The Fourth EU Anti-Money Laundering Directive (EU 2015/849) (AMLD4) is the latest significant upgrade to the EU legislative programme in the area of anti-money laundering and counter-terrorist financing (AML/CTF).
AMLD4 implements recommendations by the Financial Action Task Force (FATF) and, on some issues, expands on FATF's requirements and provides for additional safeguards.
On 5 July 2016, in response to terrorist attacks in Europe in 2015/2016 and the leak of the Panama papers, the EU Commission published proposals (AMLD5) to amend AMLD4. The EU Council Presidency has agreed its negotiating mandate in relation to AMLD5 and has indicated that it seeks to conclude negotiations with the European Parliament by 30 June 2017. Therefore, although the EU Commission had intended that both AMLD4 and AMLD5 would become effective simultaneously, this clearly will now not happen.
Overview of the principal AMLD4/AMLD5 amendments:
Greater emphasis on the risk based approach: Risk based assessments will be required to be carried out at European, Member State and individual institution level and be kept up to date. The ESAs1 are required to issue joint opinions on AML/CTF risks and the first joint opinion was published on 20 February 2017. Ireland published its first AML/CTF national risk assessment in October 2016; risk ratings were ascribed to 21 subsectors within the financial services industry, including funds and fund administrators, which sector received a "medium high" risk rating. It is intended that subsequent ESA opinions and national assessments will be issued every two years
Extension of scope: Tax crimes are now included in the definition of "criminal activity" falling within the ambit of AMLD4. Providers of gambling services are also brought within scope as are persons trading in goods for cash payments of at least €10,000. AMLD5 also brings virtual currency platforms and custodial wallet providers (i.e. persons who control access to virtual currencies) within scope.
Enhancement of beneficial ownership information: Corporate and other legal entities will be required to obtain and hold accurate and current information on their beneficial ownership. This information must be passed on to a central register, which will be available to competent authorities, financial intelligence units (FIUs) and others (this matter is dealt with in more detail below).
Customer due diligence and politically exposed persons: AMLD4 substantially tightens rules on customer due diligence including in the areas of carrying out simplified due diligence, enhanced due diligence, the ability to rely on third parties to carry out due diligence and the extension of the rules relating to politically exposed persons to also cover domestic politically exposed persons.
Administrative sanctions: AMLD4 introduces greater administrative sanctions for breaches, including a maximum fine of at least twice the amount of the benefit derived from the breach or at least €1 million. For breaches involving credit or financial institutions, it provides for a maximum fine of at least €5 million or 10% of the total annual turnover in the case of the institution and €5 million in the case of a natural person. AMLD4 also strengthens the sanctioning powers of Member States and extends the powers of the FIUs.
Key amendments for the asset management and investment funds industry
The foregoing reflects the most significant overall changes to be ushered in by AMLD4. Some changes will be more critical to the day-to-day landscape of the asset management and investment funds industry and these are examined in more detail below.
Risk-based approach and customer due diligence
Central to AMLD4 is greater emphasis on a risk-based approach to addressing money-laundering and terrorist-financing risks. Not only must Member States carry out risk assessments, but designated bodies ("obliged entities" under AMLD4) will also be required to do so. The amplified emphasis on risk assessment will also be reflected in changes to the current rules on customer due diligence (CDD). At present, certain automatic exemptions are available from the requirement to carry out simplified customer due diligence (SCDD) if the customer/investor is regarded as “blue-chip”, e.g. a credit institution in the EU or third country with equivalent AML measures, or is a listed company. These important automatic exemptions will no longer be available under AMLD4. Instead a decision to apply SCDD must be based on the obliged entity's assessment that the relationship or transaction represents a lower degree of risk. Minimum lower-risk situations are set out in Annex II of AMLD4.
Under AMLD4 enhanced customer due diligence (ECDD) will be required when dealing with natural persons or legal entities established in third countries identified by the European Commission as high-risk third countries and other cases of higher risk identified by Member States or designated persons. ECDD measures do not need to be invoked automatically with respect to branches or majority owned subsidiaries of EU obliged entities where these branches or subsidiaries fully comply with group-wide procedures and policies in accordance with AMLD4.
By 26 June 2017, the ESAs must issue guidelines on the risk factors to be taken into consideration where SCDD and ECDD are appropriate. Draft guidelines were published in October 2015, both generic and sector-specific, including for the investment management and investment funds sector.
ECDD is also required when dealing with politically exposed persons (PEPs). AMLD4 widens the net of PEPs to include domestic (not just foreign) PEPs and also defines as PEPs “family members” and “persons known to be close associates”. Obliged entities must have a procedure for identifying PEPs. Where a person ceases to have the characteristics of a PEP, the obliged entity must, for a period of at least 12 months thereafter, consider the continuing risk posed by that person and apply appropriate and risk-sensitive measures until such time as the person is deemed to pose no further PEP-specific risk.
As regards reliance on third parties carrying out initial CDD measures, AMLD4 specifically prohibits reliance on third parties established in high-risk third countries identified by the Commission, except in the case of branches or majority-owned subsidiaries of EU-obliged entities where these branches or subsidiaries fully comply with group-wide procedures in accordance with AMLD4.
Under AMLD5, the Commission intends to impose minimum ECDD procedures on obliged entities to ensure greater harmonisation across the EU.
Beneficial ownership registers
Under AMLD4, in order to address perceived deficiencies in transparency around beneficial ownership, corporate and legal entities, trusts and similar structures will be required to hold adequate accurate and current information on their beneficial ownership.
“Beneficial ownership” is defined as any natural person who ultimately owns or controls a corporate or legal entity and/or on whose behalf the entity is conducting its activity. In the case of corporate entities it relates to a natural person who ultimately holds a shareholding/controlling interest or ownership interest of 25% plus one share or ownership interest. The default position is that "if, having exhausted all possible means and provided there are no grounds for suspicion," the relevant entity does not identify a beneficial owner, or if the relevant entity has any doubt as about whether the person(s) identified is the beneficial owner, then the senior managers (including the directors and CEO) of the entity must be entered on the internal register as the "beneficial owners". In such circumstances, the entity must also keep records of all the steps taken to ascertain the beneficial owners. It should be noted of course that in the case of some existing corporate entities, especially UCITS and open-ended AIF funds, there may be not be any beneficial owners who are direct or indirect shareholders because of the broad-based ownership of many such funds. In such cases details of the directors of the fund entity are likely to be required to be entered on the register as the default "beneficial owners". However, at the start up stages of what is intended to be a broad-based ownership fund, the seed investor or investors are likely to be beneficial owners for a period.
Member States must ensure that the information on beneficial ownership is held in a central register that is accessible to competent authorities and FIUs, obliged entities when carrying out CDD measures and those who can demonstrate a “legitimate interest” in the information. Under AMLD5, the Commission has proposed a requirement that details on beneficial ownership be made publicly available and the Parliament appears to be in favour of this proposal. These new requirements on beneficial ownership will be a significant departure for companies and other entities within the EU, particularly if registers are to be made publicly available. It will be challenging and costly for funds to obtain, maintain and update information which must be kept on the central register, particularly in the context of funds that permit dealing on a regular basis.
Trustees will also be required to obtain and hold information on beneficial owners. Where the trust gives rise to “tax consequences”, Member States must also ensure that the beneficial ownership information held by the trustee is held on a central register. This will be an entirely new requirement for fund trustees, as unitholder register details are normally obtained and maintained by the fund's administrator on behalf of the trust fund, not the trustee of the fund. It remains to be seen as to the extent to which certain types of trust fund type arrangements may be included/excluded from the scope of domestic legislation in individual Member States and clarity is being sought by funds industry bodies as to whether or not certain trust funds will be caught by the new requirements. In Ireland, Article 30(1) of AMLD4 (which requires companies and other corporate bodies to gather details on their beneficial ownership) was transposed into Irish law in November 2016 in order to ensure that the information required to be sent to the national central register would be available by 26 June 2017. This currently affects all corporate bodies including UCITS and AIF companies and ICAVs. (See our more detailed article here).
Transposition of AMLD4 in Ireland
AMLD4, save for Article 30(1) which is currently applicable, is due to be transposed generally by way of amendments to 2010 legislation, which implemented the Third Anti-Money Laundering Directive (2005/60/EC) into Irish law.
The Central Bank of Ireland (Central Bank) has indicated that it will be rolling out a new supervisory engagement model for AML/CTF risk during 2017, which is likely to lead to increased on-site inspections. The Central Bank is also likely to publish risk factor regulations and non-statutory guidance based on risk factor guidelines to be issued shortly by the ESAs.
What action needs to be taken by funds?
Like previous AML/CTF directives, AMLD4 is a minimum-harmonisation directive and Member States have the power to impose more stringent measures. Further regulation and guidance can be expected both at EU and Member State level between now and 26 June 2017. Promoters and managers of funds need to undertake preparatory work including:
Compliance with the Irish regulations which transposed Article 30(1) into Irish law.
The requirement for the fund as an “obliged entity” to carry out an AML/CTF assessment under AMLD4 and review the impact this may have on various issues including CDD.
Reviewing the fund’s AML/CTF policy and other relevant documentation (including the contract with the administrator) in the context of AMLD4.
Liaison with the fund administrator to ascertain the preparatory measures that the administrator is taking with regard to compliance with AMLD4, including as to its identification of the fund's beneficial owners and its own policies and procedures and how they will affect the fund.
Contributed By Patricia Taylor of William Fry.