Veriff
Featured image representing AML compliance and regulations.
Blog

An Overview of EU AML Regulations

We take a detailed look into the current anti-money laundering regulations in the European Union, and what they mean for your business on a daily basis.

February 9th, 2022

Share

Share

Love this blog? Why not share it with the world?

It is estimated that in the EU alone transactions with "dirty" money account for about 1.5% of the GDP — that's about 133 Billion EUR (i.e. approx. 157 Billion USD). Money laundering and terrorist financing have been recognized as a real threat by regulators of the EU, resulting in a sizeable new package of legislative proposals on anti-money laundering and countering the financing of terrorism. These are in addition to the already applicable system of AML/CFT and connected directives. The question is how to make sure your business follows all necessary rules when it comes to AML.

In this article, we will give a brief overview of current EU AML regulations (mainly AMLD5) and shed light on the proposed new rules of the future EU AML compliance.  All of this, through the prism of obligated entities (i.e. different businesses responsible for taking AML measures) – meaning, we will describe the main obligations and introduce how we can help you with AML compliance.

For this we will answer the following questions:

  1. What is AML and why it is important?
  2. How is AML compliance regulated in the EU?
  3. What are the main obligations and how do they affect you?
  4. What are the plans in the EU AML compliance?
  5. What you can do to comply and how can Veriff help you?

So let's get straight into question one.

1. What is AML and why it is important?

Anti-money laundering (AML) is a broad term covering all kinds of activities against money laundering. The last being any act trying to bring money from illicit deeds into everyday financial circulation.

For example, a drug dealer is laundering money when he/she is showing money from selling drugs as legal income from an art project or consultancy business, and then later using this money from this illicit source, for buying everyday goods.

So, money laundering means the conversion or transfer of illicit funds into legal funds. Also, concealment of illicit funds and usage and possession of such funds. 'Anti-money laundering' refers to activities and measures taken to fight money laundering.

But why is it important that money laundering is fought against?

The official pages of the European Commission answers this question as follows: “Fighting money laundering and terrorist financing contributes to global security, integrity of the financial system and sustainable growth”.

The global dimension of AML may make it hard to grasp or relate to as a purposeful cause. However, in essence, AML measures are designed to benefit all of us by making it harder to launder money from criminal activities back to legal circulation. Hence, by exercising AML compliance measures market participants (that's everyday people, like us) contribute to a better and safer environment and financial markets.

To help this goal to be achieved the EU has created AML regulations.

You can read more about money laundering from our blog: “What is Money Laundering?”.

You can read more about the meaning of AML and how to differentiate between AML and KYC from our blog: “What is Anti-Money Laundering?”.

2. How is AML compliance regulated in the EU?

 The main obligations of EU AML derive from the AML Directives. Currently, mainly from AMLD4 and AMLD5

The AMLD4 states the main obligations and lays the foundation for AML measures, for example:

  • Widened regulatory scope by imposing obligations to take customer due diligence (CDD) measures on previously unregulated entities e.g. financial institutions, gambling services, some e-money services, etc.;
  • Widened obligations in a risk-based approach e.g. obligation to evaluate geographic location, delivery channels, and service/product specific risks when assessing customer risk profile;
  • Obligations for EU Member States to create centralized ultimate beneficial owner (UBO) registers;
  • Widened obligations to check politically exposed persons (PEP), incl. local PEP (currently not anymore separated from PEP definition).

The AMLD5 changed and amended the AMLD4 adding main following obligations:

  • Mandatory enhanced due diligence obligations for high-risk countries;
  • Obligation for EU Member States to have a public list of PEP positions;
  • EU Member State UBO register was made publicly accessible;
  • Cryptocurrency wallet service providers and cryptocurrency exchange services were added as regulated fields.

The AMLD4 and the AMLD5 are directives, which means that they have to be transposed into EU Member States’ local AML laws. This means that even though in general the AML principles are the same in the EU, there still can be local differences deriving from transposing the directives to the local AML laws. So, depending on the jurisdiction, specific obligations and differences from the directives may apply.

Nevertheless, certain measures are obligatory for many market participants. We will describe the main AML obligations in the following section.

You can read more about the AMLD5 from our blog “A Guide to Anti-Money Laundering (AML) Compliance”.

3. What are the main obligations and how do they affect you?

To make it easier to understand AML for your business, we listed the main AML measures one must take in the course of customer due diligence. Customer due diligence in itself is a set of AML measures.

Starting from the top, an obligated entity must (among others):

  1. Identify its (potential) customer and verify the data - Generally, meaning identification based on a government-issued ID document and an additional source. This is either done face-to-face or via electronic means. It should be noted that there can be strict standards for suitable technical solutions (e.g. liveness check, recorded synchronized sound and video, framing requirements, etc.);
  2. Get information on the structure and logic of the (potential) customer, incl. identifying the ultimate beneficial owner (UBO) of the customer;
  3. Conduct PEP and sanction check;
  4. Understand the customer relationship and transaction; for that getting information on the purpose of the relationship and/or the purpose of the transaction, identifying, e.g. the permanent seat and place of business or place of residence, profession or field of activity, main contracting partners, payment habits, whether the person acts for, or on behalf of, another and, in the case of a legal person, also the experience of the customer or person participating in the occasional transaction;
  5. Report unusual and suspicious activity and transactions to a relevant authority (to local financial intelligence unit – FIU).

This list of the CDD measures is not exhaustive. All of this (and more) should be done for understanding and knowing your customer. It should then be possible to recognize unusual transactions and behaviour that may indicate money laundering.

The logic of AML measures in use must be described in an internal AML procedure document (i.e. AML policy).

It is also important to note that all measures taken must follow the principle of accountability – meaning, an obligated entity must be able to prove that the measures were taken (incl. when and by whom).

Data gathered when implementing AML measures must generally be retained for 5 years, incl. identification data. Together with AML regulations, an obligated entity must also think about applying personal data protection rules.

It is present from the share number of obligatory measures, that good AML compliance needs a thought-out and systematic approach. Effective AML compliance needs all the help it can get from different technical tools and solutions.

In addition to the abundance of different directives and laws – these directives and laws are constantly changing. Changes are needed to keep up with the creative criminal minds and developing tools. EU’s latest response for updating its AML regulations was an ambitious package of legislative proposals consisting of 4 new legislative acts.

You can read more about EU’s personal data protection rules and GDPR from our blog: “The Strongest Set of Rules for Personal Data Protection”.

4. What are the plans for future EU AML compliance?

The EU Commission proposed in July 2021 an ambitious legislative package to strengthen the EU’s AML/CTF rules.

In this section, we will briefly describe planned new rules and what EU Commission is trying to achieve through those initiatives.

The legislative package consists of the 4 following acts:

  1. Proposal for a regulation establishing a new EU AML authority (AMLA) – the creation of a new EU authority that will change AML supervision in the EU and hopefully enhance cooperation among Member State FIUs. The AMLA will be the central authority coordinating Member State authorities;
  2. Proposal for 6th directive on AML/CTF (AMLD6) – the AMLD6 will replace the AMLD4; the AMLD6 will harmonize the definition of money laundering, expand the scope of offenses being considered money laundering, extend the criminal liability for not complying with AML regulations, regulate information sharing between the Member States, etc.;
  3. Proposal for a regulation on AML/CTF - the AML/CTF regulation will consist of directly applicable rules (i.e. no need to transpose to local laws), incl. CDD rules, UBO reporting rules, 10,000 EUR cash limit proposal, etc.;
  4. Proposal for revision of the 2015 regulation on transfer of funds - rules for making it possible to trace crypto-assets.

It is easily visible that the trend in AML is to broaden regulations and scope of obligations and range of obligated entities. There are many AML acts - these directives and regulations are packed with different obligations.

The responsibility of the obligated entity is to figure out how to start, and make sure that, their business’ AML compliance is suitable and adheres to applicable laws and regulations.

5. What can you do to comply and how we at Veriff can help you?

Good compliance starts with a knowledgeable team, a thought-out systematic approach, and good tools. In order to detect and prevent money laundering, one needs to implement AML measures – starting from proper customer due diligence.

Always make sure you know and understand your customer, their business, and transactions. All of which starts from identifying and verifying the customer and its representatives, knowing the structure of the customer  and conducting PEP and sanction checks.

This is where Veriff's complete AML Compliance Solution, and industry-leading identity verification come into play - helping you meet regulations, and know your customers, so your business and your users are safe from criminals across the world.

Remember that you always need to be able to demonstrate that the AML measures have been taken!

Stay up to date on Veriff news, product updates, and more

Veriff will only use the information you provide to share blog updates. You can unsubscribe any time. For more details, check out our privacy policy.

Related articles

What is enhanced due diligence (EDD) in banking?

Blog

What is enhanced due diligence (EDD) in banking?

EDD in banking involves gathering information in order to verify the identity of customers and calculate the exact level of money laundering risk each customer poses. During the EDD process, the customer is asked for a much greater amount of information than they are during the CDD process, as this information can be used to mitigate the risks involved.

What is due diligence in finance?

Blog

What is due diligence in finance?

When carrying out due diligence, a financial institution must determine whether they should perform customer due diligence (CDD) or enhanced due diligence (EDD). This is because FATF guidance suggests that companies should adopt a risk-based approach to due diligence that reflects the specific level of risk that each individual customer presents.

What is synthetic identity theft?

Blog

What is synthetic identity theft?

Synthetic fraud is incredibly dangerous and is a major problem facing the financial sector. Unlike third-party fraud, where an entire identity is stolen and used to defraud enterprises and victims, synthetic fraud frequently has no specific consumer victim.