New Draft European Commission Directive on Anti-Money Laundering – Overview and Summary of Requirements

• By: Staff Editor
• Date: March 01, 2013

1. credit institutions;
2. financial institutions;
3. legal persons like auditors, external accountants, tax advisors, notaries and other independent legal professionals (either in case of their individual participation / on behalf of their client / or when assisting in the planning or execution of transactions for their clients (relating to buying and selling of properties, other assets, opening of accounts etc.).

• The Directive requires a pro-active approach to detect and deter money laundering and terrorist financing risks.
• Timely action to prevent such risks has to be taken by a person designated by the EU member state.
• The identity of the designated person should be notified to the Commission, EBA, EIOPA and ESMA and other EU members.
• The designated person should:

1. co - ordinate the national response to the risks,
2. carry out an assessment for identifying areas so as to apply enhanced measures,
3. use analysis made for improving anti-money laundering and combating terrorist financing regime,
4. disseminate appropriate information to obliged entities so as to allow them to carry out their risk assessments.

• EU states should make available the results of their risk assessments to competent authorities.

1. Regulated institutions have to undertake appropriate steps, establish policies, controls and procedures (like development of internal policies, procedures and controls, including customer due diligence, reporting, record keeping - proportionate to the nature and size of the obliged entities) to detect, analyse and reduce the money laundering and terrorist financing risks while considering the risk factors involved.
2. An independent audit function must be carried out to test the policies and other controls along with approval from senior management for established plans and policies.
3. Necessary documentation should be maintained on a regular basis and made available to concerned authorities. Obliged entities should strive to improve the measures taken through regular monitoring.

• establishing a customer relationship,
• specific transactions - when there is a suspicion of money laundering/terrorist financing, or inadequacy customer identification data.
• providers of gambling services, natural or legal persons trading in goods

• Customer identity verification or other procedures (customer due diligence procedures) have to be carried out (at the earliest) before a transaction - not only on new customers but also on existing ones, if required (on a risk-sensitive basis or when relevant circumstances of a customer change).
• Obliged entities should ensure that safeguard measures are complied with before allowing customers to carry out transactions / open new accounts. In case of any discrepancies, business relationships should either be terminated or suspicious transactions reported to the financial intelligence unit (FIU).

• gather information about reputation and the quality of supervision of such institutions apart from routine customer due diligence measures
• document individual responsibilities of institutions
• seek prior approval from senior management
• be assured that the respondent credit institution has verified the identity of customers having direct access to accounts and will provide relevant customer due diligence data to the correspondent institution, if necessary.

• determining identity of customers,
• implementing measures to establish the source of wealth,
• conducting enhanced on-going monitoring and
• seeking senior management approval before establishing transactions or business relationships with foreign politically exposed persons.

• Measures should be taken determine the identity of beneficiaries of investments/other policies (at least by the time of the pay-out / assignment) in order to confirm if they are politically exposed persons or not.
• Enhanced scrutiny measures have to be carried out (apart from normal customer due diligence). Higher management has to be informed on time whenever high risks are identified in relationships with policyholders.

• Accurate and up-to-date information (about the identity of the trustee(s)/ concerned / beneficiaries) has to be maintained by the obliged entities in order to exercise effective control over the trust.
• Trustees have to disclose their status (before a business relationship is established / when an occasional transaction is carried out) and make available necessary information in a timely manner to the concerned authorities.

• Institutions have to refrain from processing transactions known or suspected to be related to risks (such as money laundering or terrorist financing) and take steps to stop such transactions.
• In case of any issues - which prevent regulated institutions to refrain from processing such risk-based transactions, then steps should be taken to inform the competent authorities at the earliest.

• Regulated institutions, their management officials or employees should not disclose to the customer or to other third persons information about money laundering or terrorist financing investigations (which may or may not be carried out). This prohibition does not apply to competent authorities of EU Member States, including self-regulatory bodies, or disclosure for law enforcement purposes.
• In case of banking relationships with the same customer or same transaction involving two or more institutions or persons, this prohibition should not prevent disclosure between relevant institutions or persons. This disclosure will only be allowed if they are part of an EU member state or a thirdy country with strong regulations regarding personal data protection.
• Attempts made (by persons belonging to a third party/ institutions) to dissuade a client from engaging in an illegal activity should not be considered as disclosure.

• Documentation has to be maintained for the purpose of the prevention, detection and investigation of possible money laundering or terrorist financing by competent authorities.
• A copy or reference of the evidence is required in the case of customer due diligence. In the case of business relationships and transactions, supporting evidence and records consisting of the original legitimate documents or copies should be maintained.
• All above documents should be retained by the obliged entities for a period of at least five years after the business relationship with their customer has ended. The personal data thereafter should be deleted unless specified by law. The maximum tenure for carrying out of the transactions or for ending the business relationship should not exceed ten years.

• Institutions have to implement group-wide policies and procedures and also incorporate data protection policies/ procedures for sharing information within the group so as to deter risks like money laundering and terrorist financing activities.
• Steps should be taken to ensure that framed policies and procedures are implemented effectively at all branches and subsidiaries within the EU and in third countries (where rules and regulations for data protection / anti-money laundering and combating terrorist financing are comparatively less strict than those of the EU).

Additional Resources:

Read the full proposed EU anti-money laundering directive here.