Directive (EU) 2015/849: Preventing Money Laundering and Terrorist Financing in the EU Financial System

DIRECTIVE (UE) 2015/849 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 2015 focuses on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing. This directive, also known as the Fourth Anti-Money Laundering Directive (AMLD4), amends Regulation (EU) No 648/2012, and repeals Directives 2005/60/EC and 2006/70/EC. It is a crucial piece of legislation for maintaining the integrity of the European Union’s financial market.

I. Rationale and Scope of the Directive

The directive addresses the ongoing threats of money laundering, terrorist financing, and organized crime, recognizing that illicit financial flows can severely damage the financial sector’s integrity and stability. These threats also undermine the EU’s internal market and international development. Preventative measures within the financial system are deemed essential to complement criminal justice approaches.

Criminals exploit the freedom of capital movement and financial services within the integrated EU financial space. Coordinated measures at the EU level are therefore necessary to protect society and the financial system while ensuring a balanced regulatory environment that does not disproportionately burden businesses.

This directive builds upon previous anti-money laundering directives, expanding their scope in response to evolving threats and international standards set by the Financial Action Task Force (FATF). It incorporates the FATF’s revised recommendations from 2012, emphasizing a risk-based approach to combatting financial crime.

II. Key Objectives and Definitions

The primary objective of Directive (EU) 2015/849 is to prevent the EU’s financial system from being used for money laundering and terrorist financing. Member states are mandated to prohibit both money laundering and terrorist financing.

Definitions crucial to understanding the directive include:

• Money Laundering: Defined comprehensively, covering the conversion or transfer of property derived from criminal activity, concealing the illicit origin of property, acquisition, possession or use of criminal property, and participation in related activities. It is emphasized that money laundering can occur even if the predicate offenses took place in another Member State or a third country.
• Terrorist Financing: Defined as the provision or collection of funds, directly or indirectly, with the intention or knowledge that they will be used to commit terrorist offenses as defined in Council Framework Decision 2002/475/JHA.
• Criminal Activity: A broad definition encompassing serious crimes, including terrorism, drug trafficking, organized crime activities, fraud affecting the EU’s financial interests, corruption, and tax crimes punishable by imprisonment of more than one year (or six months in some legal systems). This broad definition ensures a wide scope for preventative measures.
• Politically Exposed Persons (PEPs): Individuals holding prominent public functions, either domestically or internationally, who present a higher risk due to their positions. The directive outlines specific categories of PEPs, including heads of state, government officials, parliamentarians, and senior members of international organizations. Family members and close associates of PEPs are also included in enhanced due diligence measures.
• Beneficial Owner: The natural person(s) who ultimately own or control a legal entity. This definition is critical for transparency and preventing the concealment of illicit funds behind corporate structures. It includes individuals with a significant percentage of ownership or control, or senior managing officials if no natural person is identifiable as the ultimate owner.
• Correspondent Relationship: Banking services provided by one bank (correspondent) to another bank (respondent), often across borders. These relationships are subject to enhanced scrutiny due to their potential for facilitating illicit flows.
• Shell Bank: Credit or financial institutions with no physical presence in their country of incorporation and are not part of a regulated financial group. Correspondent banking relationships with shell banks are prohibited.

III. Scope of Application: Obliged Entities

Directive (EU) 2015/849 applies to a wide range of “obliged entities” within the financial and non-financial sectors:

1. Credit Institutions: As defined in Regulation (EU) No 575/2013, including banks and their branches within the EU.
2. Financial Institutions: A broad category including:
   • Investment firms
   • Insurance companies (life insurance)
   • Collective investment schemes
   • Insurance intermediaries (life insurance and investment-related services)
   • Branches of financial institutions
   • Currency exchange offices
3. Designated Non-Financial Businesses and Professions (DNFBPs):
   • Auditors, external accountants, and tax advisors
   • Notaries and independent legal professionals (when involved in financial or property transactions)
   • Trust and company service providers
   • Real estate agents
   • Traders in goods (when accepting cash payments of €10,000 or more)
   • Providers of gambling services

Member States have the option to exempt certain gambling services with demonstrably low risk from some or all AML/CTF obligations, based on a thorough risk assessment. Similarly, exemptions are possible for financial activities conducted on an occasional or very limited scale, provided strict criteria are met and the risk of money laundering or terrorist financing is low.

IV. Customer Due Diligence (CDD) Measures

The directive mandates obliged entities to apply Customer Due Diligence (CDD) measures in various circumstances, including:

• Establishing a business relationship
• Occasional transactions above certain thresholds (€15,000 for general transactions, €1,000 for funds transfers, €10,000 for cash payments by traders in goods, €2,000 for gambling services)
• Suspicions of money laundering or terrorist financing, regardless of transaction threshold
• Doubts about the veracity of previously obtained customer information

Standard CDD measures include:

• Identifying and verifying the customer’s identity based on reliable and independent sources.
• Identifying the beneficial owner and taking reasonable measures to verify their identity.
• Obtaining information on the purpose and intended nature of the business relationship.
• Ongoing monitoring of the business relationship, including scrutiny of transactions to ensure consistency with the entity’s knowledge of the customer and their risk profile.

The extent of CDD measures should be risk-based, allowing for simplified due diligence in lower-risk situations and enhanced due diligence in higher-risk scenarios.

V. Simplified and Enhanced Due Diligence

Simplified Due Diligence (SDD) may be applied when a lower risk of money laundering or terrorist financing has been identified. Annex II of the directive provides a non-exhaustive list of factors indicating potentially lower risk, such as:

• Publicly listed companies subject to disclosure obligations
• Public administrations or regulated undertakings
• Customers residing in lower-risk geographical areas
• Certain low-value insurance policies and pension schemes
• Financial products designed for financial inclusion

Enhanced Due Diligence (EDD) is required in situations presenting a higher risk, as outlined in Articles 19-24 and Annex III. These include:

• Cross-border correspondent banking relationships with respondent institutions in third countries, requiring enhanced scrutiny of the respondent institution’s business, controls, and reputation.
• Transactions or business relationships with Politically Exposed Persons (PEPs), necessitating senior management approval, measures to establish the source of wealth and funds, and enhanced ongoing monitoring.
• Transactions involving high-risk third countries identified by the European Commission as having strategic deficiencies in their AML/CTF regimes.
• Complex or unusually large transactions and unusual patterns of transactions that lack an apparent economic or lawful purpose.

Annex III provides a non-exhaustive list of factors indicating potentially higher risk, including unusual transaction patterns, customers from high-risk geographical areas, and products or services that favor anonymity.

VI. Beneficial Ownership Transparency

Directive (EU) 2015/849 significantly strengthens transparency requirements regarding beneficial ownership. Member States are required to ensure that:

• Corporate and legal entities obtain and hold adequate, accurate, and current information on their beneficial ownership, including details of the ownership interests held.
• This information is held in a central register in each Member State, such as a commercial register or public registry.
• Competent authorities and Financial Intelligence Units (FIUs) have unrestricted access to this information.
• Obliged entities have access to beneficial ownership information for CDD purposes.
• Public access is granted to certain beneficial ownership information for persons or organizations demonstrating a legitimate interest in combating money laundering, terrorist financing, and associated predicate offenses.

Similar transparency requirements apply to trusts and similar legal arrangements, mandating the registration of beneficial ownership information when the trust generates tax consequences.

VII. Reporting Obligations and Financial Intelligence Units (FIUs)

Obliged entities are required to report suspicious transactions to Financial Intelligence Units (FIUs). Key aspects of the reporting regime include:

• Obligation to report: Obliged entities must report to the FIU when they know, suspect, or have reasonable grounds to suspect money laundering or terrorist financing, regardless of the amount. This includes attempted transactions.
• No tipping-off: Obliged entities are prohibited from informing the customer or third parties that a report has been made or that an AML/CTF analysis is being conducted.
• FIU independence and powers: Member States must establish operationally independent and autonomous FIUs with adequate resources and powers to receive, analyze, and disseminate information related to money laundering and terrorist financing. FIUs must have timely access to financial, administrative, and law enforcement information.
• Cooperation between FIUs: FIUs are required to cooperate extensively with each other, exchanging information spontaneously or upon request to facilitate analysis and investigations.

VIII. Data Protection, Record Keeping and Statistics

The directive incorporates provisions for data protection, record keeping, and the collection of statistics:

• Data protection: The processing of personal data under the directive is subject to Directive 95/46/EC (and now GDPR), ensuring data protection rights are respected. Data processing is limited to AML/CTF purposes, and further processing for incompatible purposes is prohibited.
• Record keeping: Obliged entities must retain customer identification and transaction records for at least five years after the business relationship ends or the occasional transaction is completed. Member States may allow or require longer retention periods if necessary and proportionate for AML/CTF purposes, up to a maximum of ten years.
• Statistics: Member States are required to compile and publish comprehensive statistics on various aspects of their AML/CTF systems, including the size of relevant sectors, reporting and investigation statistics, and cross-border information requests. These statistics contribute to risk assessments and system effectiveness evaluations.

IX. Policies, Procedures, and Supervision

To ensure effective implementation, Directive (EU) 2015/849 mandates:

• Group-wide policies and procedures: Obliged entities that are part of a group must implement group-wide AML/CTF policies and procedures, including data protection and information sharing, effectively implemented across branches and subsidiaries in Member States and third countries.
• Training and awareness: Obliged entities must take measures to ensure employees are aware of AML/CTF provisions and receive ongoing training to recognize and handle suspicious transactions.
• Competent authority supervision: Member States must ensure effective supervision of obliged entities’ compliance with the directive. Competent authorities must have adequate powers and resources to monitor compliance, conduct inspections, and enforce requirements.
• Authorization and registration: Currency exchange offices, check cashing offices, trust and company service providers must be authorized or registered. Gambling service providers must be regulated. Competent authorities are required to ensure the fitness and probity of the management and beneficial owners of these entities.

X. Sanctions

Member States are required to establish effective, proportionate, and dissuasive sanctions for breaches of national provisions transposing the directive. Sanctions and administrative measures must be applicable for serious, repeated, or systematic infringements, including:

• Public statements identifying the person and nature of the infringement
• Orders requiring cessation of the conduct and preventing repetition
• Withdrawal or suspension of authorization
• Temporary prohibition of managerial functions
• Administrative pecuniary sanctions of significant amounts, up to at least twice the amount of the benefit derived from the infringement or €1 million (and higher for credit and financial institutions).

Member States must ensure that competent authorities take into account all relevant circumstances when determining the type and level of sanctions, and publish decisions imposing sanctions, ensuring transparency and deterrence.

Conclusion

Directive (EU) 2015/849 represents a significant step forward in the EU’s efforts to combat money laundering and terrorist financing. By expanding the scope of obliged entities, strengthening customer due diligence requirements, enhancing beneficial ownership transparency, and reinforcing the role of FIUs, the directive creates a robust framework for protecting the integrity of the EU financial system. Its effective implementation by Member States is crucial for achieving these objectives and safeguarding the EU’s economy and security.