Insights

On the 19th June 2024, the EU AML/CFT Legislative Package was published in the EU Official Journal, which includes a set of legislative texts, comprising of two regulations and a directive, proposed by the European Commission to strengthen the EU’s framework and its financial system against money laundering and financing of terrorism. The main scope of the new AML/CFT legal package is to harmonise ways in addressing financial crime across the EU, improve transparency, and create better communication channels between EU Member States and authorities.

Legal acts and application date

1. Regulation (EU) 2024/1624 – AML/CFT Regulation (“AMLR”) which came into force on 9th July 2024, and will officially apply from 10th July 2027, although, certain provisions relating to football agents, and professional football clubs deemed as subject persons, will apply on 10th July 2029.
2. Regulation (EU) 2024/1620 – AMLA Regulation (“AMLAR”) which came into force on 26th June 2024, and will officially apply from 1st July 2025, although certain provisions started to apply from 26th June 2024.
3. Directive (EU) 2024/1640 – 6th Anti-Money Laundering Directive (“AMLD6”) which came into force on 9th July 2024, and will officially apply from 10th July 2027, repealing the 4th Anti-Money Laundering Directive – Directive (EU) 2015/849. EU Member States are obliged to transpose the AMLD6 into national legislation by 10th July 2027. However, it is worth mentioning that:

• • Provisions under Article 74 relating to the central registers of beneficial ownership of corporates and trusts must be transposed by 10th July 2025;
  • Provisions under Articles 11–13, and 15 pertaining to beneficial owner registers must be transposed by 10th July 2026; and
  • Provisions under Article 18 relating to access to real estate information must be transposed by 10th July 2029.

Overview of the Legislative Package

1.The AMLR

The AMLR provides a uniform set of rules for EU Member States to combat money laundering and the financing of terrorism, limiting discrepancies in national implementation of the earlier AML Directives. The salient changes introduced by the AMLR include:

1. Extension of the list of “obliged entities” to cover other services including crypto-asset service providers (“CASPs”), crowdfunding service providers, dealers in precious metals, precious stones and high-value goods as their regular or principal professional activity, investment migration operators, professional football clubs and agents, and non-financial mixed holding companies.
2. Stricter CDD obligations for occasional transactions whereby the limit to conduct CDD for an occasional transaction is lowered from €15,000 to €10,000. For CASPs stricter rules apply whereby CDD is required for transactions below €1,000.
3. Requiring obliged entities to screen their customers and beneficial owners against lists of persons or entities designated under targeted financial sanctions, as well as to have in place internal policies, procedures and controls to mitigate and manage the risks of non-implementation and evasion of targeted financial sanctions.
4. Additional EDD requirements for obliged entities specifically when credit and financial institutions deal with large amount of assets for high net-worth individuals, and obliged entities undertake occasional transactions and/or business relationships with customer having links with high-risk third countries whose AML/CFT shortcomings pose a threat to the integrity of the EU’s internal market.
5. Restricting cash payments limits to €10,000. EU Member States will have the option to legislate lower thresholds than €10,000. Furthermore, obliged entities will be now required to identify and verify persons carrying out an occasional cash transaction amounting between €3,000 and €10,000.
6. The beneficial ownership threshold now set at 25% (rather than the previous 25%+1 threshold of shares, voting rights, or ownership interest). Member States have a derogation to apply a lower threshold of a minimum of 15% for legal persons bearing high ML/FT risk.
7. The European Commission’s assessment of high-risk jurisdictions will be now based upon the listings determined by the Financial Action Task Force (“FATF”).
8. The definition of a PEP is extended to also cover siblings of PEPs in cases when PEPs involve heads of state, heads of government, ministers, and deputy or assistant ministers.
9. New ongoing monitoring rules apply for obliged entities whereby a 5-year period applies to all customers when updating their client-profile. For high-risk customers, updates shall be carried out on an annual basis.
10. A list of internal policies, procedures, controls and risk assessments to be adopted and carried out by obliged entities to identify, assess and mitigate the ML/TF risks in their operations will be clearly specified and explained in more detail.
11. A more detailed guidance on the outsourcing of certain AML/CFT tasks to third parties by obliged entities, whereby the Regulation includes a list of services that cannot be outsourced.

2.The AMLAR

The AMLAR establishes the Anti-Money Laundering Authority (“AMLA”), which will be situated in Frankfurt, and acting as the EU’s money laundering watchdog ensuring effective enforcement of the EU’s rules on fighting money laundering and the financing of terrorism. AMLA’s main duties include:

1. Direct supervision on the high-risk obliged entities in the financial sector, predominantly those credit and financial institutions, including crypto asset service providers, having operations in at least 6 Member States.
2. Oversight on the non-financial sector, providing support to the national supervisors by carrying out reviews and investigations leading to possible breaches in the application of the AML/CFT framework.
3. Coordination and harmonisation, whereby AMLA will establish common standards and practices for FIUs to ensure harmonized enforcement and will work closely with FIUs to reduce regulatory gaps.
4. Assistance to Financial Intelligence Units (“FIUs”) with the review and analysis of suspicious transactions and the detection of other possible money laundering practices, as well as the development of IT tools for FIU information sharing.
5. Issuance of regulatory and implementing technical standards, guidance notes, recommendations, and opinions, as well as the management of a holistic AML/CFT database to collect and assess information gathered from supervisory authorities and FIUs.

3.The AMLD6

The AMLD6 establishes rules and procedures to be followed at a national and supranational level by EU Member States and EU authorities, and other aspects, including the following:

1. The Supranational Risk Assessment (“SNRA”) carried out by the European Commission should now include risks relating to the non-implementation and evasion of targeted financial sanctions.
2. EU Members States are required to conduct National Risk Assessments (“NRA”) every four (4) years, also factoring in risks relating to the non-implementation and evasion of targeted financial sanctions.
3. EU Members States are required to set up central beneficial ownership registers, and provide immediate, unfiltered, direct and free access to information for FIUs, other competent authorities and self-regulatory bodies, whereby authorities maintaining the register of beneficial owners will have the power to carry out inspections at the premises of legal entities registered, in case of doubts regarding the accuracy of the information in their possession.
4. EU Members States are required to set up bank account information registers, including identification information of natural or legal persons holding or controlling payment, banking and/or securities accounts, crypto-asset accounts and safe-deposit boxes, and provide immediate, unfiltered, direct and free access to such information to FIUs and AMLA throughout joint compliance assessments.
5. EU Members States are required to set up real-estate registers including identification information of real estate property and beneficial owners owning such property, which should be accessible to competent authorities via a single access point to facilitate access for data during property-related criminal investigations.
6. Main responsibilities of FIUs within EU Member States which inter alia include prompt and direct access to financial, administrative and law enforcement information, including tax information, information on funds and other assets frozen pursuant to targeted financial sanctions, information on transfers of funds and crypto-transfers, national motor vehicles, aircraft and watercraft registers and customs data.
7. Regulatory actions and sanctions applicable to obliged entities for serious, repeated or systematic breaches of certain provisions of AMLR and different measures to consider the type and level of regulatory action and/or sanction to be imposed.

Way Forward

The new rules will come into force gradually, and therefore subject persons are encouraged to become acquainted with the new AMLR requirements and identify any gaps in their operations to ensure compliance with the new regulatory requirements as well as providing the necessary training to staff members and employees.