Anti Money Laundering (AML) and Securitization: There is a way to ensure compliance

Luxembourg has implemented applicable EU and international rules and standards regarding Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF). Against the heightened risk associated with financial transactions globally, increased regulatory watch has resulted in severe penalties, including hefty fines and imprisonment.

Luxembourg’s regulatory framework

In Luxembourg, the main legal framework related to AML/CTF is the law of 12 November 2004 on the fight against money laundering and terrorist financing, as amended in 2020 (AML Law), the Grand Ducal Regulation of February 2010, as amended in 2020, and the law of 13 January 2019 related to the “registre des bénéficiaires économiques” (RBE). The AML Law is complemented by several regulations and circulars issued by competent regulatory authorities, such as CSSF Regulation No. 12-02 of 14 December 2012 (as amended by the CSSF Regulation 20-05 dated August 2020) on the fight against money laundering and terrorist financing for the financial sector, and the CSSF Circular 17/650, as amended by the CSSF Circular 20/744, which aims to provide guidance on the extension of the offence of money laundering to aggravated tax fraud and tax evasion (which included new indicators such as complex investment structuring, use of investment transactions on unregulated markets with intermediaries located in jurisdictions not subject to the automatic exchange of information, etc.). There is also the CSSF Circular 21/782 about the adoption by the European Banking Authority (EBA) of the revised guidelines, on the risk-based approach to money laundering and terrorist financing risk factors.

Luxembourg’s AML framework is largely influenced by EU harmonization efforts in this area, with the EU having issued AML directives (Directive 2015/849/EU (AMLD 4) and Directive 2018/843/EU (AMLD 5)) on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.

Luxembourg is also a member of the Organization for Economic Co-operation and Development (OECD) and a member jurisdiction of the Financial Action Task Force (FATF) and is expected to comply with the FATF Recommendations (as well as their guidances published in October 2018 on the securities sector).

AML risks in securitization undertakings

First, it has to be considered that an indication of the applied AML/CTF procedures is required for securitization undertakings providing services to companies and trusts, as part of the list of information to be provided to the CSSF for authorization as a securitization undertaking.

As per the last report on the National Risk Assessment of Money Laundering and Terrorist Financing performed by the Luxembourg Government and issued on 15 September 2020, globally the inherent ML/TF risk of investment sector in Luxembourg is considered as “High”, mainly due to market fragmentation in terms of the number of providers, the high volume of retail and institutional investors, and the heavy reliance on cross-border distribution.

However, the sub-sector risk of regulated securitization vehicles1 is assessed as “Medium”, mainly due to the fact that notes are distributed by MiFID firms, and that regulated securitization vehicles have a Luxembourg banking institution for custody of their assets/securities, thereby ensuring indirect AML/CTF supervision and further limiting ML/TF risk.

As a sidenote, the Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS) status has to be determined for each securitization vehicle, which further necessitates other due diligence and reporting obligations. 

AML challenges faced by Securitization Undertakings

The identification of the ultimate beneficial owner (UBO) is not easy, and the set-up of identification processes can be complex. As always, for Know Your Customer due diligence, the analysis of the “who is ultimately owning or controlling” the structure should be duly documented and formalized.

In accordance with Article 1 (7) of the AML Law, UBO shall mean “any natural person(s) who ultimately owns or controls the customer or any natural person(s) on whose behalf a transaction or activity is being conducted”. This concept of UBO shall include at least, in the case of corporate entities: 

(i) any natural person who ultimately owns or controls a legal entity through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that entity, including through bearer shareholdings, or through control via other means (…). A shareholding of 25% plus one share or an ownership interest of more than 25% in the customer held by a natural person shall be an indication of direct ownership. (…); 

(ii) if, after having exhausted all possible means and provided there are no grounds for suspicion, no person under point (i) is identified, or if there is any doubt that the person(s) identified are the beneficial owner(s), any natural person who holds the position of senior managing official.

Such information has to be reported in the national central register as required by the law. 

The complex nature of UBOs and noteholders in securitization vehicles

A literal interpretation of the definition above will lead to identification of the shareholders of the Securitization Undertaking/Vehicle (SV) as the UBOs, regardless of whether they hold, in practice, any control or ownership over its assets. 

On the other hand, it is worth mentioning that the noteholders will not hold shares (equity) and accordingly will not hold any voting rights in the SV (control). 

For this reason, noteholders who own debt, get the return and bear the risk in SVs are almost never considered as UBOs due to the legal nature of the instrument (notes), which does not result in voting right or decision making.

Despite not falling within the legal definition of UBO, in some instances noteholders could be considered as “exercising control by other means” if they have a dominant influence over the SV. In addition, from an AML standpoint, noteholders are investors in the company and its primary source of funds, hence an AML assessment of the noteholders, particularly when they hold more than 25% of the debt issued by the company, is recommended to cover the risk that they used the structure for money laundering purposes.

It must be noted that the guidance issued by the Luxembourg RBE does not cover this problem related to SVs and does not examine the case of noteholders.

Increased difficulties in SVs with orphan structures

A typical orphan SV is an entity whose share capital is not held by a natural person nor a commercial company, but by a foreign foundation or trust, such as, for example, a Dutch “Stichting”, which does not have an economic interest or exercise control over the SV and is typically set up by a service provider mandated by a related party to the SV (e.g., the arranger, the originator or the investment manager).  In addition, in the case of the Dutch “Stichting”, the lack of control as per the accounting principles also aligns with the understanding of AML Law.

However, pursuant to CSSF Circular 19/732 providing Clarifications on the Identification and Verification of the Identity of the Ultimate Beneficial Owner(s)), paragraph 26., where a legal entity (i.e., the SV) is entirely or partially owned by a trust (a Stichting for instance), the rules on identification of the UBO of legal entities and trusts apply simultaneously. 

The application of the UBO definition for corporate entities and trusts, together with the (limited) guidance available for SVs, has led to different interpretations in the case of SVs with orphan structures. Whereas some market players may identify the parties to the foundation, trust or Stitching as the UBOs (which is not ideal considering these structures do not have real economic beneficiaries and are usually incorporated under foreign law), in the majority of cases the directors of the SV are identified as UBOs “by default”. 

Board members as UBOs of SVs

Thus, in most cases, board members are considered as UBOs of the entity. The CSSF has raised some concerns about the trend to report board members of a corporate services provider as controllers in the RBE. It rightly points to the extent to which the current RBE effectively reflects who controls and/or benefits from a securitization structure.

The multi-nationality workforce in Luxembourg resulting in different nationalities of board members of SVs results in increased risks to the SVs on technical grounds (considering the country risk in accordance with FATF/OECD guidelines).

In the Luxembourg market it is still not conclusive just how to deal with such securitization undertakings and a varied practice is being followed.

Specific focus on Know Your Assets 

As a reminder, the following AML obligations and controls are applicable:

1. Obligation to perform initial and ongoing AML/CTF asset due diligence following an established risk-based approach and to apply appropriate due diligence measures to ensure that relevant ML/TF risk are duly mitigated. The residual risk of the investment shall be regularly reviewed and due diligence measures adapted in case of any changes
2. Obligation to implement AML/CTF policies and procedures in relation to the due diligence and oversight process applicable to the assets
3. Obligation to implement a risk appetite statement in line with the risk exposure that the company is willing to take
4. Obligation to perform the ML/TF risk analysis inherent to the investment activities, including identification, assessment and understanding ML/TF risks specific to each asset type
5. Obligation to perform Targeted Financial Sanctions/Proliferation Financing (TFS/PF) controls on all assets and relevant parties connected to the transactions
6. Obligation of record-keeping of AML/CFT due diligence controls
7. Obligation to report any AML/CTF suspicious activity or transaction to the relevant authorities
8. Obligation to establish a written annual AML/CTF risk analysis report including the results of due diligence conducted on assets

Regarding the expectation posed by the regulator on which “asset” the AML due diligence has to be performed, article 34 of the RCSSF 12-02, as amended, has to be considered: “(2) In the framework of investment business, the professionals shall carry out an analysis of the ML/TF risk posed by the investment and take due diligence measures adapted to the risk assessed and documented. Such analyses shall be formalized. The risk analysis on investments shall be reviewed annually and when particular events require it.”

For an SPV, the due diligence has to be performed, with specific consideration being given to, what is owned and for which purpose (services, investors, investments). AML due diligence must be performed on all types of the following assets: securities (bonds, equities), structured products and derivatives.

How can you ensure compliance?

Adequate checks should be performed at the time of onboarding SVs, to ensure the purpose and the nature of transactions are well understood, whether at the audit firms or at the corporate service providers. 

The identification of UBOs is to be assessed on a case-by-case basis and particular attention should be paid to assessing whether there is any individual exercising control via other means over the SV. It must be noted that the CSSF Circular 19/732 provides a very broad list of non-exhaustive indicators to be considered when determining whether a natural person is controlling a legal entity through other means. In the context of SVs, the following criteria is particularly important: “With regards to special purpose vehicles, the indirect party bearing the majority of risks and opportunities of the party directly involved to achieve a narrowly and precisely defined objective of the parent company; etc.”

Where board managers are reported as UBOs in the RBE, complete documentation should be made available in case the competent authority should request it. 

According to FATF guidance for a risk-based approach for the securities sector, the following issues have to be considered by securities providers for customer due diligence procedures:

• “Purpose and intended nature of business: A securities provider should ensure it has a clear understanding of expected activity (e.g. transaction type, size or frequency) to support ongoing transaction monitoring. (…)
• Beneficial ownership structures: Where a customer appears to have a less transparent beneficial ownership or control structure, including the presence of corporate vehicles, nominees or private legal arrangements, a securities provider should ensure to undertake reasonable steps to verify the identity of beneficial owner(s). Securities provider should also consider whether the opacity of the ownership structure or the identity of one or more beneficial owners is an indicator of elevated risk and whether it is a cause or not for not performing the transaction or terminating the business relationship and considering making a suspicious transaction report.
• Source of wealth and funds: Under the RBA, a securities provider should take reasonable measures to establish the source of wealth and source of funds of relevant parties.”

A compliance officer should be appointed to ensure compliance with laws and circulars related to AML/CTF. In addition, senior management must implement appropriate internal controls and governance, be aware of the ML/TF to which they are exposed and define mitigating measures, and ensure appropriate training and awareness programs, and cooperation with authorities.

How can EY help?

We can offer our services in following areas:

• Review of the AML framework or gap analysis
• AML/CTF remediation support (Know Your Customer/ Know Your Transaction/ Know Your Assets/ Know Your Distributor/ Know Your Investor)
• Staff and director training
• Review of specific relationships (clients, distributors, investors, among others)
• Onboarding assistance, due diligence services
• AML tax services: AML tax impact assessments, KYC and KYT tax onboarding remediation assistance, review of AML tax procedures and AML tax workshops on applicable AML tax circulars

¹Regulated securitization vehicles are securitization undertakings governed by the law of 22 March 2004 on securitization that issue securities to the public on a continuous basis.