By Samantha Sheen, AML Director Europe, ACAMS
14 July, 2016
On 5 July 2016, the European Commission (“EC”) announced that its proposal to further reinforce the European Union’s rules on anti-money laundering (“AML”), to counter terrorist financing (“CFT”), tax evasion and increase transparency around beneficial ownership (“Proposals”).
This post summarises the key aspects of the Proposals which explain the types of enhanced due diligence (“EDD”) that must be performed on customers who are individuals or legal entities established in High-Risk Countries and named on the EU ML List (see my previous post on The Lists).
Existing EDD Requirements
Article 18 of the 4AMLD requires that Member States must ensure that EDD is undertaken by obliged entities in relation to:
- Cross border correspondent banking relationships
- Politically Exposed Persons (“PEPs”), their family members and close associates
- Prevent correspondent banking relationships with shell banks; and
- Other cases of higher risk identified by the Member States or obliged entities.
Article 18 does not specify the measures that had to be taken when conducting EDD, although certain criteria were identified with respect to cross border correspondent banking relationships.
EDD and High-Risk Third Countries
Under Article 18, EU obliged entities must undertake EDD on individuals or legal entities established in High-Risk Third Countries named on the EU ML List. However, the required EDD measures were not fully defined. The EC proposes that these EDD measures should be specified.
The EC has determined that harmonizing these EDD requirements will avoid or limit the risk of forum-shopping by potential criminals and those financing terrorist activities. It will also create a level playing field at the EU level when dealing with customers established in High-Risk Third Countries. It was believed that some EU countries received an unfair commercial advantage (and one assumes higher financial crime risk exposure) relative to other EU countries who were applying more stringent EDD requirements to High-Risk Third Countries.
The mechanics of these amendments will work such that financial institution (“FIs”) will no longer have the discretion to decide the enhanced due diligence measure they will undertake on customers from High-Risk Third Countries. So may, in effect, require that FIs treat customers established in countries in High-Risk Third Countries as if they were High-Risk. Much will depend upon how Member States interpret the term “establish” when transposing these requirements into their AML regulations.
New EDD Requirements
The main amendment consists of a new Article (18a). The Article consists of a specific list of required EDD measures combined with an illustrative list of counter-measures that could also be required.
Member States will now be required to apply at least all of the following measures:
- Obtain additional information on the customer
- Obtain additional information on the intended nature of the business relationship
- Obtain information on the source of funds or source of wealth of the customer
- Obtain information about the reasons for the intended or performed transactions
- Obtain approval from senior management for establishing/ continuing the relationship
- Conduct enhanced monitoring of the relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further explanation; and
- Require first payment to be carried out through an account in the customer’s name with a bank subject to similar CDD standards.
Second, Member States may also require their FIs to apply one of the following additional EDD measures:
- Apply additional elements of EDD,
- Introduce enhanced relevant reporting mechanisms or systematic reporting of financial transactions, or
- Limit business relationships or financial transactions with individuals or legal entities from the identified country.
Third, Members States themselves can also apply one of the following measures:
- Refuse to allow FIs from those countries to establish branches, subsidiaries or representative offices or otherwise take account of the fact that the FI is from a country that does not have adequate AML/CFT systems
- Prohibit local FIs to establish subsidiaries or representative offices in a High-Risk Third Country or otherwise take account of the fact that the FI is from a country that does not have adequate AML/CFT systems
- Prohibit third party reliance by local FIs on intermediaries in a High-Risk Third Country to have undertaken KYC on a customer
- Require local FIs to review, amend and if necessary terminate correspondent banking relationships with FIs in a High-Risk Third Country
- Require FI branches and subsidiaries based in a High-Risk Third Country to be subject to increased external audit requirements or supervisory examination; or
- Require financial groups with branches or subsidiaries in a High-Risk Third Country to be subject to increased external audit requirements.
When deciding whether to require any of the additional measures listed in above, Member States must base that decision with reference to international evaluation, assessments or AML/CFT standard setters (i.e. FATF) in relation to the risks posed by the High-Risk Third Country.
The list of High-Risk Third Countries has now been published by the EU and can be accessed here.
Possible Next Steps
As a pr-active measure, EU FIs may wish to undertake a high level CDD gap analysis of their EDD measures to assess whether these would meet the proposed EDD requirements under Article 18A where individuals or legal entities are established in High-Risk Third Countries. FIs may also wish to verify whether their current on-boarding and transaction monitoring systems are programmed with thresholds which identify those High-Risk Third Countries named by the EU as High-Risk. Finally, FIs may need to consider whether KYC review requirements may need adjustment to ensure that those customers established in High-Risk Third Countries are subject both to more frequent reviews (given the change in potential risk exposure) and the reviews themselves reflect the EDD requirements in Article 18A.