Fourth Money Laundering Directive and revised Wire Transfer Regulation
Key changes to the EU's anti-money laundering and counter-terrorist financing regime coming into effect from 2017: What you need to know
07.09.16 BY Michael Lyons, Oliver Pegden, Louise Baxter, Clifford Chance
On the 25 June 2015, a new package of EU Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) legislation came into effect with the adoption of the Fourth Money Laundering Directive ((EU) 2015/849) (MLD4) and the revised Wire Transfer Regulation (Council Regulation (EU) 2015/847) (WTR2)).
Initially, EU Member States were going to be required to transpose MLD4 into national law by 26 June 2017, with WTR2 planned to come into force on the same date. However, in July 2016, the European Commission published a legislative proposal for various amendments to MLD4, including a stipulation that would require its provisions to be implemented earlier, by 1 January 2017.
In this article we summarise some of the main changes introduced by MLD4 and WTR2 (including the amendments to MLD4 proposed in July) focussing on the key issues for payment services firms.
MLD4 replaces the Third Money Laundering Directive (MLD3) and places greater focus on the use by firms of a risk-based approach in relation to AML and CTF. The amendments to the current regime are not extensive, and the European Commission has said it does not expect firms to be "unduly impacted" by the new changes. However, the changes will have implications for firms and there are some key differences in the new regime that all firms should be aware of.
MLD4 key changes for Payment Services Providers (PSPs)
The following is a summary of some of the key amendments that will affect payment services firms:
· Risk assessments:
MLD4 introduces a new requirement that individual firms formally assess and document the money laundering and terrorist financing risks that their businesses face, taking account of their customers, areas of operation, products and services, transactions and delivery channels. Subject to limited exceptions, firms must make their documented risk assessments available to national competent authorities and must keep them up to date. Firms are also required to formally adopt policies and procedures to mitigate the risks presented, which must be approved by senior management.
· Customer Due Diligence (CDD):
MLD4 reinforces the risk-based approach to CDD requirements under MLD3, removing a blanket set of circumstances in which simplified due diligence (SDD) is permitted. No longer will firms be able to avoid CDD automatically when a customer is another financial institution subject to AML/CTF regulations or a listed company or domestic public authority. Under the new rules, in order to apply SDD, firms must carry out a fact-specific risk assessment and ascertain in each case that the business relationship or the transaction presents a lower degree of risk, taking into account industry guidance and the list of lower risk factors set out in Annex II to MLD4.
Under MLD3, Member States may permit firms not to apply CDD measures with respect to electronic money in certain circumstances. Under MLD4 the circumstances in which that derogation can apply are amended. The new rules provide for a derogation only where:
- the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 250 which can be used only in that Member State;
- the maximum amount stored electronically does not exceed EUR 250 (or EUR 500 for payment instruments that can be used only in that Member State);
- the payment instrument is used exclusively to purchase goods or services;
- the payment instrument cannot be funded with anonymous electronic money; and
- the issuer carries out sufficient monitoring of the transactions or business relationship to enable the detection of unusual or suspicious transactions.
The exemption is not applicable in the case of cash redemption or withdrawal of the electronic money where the amount redeemed exceeds EUR 100.
Member States may require issuers of E-money and PSPs established in their territory in forms other than a branch, and whose head office is situated in another Member State, to appoint a central contact point in their territory to ensure compliance and facilitate supervision with the rules.
· Enhanced Due Diligence (EDD):
MLD4 also broadens the scope of EDD by widening the definition of Politically Exposed Persons (PEPs) to include domestic PEPs, i.e. domestic individuals holding prominent positions in their home country, and by extending the requirement to apply EDD to 18 months after a person ceases to have PEP status. In addition, guidance in the form of a list of risk factors listed in Annex III to MLD4 should be used to assess potentially higher risk situations in which EDD should be applied. This will include where a customer or transaction involves countries blacklisted by the EU on the basis of inadequate AML/CTF regimes.
· Beneficial ownership:
MLD4 requires corporate and legal entities in each Member State to maintain information on beneficial ownership and make this available to a central register accessible to firms for the purposes of performing CDD. This may assist firms in performing CDD but is unlikely to be a panacea as corroboration of that information may still be required on a risk-basis and it will not necessarily be available for companies incorporated elsewhere. In addition, the definition of beneficial ownership has been amended to include senior managing officials where the ultimate beneficial owner cannot be identified.
Note that as a minimum harmonising Directive, Member States are free to adopt measures which go beyond its provisions when implementing the Directive into national law.
July 2016 amendments
On 5 July 2016 the European Commission published further proposed amendments to MLD4 to enhance the AML and CTF procedures already set out in the Directive. The planned changes are expressed to be aligned with the revised Payment Services Directive (PSD2) and the Interchange Fees Regulation. The proposals include:
· Designating virtual currency exchange platforms as "obliged entities" under MLD4 meaning these entities will need to apply CDD when switching virtual for real currencies.
· Lowering the thresholds (from EUR 250 to 150) for non-reloadable prepaid payment instruments to which CDD measures must be applied and removing the CDD exemption for online use of prepaid cards. In addition, anonymous prepaid cards issued outside the EU can only be used in the EU where they can be shown to comply with requirements equivalent to the ones in MLD4.
* Enabling Financial Intelligence Units within each Member State to request information on money laundering and terrorist financing from firms regardless of whether a suspicious transaction report has been made.
* Requiring Member States to set up centralised registries of the identities of holders of bank and payment accounts, or a centralised means of retrieving such data.
* Standardising EDD measures for dealing with natural or legal entities in high risk third countries.
* Requiring Member States to ensure compulsory disclosure of certain beneficial ownership information for companies engaged in profit making activities.
* Excluding closed-loop cards from the definition of E-money.
WTR2 is designed to improve traceability of funds by placing obligations on PSPs to send information on both the payer and payee when making payments. Key changes to the regime set out in the first Wire Transfer Regulation include:
· * A requirement that the PSP of the payer ensures that transfers of funds are accompanied by information on the payee, not only the payer.
· * A requirement that the PSP of the payee verify the accuracy of the information on the payee for transfers of funds of more than EUR 1,000.
· * A provision to clarify that WTR2 will apply to person-to-person transfers of funds made using payment cards, electronic money instruments, mobile phones, or any other digital or IT prepaid or postpaid devices with similar characteristics.
· * A requirement that the PSP of the payee and the intermediary PSPs establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds that lacks the required payer and payee information.
· * A requirement that PSPs establish whistleblowing procedures.
· The derogation for intra-EU transfers continues to apply under WTR2 as it did under WTR (although under WTR2 such transfers must be accompanied by at least the account number of payer and the payee, as opposed to just the account number of the payer, as was the case under WTR). Firms who wish to take advantage of the derogation will need to have in place systems for distinguishing transactions which benefit from the derogation from those that do not.
Current status of MLD4
As noted above, the EU has proposed that the implementation of MLD4 will be brought forward to the end of 2016. Before that can happen, the text will need to be settled and further guidance will need to be issued. However, since the publication of the European Commission's legislative proposal there have been calls for the introduction of the amendments to MLD4 to be delayed. On 11 August 2016 the EBA published an opinion calling, amongst other things, for the Commission to delay the deadline for transposing the amendments to MLD4 to 26 June 2017 (i.e. the original deadline for transposing MLD4 itself)*.
In the meantime, firms should review their existing systems and controls to ensure that they are currently compliant with the existing regime and the changes which will shortly come into effect.