Hoofdstuk 1
The Action plan and the current regulatory framework
A single EU rulebook gives the EC the opportunity to revisit and improve the current AML/CFT framework.
On May 7, 2020 the European Commission (EC) published its action plan to further strengthen the European Union’s (EU) fight against money laundering (ML) and the financing of terrorism (FT). 1 Legislative proposals to realize this action plan are expected next month (July 2021). The action plan builds on six pillars, each of which is aimed at shutting down any remaining loopholes and removing any weak links in the EU's rules against ML/FT and strengthening the EU’s global role in this area. One of these pillars is the delivery of a reinforced rulebook.
Whereas the EU legal framework already provides the Member States with a comprehensive regulatory environment to combat ML/FT, the EC noticed that the current approach to this legislation has resulted in diverging implementation of the framework across Member States. Such fragmented legislative anti-money laundering and countering the financing of terrorism (AML/CFT) landscape leads to additional costs, burdens for those providing cross-border services and causes regulatory shopping, with businesses registering where rules are more relaxed. To combat this, the EC plans to develop with a more harmonized set of rules in the second quarter of 2021.
In parallel to the adoption of its action plan, the EC issued a public consultation to gather the views of citizens and stakeholders on the proposed measures.² The feedback period ended on August 26, 2020. The EY organization submitted its response on August 24, 2020 and addressed a letter to the EC illustrating its main recommendations to improve the EU’s AML regulatory framework.³ On March 3, 2020 the EC also issued a call for advice to the European Banking Authority (EBA) for defining the scope of application and the enacting terms of a regulation to be adopted in the field of preventing ML/FT.⁴ Following this call, the EBA published a report in which it sets out how the EU’s legal framework should be amended to tackle vulnerabilities linked to divergent national approaches and gaps in the EU’s AML/CFT defenses.⁵
Minimum harmonization and open standards
Part of the ambiguity of the current regulatory framework is caused by the use of open standards in the applicable rules and the fact that the current Anti-Money Laundering Directive (AMLD) is a minimum harmonization directive. Minimum harmonization allows Member States to impose stricter rules, which is considered necessary in some cases to accommodate different national approaches as well as to facilitate a flexible response to specific local ML/FT risks. For example, in The Netherlands the Trust Company Service Provider (TCSP) sector is relatively large due to, among other things, the Dutch fiscal climate. On top of that, the services of TCSPs are considered as high risk, mainly because TCSPs often provide services to companies with complex ownership structures. To mitigate these risks, The Netherlands has imposed stricter rules in addition to the rules set out by the AMLD.⁶ In its response to the EC’s public consultation, The Netherlands highlighted its fear that harmonization of these rules by the EC would result in less strict rules being applied to this sector in The Netherlands compared to the current situation.³
Whereas flexibility is, thus, necessary to allow Member States to respond to specific local ML/FT risks, it has also resulted in diverging implementations across Member States, undermining the effective functioning of the current EU’s AML/CFT framework.
Harmonization through directly applicable EU law
To limit divergences in the interpretation and application of the rules, the EC considers it essential to turn certain parts of the AMLD into directly applicable provisions set out in a regulation. Opting for a regulation rather than a directive will eliminate the need for national transposition in these areas and, therefore, ensure a consistent approach to AML/CFT compliance, supervision and enforcement. According to the EC, the regulation should at a minimum include the provisions/requirements related to:¹
- List of obliged entities
- Structure and tasks of supervision
- Tasks of FIUs
- Customer due diligence
- Electronic identification and verification
- Record keeping
- Internal controls
- Reporting obligations
- Beneficial ownership registers
- Central bank account mechanisms
- Ceiling for large cash payments
- Freezing powers for FIUs
- Sanctions
Public consultation – The Netherlands and the EY organization
In its public consultation the EC asked the public whether it agrees with its selection and what other provisions should be harmonized through a regulation. The Netherlands highlighted that the provisions the most important to further harmonize are those concerning customer due diligence, record keeping, reporting obligation, internal controls and administrative sanctions. Criminal sanctions, on the other hand, should remain within the competence of the Member States. Furthermore, the Netherlands disagrees with the EC’s suggestion to incorporate the provisions laying down the tasks of FIUs, the provisions related to beneficial ownership and those related to central bank account registers in a future regulation.³
In its response to the public consultation, EY teams have presented itself as a strong proponent of far-reaching harmonisation.³ It agreed with all topics the EC suggested to turn into directly applicable rules by include them in a regulation. EY teams agree that including these topics into a regulation will facilitate faster and more harmonized implementation of the current AML/CFT framework. Moreover, the EY organization suggested to include strengthened/new provisions regarding information sharing in this new regulation, since this would help obliged entities with the data protection issues they are currently facing, and more particular the uncertainty regarding the intercommunication between data protection and AML/CFT provisions.
Call of advice to the EBA
In its response to the call of advice launched by the EC, the EBA refers to review work performed by the European Supervisory Authorities (ESA) over the last 5 years to evidence that the harmonization of the legal framework by means of directly applicable provisions is necessary in at least the following areas:⁴
- Customer due diligence
- Occasional transactions
- AML/CFT systems and controls
- Supervisory ML/TF risk assessments
- Cooperation
- Sanctions and other corrective measures
The ESA’s review work⁷ suggests that divergence in national rules and practices related to these topics are considered to have had a significant, adverse impact on the prevention of the use of the EU’s financial system for ML/TF purposes. Further harmonization of these rules by means of directly applicable provisions included in a regulation is thus necessary to avoid regulatory arbitrage, provide legal certainty and a level playing field for market participants.
Whereas the implementation of these core requirements in a regulation could decrease the risk of diverging implementation, these directly applicable rules could also take away the current flexibility left to the Member States to tailor the rules to their specific situations. The EBA recognizes in its report that the nature of AML/CFT supervision and compliance requires flexibility and discretion, in particular where this is necessary to address specific ML/TF risks.⁴ Both the EY organization and The Netherlands recognize as well the need for national competent authorities, as first line of defense in the fight against ML/FT, to retain some discretion with regard to adopting additional measures in specific circumstances.
The EC thus has the difficult task of striking the proper balance between the following two interests:
i. precise and detailed rules that are less subject to diverging implementation, and
ii. flexibility to accommodate different national approaches and to facilitate a flexible response to specific local ML/FT risks.
The EBA is convinced that this need for flexibility can be combined successfully with setting rules by means of a regulation rather than a directive, and refers to the new European Market Infrastructure regulation (EMIR)⁸ as a useful precedent in this context.⁴
The fact that certain topics should be turned into a regulation does however not mean that other topics cannot remain part of a directive. Similar legislative packages, consisting of a regulation and a directive, have been observed with regard to, for example, capital requirements (CRR and CRD)⁹ and financial instruments (MiFIR and MiFID)¹⁰. Such packages give the EC the opportunity to not directly convert the whole AMLD into a regulation, but to focus on those topics for which full harmonisation is necessary to achieve better outcomes in the fight against ML/TF across the EU.
Hoofdstuk 2
Further harmonization through delegated or implementing acts
Empowerments to adopt more detailed rules through delegated or implementing acts, could lead to further harmonization.
Adoption of detailed rules through delegated or implementing acts
According to the EC further harmonization could also be achieved by means of empowerments to adopt more detailed rules through delegated or implementing acts to adapt to evolving situations.¹
Such approach reminds of the so called ”Lamfalussy procedure”, a specific approach introduced in 2001 to improve the regulatory process in financial services in order to make it quicker and more effective.¹¹ The procedure itself takes the form of a four-stage approach, with committees comprising of national experts working on different parts of the new legislation at different levels.
- At level 1 the European Parliament and the Council adopt the framework principles proposed by the EC in the form of a directive or regulation.
- These level 1 regulations/directives contain empowerments for level 2 measures to be adopted by the EC by means of delegated acts and/or implementing acts, also called regulatory standards. During this second stage of the approach, the EC is supported by consultative bodies composed mainly of EU countries representatives. Examples of level 2 measures are “Regulatory technical standards” (RTS) and “Implementing technical standards”(ITS). RTS represent an elaboration of the level 1 text and ensure harmonization of the new legislation among the different Member States. ITS define how the legislation is to be implemented and ensure that all parties involved ultimately comply uniformly with the regulation and as such a level-playing field is achieved.
- At level 3, committees of national supervisors are responsible for advising the EC in the adoption of level 1 and 2 acts and for issuing guidelines and recommendations on the implementation of the rules. As such the uniform and consistent application of the new legislation within Member States is ensured.
- At level 4 the EC is responsible for monitoring compliance by the various Member States, and for warning about differences in impact between countries. In case the EC identifies major differences, it can introduce amendments to the regulation.
Following a similar approach would allow for a faster and more flexible decision-making process and result in an improvement on the quality of the AML/CFT legislation.
Incorporation of additional (national) rules in the single rulebook
Reopening the AML/CFT framework provides the opportunity to incorporate further improvements and ensure the framework is future-proof. Possible improvements could be based on the need to mitigate newly emerging risks or on additional requirements adopted by some Member States in their local AML/CFT regulations, such as the aforementioned stricter rules in the Dutch TCSP sector.
Roughly the following two types of additional or broader national requirements can be distinguished:
- An expansion of the list of obliged entities, bringing additional entities or services within the scope of the AML/CFT regulatory framework; and
- Additional and/or stricter local requirements on top of the European framework, such as stricter CDD requirements.
According to the EC certain of these local requirements might contribute to a stronger AML/CFT framework and could be integrated into the future EU AML/CFT rulebook. A question that will undoubtedly arise during legislative negotiations is which of these requirements can be perceived across the EU and should be included in the revised framework. EY teams believe there are a few aspects to consider when deciding on the incorporation of a local rule in the single rulebook.
The Supra National Risk Assessment
Firstly, the Supra National Risk Assessment (SNRA), an assessment of ML and FT risks affecting the internal market conducted by the EC, should be taken into account. The SNRA focusses on vulnerabilities identified at EU level, both in terms of legal framework and in terms of effective application and provides recommendations for addressing them. The more the additional requirements set by a Member State are put in place to address the risks identified in the SNRA, the more pressing the call to include these in the single EU rulebook. One example is the risks related to cash or cash-like assets. According to the SNRA, the level of ML threat related to cash (couriers) is very high. In accordance with this, an increasing number of Member States have introduced restrictions on cash.¹² The EC could consider including these additional requirements in its single EU rulebook to address this specific risk identified in the SNRA.
Technical innovations
The second consideration relates to technological innovations, such as remote customer onboarding, and developments in international standards. Technical innovations as well as updates of international standards could constitute reasons to revise the framework. For example, the scope of the AMLD should be expanded to virtual assets service providers, which are not presently covered, but are in scope of the international standards of the Financial Action Task Force. This will also prevent Member States from implementing these international standards in different ways.
Relationship with other European legislative acts
The EC identified a number of EU rules of which the consistency with AML/CFT rules might need to be further enhanced or clarified through guidance or legislative changes. These rules are listed in its public consultation, together with the question whether the public can think of other EU rules that should be considered in this respect.
Both The Netherlands and the EY organization responded that they would welcome more clarity on the intercommunication between the GDPR and other specific legislation regarding the sharing of data and the AML/CFT framework, as well as more EU guidance and sharing of good practices regarding national public-private partnerships. In this context, EY teams suggested to include revised/new provisions regarding information sharing in the new regulation, since this would help obliged entities with the data protection issues they are currently facing. Such a regulation would provide more clarity, because it would be the “lex specialis” that supersedes the General Data Protection Regulation (GDPR)¹³ in instances where the regulations contradict each other. In a subsequent point of view, the authors will focus in more detail on the intercommunication between the GDPR and AML/CFT provisions and the role of public-private partnerships in this respect.
Hoofdstuk 3
Next steps
The EC should take the opportunity to review the scope of the current AML/CFT legislation.
Further harmonization by revisiting the scope of AMLD
When revisiting the AML/CFT framework, the EC should take the opportunity to review the scope of the current AML/CFT legislation to ensure that the list of obliged entities is sufficiently comprehensive and well-defined in line with AML/CFT standards. Currently several issues regarding the scope of AML/CFT rules are observed across the EU. First, the status for some entities under the AMLD is unclear (e.g., crowdfunding service providers), second, other financial entities and undertakings are not included in the scope (e.g., (non-life) general insurers and general insurance intermediaries) and third, various Member States have excluded some obliged entities from the scope of their national AML/CFT regime since they consider their inclusion disproportionate. Besides, the AMLD leaves Member States some room to designate additional provisions and categories of undertakings as obliged entities (e.g., mortgage credit intermediaries and consumer credit providers that are not financial institutions). This gives rise to regulatory shopping, with businesses registering where rules are more relaxed. The EC should thus consider for each of these professions and entities whether an extension of the AMLD (or future regulation) scope would be appropriate.
Call for advice to the EBA
It goes without saying that this is not beneficial to a consistent EU-wide AML/CFT approach. Therefore, the EBA advises the EC to review and clarify the application of the AML/CFT rules to at least the following entities⁴:
- Crowdfunding service providers
- Investment firms and investment funds
- (Non-life) general insurers and general insurance intermediaries
- Mortgage credit intermediaries and consumer credit providers
- Account information service providers
- Virtual asset providers
Public consultation – The Netherlands and EY
In its response to the public consultation, The Netherlands highlights the importance of bringing virtual asset providers within the scope of the regulation given the emerging ML/TF risks they pose and the need to tackle these risks in a unified way. Virtual asset providers are currently only partly covered by the AMLD.
In its feedback, EY teams suggest the following additions to the EC’s list of obliged entities:
- Bailiffs (because of their role in the credit risk cycle and especially considering the impact of Covid-19)
- Leasing companies (operational lease/car lease)
- Online C2C e-commerce platforms
- Firms engaged in the rental of goods and services (current AML/CFT obligations do not cover services sectors, such as catering, nor do they address the renting of certain goods or services)
- Account information providers (AISPs) (Under AMLD4 AISPs are considered as entities obliged to comply with ML/TF measures and controls because they are considered as payment service providers under the Payment Services Directive (PSD2). A contradiction arises here as the Payments Services Directive (PSD2)¹⁴ exempts AISPs from complying with AML requirements. This contradiction must be removed and AISPs must fully fall within the scope of obliged entities, irrespective of the PSD2 exemption)
References
- European Commission, Communication from the Commission on an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing, C(2020) 2800 final, 07-05-2020 (link).
- European Commission, Public consultation on an action plan for a comprehensive Union policy on preventing money laundering and terrorist financing, 7 May 2020 (link).
- Contributions to the public consultation and documents annexed to these contributions can found on the website of the European Commission (link).
- European Commission, Call for advice to the EBA for defining the scope of application and the enacting terms of a Regulation to be adopted in the field of preventing money laundering and terrorist financing, Ref. Ares(2020)1327811, 3 March 2020 (link).
- EBA, Report on the future AML/CFT framework in the EU. Response to the European Commission’s call for advice on defining the scope of application and the enacting terms of a regulation to be adopted in the field of preventing money laundering and terrorist financing, EBA/REP/2020/25 (link).
- See the provisions of chapter 4.2 of the Dutch Act on the Supervision of Trust Offices of 7 November 2018 (“Wet van 7 november 2018 houdende regels met betrekking tot het verlenen van trustdiensten en het toezicht daarop” or Wtt 2018) (link).
- See among others: the “Joint Opinion of the European Supervisory Authorities on the risks of money laundering and terrorist financing affecting the European Union’s financial sector, JC2019 59, 04-10-2019 (link).
- European Market Infrastructure Regulation (Regulation 648/2012/EU or EMIR).
- Capital Requirements Directive (Directive 2013/36/EU as amended by Directive 2019/878/EU or CRD); Capital Requirements Regulation (Regulation 575/2013/EU as amended by Regulation 2019/876/EU or CRR).
- Markets in Financial Instruments Directive (Directive 2014/65/EU or MiFID); Markets in Financial Instruments Regulation (Regulation 600/2014/EU or MiFIR).
- More information on the Lamfalussy procedure can be found on the website of the EC (link).
- Report from the Commission to the European Parliament and the Council on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities, COM(2019) 370 final, 24-07-2019 (link).
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR).
- Article 33(1)) Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (PSD2).
Related articles
Summary
The creation of a single EU rulebook gives the EC the opportunity to revisit and improve the current AML/CFT framework, to strengthen the EU’s fight against ML/TF and to create a level playing field by providing Member States with a more precise, more granular and comprehensive legislative framework that is less subject to diverging implementations. The road towards such rulebook will undoubtedly not be easy; several challenges will need to be faced and important trade-offs will have to be made. There are, however, successful precedents in the market the EC could learn from and numerous stakeholders to help the EC understand the current issues, demands and potential solutions.
