Spotlight The EU’s New AML Single Rulebook Regulation
Obligations for private entities to prevent the use of the financial system from money laundering and terrorist financing are now prescribed in a directly applicable Regulation. Regulation (EU) 2024/1624, published in the Official Journal of the EU of 19 June 2024, replaces the system to date that has regulated said obligations in Directives. These directives evolved over three decades but the directive-led approach has had the disadvantage of having produced diverging results after transposition into the national laws of the Member States, thus leading to inconsistent application of anti-money laundering (AML) and countering the financing of terrorism (CFT) rules. The last one of these so-called Anti-Money Laundering Directives (AMLDs) is the fourth AMLD of 2015 as amended by the fifth AMLD of 2018.
The sixth AMLD, which was adopted in parallel to the AML Regulation, now only deals with organisational and institutional issues that require transposition at the national level (→ separate news item). Therefore, the bulk for the preventive AML/CFT framework is set out in the Regulation (also called the “single rulebook” Regulation).
The comprehensive reform aiming at establishing a single rulebook on AML/CFT was proposed by the Commission in July 2021 (→ eucrim 3/2021, 154-155)
The Regulation lays down rules concerning:
- The measures to be applied by obliged entities to prevent money laundering and terrorist financing;
- Beneficial ownership transparency requirements for legal entities, express trusts and similar legal arrangements;
- Measures to limit the misuse of anonymous instruments.
The main novelties of the Regulation compared to the current AMLD include the following:
Extension of the list of obliged entities
Obliged entities are required to put in place internal policies, procedures and controls to mitigate and manage effectively the risks of money laundering and terrorist financing identified, they must carry out customer due diligence on clients, and report suspicions to FIUs. They are the gatekeepers in the AML/CFT framework as they have a privileged position to detect suspicious activities. In addition to the current list, which includes almost all financial institutions and various types of non-financial entities and operators (e.g., lawyers, accountants, reals estate agents, casinos, and certain types of crypto-asset service providers), the Regulation takes up new bodies:
- All types and categories of crypto-asset service providers – crypto-asset service providers will be considered as financial institutions with the same obligations;
- Crowdfunding platforms;
- Mortgage credit intermediaries and consumer credit providers that are not financial institutions;
- Operators working on behalf of third country nationals to obtain a residence permit to live in an EU country;
- Traders of high-value goods, such as jewelers, horologists and traders of luxury cars, airplanes and yachts as well as cultural goods (like artworks);
- Professional football clubs and agents if they carry out certain transactions (whereby the Member States also have the possibility to remove football clubs with low risk from the list).
Strengthened AML/CFT rules
The Regulation introduces specific enhanced due diligence measures for cross-border correspondent relationships for crypto-asset service providers. Furthermore, credit and financial institutions must undertake enhanced due diligence measures when business relationships with very wealthy (high net-worth) individuals involve the handling of a large amount of assets. There will also be an EU-wide maximum limit of €10,000 for cash payments.
Beneficial ownership
The obligation to identify and report beneficial owners – i.e., persons who actually control or enjoy the benefits of a legal entity, a trust or similar legal arrangement, although the title or property is in another name – was introduced by the 2015 AMLD. The Regulation includes more detailed and harmonised rules in this regard. It clarifies that beneficial ownership can be based on two components - ownership interest and control – which must be assessed independently and in parallel. Identification of ownerships in multi-layered or complex structures are made easier. Legal entities established outside the EU are required to register their beneficial ownership in the central registers when they have a link with the EU, e.g., if they own real estate in the Union; registration is required retroactively until 1 January 2014.
High-risk third countries
The Regulation further harmonises the EU’s approach towards external threats to the Union’s financial system. The definition of consequences attached to listed countries on a risk-sensitive basis is now more granulated. The Commission will make an assessment of the risk emanating from third-countries’ legal and institutional systems, taking into account as a baseline the assessments made by the Financial Action Task Force (FATF) as international standard setter in AML. However, the Commission can also make autonomous assessments.
Third countries that are “subject to a call for action” by the FATF are likely to pose a high risk to the Union’s financial system (“black listed countries”). Obliged entities are required to apply the whole set of available enhanced due diligence measures to occasional transactions and business relationships involving those high-risk third countries to manage and mitigate the underlying risks. Furthermore, the high level of risk justifies the application of additional specific countermeasures, whether at the level of obliged entities or by the Member States.
Third countries that are subject to “increased monitoring” by the FATF have compliance weaknesses that justify a less severe response (grey list). Here, obliged entities should apply enhanced due diligence measures to occasional transactions and business relationships when dealing with natural persons or legal entities established in those third countries that are tailored to the specific weaknesses identified in each third country. Beyond that, the AMLA (→ separate news item) will identify ML/TF risks, trends and methods at global level and will issue guidelines to inform obliged entities about these risks.
Timing
The single rulebook Regulation will apply from 10 July 2027, except for the provisions which include football clubs and agents into scope as obliged entities – those provisions will apply from 10 July 2029.