The industry is currently well occupied in implementing MLD4 – without, as yet, the benefit of the final version of the UK implementing legislation or regulatory guidance. It also knows that further compliance changes are on the near horizon, following Royal Assent for the Criminal Finances Act 2017, which is widely believed to be likely to come into force before the end of the year.
The elephant in the room is MLD5. From the initial (always unrealistic) pressure from Europe to amend MLD4 and bring it into force in January 2017, we are now at the stage where MLD4 is to be implemented in June as originally planned, and as originally adopted. At the time of writing, it seems inevitable that the implementation date will be before the Commission's list of high-risk jurisdictions is finalised, given that the European Parliament has just rejected the Commission's amended list. We also await finalised guidance from the ESAs, and there has been no indication of when this will be available. The UK implementing measures and guidance may need further change, depending on the finalised text of these.
What will MLD 5 do?
The European Commission was keen to bring in changes to MLD4 as soon as possible, largely to cover the money laundering risks presented by new technologies and to bring in more stringent beneficial ownership thresholds for vehicles traditionally used for money laundering and terrorist financing. The changes relate to:
- Inclusion of virtual currencies – but debate over precisely what to cover
- Removing some of the current exemptions for certain lower risk pre-paid instruments
- Setting a lower beneficial ownership threshold – of 10% - in relation to passive non-financial entities
- Requiring public access for limited beneficial ownership information
- Setting up central registries (again with some public access) for beneficial ownerships of trusts
- Giving financial intelligence units more powers over obliged entities even where no suspicious activity report (SAR) has been filed
- Requiring Member States to set up registers that would enable regulators and enforcement agencies to identify the beneficial owners of bank and payment accounts.
The Presidency's negotiating mandate
The latest Compromise proposal from the Presidency of the EU, which forms its negotiating mandate, was published in December 2016. The recitals stress, among other things:
- That, currently, providers of exchange services between virtual currencies and "fiat" currencies, and custodian wallet providers are under no obligation to identify suspicious activity so it is essential to bring these providers within the scope of "obliged entities" under MLD4
- There are currently differences in how each jurisdiction requires EDD to be applied in relation to high risk jurisdictions, and there should be a consistent approach
- The risks of terrorists using anonymous pre-paid cards are such that existing thresholds below which identification requirements do not apply should be lowered, and restrictions placed on the use of pre-paid cards issued from outside the EU
- FIUs do not always have the necessary investigative and information gathering powers
- Firms should be able to make use of the latest technology when carrying out their identification and verification exercises
- There should be a clearly articulated expectation to monitor regularly certain categories of existing customer
- Significant work is needed on sharing of beneficial ownership information and on ensuring that trusts and similar legal arrangements are registered where they are administered. Generally, there should be similar arrangements for access to information about beneficial ownership of trusts as apply to companies. Member States should assess when firms have a legitimate interest that should allow them to access this information
- As the amendments suggested are urgent, they should be required to be transposed within 12 months of adoption of the changes, with access to registry information within 18 months and interconnection of EU registers within 24 months.
Within the proposals (some of which have been watered down, and some strengthened since the original proposal), key clauses include:
- New definitions for "virtual currencies" and "custodian wallet providers"
- A lowering of the limit for identification in relation to pre-paid cards to €150, and with further safeguards for certain transactions that exceed even €50
- Allowing the use of anonymous pre-paid cards from third countries only where they meet EU standards
- Where the business relationship or transaction involves a high risk third country, requiring Member States to legislate for obliged entities to obtain additional information on the customer, beneficial owner, nature of the business relationship and reasons for the proposed transaction, source of funds and source of wealth of both the customer and the beneficial owner, and for them to get senior management approval for the relationship and conduct increased monitoring. It also requires a number of less prescriptive enhanced diligence measures (but that, nevertheless, may include terminating or refusing to enter into relationships)
- A recognition that certain domestic PEPs may be lower risk
- Setting out the requirements on Member States to ensure information on beneficial owners is accessible, among other things and to the appropriate extent, to people who can demonstrate a legitimate interest in knowing it
- Extending the requirement to hold beneficial ownership information to trusts and other legal arrangements that have a similar structure, and that this information be held in a central beneficial ownership registry – and again can be accessed by persons who have a legitimate interest in knowing it
- Setting out provisions for the interconnecting of registers
- Requiring the Commission to make implementing acts on developing systems to help with transparency and interconnectivity
- Requiring Member States to put in place centralised automated mechanisms to allow identification of those who hold or control payment accounts
- A requirement on Member States and the ESAs to tell each other where a third country's law hinders the application of appropriate policies
- A requirement on Member States to ensure providers of virtual currency exchange services and custodian wallet providers are registered, that currency exchange and cheque cashing officers, and trust or company service providers are licensed or registered and that providers of gambling services are regulated
- Clarifying which Member State is responsible for supervising the AML compliance of groups that operate in a number of EU jurisdictions.
The proposal still requires an implementation date of 26 June 2017, which is clearly not going to happen.
The European Parliament stance
It has gone quiet on the EP front since March, when a report from the Committees of Economic and Monetary Affairs and the Committee on Civil Liberties, Justice and Home Affairs was published. The next stage is for the report to be adopted by the EP in plenary session, but there is no indication of when this might happen.
In the Committees' report, there are a number of proposed amendments to the Commission's draft proposal. It makes for a confusing read, as some of the Commission's proposals have been either deleted or significantly amended by the Presidency. Key among these are:
- The need for the Commission to be able to evaluate the strength of national AML regimes and their enforcement
- The fact that the beneficial ownership threshold does not distinguish between genuine entities and those that have no active business, and that it is therefore important to establish a specific threshold from which indication of ownership should be inferred and that this threshold should be enough to cover most situations (the current Presidency Compromise has deleted this recital in its entirety). The Committees do, however, propose to delete the Commission's proposal that to set a level of 10% for entities that are passive non-financial entities
- That it is important for financial institutions to be able freely to exchange information to help identify when criminals are moving moneys between financial intermediaries
- Bringing within the scope of obliged entities letting agents, persons trading in works of art and other valuables including auction houses
- Including offences relating to taxes and indirect taxes within the scope of relevant offences
- Providing more guidance to the Commission and the ESAs on their respective duties to carry out and publish risk assessments
- Requiring the Commission to put in place experts to audit compliance of Member States.
The UK government, some time ago, expressed its concerns about some of these proposals, particularly on making public information on trust ownership where the trusts are private arrangements. It would limit the register to administered trusts. It was also concerned that the 10% threshold for some companies could cause confusion in complex corporate structures, with different limits applying to different entities within the group.
It is unclear what compromise will now be reached, although the Maltese Presidency of the EU was keen to try to reach agreement by the end of its term (so, by the end of June 2017). The challenges will surround both getting the wording right on issues which everyone agrees are important, but must be defined appropriately (such as virtual currencies), and on agreement on the more controversial issues (in particular, on imposing differing thresholds for the beneficial ownership tests).
What is clear, however, is that firms must carry on implementing MLD4, without the benefit of knowing what changes they will need to make in respect of MLD5, or when.