New Draft European Commission Directive on Anti-Money Laundering – Overview and Summary of Requirements

  • By: Staff Editor
  • Date: March 01, 2013
Webinar All Access Pass Subscription


The new draft EU Directive published in February 2013 aims to improve the EU's existing rules on anti-money laundering and reinforce vigilance by covered entities so as to deter crimes and corruption. The Directive also considers the recommendations of the Financial Action Task Force (FATF), the world anti-money laundering body, and  follows rules sanctioned by competent authorities.
The new EU anti-money laundering Directive provides for a more targeted and focussed risk-based approach so as to facilitate a clear mechanism for identification of beneficial owners, improve clarity of rules on customer due diligence, widen its scope to detect new threats and strengthen collaboration between groups.
Key requirements of the draft EU directive are summarized below:
The Directive applies to the following entities in the EU:
  1. credit institutions;
  2. financial institutions;
  3. legal persons like auditors, external accountants, tax advisors, notaries and other independent legal professionals (either in case of their individual participation / on behalf of their client / or when assisting in the planning or execution of transactions for their clients (relating to buying and selling of properties, other assets, opening of accounts etc.).
Detecting and Deterring Money Laundering & Terrorist Financing
  • The Directive requires a pro-active approach to detect and deter money laundering and terrorist financing risks.
  • Timely action to prevent such risks has to be taken by a person designated by the EU member state.
  • The identity of the designated person should be notified to the Commission, EBA, EIOPA and ESMA and other EU members.
  • The designated person should:
  1. co - ordinate the national response to the risks,
  2. carry out an assessment for identifying areas so as to apply enhanced measures,
  3. use analysis made for improving anti-money laundering and combating terrorist financing regime,
  4. disseminate appropriate information to obliged entities so as to allow them to carry out their risk assessments.
  • EU states should make available the results of their risk assessments to competent authorities.
Appropriate Anti-Money Laundering Controls & Procedures
  1. Regulated institutions have to undertake appropriate steps, establish policies, controls and procedures (like development of internal policies, procedures and controls, including customer due diligence, reporting, record keeping - proportionate to the nature and size of the obliged entities) to detect, analyse and reduce the money laundering and terrorist financing risks while considering the risk factors involved.
  2. An independent audit function must be carried out to test the policies and other controls along with approval from senior management for established plans and policies.
  3. Necessary documentation should be maintained on a regular basis and made available to concerned authorities. Obliged entities should strive to improve the measures taken through regular monitoring.
No Anonymous Accounts
The directive does not allow the maintenance of anonymous accounts or anonymous passbooks by credit and financial institutions. Institutions should ensure that customer due diligence measures are carried out even on such accounts so as to track the transactions by corresponding owners / beneficiaries.
Customer Due Diligence
Customer due diligence measures have to be carried out by institutions for:
  • establishing a customer relationship,
  • specific transactions - when there is a suspicion of money laundering/terrorist financing, or inadequacy customer identification data.
  • providers of gambling services, natural or legal persons trading in goods
Safeguard Measure for Identity Verification
  • Customer identity verification or other procedures (customer due diligence procedures) have to be carried out (at the earliest) before a transaction - not only on new customers but also on existing ones, if required (on a risk-sensitive basis or when relevant circumstances of a customer change).
  • Obliged entities should ensure that safeguard measures are complied with before allowing customers to carry out transactions / open new accounts. In case of any discrepancies, business relationships should either be terminated or suspicious transactions reported to the financial intelligence unit (FIU).
Simplified Customer Due Diligence
The directive asks for the application of customer due diligence measures only after verifying (by sufficient monitoring) the level of risk involved in the transaction or customer relationship i.e. lower degree of risk should be ascertained (unusual and suspicious transactions should be ruled out). Both the EU members states as well as obliged entities are expected to carry out CDD.
Banking Relationships with Third Countries
Before initiating banking relationships with respondent institutions from third countries, the following steps have to be taken:
  • gather information about reputation and the quality of supervision of such institutions apart from routine customer due diligence measures
  • document individual responsibilities of institutions
  • seek prior approval from senior management
  • be assured that the respondent credit institution has verified the identity of customers having direct access to accounts and will provide relevant customer due diligence data to the correspondent institution, if necessary.
Foreign and Domestic Politically Exposed Persons
Institutions should have appropriate risk-based procedures for:
  • determining identity of customers,
  • implementing measures to establish the source of wealth,
  • conducting enhanced on-going monitoring and
  • seeking senior management approval before establishing transactions or business relationships with foreign politically exposed persons.
Appropriate risk based procedures also have to be implemented and followed in the case of higher risk business relationships with domestic politically exposed persons or persons who have been entrusted with prominent functions by international organisations.
  • Measures should be taken determine the identity of beneficiaries of investments/other policies (at least by the time of the pay-out / assignment) in order to confirm if they are politically exposed persons or not.
  • Enhanced scrutiny measures have to be carried out (apart from normal customer due diligence). Higher management has to be informed on time whenever high risks are identified in relationships with policyholders.
Shell Banks
Under the directive, credit institutions will be barred from establishing correspondent banking relationships with shell banks (incorporated in a jurisdiction in which they have no physical presence or are unaffiliated with a regulated financial group). They will also not be allowed to conduct deals with banks that are known to permit their accounts to be used by shell banks.
Trusts and Trustees
  • Accurate and up-to-date information (about the identity of the trustee(s)/ concerned / beneficiaries) has to be maintained by the obliged entities in order to exercise effective control over the trust.
  • Trustees have to disclose their status (before a business relationship is established / when an occasional transaction is carried out) and make available necessary information in a timely manner to the concerned authorities.
Risk-Based Transactions
  • Institutions have to refrain from processing transactions known or suspected to be related to risks (such as money laundering or terrorist financing) and take steps to stop such transactions.
  • In case of any issues - which prevent regulated institutions to refrain from processing such risk-based transactions, then steps should be taken to inform the competent authorities at the earliest.
Prohibition of Disclosure to Customers
  • Regulated institutions, their management officials or employees should not disclose to the customer or to other third persons information about money laundering or terrorist financing investigations (which may or may not be carried out). This prohibition does not apply to competent authorities of EU Member States, including self-regulatory bodies, or disclosure for law enforcement purposes.
  • In case of banking relationships with the same customer or same transaction involving two or more institutions or persons, this prohibition should not prevent disclosure between relevant institutions or persons. This disclosure will only be allowed if they are part of an EU member state or a thirdy country with strong regulations regarding personal data protection.
  • Attempts made (by persons belonging to a third party/ institutions) to dissuade a client from engaging in an illegal activity should not be considered as disclosure.
Record Keeping and Statistical Data
  • Documentation has to be maintained for the purpose of the prevention, detection and investigation of possible money laundering or terrorist financing by competent authorities.
  • A copy or reference of the evidence is required in the case of customer due diligence. In the case of business relationships and transactions, supporting evidence and records consisting of the original legitimate documents or copies should be maintained.
  • All above documents should be retained by the obliged entities for a period of at least five years after the business relationship with their customer has ended. The personal data thereafter should be deleted unless specified by law. The maximum tenure for carrying out of the transactions or for ending the business relationship should not exceed ten years.
Policies, Procedures and Supervision
  • Institutions have to implement group-wide policies and procedures and also incorporate data protection policies/ procedures for sharing information within the group so as to deter risks like money laundering and terrorist financing activities.
  • Steps should be taken to ensure that framed policies and procedures are implemented effectively at all branches and subsidiaries within the EU and in third countries (where rules and regulations for data protection / anti-money laundering and combating terrorist financing are comparatively less strict than those of the EU).
Licensing and Registration
Currency exchange offices, trusts or company service providers have to obtain licenses or registrations and providers of gambling services should have the appropriate regulatory authorization.

Additional Resources:

Read the full proposed EU anti-money laundering directive here.


Best Sellers
You Recently Viewed