European Commission introduces ambitious measures to enhance the EU's AML/CFT regime

On 20 July 2021, the European Commission presented an anti-money laundering and countering the financing of terrorism (AML/CFT) package that consists of four legislative proposals:

• A regulation establishing an EU AML/CFT authority in the form of a decentralized EU regulatory agency;
• A new AML/CFT Regulation (“Single Rulebook”) containing directly applicable AML/CFT rules, including a revised EU list of entities subject to AML/CFT rules (known as “Obliged Entities”);
• A sixth Directive on AML/CFT (“AMLD6”), replacing the existing Directive 2015/849/EU (the fourth AML directive as amended by the fifth AML directive), containing provisions that will be transposed into national law, such as rules on national supervisors and Financial Intelligence Units (FIUs)in Member States; and
• A recast of the 2015 Regulation on Transfers of Funds.

These proposals aim to establish a robust and future-proof enforcement system, which will contribute to the improved detection of money laundering and terrorism financing (ML/TF) in the EU. They follow up on the European Commission's AML/CFT Action Plan of 7 May 2020.

The role of a new EU AML authority (AMLA)

The AMLA will have two main areas of activity: AML/CFT supervision and supporting EU Financial Intelligence Units (FIUs).

To achieve this purpose, the AMLA will:

• Directly supervise financial sector entities that are exposed to the highest risk of ML/TF;
• Hold a coordination role in the non-financial sector; and
• Facilitate the cooperation of FIUs, including by establishing standards for reporting and information exchange, supporting joint operational analyses, and hosting the central online system FIU.net.

The AMLA will be established in 2023. It aims to start most of its activities in 2024 and begin the direct supervision of certain high-risk financial entities in 2026. Direct supervision can only start once the harmonized rulebook is completed and applies.

A single EU rulebook for AML/CFT

As part of this new legislative package, the European Commission proposed a unified AML/CFT regulatory framework that includes directly applicable AML/CFT requirements imposed on Obliged Entities. These rules will no longer need to be transposed into national law.

The rules at the EU level will be more detailed and granular than at present, and will include a number of regulatory technical standards that will be prepared by the AMLA, for example, on customer due diligence (CDD).

Member States will still be able to respond to specific risks, for example, by requiring additional sectors at the national level to apply AML/CFT rules, if it is justified by specific risks in that Member State.

Additions to the list of Obliged Entities

There will be several additions to the list of entities subject to EU AML/CFT rules:

• All types and categories of crypto-asset service providers, which will align EU legislation with the relevant Financial Action Task Force (FATF) standards;
• Crowdfunding service providers that fall outside the scope of the EU Crowdfunding Regulation (the Regulation already contains sufficient safeguards for crowdfunding services providers that fall under its scope);
• Mortgage credit intermediaries and consumer credit providers that are not financial institutions (as financial institutions already qualify as Obliged Entities, a level playing field should be ensured); and
• Operators working on behalf of third-country nationals to obtain a residence permit to live in an EU country (i.e., investor residence schemes).

Enhanced requirements for beneficial ownership and registers

The proposals include more detailed and harmonized rules to clarify the type of information needed to identify beneficial owner(s).

They also introduce an obligation for non-EU legal entities that have a link with the EU to register their beneficial ownership in the EU's beneficial ownership registers.

In addition, the entities in charge of the national beneficial ownership register will receive more powers to verify that the information submitted to this register is accurate, including onsite checks.

Finally, the proposal includes new disclosure requirements for nominee shareholders and nominee directors.

Cross-border access to bank account information

The existing EU AML legislation requires Member States to establish registers or mechanisms to retrieve information about bank accounts and their owners. The European Commission is now proposing that a cross-border system between these national registers is established, to allow FIUs to also access information from other Member States.

Transfer of funds rules to include crypto assets

Full information about the sender and beneficiary of transfers of virtual assets will have to be included by crypto-asset service providers, just as payment service providers currently do for wire transfers.

Strengthening of remote identification

The Commission is currently working on a new framework for a European Digital Identity that aims to remove barriers to the cross-border use of digital identities in the financial sector.

The AML/CFT framework proposals will support this goal by harmonizing CDD requirements, making digital identity solutions easier to use and allowing for better cross-border operation. Moreover, the AML/CFT proposals further specify, by means of technical standards, aspects relating to detailed identification and authentication elements for onboarding purposes.

EU-wide ban of cash payments above EUR10,000

The Commission is proposing to introduce at the EU level a maximum amount of EUR10,000 for large cash transactions. Member States will remain free to maintain lower limits at the national level.

Revised third-countries policy

The harmonization of mitigating measures at the EU level against external threats will ensure that the internal market’s proper functioning is efficiently protected by a robust framework that is directly applicable to all Obliged Entities in the EU and avoids divergences at the Member State level.

The AMLA will monitor specific risks and trends to which the EU’s financial system is exposed, adopt guidelines defining external threats, and regularly inform Obliged Entities about these threats.

Next steps

The legislative package will now be discussed by the European Parliament and Council. The full rulebook, including technical standards, is expected to be put in place and apply by the end of 2025. To give the AMLA the necessary time to be up and running and complete the rulebook, the new regulatory framework will apply three years after its adoption.

How can Deloitte help you?

Deloitte’s advisory specialists and dedicated services can help you design and implement your business strategy in light of the evolution of regulatory frameworks and market trends.

Deloitte’s AML and CFT advisory specialists and dedicated services can also help you design and implement your renewed business strategy in light of the future evolution of the AML/CFT framework.

Key Deloitte AML services include:

• AML/know your customer (KYC) remediation plan
• AML/CFT training
• AML/CFT policy, procedure, and process design or review
• Assistance in risk assessment drafting regarding ML/TF
• DKYC: externalizing KYC processes

Deloitte’s Regulatory Watch service helps you stay ahead of the regulatory curve to better manage and plan upcoming regulations.

Contacts

Subject matter specialists

Regulatory Watch Kaleidoscope service