The EU’s 4th Anti-Money Laundering Directive and its implication for business

By Wayne Johnson | 10 March 2017

Wayne Johnson - Co-Founder and CEO, Encompass Corporation

On June 26 compliance with the EU’s Fourth Anti-Money Laundering Directive (AML4) by Member States becomes compulsory. Designed to boost defences against money laundering and terrorism financing, and inspire greater confidence in the workings of the financial industry, AML4 was adopted by the EU Commission in April 2015, with member states given two years to write the directive into National Law. AML4 largely implements the recommendations of the Financial Action Task Force, the international standard bearer for the prevention of money laundering and terrorism financing.

The effects of these enhanced regulations on the financial services industry will be significant. HM Treasury is currently consulting on the implementation of AML4 into UK law. Despite voting to leave the EU, the way in which AML4 is implemented here in the UK is unlikely to change.

So how does AML4 differ from AML3, what steps should business be taking to ensure they are fully compliant, and are there any, perhaps unintended, consequences that business should be aware of?

The overarching aim of AML4 is to provide greater transparency in financial transactions, making it easier for authorities to identify those institutions that may be deliberately engaging in money laundering activities. The new regulations have wide reaching effects, affecting Customer Due Diligence (CDD), the vetting of Politically Exposed Persons (PEPs), risk assessments, and the ways in which beneficial owners are identified.  

In contrast to AML3, AML4 places a greater emphasis on risk analysis; the emphasise that point, the word ‘risk’ appears 149 times in AML4 compared to just 36 times in AML3. There is a new requirement for member states to have a National Risk Assessment. The focus on risk itself may not be new, but AML4 requires firms to more thoroughly document their risk-based approach.

Whereas under AML3 banks and financial institutions could have differing layers to their CDD policies that varied according to the customer, AML4 sees Customer Due Diligence (CDD) policies standardised. In addition, there is no longer any automatic exemptions from enhanced CDD (often referred to as ‘Enhanced Due Diligence’ or EDD). In those cases where CDD would have been exempt, now simplified CDD must be undertaken with institutions required to evidence why, in every case, simplified CDD was chosen. With regulators likely to be even stricter in their enforcement of a risk based approach to AML/CTF compliance, it’s imperative firms ensure policies are fully enacted and evidenced. 

AML4 also standardises the implementation of national laws, regardless of a business’ location, meaning the same due diligence must be carried out on a customer regardless of whether they open a facility in London or Lisbon.  

The rules around Politically Exposed Persons (PEPs) are strengthened too, with the directive stating the need to identify and take appropriate action with regards to domestic PEPs as well as foreign PEPs, meaning existing customers may well be affected. There’s also more clarity as to what constitutes a PEP, with the directive now defining parents, spouses, partners and even children as ‘Politically Exposed’.

With the increased scrutiny of PEPs comes a word of warning, highlighting that that the “requirements relating to Politically Exposed Persons are of a preventative and not criminal nature” and going on to state that: “Refusing a business relationship with a person simply on the basis of the determination that he or she is a politically exposed person is contrary to the letter and spirit of this Directive…” 

AML4 also places greater emphasis on justification: Firms must be able to evidence why certain steps have been taken with regard to AML/CTF risks. They must also able to evidence why they have chosen either enhanced due diligence or simplified due diligence when onboarding and monitoring customers. In this, AML4 is considerably more robust than AML3. Institutions must be able to provide evidence to regulators that they have taken all necessary steps to assess, understand, identify and mitigate the risks of money laundering and terrorism financing. 

Perhaps the most radical change from AML3 to AML4 is the requirement for each member state to have a central register of Beneficial Owners – information that must also be made available when required to the Central Bureau of Investigation as well as banks, law firms or indeed any individual or organisation that has a legitimate interest. In the past, complex corporate structures have at times made it difficult to identify beneficial owners, causing authorities to resort to company statements in order to identify a beneficial owner. This requirement for each member state to have their own central register injects a new level of transparency, and in doing so realises a key aim of AML4. 

Each member state has differing approaches to access and charging for access to its central register. But in the UK this is one area where we are already well ahead: Companies House (where the Persons with Significant Control (PSC) register will be held) has both open publication and free access.

AML4 contains a robust set of regulations that, regulators hope, will result in business making their customer due diligence processes more robust. Falling foul of the regulators could be costly, resulting in sanctions as well as fines, which for Financial or Credit institutions could be up to €5m or up to 10% of a holding company’s annual turnover, plus the inevitable reputational damage that would follow.

Implementing these regulations will require businesses to re-think their current approaches to KYC as additional manpower, new technology, resource and improved process are called for. In short, the impact will be far reaching - the cost of which could well be picked up by the consumer.