BaFin Money Laundering Act Guidance: New Adverse Media Screening Rules

Published: 9 October 2024

In July 2024, Germany’s financial supervisor, Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) updated its Auslegungs und Anwendungshinweise (AuA) which sets out compliance guidance for Germany’s Money Laundering Act, known as Geldwäschegesetz (GwG). 

The draft guidance — AuA 2.0 — precedes the incoming EU Anti-Money Laundering Act (AMLA) which will introduce new anti-money-laundering (AML) and counter-financing of terrorism (CFT) rules across all member states, and change regulatory compliance obligations for many businesses. BaFin’s AuA 2.0 focuses on a number of emerging compliance risk factors, such as the rise of cryptocurrency, and includes new adverse media screening requirements.

With AMLA set to come into effect in July 2025, the window for preparation is starting to close and, while Germany’s final AML compliance landscape under the new regime is not fixed, BaFin is seeking to offer clarity to obligated entities. 

Let’s take a closer look at the key points from AuA 2.0.

Mandatory Adverse Media Screening in Germany

One of the key points in the updated AuA, is BaFin’s emphasis on the need for adverse media screening. While acknowledging there is no explicit legal obligation, BaFin makes it clear that firms in Germany must include adverse media screening as part of their AML risk assessment process. 

AuA 2.0 states that “screening customers using sanctions or high-risk country lists alone” is no longer sufficient, and firms must “use all knowledge available to them… for example from media analyses” in order to establish risk in accordance with international AML standards. 

Insurance Holding Companies Under AML Scope

BaFin expects that Germany’s new compliance regime will expand the scope of AML regulations to insurance holding companies. As obligated entities under the GwG, insurance holding companies will have to implement AML reporting and record-keeping, and screening and monitoring obligations. 

The expanded scope ensures a tighter focus on firms that are particularly vulnerable to money laundering risk, and will enhance regulatory consistency within Germany. 

Outsource Oversight and Business Relationships

Where German firms outsource their AML compliance, BaFin emphasises that these organisations remain directly responsible for the function. This means that firms must ensure that third-party AML providers are capable of achieving a satisfactory level of AML compliance and, if necessary, implement internal safeguards. 

BaFin also clarified the term “business relationship”, suggesting that, beyond one-off transactions, it should also apply to irregular and infrequent cases of customer contact. In these contexts, firms are expected to conduct suitable customer due diligence (CDD) in order to identify customers for AML purposes. 

Risk Analysis

BaFin offers advice on the assessment process that firms are expected to conduct as part of their risk-based approach to AML compliance. AuA 2.0 sets out an explicit list of sources and guidance that firms should adhere to when conducting risk assessments, these include:

Customer Due Diligence Updates 

Under AuA 2.0, firms must update their customer due diligence (CDD) checks on customers more frequently, especially in higher risk cases. Under the new regime, the intervals for updating CDD checks are as follows: 

Time between updated CDD check
AuA (old version)AuA 2.0
Low risk customerNo longer than 15 years“Risk appropriate” updates
Medium risk customerNo longer than 10 yearsNo longer than 5 years
High risk customerNo longer than 2 yearsAnnual updates

Crypto Asset AML

AuA 2.0 highlights the new AML risks posed by cryptocurrencies and virtual assets. Accordingly, under the new regime, crypto-asset service providers will fall under the scope of AML regulations. BaFin states that these firms will be expected to use blockchain analysis software in order to monitor customer transactions involving cryptocurrencies and other virtual assets. 

Similarly, AuA 2.0 highlights the need for crypto-asset service providers to apply enhanced due diligence (EDD) measures when handling transactions of €1,000. EDD should also be applied when handling transactions that involve “self hosted addresses” in order to account for the elevated AML risk associated with blockchain technology. 

Money Laundering Officer

AuA 2.0 clarifies the role of the Money Laundering Officer (MLO) for firms that operate across international borders. In this context, BaFin states that the MLO must carry out their supervisory activities in Germany. A cross-border firm may appoint a foreign proxy to act as MLO, but that person must carry out their MLO activities in Germany. 

Further to that clarification, BaFin states that companies with fewer than 15 full time employees should factor in their AML risk exposure when deciding whether to appoint a member of their own management to the MLO role. BaFin also states that the MLO should generally not simultaneously hold the role of outsourcing or data protection officer, or be a member of the internal audit team. 

Whistleblower Reporting Office

BaFin states that firms only need to establish a single internal reporting office to meet the GwG’s whistleblower requirements. It points out that the internal reporting office must facilitate confidential and anonymous reporting, to the standards set by Germany’s FIU. 

Preparing for Germany’s New AML Regime

Stay ahead of AMLA compliance challenges, and prepare your organisation for Germany’s new AML regime with Ripjar’s Labyrinth Screening platform

Powered by cutting-edge artificial intelligence, Labyrinth enables global adverse media screening of thousands of data sources, in multiple foreign languages, and delivers actionable compliance intelligence in seconds. Labyrinth’s advanced AI features promise to supercharge the screening process from end to end: identify, extract, and connect the most relevant unstructured data with AI Risk Profiles, and use AI Summaries to support high pressure compliance decision-making by generating clear, concise prose summaries of risk for each customer. 


Discover how Labyrinth Screening can support your AML compliance in Germany

Learn More

Last updated: 6 January 2025