessment of the inherent or residual risk profile of a credit institution or financial institution of another Member State.
In addition, Member States will have to establish dedicated AML/CFT supervisory colleges in both the financial and non-financial sectors in order to allow for an exchange of information, provision of mutual assistance or coordination of the supervisory approach to the relevant group or institution. The situations in which such colleges have to be established and their composition are described with sufficient detail in the new directive.
In the financial sector, the national competent supervisors in charge of the parent undertaking (or the head office) of a credit institution or financial institution will have to establish supervisory colleges when the credit institution or financial institution has set up additional establishments in at least two other different Member States and where a third-country credit institution or financial institution has set up establishments in at least three Member States.
These colleges will need to be composed of permanent members. They shall consist of the financial supervisor in charge of the parent undertaking (or of the head office) and the financial supervisors in charge of the establishments in the host Member States.
AMLD6 also introduces a requirement on the provision of information on cross-border activities. Supervisors for the home Member State now have to inform the supervisors for the host Member State, as soon as possible, of the activities that the obliged entity intends to carry out in the host Member State. In this context, the supervisors for the home Member State have to share information with the supervisor for the host Member State on the activities effectively carried out by the obliged entity in the territory of the host Member State, including, for instance, information submitted by the obliged entities in response to supervisory questionnaires. This requirement will also apply in the event that the obliged entities operate under the freedom to provide services in another Member State without any infrastructure there.
Clarifications on administrative measures and sanctions
AMLD6 builds on the previous AML/CFT framework regarding sanctions and now clearly distinguishes between pecuniary sanctions and administrative measures that Member States may impose on obliged entities.
In this context, AMLD6 redefines the sanctions and measures to apply for serious, repeated or systematic breaches of the AMLR provisions, whether committed intentionally or negligently, as well as the circumstances that must be taken into account to determine the type and level of the pecuniary sanction or administrative measure.
The maximum amount of the pecuniary sanction that can be imposed by national authorities on credit or financial institutions has been doubled, now reaching EUR 10,000,000 or 10% of the total annual turnover, whichever is higher.
Additionally, national regulators will have the power to apply periodic penalty payments to enforce adherence to administrative requirements.
Enhanced requirements on AML/CFT cooperation
AMLD6 extends the previous cooperation framework between supervisors, FIUs and other competent authorities, such as policy makers and tax authorities. The requirements on professional secrecy applicable to authorities are also enhanced, now clearly specifying that professional secrecy shall not prevent the exchange of information between supervisors, whether within a Member State or in different Member States, public authorities, and, of course, the AMLA.
In addition, AMLD6 also includes an obligation for the FIUs and other supervisory authorities to cooperate with the AMLA and report on their cooperation with other authorities on a yearly basis.
AMLD6 introduces finally a new obligation for the AMLA to cooperate with the European Central Bank, the European Supervisory Authorities, Europol, Eurojust and the European Public Prosecutor’s Office in order to issue guidelines on cooperation.
[1] Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC.
[2] Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing,and amending Directives 2009/138/EC and 2013/36/EU.