Category: AML Compliance

The Hong Kong Money Laundering and Terrorism Financing Report 2022: What You Need to Know

In July 2022, the Hong Kong Monetary Authority (HKMA), Hong Kong’s primary financial regulator, published its second Hong Kong Money Laundering and Terrorism Financing Report (ML/TF report).

The HKMA compiles the report following the recommendation of the Financial Action Task Force (FATF) that jurisdictions identify the financial crime risks that they face and deploy suitable risk mitigation measures. Hong Kong is home to some of the world’s largest banks and financial institutions and holds total assets worth around HK$26.4 trillion. Since the city has developed its status as international finance, trade, and transportation hub, the ML/TF report is an important feature of Hong Kong’s anti-money laundering (AML) and counter-financing of terrorism (CFT) framework. The HKMA points out that, while the city’s “longstanding strengths” bring advantages, they also attract criminals that seek to abuse and exploit the financial system.

The first version of the ML/TF report was released in 2018 while the second version was completed in 2021: the 2021 report reflects the ways in which the financial landscape has “continued to evolve” in relation to new threats and influences and, in particular, to new technologies. In his introduction to the 2021 report, Hong Kong’s financial secretary, Paul MP Chan, outlined the new risks facing the city’s banks and financial service providers, including those posed by virtual assets – along with the “robust and effective” responses the regulator has implemented in order to deal with them.

Hong Kong Money Laundering Predicate Offences

The ML/TF report examined the criminal detail behind Hong Kong’s money laundering activity from 2016 to 2020. As part of that examination, the report broke down the Hong Kong authorities’ money laundering investigations by the type of predicate offence involved – that is, the illegal activity that generated the funds that criminals needed to launder.

According to the report, between 2016 and 2020, 9197 money laundering investigations were initiated in Hong Kong for the following predicate offences:

72.6% for fraud related crimes
19.2% for no identified predicate offences
1.4% for drug related crimes
1.2% for corruption
1.2% for tax crimes
0.93% for robbery, burglary, theft, and blackmail
0.8% for goods smuggling (eg, illegal wildlife trading)
0.4% for seriously gambling offences
0.3% for loansharking
0.2% for vice
0.04% for human smuggling and trafficking
1.3% for crimes not listed above

When compared to 2018, the 2021 report suggests that Hong Kong’s money laundering threat landscape has not changed significantly in terms of methodology. While there was an increase in the number of money laundering investigations, that change is likely a result of the increased amount of online transactions caused by Covid-19 restrictions and the influx of new financial services provided by virtual banks.

While the typologies of predicate offence remained broadly unchanged, the HKMA noted that criminals were increasingly “taking advantage of the online platform” in order to commit fraud – a trend partly motivated by pandemic-related factors and the emergence of new technologies such as virtual assets. The HKMA noticed other changes in criminal behaviour emerging from the pandemic, including the increase in drugs transported into Hong Kong via air and sea – as a result of land-based travel restrictions.

Banking Challenges

The 2021 report focuses on the specific money laundering threats against Hong Kong’s banking system, emphasising the sector’s increasing reliance on digital payment channels and remote customer onboarding as risk factors. With that in mind, major money laundering threats to Hong Kong’s banking sector in 2021 included

Online fraud (and fraud related to Covid)
Corruption and tax crimes
Remote onboarding (virtual banks and conventional using online)
Mule accounts
Payment systems new payment methods

Virtual Assets

The report notes that the rapid increase in the use of virtual assets (VA), such as cryptocurrencies, poses ‘significant ML/TF risks to the international financial system’ – and to Hong Kong, which is described as having ‘significant VA activities’. The threat posed by VA is predominantly a result of their anonymity and decentralisation of cryptocurrency transactions, and lack of safeguarding compared to fiat currencies. Data suggests that the number of financial crimes involving VA has increased in Hong Kong, with 739 cases reported in the first 8 months of 2021, compared to 494 in the entirety of 2020.

The report found that the money laundering risks associated with VA in Hong Kong primarily affect trading platforms or cryptocurrency exchanges, which allow international money launderers to access services anonymously or use mules to conduct transactions on their behalf. Similarly, criminals are able to conceal the source of the funds they use on exchanges by using anonymous wallets – further complicating subsequent efforts by law enforcement during ML investigations.

The report also cited crypto ATMS, ICOs, and peer-to-peer trading platforms as potential ML vulnerabilities but noted that the risk they posed in Hong Kong was limited.

Addressing Hong Kong’s Money Laundering Challenges

In response to the ML/TF threats set out in the report, the HKMA emphasised the need for banks to take a risk-based approach to AML/CFT. The risk-based approach requires banks and financial institutions to assess their customers individually to determine the level of risk they present, and then deploy an appropriate AML/CFT response.

With that process in mind, the HKMA has issued numerous guides and advisories to financial institutions in the city and made AML/CFT resources available, such as the Anti-Money Laundering and Counter-Financing of Terrorism Guideline, which was updatesd in 2018. In response to the increasing complexity of the financial landscape, the HKMA has focused heavily on virtual banks and other fintech service providers – including taking steps to ensure that these entities establish ‘robust ML/TF risk management controls and comprehensive independent assessments of their AML/CFT systems’.
Hong Kong’s Securities & Futures Commission introduced a licensing regime in 2019 to manage the growth of the city’s VA trading platforms. The licensing criteria includes requirements to implement a range of ML/TF compliance controls, including know your customer (KYC), cybersecurity, and risk management measures. Similarly, Hong Kong’s government has introduced a proposal for a licensing regime for all virtual asset service providers (VASP): the regime will include a ‘fit and proper test’ that will require VASPs to appoint AML/CFT officers responsible for ensuring regulatory compliance.

Implement Next Generation Risk Management

Achieving compliance with Hong Kong’s AML/CFT regulations requires banks, financial institutions, and VASPs to collect and analyse vast amounts of customer and transaction data in an increasingly complex and challenging regulatory landscape. Ripjar’s next generation Labyrinth risk management solution has been developed with that capability in mind, integrating cutting edge compliance technology and real time data screening to ensure your business stays ahead of criminal trends, and is able to adapt to incoming regulations.

To learn more about AML/CFT risk management in Hong Kong and around the world, get in touch with Ripjar today.

AML Regulations in the USA

As the largest and most influential economy in the world, the United States addresses financial criminal threats by enforcing strict anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations. Research suggests that up to $300 billion is laundered in the US annually, with AML compliance costing US firms up to $25.3 billion per year.

Given the criminal threat, the US AML/CFT regulations involve a range of important reporting and record-keeping obligations which are based on standards set out by the Financial Action Task Force (FATF). Violations of AML regulations in the US are serious crimes and may result in financial penalties and even prison sentences for implicated individuals. If you do business in the US, it’s important that you develop a strong understanding of the relevant AML/CFT laws, become familiar with US financial regulators, and ensure that your business is able to meet its regulatory obligations on an ongoing basis.

Who are the USA Financial Regulators?

The Financial Crimes Enforcement Network

The USA’s principal financial regulator is the Financial Crimes Enforcement Network (FinCEN) which operates under the authority of the Department of the Treasury and serves as the USA’s Financial Intelligence Unit (FIU). FinCEN’s stated mission is to ‘safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities’.

FinCEN provides oversight for all banks and financial institutions in the US as part of the global fight against money laundering and the financing of terrorism. Its responsibilities involve the collection of transaction data from US firms and the distribution of that data for law enforcement purposes. Where necessary, FinCEN partners with law enforcement agencies at the state and federal levels, to aid criminal investigations. FinCEN also cooperates with its international counterparts in order to help fight global financial crime.

The Office of Financial Assets Control

The Office of Financial Assets Control (OFAC) oversees the US sanctions programmes, ensuring that US firms comply with the trade prohibitions on targets set out in the relevant sanctions lists. The US maintains a number of sanctions lists, but its principal list is the Specially Designated Nationals (SDN) and Blocked Persons List. The SDN list includes the names of persons designated for economic sanctions on one of the US global sanctions programmes.

What are the Key US AML Regulations?

The Bank Secrecy Act

The primary article of AML legislation in the US is the Bank Secrecy Act (BSA). Introduced in 1970, the BSA imposes reporting and record-keeping obligations on US banks and financial institutions in order to prevent criminals using their products and services to launder money. Under the BSA, institutions must implement internal AML controls including monitoring their customers and transactions for suspicious activity, and reporting suspicious activity to FinCEN.

The Patriot Act

In 2001, following the September 11 terror attacks, the US passed the USA Patriot Act as an amendment to the BSA. The Patriot Act introduced new powers for US law enforcement agencies when investigating suspected terrorism financing. In particular, the Patriot Act imposes a range of customer due diligence (CDD) and screening responsibilities on US companies, and focuses on international transactions and business relationships. The Patriot Act imposes criminal and financial penalties for persons found to be in violation of CFT compliance rules.

AMLA 2020

In 2021, the US introduced the Anti-Money Laundering Act (AMLA) 2020. The Act was held up as the most significant reform to US AML/CFT legislation since the implementation of the Patriot Act, and a means to manage the threats posed by new technologies and criminal methodologies. Amongst the regulatory measures introduced by AMLA were new beneficial ownership rules to prevent the misuse of shell companies, increased money laundering penalties, new whistleblower protections, and expanded international information sharing rules.

US AML Compliance

As an FATF member state, the US requires firms to take a risk-based approach to AML/CFT. This means that they must assess their customers at onboarding to establish the level of compliance risk they present, and then deploy AML/CFT measures in proportion to that risk. In practice this means that firms may subject higher risk customers to more intense monitoring and screening measures.

With that in mind, an effective US AML compliance programme should feature:

Customer identification: Firms in the US must establish and verify the identities of their customers in order to conduct an effective risk assessment. The customer due diligence process should involve the collection of names, addresses, dates of birth, and beneficial ownership information.
Transaction screening: US firms must screen their customers’ transactions for signs of suspicious activity, including unusual transaction patterns, transactions with high risk customers and jurisdictions, or transactions involving sanctions targets.
Politically exposed persons: Government officials represent an elevated risk of money laundering. With that in mind, US firms should screen customers against politically exposed persons (PEP) lists to determine the level of compliance risk they present.
Sanctions screening: US firms must screen their customers against the relevant sanctions lists, including the SDN list, and the UNSC sanctions list.

Enhanced due diligence

Under the risk-based approach to AML/CFT, the US requires firms to subject higher risk customers to enhanced due diligence (EDD) measures. The EDD process should include a greater degree of AML/CFT scrutiny, stronger identity verification measures, and checks into the source of customer funds and wealth. Enhanced due diligence measures might also include PEP screening and sanctions screening.

Adverse media checks

Criminal activity and other compliance related risks may be reported in news media before they are confirmed by official sources. Accordingly, the enhanced due diligence process may also include adverse media checks, which require firms to search a range of news sources for customer involvement in negative stories.

In the US, adverse media screening may involve searching non-English news sources, which means that firms must implement suitable screening technology to match customer names in foriegn languages. Adverse media screening technology is essential to the US AML compliance process: with that in mind, Ripjar’s next generation risk screening solution enables your firm to capture breaking news stories from across the world in real time, reduce false positive hits, and ensure that your compliance team is informed as soon as a customer’s risk profile changes.

Contact us to discuss how Ripjar can support your AML compliance in the USA

New EBA Guidelines on the Role of the AML/CFT Compliance Officer

Following its supranational risk assessment (SNRA) in 2019, the EU reported that a number of member states were not implementing Anti-Money Laundering Directive 2015/849 evenly or effectively, and identified specific failures in the appointment of AML/CFT compliance officers.

After further analysis of the risk assessment’s findings, the EU requested that the European Banking Authority (EBA) develop guidance that ‘clarifies the role of AML/CFT officers in credit and financial institutions’.

Under the text of the Directive, the EU requires ‘the appointment of a compliance officer ‘at management level’ as part of a firm’s internal AML policies, controls, and procedures. The directive defines the compliance officer as as a ‘senior management’ employee with ‘sufficient knowledge of the institution’s money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting its risk exposure’. The directive does not go into any further detail regarding the day-to-day duties of the AML/CFT compliance officer, nor does it define the officer’s wider responsibilities or their relationship with financial authorities.

To address the potential lack of regulatory clarity, the EBA published its AML/CFT compliance officer guidance in 2022.

What is an AML/CFT Compliance Officer?

An anti-money laundering/counter-financing of terrorism (AML/CFT) compliance officer is the individual responsible for the implementation of their firm’s AML/CFT compliance programme. In the EU, that means they must ensure their firm is operating in alignment with the rules and regulations set out in the Anti-Money Laundering Directives (AMLD), monitoring and reporting suspicious activities to the appropriate financial intelligence unit (FIU), and ensuring that their organisation is not allowing criminals to misuse their products and services.

The complexity of the EU’s AML/CFT compliance landscape means that the AML Compliance Officer role can be challenging: with the release of the EBA guidance, firms that operate within the EU and the EEA should ensure they understand what the compliance officer does, and how they fit within their firm’s infrastructure.

AML Compliance Officer Role and Responsibilities

Referencing Directive 2015/849, the EBA stressed that its guidelines on the role and responsibilities of the AML/CFT compliance officer should be interpreted proportionally by individual institutions, taking into account factors such as company size, industry, and complexity.

The directive frames the ‘management body’ and ‘senior managers’ as important components of their firm’s AML/CFT infrastructure, stating that entities must ‘obtain approval from their senior management’ for the AML policies, controls and procedures that they implement, and that senior management employees must ‘monitor and enhance’ those measures. However, the directive does not set out in detail the management body’s relationship with its AML/CFT compliance officer – who must be appointed as part of those policies, controls, and procedures.

With that in mind, the EBA organised its guidance into two categories:

Role and responsibilities of the management body/senior AML/CFT manager
Role and responsibilities of the AML/CFT compliance officer

The EBA sets out the role and responsibilities of both the management body and the AML/CFT compliance officer in detail in its 2022 guidance. Rather than representing ‘new’ additions to existing guidelines (characterised as sufficient ‘at the time’) the EBA stresses that the 2022 provisions ‘complement requirements in other sectoral laws that relate to credit or financial institutions’ governance and risk management systems, and suitability requirements for senior function holders’.

Key highlights of the EBA’s 2022 guidance are as follows.

The Role of the Management Body/Senior AML/CFT Manager

The EBA’s guidelines set out the role of a firm’s management body and senior AML/CFT manager within its internal AML/CFT framework. The EBA states that ‘the management body should be responsible for approving the credit or financial institution’s overall AML/CFT strategy and for overseeing its implementation’. Key aspects of a management body’s AML/CFT role include:

Providing oversight of AML/CFT policies and assessing the effectiveness of those policies through internal and external audits.
Ensuring that individuals responsible for AML/CFT functions possess sufficient knowledge, experience and skills to perform their duties effectively.
Ensuring that individuals responsible for AML/CFT functions are kept informed of business decisions or any other factors that affect compliance risk.
Reviewing any activity reports that the firm’s AML/CFT officer submits.
Managing human and technical resources in order to facilitate effective AML/CFT operations.

The Role of the AML/CFT Compliance Officer

The EBA notes several important factors that firms must take into account when appointing an AML/CFT compliance officer, including the scale and complexity of their financial operations and their operational exposure to criminal risk. The character and ability of an AML/CFT officer is also important: the EBA’s guidance emphasises the need for officers to have the expertise and authority to carry out their duties effectively, have no conflicts of interest, and have the availability to communicate with the relevant FIU.

The guidelines also note that the appointment of an AML/CFT compliance officer should be proportional to a firm’s compliance needs. Smaller firms and sole traders, for example, may choose not to appoint an AML/CFT officer as long as they set out their justification for doing so in writing.

The EBA notes that firms must clearly define and document their AML/CFT officer’s role and responsibilities. Under the requirements of the EU’s AMLD, AML/CFT compliance officers must:

Develop a risk assessment framework specific to the risks that their firm faces.
Develop AML/CFT policies suitable for their firm’s risk exposure and appetite for risk.
Screen customers and transactions, including monitoring high-risk customers, sanctions lists, politically exposed persons (PEP) lists, and adverse media stories.
Monitor AML/CFT compliance in line with the latest AMLD regulations on an ongoing basis.
Communicate clearly with the firm’s internal management body, including submitting an annual AML/CFT activity report (which will be made available for competent authorities).
Report suspicious customer transactions to the relevant FIU.
Train compliance employees and promote AML/CFT compliance awareness in line with the latest regulations.

To learn more about how Ripjar’s solutions can support AML/CFT compliance officers, get in touch today.

Supply Chain Compliance: 6 Steps to Improve Compliance

Supply chains are integral to modern business, enabling the flow of goods and services across borders and ensuring that firms and markets around the world continue to function smoothly. However, while supply chains deliver the resources and connections that organisations require, they also expose them to an increased degree of third party criminal risk.

While a firm may be confident that it understands the immediate compliance risks that it faces – from its customers and its industry sector – it may be much less familiar with the risks that suppliers and other third parties along the supply chain face. Many anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations require firms to take steps to ensure that third parties involved in their supply chains are not involved in criminal actvitiy – or face both criminal and reputational penalties.

To detect and address the AML/CFT risks associated with third parties, check out these 6 key considerations for enhancing your supply chain compliance performance.

1. Map Supply Chain Risk Exposure

To manage supply chain risk, firms must understand not only who their suppliers are, but who those suppliers are working with. In practice, this means achieving a greater level of visibility into the component nodes of your supply chain, including the transport routes, manufacturing plants, storage facilities, and managerial personnel that it involves. Firms should assess each of those components in detail in order to determine the AML/CFT risk that they present, and then track them on an ongoing basis to capture changes in that risk profile.

Relevant supply chain risk factors include:

Operational risk: The industry in which a third-party operates will affect the level of AML/CFT risk that it presents. Examples of high risk industries include payment services, art, shipping and logistics, each of which may offer criminals opportunities to commit crimes such as money laundering.

Geographical risk: Supply chains that cross borders may come into contact with high risk AML/CFT jurisdictions.

Sanctions risk: Cross-border supply chains carry an increased risk of international sanctions compliance concerns. Firms should screen persons involved in their supply chain against relevant sanctions lists on an ongoing basis.

Corruption risk: Foreign supply chains are often vulnerable to corruption, stemming from transactions involving politically exposed persons (PEP). With that in mind, firms should be aware of the political risks that their supply chain entails, and whether changes to the political landscape have affected that liability.

2. Understand Criminal Methodologies

Supply chains are vulnerable to a variety of criminal risks, with criminals having developed sophisticated methods to evade AML/CFT controls and exploit regulatory blindspots. When implementing an effective risk management solution, it’s important that you understand the methodologies that criminals use to target supply chains. These include:

Misrepresenting goods on official documentation or letters of credit
Misrepresenting the value or quality of goods being transported
Transporting illegal goods
Unauthorised unloading of goods

3. Build a Risk Management Solution

Firms that have a perspective of their supply chain risk liabilities should develop and implement a risk management framework in order to respond to potential AML/CFT alerts. The framework should align with a firm’s risk appetite, allow it to gauge the impact of the potential risks, predict the likelihood of those risks becoming a reality, and set out the compliance measures that will be used to deal with them.

Third party business relationships change constantly as a result of economic conditions, new technologies, or political upheaval, which means that your supply chain’s risk exposure also changes. In order to stay on top of emergent risks, you’ll need to implement a persistent monitoring solution for every relevant aspect of your supply chain so that you can detect changes when they happen and make adjustments to your risk management solution in a timely manner.

4. Conduct Supply Chain Due Diligence

Like all risk-based AML/CFT procedures, supply chain due diligence should be an important part of your risk management solution. In addition to understanding who is involved in your chain from end-to-end, you’ll need to verify that information to properly assess your compliance risk exposure. In practice, effective supply chain due diligence means gathering the following information on third parties:

Identifying information such as supplier names, addresses, company incorporation documents, and beneficial ownership details.
Financial information such as cashflow, expense details, growth projections, and debts and liabilities.
Historical financial performance.
Regulatory environment and AML/CFT compliance performance.

5. Recognise Red Flags

Once your supply chain risk management solution has been implemented, it’s important that your compliance employees understand how to spot the relevant indicators of AML/CFT threats. Key red flag characteristics of supply chain risk include:

Corporate structures: Suppliers that have needlessly complex corporate structures present a higher risk of money laundering. Red flags include the use of shell companies or incorporation in a high risk country.

Online activity: Suppliers that do not have a website, or that have an unusual online presence that does not match their business operations.

Trading behaviour: Suppliers that trade in goods that do not match their business profile or that engage in needlessly complex trade deals.

Trade routes: Suppliers that organise their shipments in needlessly complex routes between their ports of origin and destination.

Documentation: Suppliers that submit insufficient documentation for their shipments or that submit documents with inconsistencies or deficiencies.

Transactional activity: Suppliers that make frequent or last-minute changes to their financial arrangements, or that engage in unusually high or low volumes of transactions.

6. Screen for Adverse Media

Given the global nature of supply chain relationships, firms should seek to stay informed about AML/CFT risks by screening for adverse media involving third party business relationships. Adverse media is such a good indicator of AML/CFT risk because its information flows are not restricted by borders, jurisdictions, or government protocol, and stories may be broken before their confirmation by official sources.

Adverse media screening solutions should be set up to capture information about suppliers from foreign language news sources and should integrate multi-language name matching tools to account for variations in name spelling or the use of non-Latinate characters. With that in mind, it is often useful for firms to integrate smart AML software tools that enhance their adverse media solution with automated speed and accuracy, and the capability to monitor breaking stories in real time.

To find out how we can help your business implement an effective supply chain risk management solution, get in touch today.

Singapore AML Update: MAS Name Screening Guidance 2022

The Monetary Authority of Singapore (MAS) serves as Singapore’s central bank and financial regulator. MAS provides oversight for the country’s banks and financial institutions, setting anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations, and enforcing compliance. In that supervisory role, MAS regularly issues guidance to help businesses implement its AML/CFT rules and in April 2022 it issued new guidance on Strengthening AML/CFT Name Screening Practices.

The 2022 guidance followed thematic inspections of AML/CFT name screening frameworks of selected Singaporean financial institutions in 2021. The inspections were conducted in order to ‘assess the robustness… of name screening frameworks and controls, relative to their risk profiles and business operations in Singapore’. Drawing on observations from the inspections, MAS’ 2022 guidance sets out expectations regarding financial institutions’ name screening processes, along with examples of good practices, and areas for improvement. According to MAS, financial institutions should ‘benchmark themselves against the practices and supervisory expectations… in a risk-based and proportionate manner’.

Given the need to comply with MAS’ rules and regulations, it is important that financial institutions in Singapore understand the regulator’s 2022 guidance and the name screening deficiencies that it revealed.

Senior Management Oversight

In its thematic inspections, MAS noted that senior management employees in Singapore tended to be well positioned within their companies’ AML/CFT infrastructure in order to access relevant name screening information, and tended to have established processes to track and address unresolved alerts. However, MAS noted a number of areas for improvement, including:

Inconsistent assessment: Certain financial institutions’ name screening policies and procedures were inadequate, resulting in inconsistent senior management assessment of AML/CFT alerts.

System reviews: Insufficient senior management understanding of name screening systems and a lack of regular system reviews were increasing the risk of inaccurate AML/CFT alerts.

Erroneous dismissal: Inadequate checks and balances in the senior management alert resolution process were increasing the risk of true positive AML/CFT alerts being dismissed erroneously. In particular, MAS’ guidance emphasised the need for ‘four eye checks’ (alerts verified by two people) and for risk-focused quality assurance (QA) to identify procedural weaknesses.

Accountability: A lack of records of senior management discussions of AML/CFT concerns were creating a lack of accountability for compliance issues and obscuring the basis for compliance decisions.

Frameworks, Policies and Procedures

The thematic inspections covered Singaporean firms’ name screening policies and procedures during onboarding, transaction processing, and periodic Know Your Customer (KYC) reviews. In practice, those policies and procedures entail the processes used to input customer names into AML/CFT frameworks, the way those names are tracked, and the criteria used to assess and dismiss those names.

MAS suggested that Singaporean financial institutions had deficiencies in their name screening policies and procedures, including:

Inadequate batch screening tools: MAS found that a ‘small number’ of Singapore’s financial institutions were not implementing adequate tools or systems to conduct batch screening of customer names against sanctions lists. In one case, a firm was conducting batch screening manually, which led to delays and human error, while another firm was using a batch screening tool that could not accommodate the full range of necessary names.

MAS pointed out that Singaporean firms should implement a suitable software screening tool to conduct name screening or put safeguards in place to mitigate human errors.

Former names: The KYC process sometimes requires firms to search for customers’ former names. In this context, MAS found that some financial institutions were not screening for former names, or had not formalised any requirements to screen for former names as part of their KYC process. MAS advises that financial institutions establish clear requirements to screen for former names as part of their AML/CFT solution.

Customer tracking: MAS found that financial institutions were failing to systematically identify and track customers that they were required to screen. Where customers were not tracked, financial institutions experienced delays and omissions in the AML/CFT process.

MAS recommended that financial institutions implement structured tracking processes in order to avoid lapses and delays in AML/CFT alert remediation.

Screening Parameters and Databases

MAS sets out supervisory expectations that financial institutions will implement suitable name screening software solutions and ensure that those solutions are capable of effectively generating name matches. With that in mind, financial institutions are expected to regularly review the parameters under which their name screening systems operate to ensure that they remain up to date with relevant information.

MAS’ thematic inspection revealed that Singapore’s financial institutions were broadly succeeding in implementing formalised frameworks to govern their name screening systems, and periodic reviews of those systems, in order to ensure ongoing accuracy. However, MAS also found the following deficiencies:

Over-reliance on vendors: MAS found that some financial institutions were overly reliant on vendors for setting their name screening system parameters, and for ensuring the adequacy and accuracy of information sources. Consequently, many name screening systems were ‘ineffective in identifying relevant name matches’ and were not receiving adequate information about customers’ specific business activities – and so were failing to identify AML/CFT risks.

Fuzzy logic matching: MAS found that some financial institutions were using name screening tools without fuzzy logic capabilities – and which could only identify customer names where there was a 100% match. By implementing fuzzy logic name screening, these firms would be able to account for partial matches, such as those caused by spelling discrepancies, and so capture potential AML/CFT risks more accurately.

Internal checks: Many financial institutions were found to be failing to conduct checks on the internal lists that held vital name screening information. By failing to regularly maintain and verify the accuracy of that information, financial institutions were degrading the accuracy of their name screening processes, and missing important AML/CFT alerts.

In response to the deficiencies revealed by the inspections, MAS emphasised the need for financial institutions to regularly review their system parameters to ensure their ongoing effectiveness, and to review the completeness of their screening databases to ensure they were updated with sufficient information to facilitate effective compliance decisions.

Alert Resolution

MAS expects financial institutions to address name screening alerts in a timely manner, and keep suitable records of the process. Similarly, financial institutions are expected to implement independent checks and balances to ensure the alert resolution process remains fit for purpose.

In conducting its thematic inspection, MAS identified the following areas of concern:

Adverse media: MAS’ inspections revealed that some financial institutions in Singapore were not effectively screening customer names against adverse media. In particular, MAS found that:

Financial institutions were dismissing adverse media from regional or local news sources.
Financial institutions were determining the relevance of adverse media based only on how recently the story was released.

MAS guidance emphasised the need for financial institutions to ‘consider all key factors’ when determining the relevancy of adverse media stories.

Documentation of screening results: MAS found that some financial institutions were failing to adequately document the results of name screenings and assessments. The deficiencies resulted in missing records and a lack of basis for dismissing AML/CFT alerts.

In order to address those deficiencies, MAS emphasised the need for financial institutions to establish clear documentation requirements for alerts derived from name screening.

Alert dismissal: MAS found that some financial institutions did not have adequate criteria for assessing and dismissing AML/CFT alerts – and were dismissing alerts without adequate basis. In particular, MAS found that:

Financial institutions were dismissing alerts on a consolidated basis rather than addressing the specific concerns of individual alerts.
Financial institutions were dismissing alerts for generic reasons rather than adequately justifying the reasons for the dismissal.

Accordingly, MAS recommended that financial institutions set out detailed guidance for the resolution of name screening alerts, and set out requirements for compliance employees to provide justification for alert dismissals.

Checks and balances: MAS’ inspection revealed that a number of financial institutions in Singapore lacked effective checks and balances to determine whether name screening alerts were being dismissed appropriately. MAS highlighted the need for financial institutions to implement checks and balances to ensure effective alert remediation, including regular QA checks to ensure the timely detection of errors.

To find out how we can help your business implement an effective name screening solution, get in touch today.

AML Regulations in Germany and How to Comply

Germany is one of the wealthiest members of the EU and a hub for thousands of multinational businesses. While Germany provides an array of commercial opportunities, its financial profile also attracts criminals who seek to exploit the country’s financial system to launder money and commit other financial crimes. Accordingly, AML regulations in Germany are a serious priority for financial authorities: Deutsche Bank, for example, has received significant fines for compliance violations – including a $150 million dollar fine in 2020 for its involvement in the Danske Bank money laundering scandal.

Given the government’s increasing focus on financial compliance, and the potential for significant fines and penalties, companies in Germany should understand the anti-money laundering (AML) and counter-financing of terrorism (CFT) landscape – and how to meet their regulatory obligations.

What is BaFin?

Germany’s financial regulator is known as the Federal Financial Supervisory Authority, or the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin). The regulator was established in 2002 to provide oversight for all financial institutions in Germany, including banks, stock exchanges, and insurance companies.

BaFin’s authority and powers are provided by Germany’s Banking Act (Gesetz über das Kreditwesen). In its supervisory role, BaFin works to ‘prevent irregularities in the banking system’, including those which may endanger the safety of assets or ‘substantially prejudice the economy’. BaFin sets financial regulations, including AML/CFT rules, for all institutions operating in Germany, and monitors their ongoing compliance. It is also responsible for issuing licences to German financial institutions that meet relevant criteria.

AML Regulations in Germany

As a member of the Financial Action Task Force (FATF), Germany transposes FATF AML/CFT recommendations into domestic legislation. Similarly, as a member of the EU, Germany must implement AML/CFT measures introduced in the EU’s Anti-Money Laundering Directives (AMLDs), which are issued periodically in order to maintain regulatory consistency across the union.

With those factors in mind, AML regulations in Germany are set out in the Money Laundering Act or Geldwäschegesetz (GWG). The GWG defines the crime of money laundering in Germany and includes the following important regulatory points:

Following FATF guidance, financial institutions in Germany must develop and implement risk-based AML/CFT programmes.
Financial institutions must implement suitable customer due diligence (CDD) processes and screen customer transactions for suspicious activity.
Where suspicious activity is detected, financial institutions must submit a report to Germany’s Financial Intelligence Unit (FIU).

AMLD Compliance in Germany

Germany’s AML/CFT policy is shaped by the EU Anti-Money Laundering Directives, which reflect evolving financial crime methodologies and harmonise the regulatory environments in different EU member states. The most recent AMLD is the Sixth Anti-Money Laundering Directive (6AMLD) which focuses on the ongoing harmonisation of money laundering regulation across the EU.

Germany implemented 6AMLD via the Draft Act for the Effective Prosecution of Money Laundering (Gesetz zur Verbesserung der strafrechtlichen Bekämpfung der Geldwäsche). The Draft Act introduced the following regulatory measures:

A list of 22 money laundering predicate offences, including environmental crime and cyber crime.
An expansion of the definition of money laundering to include aiding and abetting.
An extension of criminal liability for money laundering to legal persons, meaning companies and partnerships and their senior management employees.
Minimum 4 year prison sentences for individuals convicted of money laundering.
Information sharing requirements with other EU countries in order to facilitate cross-border prosecutions.

Updates to the German Banking Act

The German government implemented updates to the Banking Act in 2021, introducing more stringent AML/CFT measures than required by 6AMLD. Under the new rules, the following AML/CFT measures are in effect:

Predicate offences: The distinction between predicate offences and money laundering offences has been removed. Under the new rules, German authorities may prosecute a broad range of financial crimes as money laundering offences.

Foreign companies: If foreign companies (or a subsidiary) are active in Germany, those companies may be liable to German prosecution for money laundering. Similarly, foreign companies that commit money laundering predicate offences abroad may face criminal liability for those offences in Germany.

Reporting obligations: Businesses in Germany must now comply with more comprehensive AML/CFT reporting rules, applicable to a broader range of transactions. Businesses may also be required to justify their business procedures to the FIU.

AML in Germany: Achieving Regulatory Compliance

Under FATF recommendations, German financial institutions must take a risk-based approach to compliance – which means they must assess individual customers and then deploy a proportionate compliance response. With that in mind, firms in Germany should implement suitable Know Your Customer (KYC) procedures in order to understand their customers’ financial behaviour, including:

Identity verification: Financial institutions should perform customer due diligence (CDD) in order to establish and verify their customers’ identities. The CDD process should involve the collection of customer names, addresses, and birthdates, and the collection of company information including beneficial ownership details.

Transaction screening: German firms must screen their customers’ transactions for signs of financial crime, including irregular transaction patterns, and transactions involving high risk counterparties or jurisdictions.

Sanctions screening: In order to avoid doing business with sanctions targets, German firms must screen their customers against relevant sanctions lists, including the EU sanctions list and the UNSC Consolidated List.

ESG and Adverse Media in Germany

Environmental, social and governance (ESG) factors and adverse media monitoring are an important part of AML/CFT compliance in Germany.

ESG

In December 2019, BaFin published its Guidance Notice on Dealing with Sustainability risks which included descriptions of ‘risk identification, management, and control processes’. In 2021, the German government passed the Supply Chain Act (Gesetz über die unternehmerischen Sorgfaltspflichten in Lieferketten), a law concerning corporate due diligence for supply chains. Under the rules, firms in Germany must extend humanitarian and environmental due diligence obligations to their supply chains, including establishing systems to prevent and minimise ESG risk.

Adverse Media

Customer involvement in financial crime is often revealed in news media prior to its confirmation by official sources. With that in mind, adverse media, also known as negative news, is a good indicator of AML/CFT risk.

Under EU AMLD regulations, firms in Germany must implement adverse media screening requirements as part of their risk management solution. The Fourth Anti-Money Laundering Directive (4AMLD), for example, introduced a requirement for firms to screen against open source media, such as ‘reputable newspapers’. 5AMLD subsequently expanded that requirement to a broader range of business sectors and emphasised the need for firms to integrate suitable screening technology.

2024 Bafin Guidance: Mandatory Adverse Media Screening

In July 2024, BaFin updated its GWG compliance guidance, known as Auslegungs und Anwendungshinweise (AuA), in anticipation of the new EU Anti-Money Laundering Act (AMLA), and the need for ongoing compliance with EU AMLDs. Amongst the compliance updates set out in AuA ‘2.0’ was the introduction of mandatory adverse media screening.

While AuA 2.0 acknowledges that adverse media screening is not explicitly required under the GWG, it states that sanctions screening and high risk country list screening is no longer sufficient for compliance, and that firms in Germany must “use all knowledge available” in order to establish AML risk, including knowledge derived “from media analyses”.

Following the updated guidance, firms in Germany must now implement adverse media screening as part of their GWG compliance solution.

Next Generation AML Technology

In order to achieve compliance with AML regulations in Germany, it’s vital that you integrate AML software capable of analysing vast amounts of relevant customer data, and of minimising costly false positive alerts. Ripjar’s next generation Labyrinth Screening platform is built for that purpose, integrating cutting edge screening technology to deliver automated data management, multilingual name matching, and the capability to adapt to a changing risk landscape in real time.With the capability to build deetailed AI Risk Profiles for every customer, and generate concise AI Summaries of that risk data, Labyrinth promises to supercharge your screening solution, strengthen decision making, and ensure your business is always prepared for compliance challenges.

What is AMLA? How the EU’s new AML/CFT authority will affect you

In July 2021, the EU announced that it would strengthen its anti-money laundering (AML) and counter-financing of terrorism (CFT) framework by implementing a major legislative package across the bloc. The package will build on regulations introduced in the EU’s Anti-Money Laundering Directives (AMLD) with the goal of further harmonising member states’ AML/CFT legislative environments. Amongst the proposals included in the package is a plan to establish an EU-wide AML/CFT Authority (AMLA) as a centralised supervisory body.

The EU has set an implementation date of 2024 for AMLA, which means that banks and financial institutions across the region must understand how the new authority will function when it begins operations and how it will affect their AML/CFT responsibilities.

European Banking Authority – EBA Report

The AMLA announcement came in light of growing concerns that the EU needs to do more to address the challenges of risk-based AML/CFT supervision across the region. In 2019, the European Banking Authority (EBA) initiated an assessment of competent authorities’ AML/CFT approaches in EU member states. The results of that assessment were released in 2022, and revealed that ‘significant challenges remain in important areas such as the identification and assessment of money laundering and terrorist financing risks.’

The EBA identified a number of common supervisory challenges, including:

Identifying money laundering risks in the banking sector.
Translating assessments of money laundering risks into risk-based supervisory strategies.
Using resources to ensure effective AML/CFT supervision.
Taking proportionate enforcement measures to correct AML/CFT compliance weaknesses.
Ensuring effective cooperation between member states’ FIUs.

What Will AMLA Do?

The Anti-Money Laundering Authority is a component of the EU’s comprehensive policy on preventing money laundering and terrorism financing. In practice, AMLA will have two main areas of AML/CFT focus:

AML/CFT supervision
Support for member state Financial Intelligence Units (FIU)

In its supervisory role, AMLA will carry out periodic reviews of the financial authorities that it supervises, monitoring and supporting financial institutions and ensuring the harmonised application of EU AML/CFT regulations. The manner in which AMLA exerts its regulatory power will vary by the level of AML/CFT risk that financial institutions present, and constitute both direct and indirect supervision.

Direct supervision

AMLA will take a direct supervisory role with EU financial institutions that pose a particularly high AML/CFT risk. This category of institution is referred to as ‘Selected Obligated Entities’.

Selected Obligated Entities will be designated according to a range of criteria, including how many EU member states a particular entity is established in. For example:

Credit institutions that are established in 7 EU member states or more (including as subsidiaries or branches)
Financial institutions that operate in 10 EU member states or more (including as subsidiaries or branches)

Selected Obligated Entities will also be designated according to certain benchmark risk indicators, such as:

The number of high risk customers, such as politically exposed persons (PEPs), that they do business with.
The volume of products and services they trade in that have AML/CFT vulnerabilities.
The volume of deposit and payment account services that they provide.
The volume of correspondent banking services that they provide to third parties.
The volume of correspondent banking clients from high risk third countries that they do business with.
The volume of activity that they engage in with virtual asset service providers in third countries.

AMLA’s direct supervisory authority gives it the power to conduct investigations into Selected Obligated Entities, demand the submission of documents, conduct interviews, and perform on-site inspections. Where AMLA discovers compliance violations or AML/CFT deficiencies, it may:

Request a plan detailing how the entity will achieve AML/CFT compliance.
Place restrictions on the entity’s business operations.
Impose changes to the entity’s governance structure.
Withdraw licences.

Penalties: AMLA may also impose penalties on the entities that it supervises. AMLA financial penalties may be imposed up to a maximum of 10% of the entity’s previous annual turnover, or €10 million. AMLA may also refer certain matters to the relevant national authorities in cases where it is possible to prove criminal activity.

Indirect supervision

AMLA will have an indirect supervisory role with non-Selected Obligated Entities via their national financial authorities. When the AML/CFT compliance performance of these entities degrades significantly, national financial authorities will be required to notify AMLA, which may then request an investigation or the imposition of sanctions. In some cases, AMLA may request national authorities grant it direct supervision over the noncompliant entities.

Beyond any need for intervention, AMLA will exercise indirect supervision on an ongoing basis by maintaining a harmonised AML methodology in member states. With this in mind, AMLA will set out guidelines and make recommendations for risk-based AML/CFT, perform periodic assessments of national supervisors, and even conduct reviews of non-financial supervisory authorities.

Risk Assessments and AMLA

AMLA’s supervisory focus is intended to promote a harmonised regulatory environment across the EU, with member states categorising financial institutions by their exposure to AML/CFT risk and imposing risk-based compliance requirements on those institutions. Following Financial Action Task Force (FATF) guidance, risk-based AML is predicated on a need to perform effective assessments of customers and their transactions in order to build accurate risk profiles. Risk assessments should take place at onboarding and then throughout the business relationship to capture changes in risk.

With that in mind, firms should prioritise the following processes as part of their risk-based approach:

Customer due diligence: EU banks and financial institutions must understand who their customers are in order to perform accurate risk assessments. In practice, this means performing suitable customer due diligence (CDD) by collecting data such as names, addresses, dates of birth, and company incorporation details.
Ultimate beneficial ownership: Money launderers may attempt to use corporate structures or shell companies to conceal their identities. Accordingly, EU firms should establish ultimate beneficial ownership (UBO) of customer entities as part of their CDD process in order to inform their risk assessments.
Enhanced due diligence: Higher risk customers, or customers that generate certain AML alerts as a result of a risk assessment, should be subject to enhanced due diligence (EDD) measures, including more intensive screening and monitoring procedures.
PEP screening: Elected officials and government employees present a higher AML/CFT risk and may be classified as politically exposed persons (PEPs). Firms should screen their customers to establish whether they should be classified as PEPs and monitor their status for any changes in risk.
Sanctions screening: Firms should screen customers against sanctions lists to establish whether they are subject to international sanctions restrictions. In practice this means checking names against the EU sanctions list, and other relevant lists, such as the UK sanctions list, and the US OFAC sanctions list.
Adverse media monitoring: Changes to customer risk profiles may be revealed in global news media. With that in mind, firms should monitor adverse media sources from across the world for stories that involve their customers. Adverse media monitoring is one of the best ways to enhance the risk assessment process since customer risk exposures may be revealed in news stories prior to their confirmation by official sources.

AMLA and Financial Intelligence Units

AMLA’s AML/CFT support focus means that it will coordinate with member states’ Financial Intelligence Units to facilitate cross-border cooperation. Practically, AMLA’s support role will include:

The release of guidelines and recommendations to member states’ supervisory authorities and to regulated entities.
The introduction of templates and models for suspicious activity reporting.
Participation in joint analysis of cross-border suspicious activity.
The introduction of a secure network between EU FIUs known as FIU.net.

AMLA Compliance

AMLA is expected to be operational by 2024 which means that firms should begin preparing now to meet the challenges of a new compliance environment. Effective, risk-based AML requires the strategic application of technology: firms must be able to capture a vast amount of customer and transaction data, and perform ongoing monitoring to detect changes in risk profiles. With that in mind, Ripjar’s next generation AML solutions are designed to identify and manage risks in real time, and help firms adjust to new threats and obligations as they emerge.

To find out how Ripjar can help your business achieve compliance in a changing EU regulatory landscape, get in touch today.

Top 5 AML Technology Trends in 2022

In a turbulent global risk landscape, banks and other financial service providers rely on technology to help them manage their anti-money laundering (AML) and counter-financing of terrorism (CFT) compliance obligations. In recent years, AML technology has taken on a new significance, helping financial institutions to adapt to new regulations and counter increasingly sophisticated money laundering methodologies.

Technology remains a vital component of AML frameworks around the world and an indispensable tool in the fight against global money laundering. To help your business meet its challenges and achieve compliance in a constantly changing risk environment, read our guide to the top AML technology trends of 2022 and beyond.

1. Cryptocurrency Regulation

Cryptocurrencies have continued to gain traction in financial systems all over the world, along with a rise in related financial crimes, as criminals exploit crypto service providers to move money across borders anonymously. Research suggests that in 2021 cryptocurrency crimes generated around $14 billion in proceeds, with losses up 79% from 2020.

In response to the threat posed by cryptocurrencies, governments have been scrambling to introduce targeted cryptocurrency regulations, such as Singapore’s Payment Services Act, and the EU’s Anti-Money Laundering Directives. That regulatory trend is set to continue: Hong Kong, for example, will introduce a licensing regime for cryptocurrency service providers, while the UK has announced its intention to bring ‘certain stablecoins’ under the scope of AML legislation. In the US, the Biden administration has also announced a regulatory focus on stablecoins. The renewed focus on stablecoin regulation reflects proposals from several governments to develop central bank digital currencies (CBDC), facilitated by the same distributed ledger technology used for cryptocurrencies like Bitcoin. The Bank of England has published a discussion paper on a UK CBDC, while the European Central Bank has commented on the development of a digital euro.

2. Machine Learning

AML regulations require firms to analyse structured customer and transaction data in order to detect criminal activity. With that in mind, firms may enhance their data management processes by integrating artificial intelligence and machine learning tools, adding not only speed and accuracy to AML compliance but more intelligent outputs.

Beyond speed and accuracy benefits, machine learning tools add depth to structured AML information and are commonly trained to interpret and even make decisions about that data based on the algorithmic analysis of historical information. As regulations expand in scope to capture new fintech threats, such as cryptocurrency money laundering, machine learning systems are set to become important tools in risk-based money laundering solutions, helping companies make predictions about their customers based on historical data – rather than relying on time-consuming analogue data collection and analysis.

3. Information Sharing

Fintech money laundering threats often involve the movement of illegal money across borders, and entail criminal activities in more than one jurisdiction. In order to address cross-border money laundering, the Financial Action Task Force (FATF) includes information sharing guidance in its AML recommendations, and the EU has included a requirement for member-states to facilitate cross-border prosecutions in its Sixth Anti-Money Laundering Directive (6AMLD).

Information sharing will continue to be a global AML priority in 2022 and beyond, with financial authorities introducing dedicated platforms to make the process easier. In late 2021, the Monetary Authority of Singapore (MAS) launched its Collaborative Sharing of ML/TF Information and Cases (COSMIC) platform, while Hong Kong also introduced its AML Regtech Lab (AMLab) in order to facilitate public-private partnerships to identify suspected money laundering. In January 2022, the US’ Financial Crimes Enforcement Network (FINCEN) issued a Notice of Proposed Rulemaking to establish new information sharing protocols between US banks and their foreign branches.

4. International Screening

Effective AML goes beyond a requirement to collect data from international sources, and extends to the interpretation and analysis of that data. When firms screen for international adverse media, for example, they must be able to select suitable foreign language news sources, conduct customer matches accurately, and judge the content of the stories for relevance and bias.

With those requirements in mind, when firms conduct international screening, including transaction and adverse media screening, multilingual text analysis will be an increasingly important part of the process. In practice, this means the implementation of screening technology capable of accounting for a spectrum of language sets, including non-latinate systems such as Arabic, Mandarin, and Cyrillic, and for non-Western naming conventions, nicknames, and aliases.

5. Sanctions Compliance

The global sanctions landscape is becoming more complex. In addition to geopolitical events, such as Russia’s invasion of Ukraine in February 2022, sanctions may be imposed for a range of criminal activities, including state-sponsored cyber-crime and humanitarian crimes committed by individuals and companies.

In 2022, firms will continue to adapt to an increasingly complex and fast-moving sanctions environment by ensuring their compliance solutions keep pace with regulations. This means the ongoing implementation of technology capable of checking global sanctions lists and watch lists in real time in order to capture changes to risk profiles as soon as possible. Sanctions compliance solutions may be enhanced with intuitive name-matching technology and machine learning tools that allows companies to better eliminate false positives.

Next Generation AML Technology

Modern AML calls for the strategic implementation of technology as part of a risk-based approach to compliance. Implemented effectively, AML technology promises to not only enhance a company’s ability to detect financial crime but streamline the compliance process. Ripjar’s next generation AML solutions incorporate cutting edge compliance technology, enabling you to identify and manage risks in real time, and stay ahead of emergent trends, including new regulations and criminal methodologies.

To find out how Ripjar can help you implement the right AML technology, get in touch today

Anti-Money Laundering Regulations Around the World

In an evolving regulatory landscape, you need to understand how to meet your anti-money laundering compliance responsibilities wherever you do business. Global anti-money laundering (AML) and counter-financing of terrorism (CFT) compliance is a complex challenge that can vary significantly by jurisdiction, risk environment, and emerging fintech innovations.

To help your business overcome its compliance challenges, and understand its regulatory responsibilities read our guide to money laundering regulations around the world.

Global Money Laundering Regulations

The Financial Action Task Force

An intergovernmental organisation comprising 39 member states, the Financial Action Task Force (FATF) works to prevent international money laundering and terrorism financing, and to enhance the global compliance standards. To achieve those objectives, the FATF has developed a set of AML/CFT recommendations which its member-states must implement via domestic legislation. As new criminal trends, regulations, and fintech innovations emerge, the FATF adjusts its recommendations to reflect the global risk environment.

FATF compliance generally requires member-states to implement the following fundamental AML measures and controls:

Governments must treat money laundering as a criminal offence and establish a national financial intelligence unit (FIU) to manage money laundering reports.
Domestic businesses should implement a risk-based approach to money laundering, performing risk assessments on their customers and deploying proportionate compliance responses.
Businesses should implement Know Your Customer (KYC) measures, including customer due diligence (CDD), in order to build out accurate customer risk profiles.
Businesses should screen and monitor their customers on an ongoing basis in order to detect suspicious activity and capture changes in risk profiles. Customers should be screened against relevant risk indicators, such as politically exposed person (PEP) lists, sanctions lists, and adverse media stories.
Financial authorities should assist international counterparts in cross-border criminal investigations.

European Money Laundering Regulations

The Anti-Money Laundering Directives

The European Union issues Anti-Money Laundering Directives (AMLD) on a periodic basis in order to standardise AML/CFT regulation across the bloc. EU member-states are required to transpose the regulatory measures set out in the AMLD into domestic legislation – and do so by a predetermined implementation deadline. The latest EU AMLDs are the Fifth Anti-Money Laundering Directive (5AMLD) cand the the Sixth Anti-Money Laundering Directive (6AMLD), which introduced the following key AML/CFT measures:

5AMLD – Implemented 10 January 2020

Introduced public right of access to beneficial ownership registers and role-based PEP lists.
Expanded AML/CFT reporting and record-keeping obligations to cryptocurrency service providers.
Introduced transaction limits of €150 for prepaid card transactions, and €50 for online prepaid card transactions.
Imposed AML/CFT reporting and record-keeping obligations on high value transactions of €10,000 or more as a way to address financial crime in boutique industries such as the art trade.
Introduced mandatory enhanced due diligence checks for transactions involving high risk countries.

6AMLD – Implemented on 3 June 2021:

Set out a harmonised list of 22 money laundering predicate offences, including the two new offences of cyber-crime and environmental crime.
Added ‘aiding and abetting’ to the definition of the money laundering criminal offence.
Extended criminal liability for money laundering to legal persons, essentially enabling corporations to be punished for criminal activity perpetrated by employees.
Introduced harsher punishments for money laundering offences, including minimum 4 year prison terms.
Introduced requirements for member-states to share information in order to facilitate dual-criminality prosecutions that span international borders.

The UK

The UK’s primary AML/CFT regulations are the Money Laundering, Terrorist Financing and Transfer of Funds Act 2017, the Proceed Of Crime Act 2002, and the Terrorism Act 2000. The regulations define the offence of money laundering and set out compliance requirements, which are based on FATF guidance. Although the UK has left the EU, it has committed to implementing aspects of 6AMLD.

Accordingly, under UK AML/CFT rules, financial institutions must conduct risk-based checks on their customers, including performing customer due diligence (CDD) checks, establishing ultimate beneficial ownership (UBO), screening against PEP lists and sanctions lists, and running adverse media checks.

The Financial Conduct Authority (FCA) is the UK’s main financial regulator. Working with the Bank of England and the Prudential Regulatory Authority, the FCA sets out regulatory compliance requirements and provides AML/CFT oversight for UK financial institutions.

Switzerland

Switzerland regulates money laundering and terrorism financing under the Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector 1997, also referred to the as the Anti-Money Laundering Act (AMLA). The act imposes AML/CFT reporting and record-keeping regulations on financial institutions in Switzerland, along with sanctions, PEP, and adverse media screening requirements.

The Swiss Financial Market Supervisory Authority (FINMA), or Eidgenössische Finanzmarktaufsicht, is Switzerland’s primary financial regulator. FINMA is responsible for issuing operating licences to Swiss banks and financial institutions and for ensuring compliance with AML/CFT regulations.

Nordic States

While AML regulations vary across the region, Nordic states generally mirror their southern and western neighbours in implementing the latest FATF money laundering guidance. As EU member-states, Sweden and Finland are required to transpose the anti-money laundering directives into domestic legislation. Norway is not in the EU and while it is not obliged to implement AMLD, it has, via its Anti-Money Laundering Act (2018), transposed 4AMLD and 5AMLD. In practice, this means that Nordic states impose the same kind of CDD measures, and sanctions, PEP, and adverse media screening processes as other FATF-member states.

Nordic countries have dedicated financial authorities, known as Financial Supervisory Authorities (FSA), that provide AML/CFT supervision, issue operating licences, enforce regulations, and work with governments to develop new legislation. Sweden’s FSA is called Finansinspektionen, while Denmark’s FSA and Norway’s FSA are both called Finanstilsynet.

The Middle East

Middle Eastern AML/CFT regulations are often significantly divergent between states. With that in mind, many Middle Eastern countries present an elevated risk of money laundering and are designated on the FATF’s Jurisdictions under Increased Monitoring list – also known as the FATF ‘greylist’. The greylist currently includes Jordan, Pakistan, Syria, Yemen, and the United Arab Emirates.

The United Arab Emirates, comprising Abu Dhabi, Dubai, Sharjah, Ras Al Khaimah, Ajman, Umm Al Quwain, and Fujairah, was placed on the FATF greylist in 2022. The FATF cited deficiencies in the UAE’s AML/CFT framework, including poor beneficial ownership controls and ongoing failure to address terrorism financing. The UAE’s primary AML/CFT legislation is the Federal Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations. The law requires financial institutions in the UAE to implement AML reporting, record-keeping, and screening measures. In response to FATF concerns, the UAE has extended AML/CFT rules to designated non-financial businesses and professions (DNFBP).

There are four regulatory bodies that provide oversight for the UAE’s AML/CFT framework: the Central Bank of the UAE, the Securities and Commodities Authority (SCA), the Dubai Financial Services Authority (DFSA) and the Financial Services Regulatory Authority (FSRA).

The US

The US regulates money laundering and terrorism financing through the Bank Secrecy Act (BSA) and the Partriot Act. The Bank Secrecy Act was introduced in 1970 and requires US banks and other financial institutions to implement an internal AML program with reporting and record-keeping obligations, and with risk-based CDD measures, and PEP, sanctions, and adverse media screening requirements. The Patriot Act was introduced in 2001 in response to the September 11 terror attacks: it modified the BSA by adding new CDD and screening requirements and increasing noncompliance penalties.

In 2021, the US passed the Anti-Money Laundering Act 2020 (AMLA), the most significant amendment to the BSA since the Patriot Act. AMLA introduced the following AML/CFT measures:

New requirements for the disclosure of beneficial ownership.
Increased financial penalties for money laundering offences and compliance violations.
New protections for corporate AML/CFT whistleblowers.
Expanded powers for US authorities to investigate foreign banks suspected of money laundering.
A pilot program to increase information sharing with the foreign branches of US banks.

The US’ primary AML/CFT regulator is the Financial Crimes Enforcement Network (FINCEN), which works at a state and federal level to ensure BSA compliance. In addition to FINCEN, the US’ Office of Foreign Assets Control (OFAC) works to enforce the US’ sanctions regulations.

Asia

Hong Kong

Hong Kong follows FATF guidance in implementing AML/CFT regulations. Hong Kong’s main anti-money laundering regulations are the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) and the Banking Ordinance (BO), which set out the risk-based measures that firms must put in place to achieve compliance.

The Hong Kong Monetary Authority (HKMA) is responsible for supervising banks and financial institutions in Hong Kong.

Singapore

Singapore is also an FATF member-state and has implemented a risk-based approach to AML/CFT in its domestic legislation. Singapore’s main money laundering regulation is the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA) which defines the offence of money laundering and sets out the relevant CDD measures and screening controls required for compliance. In 2020, Singapore implemented the Payment Services Act (PSA) which expanded AML/CFT regulations to payment service providers and fintech services in the city.

The Monetary Authority of Singapore (MAS) provides AML/CFT supervision in Singapore.

Australia

As an FATF member-state, Australia requires banks and financial institutions to implement risk-based AML/CFT solutions. Australia’s primary AML/CFT regulations are the Financial Transaction Reports Act 1988 and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which set out reporting and record-keeping obligations along with other compliance requirements such as CDD measures, and PEP, sanctions, and adverse media screening.

The Australian Transaction Reports and Analysis Centre (AUSTRAC) provides AML/CFT supervision in Australia with the stated goal of ‘preventing, detecting and responding to criminal abuse of the financial system’. Like other financial regulators, AUSTRACs responsibilities include handling licensing applications, enforcing AML/CFT regulations, and cooperating with international financial authorities.

FCA Review Finds Weaknesses in UK Challenger Banks’ AML Compliance

UK challenger banks have transformed the financial sector with innovative products and services that offer greater flexibility than their ‘brick and mortar’ counterparts. Research suggests that the value of the challenger bank market will continue to grow rapidly, reaching an estimated global value of $471 billion by 2027. However, the opportunities that challenger banks bring also represent new regulatory challenges with disruptive services increasing the risk of money laundering and other financial crimes.

Challenger Bank AML Vulnerabilities

An FCA review has found that UK challenger banks may be struggling to meet that regulatory challenge, with some failing to effectively implement important anti-money laundering (AML) measures and controls. Initiated in 2021 and published in April 2022, the review identified a rise in the number of challenger bank Suspicious Activity Reports (SAR), raising concerns “about the adequacy of these banks’ checks when taking on new customers”.

The FCA review involved 6 unnamed challenger banks that were relatively new to the financial market and which had a collective customer base of over 8 million people. While the FCA praised the advantages of the challenger banks’ “innovative use of technology” to speed up standard customer identification and verification processes, it also raised areas of concern, including:

Failures to conduct adequate checks on customer income and occupation
Failures to apply enhanced due diligence measures consistently for high risk AML alerts
A lack of sufficient detail in customer risk assessments
Ineffective management of AML alerts

The review highlights the need for challenger banks to match their innovative fintech capabilities with a safety-minded approach to their AML responsibilities. FCA Executive Director, Sarah Pritchard, emphasised that point, stating that challenger banks remain “an important part of the UK’s retail banking offering” but that their benefits cannot entail a “trade-off” with AML compliance.

The Importance of Customer Data

AML compliance, and the due diligence and screening processes that it involves, may be especially complex for challenger banks since their appeal to customers is their speed, simplicity, and flexibility.

The FCA’s review suggests that challenger banks’ AML problems are attributable to a lack of quality customer data with which to build accurate risk-profiles and make important compliance decisions. When challenger banks struggle to meet their data collection and risk management needs, they are forced to compromise the advantages of their products and services by diverting resources to AML compliance – or risking regulatory penalties.

Challenger Bank AML Solutions

Many challenger banks manage their AML obligations by building bespoke risk management solutions – but often encounter difficulties balancing their compliance responsibilities with a focus on delivering fintech innovation. AML regulatory environments are complicated further by the constantly changing threat landscape, in which new criminal methodologies emerge, and new legislation is implemented constantly.

Fortunately, challenger banks have options when it comes to meeting their due diligence and risk assessment obligations. Rather than relying on a potentially-vulnerable and untested bespoke solution, challenger banks may instead draw on the expertise of established, industry-trusted platforms with dedicated CDD and EDD resources and multi-faceted AML and KYC screening tools.

Built on smart technology, automated AML compliance solutions enable challenger banks to be proactive about threats, integrating customer data from sources across the world quickly and efficiently, and adapting in real time as the risk landscape changes. Trusted AML solutions may include multiple language screening capabilities, helping challenger banks better manage CDD and EDD for international customers without generating unmanageable amounts of false positive alerts.

Learn more about our AML compliance solutions for challenger banks: contact us today

Nordic Banking AML Compliance: What You Need to Know

Nordic countries have a reputation as traditionally safe banking destinations, with the financial institutions of Norway, Sweden, Denmark, Finland and Iceland regularly ranking amongst the safest in the world. However, following a series of high profile international money laundering cases involving Nordic banks, that reputation has been shaken, putting a spotlight on Nordic banking AML compliance.

The cases in question involved banks across the region. In 2018, for example, Denmark’s Danske Bank was implicated in a €200 million money laundering scheme connected to its Eastern European and Russian branches. In 2019, Sweden’s Swedbank was also implicated in the Danske Bank scandal after an investigation revealed it had laundered around €20 billion in its Estonian branches for Russian customers. In 2020, another Swedish institution, SEB Bank, was fined SEK1 billion after an investigation revealed poor money laundering controls in its Baltic branches.

In response, in 2021 Nordic governments collectively requested that the IMF conduct an independent review of the region’s money laundering and terrorism financing risks, so that regulators could take appropriate steps to strengthen their regulatory compliance controls.

Given the increased focus on anti-money laundering (AML) and counter-financing of terrorism (CFT) in the region, it is more important than ever that companies understand the Nordic regulatory landscape and the compliance obligations that it entails.

Nordic Banking Regulators

All of the Nordic states have established dedicated domestic authorities, known as Financial Supervisory Authorities (FSA) to provide oversight and supervision of AML/CFT regulation. Key regulatory bodies include:

Norway – Finanstilsynet

The Financial Supervisory Authority of Norway supervises Norway’s financial system, and is responsible for managing the licensing of banks and financial institutions, with the goal of ‘promoting financial stability and well-functioning markets’.

Norway’s primary AML regulation is the Anti-Money Laundering Act. As a member of the EU, Norway implements the Anti-Money Laundering Directives.

Sweden – Finansinspektionen

The Financial Supervisory Authority of Sweden provides oversight of all banking, securities and insurance companies, working to ‘authorise, supervise and monitor all companies operating in Swedish financial markets’.

Sweden’s primary AML regulations are the The Money Laundering and Terrorist Financing (Prevention) Act and the The Act on Penalties for Money Laundering Offences. Sweden is also in the EU and implements its Anti-Money Laundering Directives.

Denmark – Finanstilsynet

The Danish Financial Supervisory Authority is responsible for the ‘supervision of financial undertakings’ of banks and other financial service providers in Denmark. It also assists the government in developing financial legislation, and collects and communicates financial sector statistics.

Denmark’s primary AML regulation is the Act on Measures to Prevent Money Laundering and Financing of Terrorism. As an EU member state it implements the Anti-Money Laundering Directives.

Finland – Finanssivalvonta

The Finnish Financial Supervisory Authority provides oversight for Finland’s financial and insurance sectors, working to ‘enable balanced operations of credit institutions, insurance and pension companies and other supervised entities in stable financial markets’.

Finland’s primary AML regulation is the Act on Preventing Money Laundering and Terrorist Financing. Finland also implements the Anti-Money Laundering Directives as an EU member state.

Iceland – Seðlabanki Íslands

Iceland’s Financial Supervisory Authority merged with the Central Bank of Iceland in 2020, with the Central Bank taking on its supervisory responsibilities. As a regulator, the Central Bank is responsible for monitoring Iceland’s financial institutions ‘to ensure that their activities are in compliance with the law and with Governmental directives’.

Iceland’s primary AML regulation is the Act on Measures against Money Laundering and Terrorist Financing. Although it is not an EU member state, Iceland is part of the European Economic Area (EEA) and adopts elements of the Anti-Money Laundering Directives as part of its domestic AML/CFT legislation.

Nordic Banking Risk Environment

Nordic banking money laundering scandals created financial turmoil across the region. The pattern of compliance failures suggested that Nordic banks were collectively struggling to implement effective AML controls, and failing to adequately address risks. Key compliance vulnerabilities that may have contributed to the compliance failures of the Nordic banking system include:

Information Sharing

Nordic banks struggled to share important risk data across borders and institutional frameworks due to barriers such as data secrecy laws. Following the AML scandals, Nordic banks launched a joint scheme to share information on suspicious transaction patterns.

Compliance Technology

Nordic banks used out of date AML/CFT technology, creating regulatory blindspots and generating high volumes of false positive alerts. The remediation of false positives not only created administrative backlogs, but had a negative knock-on effect on the effective management of true positives.

Manual Compliance

Nordic banks relied on manual compliance processes during important customer due diligence (CDD) processes, leading to poor quality risk profiles and slower alert remediation. The challenges of manual compliance were exacerbated as firms were forced to deal with high volumes of alerts.

Employee Compliance Training

Research suggests that employees of Nordic banks were hesitant or unable to address compliance violations, with up to 62% of employees failing to intervene upon discovery of unethical behaviour. The deficiencies in regulatory awareness reflected a failure in company leadership and a need to enhance compliance training to better spot money laundering red flags.

AML Solutions for Nordic Banking

In the wake of its AML challenges, the Nordic banking community is taking collective action to address its compliance failings, including an effort to enhance the data that it collects in order to perform more robust CDD and build more accurate risk profiles.

The push for better customer data also reflects the need for better financial crime technology solutions. For example, banks that previously relied on manual Google searches of customer names and risk factors, are now implementing automated screening solutions, adding speed and accuracy to their compliance processes, more intuitive name-matching, and the capability to adapt quickly to changes in the risk environment.

Beyond speed and accuracy, the automated screening solutions add depth and detail to customer data processes, with advantages over manual searches that include:

Name-matching: Automated solutions can screen against a vast range of customer names in different language systems. Similarly, solutions can be programmed to recognise regional naming conventions, aliases, and spelling variations.
Politically exposed persons: Automated PEP screening enables firms to capture information from a range of PEP lists. In conjunction with other screening tools, automation allows for the swift detection of changes in PEP status.
Adverse media: Automated adverse media screening solutions can cover a variety of news stories from different foreign countries, taking into account source reliability and political bias.
Sanctions screening: The global sanctions landscape changes constantly. Automated sanctions screening helps firms know as soon as possible when a customer is designated on a sanctions list and use fuzzy logic algorithms to account for naming discrepancies.

Future Compliance Considerations in Nordic Banking

The Nordic banking community is likely to focus on improvements to its collective KYC framework. The EU’s anti-money laundering directives will also have an effect on Nordic banking AML compliance: the Sixth Anti-Money Laundering Directive (6AMLD) came into effect on 3 June 2021, with an overt focus on the harmonisation of anti-money laundering standards across the EU. The EU also recently announced an update to 6AMLD; particularly relevant to Nordic financial institutions is the introduction of new whistleblowing protections for workers that identify compliance violations within their companies.

Get in touch to discover how Ripjar can support your AML compliance in the Nordics

What is the FATF?

The Financial Action Task Force (FATF) is a global money laundering and terrorist financing authority that works to prevent financial criminal activity and promote global compliance standards. The FATF was founded in 1989 following an agreement by the G7, which at the time comprised Canada, France, West Germany, Italy, Japan, the UK and the US. The agreement recognised the need for an international organisation that could study emerging financial crime trends, and monitor the anti-money laundering (AML) standards of world governments. In 2001, following the September 11 terrorist attacks, the FATF added the counter-financing of terrorism (CFT) to its mandate.

Upon its foundation, the FATF had 16 member states. By 2022, that number had grown to 39, with hundreds more committed to implementing its AML/CFT policies and recommendations.

What does the FATF do?

The FATF’s stated objectives are to ‘set standards and promote effective implementation of legal, regulatory, and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system’. The FATF achieves those objectives in two main ways: by developing and implementing AML/CFT policy in the form of a series of recommendations, and by issuing mutual evaluation reports (MER) on individual countries in order to assess their domestic AML/CFT compliance performance.

The FATF’s 40 Recommendations

The FATF’s recommendations represent a list of AML/CFT compliance measures and controls that member states must implement and enforce via domestic legislation. There are currently 40 recommendations, each of which address some aspect of money laundering methodology, and an additional 9 Special Recommendations that address terrorism financing. The 40 Recommendations set out details of specific compliance controls and require member states to adopt the following regulatory principles:

Money laundering should be treated as a criminal offence and authorities should be able to confiscate its proceeds.
Member states should establish a national authority known as a financial intelligence unit (FIU) to analyse and process money laundering reports submitted by financial service providers.
Domestic firms should be required to implement a risk-based approach to AML/CFT compliance, conducting assessments of their customers and transactions and then deploying an AML response commensurate with the risk that they face.
Firms should conduct suitable due diligence on their customers in order to build accurate individual risk profiles and determine the appropriate compliance response.
Firms should monitor their customers’ financial activity on an ongoing basis.
Firms should submit suspicious activity reports (SAR) to the authorities in a timely manner when they detect potential money laundering activity.
Member states should co-operate with international money laundering investigations and prosecutions.

Mutual Evaluation Reports

FATF mutual evaluation reports are in-depth reports which analyse a country’s success in implementing the 40 Recommendations. The MER process involves a peer review by representatives of different FATF member states who assess the target country’s technical compliance with the FATF’s AML/CFT recommendations, and the effectiveness of those measures in combatting money laundering and terrorism financing.

When an assessment is completed, the FATF publishes the country’s mutual evaluation report. The report sets out a detailed description of the target country’s AML/CFT performance, and provides recommendations for that country to enhance its AML/CFT framework.

A mutual evaluation report is extremely important for a country’s global economic profile. Positive MERs may provide a significant economic boost; the lower the AML/CFT compliance risk, the more likely it is that a country will be able to establish business connections with international partners. Conversely, countries that perform poorly on their MER may be considered too high a compliance risk for many potential business partners.

The FATF Greylist

When a MER reveals serious AML/CFT deficiencies, the FATF may add that country to its high risk AML watchlists. Firms should exercise a high degree of caution when dealing with countries included on the lists since the designation denotes an increased risk of financial crime and regulatory compliance violations. The FATF maintains the following high risk watchlists:

Jurisdictions Under Increased Monitoring

Sometimes referred to as the ‘greylist’, the FATF’s Jurisdictions Under Increased Monitoring list designates countries that have ‘strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.’ Greylist countries represent high AML/CFT risks but have committed to working with the FATF to resolve the relevant deficiencies and facilitate their removal from the list. In 2022, following the addition of Turkey, Jordan, and Mali, there were 24 countries on the greylist.

High Risk Jurisdictions Subject to a Call for Action

Sometimes referred to as the ‘blacklist’, the High Risk Jurisdictions Subject to a Call for Action list refers to countries that the FATF deems to have serious deficiencies in their AML/CFT frameworks and that represent a significant criminal threat. These countries are highly likely to be the target of international sanctions and the FATF calls on member states to apply ‘counter-measures’ when dealing with them. As of 2022, there were two FATF blacklist countries: Iran and North Korea.

How to Comply with FATF AML/CFT Regulations

FATF member states must implement the 40 Recommendations through domestic legislation, imposing a range of AML/CFT compliance standards on firms within their jurisdiction. In the UK, for example, FATF Recommendations are implemented via the the Proceeds of Crime Act 2002 (POCA), the Terrorism Act 2000 and the Money Laundering, Terrorist Financing and Transfer of Funds Act 2017. In the US, FATF Recommendations are implemented via the Bank Secrecy Act and the Patriot Act, and in the EU via the Anti-Money Laundering Directives – the most recent being the Sixth Anti-Money Laundering Directive.

These regulations set out a range of reporting and record-keeping obligations, and require firms to implement a risk-based approach to AML/CFT. Broadly, FATF compliance requires firms to:

Conduct suitable customer due diligence in order to establish the identities of their customers.
Screen customers and their transactions in order to verify their status as politically exposed persons (PEP) and to find out whether they are included on international sanctions lists.
Conduct adverse media screening in order to capture changes in customers’ risk profiles quickly and efficiently.
Submit suspicious activity reports to the relevant financial authority when money laundering alerts are generated.

FATF Compliance Technology

In order to comply with FATF AML/CFT regulations, firms must analyse a vast amount of customer and transaction data for signs of money laundering, terrorism financing, and other financial crimes. In practice, this means integrating effective compliance technology capable of analysing data with speed and efficiency, helping firms build accurate customer risk profiles, and adapting to future changes to the FATF’s AML/CFT guidance.

Future FATF regulations

As the financial landscape changes, the FATF’s regulatory focus shifts to engage with emerging threats, including the influence of fintech and regtech innovations. Recently, the FATF has highlighted the money laundering risks associated with cryptocurrencies and virtual assets, and released a report in 2020 on Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing. The report included a range of characteristic signs of money laundering involving cryptocurrencies, and was based on research conducted by the FATF into prior money laundering investigations. In 2021, the FATF issued updated guidance on the risk-based approach for cryptocurrency service providers, pointing out that ‘continued monitoring and engagement between the public and private sectors’ would be necessary to protect the global financial system.

Get in touch to learn how Ripjar can help you comply with FATF recommendations

The EU’s Anti-Money Laundering Directives (AMLDs): An Overview

The European Union issues anti-money laundering directives (AMLDs) as a way to ensure that all member states adhere to a common set of financial compliance regulations. The European Parliament introduces new AMLDs periodically, and every government in the EU is expected to implement them by passing appropriate domestic legislation. Although the UK left the EU in 2020, it has implemented similar anti-money laundering legislation in order to keep pace with the compliance standards set out by the AMLDs.

EU AMLDs reflect the changing global financial landscape: each AMLD contains measures to address emerging criminal trends and methodologies, integrate new technologies and Financial Action Task Force (FATF) recommendations, and to address deficiencies in previous directives. When the EU announces a new AMLD, it gives member states a time period in which to make the necessary changes to domestic anti-money laundering (AML) and counter-financing of terorrism (CFT) legislation, and to allow banks and financial institutions to adjust their compliance and risk management solutions. After the implementation deadline the new AML/CFT regulatory environment is considered law across the EU.

The EU’s most recent AMLD was the Sixth Anti-Money Laundering Directive (6AMLD) – which built on the AML/CFT measures introduced in the 4AMLD and 5AMLD respectively. With the EU having announced a new anti-money laundering ‘legislative package’, it is important that obligated entities within the bloc understand their new obligations.

To help your business stay on top of its AML/CFT obligations, read our guide to the most recent EU AMLDs.

4AMLD

The Fourth Anti-Money Laundering Directive came into effect across the EU on 26 June 2017. The directive focused on strengthening the risk based approach to AML/CFT recommended by the FATF. 4AMLD’s key measures included:

Enhanced beneficial ownership: 4AMLD introduced a requirement for member states to compile a national register of beneficial owners. The definition of ‘beneficial owner’ was expanded to include members of a firm’s senior management.

Risk assessments: Under 4AMLD, companies had to factor in new customer data as part of their AML risk assessment process, including customers’ locations and the types of products and services they were using.

Politically exposed persons: 4AMLD adjusted the definition of politically exposed person (PEP) to include ‘domestic PEP’.

Noncompliance penalties: 4AMLD introduced a ‘name and shame’ requirement for firms found to be in violation of AML/CFT regulations. The directive also increased mandatory AML/CFT noncompliance penalties in the following ways:

A maximum fine of €5 million or 10% of annual turnover for legal persons
A maximum fine of €5 million for natural persons

5AMLD

5AMLD was implemented across the EU on 10 January 2020 and built on many of the measures introduced in 4AMLD. It introduced a new focus on fintech products and services, including the growing use of cryptocurrencies. Key 5AMLD measures included:

Beneficial ownership transparency: After 4AMLD introduced beneficial ownership registers, 5AMLD introduced a public right of access to the information they contained. Similarly, member states had to ensure that their registers were interconnected with others across the bloc to enable centralised verification.

PEP lists: Like 4AMLD’s beneficial ownership lists, 5AMLD introduced publicly available PEP lists, setting out a list of domestic ‘politically exposed’ roles.

Risk assessments: 5AMLD introduced a requirement that member states publish periodic risk assessment reports in order to raise public awareness of AML/CFT threats.

Virtual currencies: 5AMLD expanded existing EU AML/CFT regulations to cryptocurrencies and cryptocurrency service providers. The new rules meant that cryptocurrency exchanges had to register with domestic authorities and share information with Financial Intelligence Units (FIU).

Prepaid transaction limits: 5AMLD included measures to address the AML/CFT threat posed by prepaid credit cards. Under the new rules, transaction limits on prepaid cards were reduced to €150 (from €250) for in-person transactions, and to €50 for online transactions. 5AMLD also prohibited companies from accepting prepaid cards issued in countries that did not meet the EU’s compliance standards.

High risk due diligence: 5AMLD introduced a uniform set of mandatory enhanced due diligence measures to be applied to transactions involving high risk countries.

High value transactions: 5AMLD extended AML/CFT reporting obligations to transactions of high value goods amounting to values of €10,000 or more. The measure was intended to address money laundering in certain ‘boutique’ industries, such as the art trade.

6AMLD

6AMLD came into effect on 3 June 2021 and is the most recent EU anti-money laundering directive. While 5AMLD expanded the scope of the EU’s AML/CFT regime, 6AMLD is broadly intended to harmonise and clarify regulatory detail, and to help companies in the EU do more to directly address financial crimes. With that in mind, the key measures of 6AMLD include:

Harmonised predicate offences: 6AMLD sets out a harmonised list of 22 predicate offences for money laundering, including offences such as human trafficking, fraud, and counterfeiting. The list includes the two new money laundering predicate offences of cybercrime and environmental crime.

Aiding and abetting: Under 6AMLD, the definition of the crime of money laundering has been expanded to include aiding and abetting.

Liability: Before 6AMLD, only individuals could be prosecuted for the crime of money laundering. Under 6AMLD, that criminal liability is extended to legal persons such as corporations. In practice, this means that organisations can also be punished for money laundering offences committed by their employees.

Penalties: 6AMLD harmonises money laundering criminal penalties and punishments across the EU. The new rules introduce a minimum prison sentence of 4 years for individuals found guilty of money laundering (from the previous minimum of 1 year).

Dual criminality: Under 6AMLD, member states are required to share information and facilitate cooperation in order to prosecute money laundering crimes that span international borders. These dual criminality prosecutions have required some member states to criminalise certain predicate offences, regardless of whether they were already illegal.

How to Comply with Anti-Money Laundering Directives

Any new money laundering directive requires companies within the EU to review their AML/CFT compliance and risk management solutions, and adjust to the new regulatory environment where necessary. This process may require the following steps:

A review of risk exposure under the new regulatory environment, followed by any necessary adjustments to risk management solutions. Under 6AMLD, for example, companies need to ensure their risk management solutions take into account cybercrime and environmental crime predicate offences.
A review of customer risk assessment procedures. A new AMLD may alter the risk profiles of both new and existing customers.
New training procedures for compliance employees. The introduction of new regulations means that compliance employees may need to update their regulatory knowledge in order to continue to meet their obligations.
A review of internal compliance technology deployments to ensure ongoing compliance.

Future EU Anti-Money Laundering Directives

The EU will continue to issue anti-money laundering directives in response to a changing threat landscape. In July 2021, the European Commission announced that it would be overhauling its AML/CFT rules with ‘an ambitious package of legislative proposals’. In addition to strengthening its existing AML/CFT framework, the package will specifically take into account the money laundering challenges posed by technological innovation.

As part of the package, the EU has announced a new directive which ‘repeals and replaces’ AML/CFT rules introduced in 6AMLD (and previous AMLDs). The directive includes a range of key measures and provisions, including:

The introduction of national supervisory bodies in all member states.
A requirement for member states to carry out national risk assessments every 4 years.
More robust protections for corporate whistleblowers.
A framework to allow FIUs across the EU to perform joint analysis of suspected criminal activity.
Clarification on the information which should be included in beneficial ownership registers to ensure that FIUs can ‘obtain up-to-date, adequate and accurate information’.
New requirements for the processing of personal data to ensure consistency with EU data-processing rules.