New fronts in the battle against money laundering
The impact of the EU’s fourth anti-money laundering directive
Whilst criminals continue to find new ways to launder proceeds of crime and finance illegal activities, including terrorism, those leading the fight against anti-money laundering (AML) are not sitting on their hands. The EU’s fourth anti-money laundering directive, which needs to be transposed into Maltese national law by 26 June 2017, upgrades existing regulations to combat money laundering and counter terrorist financing.
- The impact overview
- Purpose of the changes
- Wider rule application - Remote gaming and cash transactions
- Applying the risk-based approach
- Greater transparency
Whilst criminals continue to find new ways to launder proceeds of crime and finance illegal activities, including terrorism, those leading the fight against anti-money laundering (AML) are not sitting on their hands. The EU’s fourth anti-money laundering directive, which needs to be transposed into Maltese national law by 26 June 2017, upgrades existing regulations to combat money laundering and counter terrorist financing. In the following article, Dominic Fisher and Stefan Lia of Deloitte Malta consider the resulting changes and the impact on Malta.
- Enacted on 25 June 2015
- Transposition deadline of 26 June 2017
- Applicable to a wider range of businesses and all cash transactions over € 10,000
- Expanded to include all gaming sectors in addition to land-based casinos
- Focus on a risk-based approach to AML/CTF
- New requirements for third-party equivalence
- Emphasis on ultimate beneficial ownership (UBO
- Increased record-keeping requirements
- Expanded definition of politically exposed persons (PEPs)
Purpose of the changes
The main stated aims of this EU directive are to remove previous ambiguities and consolidate AML and counter terrorist financing (CTF) rules across all EU Member States. The directive also considers recommendations made by the Financial Action Task Force (FATF) in 2012 which highlighted a range of improvement measures to make AML activities more effective at the national and international level.
What the changes mean
The new directive will usher in a number of changes for which Maltese businesses falling under the definition of “obliged entities” (often referred to locally as subject persons) will need to adapt. The following list is by no means comprehensive, but the changes will include:
- a wider application of AML/CTF rules;
- a focus on risk assessment and a corresponding risk-based approach;
- greater transparency around the beneficial ownership of corporate entities;
- enhanced record-keeping requirements; and
- changes in the definition of politically exposed persons (PEPs).
We consider each of the above in more detail below.
Wider rule application - Remote gaming and cash transactions
As visitors to local casinos may know, land-based casinos in the EU are already considered obliged entities and will check your identity documents before allowing you to use their facilities. Under the new directive, remote gaming operations will also be brought into scope, plugging what is considered to be a key vulnerability in the AML landscape.
The Malta Gaming Authority already enforces a number of conditions which are related to AML on online operators as set out in the Remote Gaming Regulations, but being obliged entities will raise the bar. In the words of Joseph Cuschieri, the Malta Gaming Authority Chairman, “The implementation of the fourth anit-money laundering directive will mean a lot more work and a lot more resources. It is much more onerous on the operators.” With Malta being a leading jurisdiction for online gaming, the commercial repercussions on the sector could have a significant national impact.
Another way in which the directive could bring more locally-based organisations into scope is that businesses receiving over €10,000 in cash for a single transaction (or a number of linked transactions) will also become obliged entities. It is easy to see how, for example, a car or antique dealer could unwittingly become an obliged entity by accepting a large cash payment. The current threshold is €15,000.
Applying the risk-based approach
According to Dr Manfred Galdes, Director FIAU “The truth is that there is no longer room for deliberation and calculation as to whether or not to adopt risk-sensitive systems” as although Maltese law already requires all obliged entities to have in place all necessary policies and procedures on internal control, risk and compliance management and to develop customer acceptance policies in line with their obligations, under the new directive obliged entities will be required to implement systems which enable them to determine the extent of CDD measures to be applied on the basis of an assessment of their AML/CTF risks. There will also be a change in approach when considering third part equivalence with the list of equivalent jurisdictions being scrapped for a risk-based approach requiring obliged entities to perform their own risk assessments on non-EU countries from which their customers are drawn.
Under the new directive, anonymity is considered to be unacceptable. An explicit requirement for legal persons, including companies, to hold up-to-date information on the ultimate beneficial owners will come into force. This requirement will also apply to trustees which have previously been able to protect this information. Like other EU member states, Malta will have to establish and maintain a central register containing information about the beneficial owners of companies and other legal entities so as to assist obliged entities when conducting customer due diligence.
Enhanced record-keeping requirements
In relation to record-keeping, expectations of obliged entities are already high, but the fourth directive firms up requirements in areas which have traditionally been weak, such as recording of results of sanction checks and categorisation of customers according to AML risks so as to support ongoing monitoring activities.
Politically exposed persons
As part of AML risk assessments, obliged persons already have a responsibility to determine whether their customers are ‘politically exposed persons’ (PEPs). The full definition is a detailed one, but the spirit of the requirement is to determine those customers who are in a position of political influence (or close to someone who is) so as to undertake enhanced checks at the onboarding stage and more robust monitoring over the course of the business relationship. Previously, Maltese legislation only required enhanced measures to be applied to foreign PEPs. Under the 4th directive, the same requirements will apply to domestic PEPs.
The directive will also increase the period after which a PEP qualifying post is vacated when an individual should continue to be considered as a PEP to a minimum of 18 months.
Undoubtedly, at least in the short term, applying the new directive will represent a challenge for the regulators and regulated entities and not only in the gaming sector. On the other hand, the continued evolution towards a risk-based approach means that organisations that succeed in deploying their resources effectively should succeed in managing their AML risks more effectively without upsetting the customer experience. Couple all of the above with increases in the fines which can be levied, now is not the time for the ostrich approach.