Corporate credit risk
Compliance and financial crime
Tax and transfer pricing
Business development and strategy
Corporate finance and M&A
Data management
Supplier risk and procurement
Corporate
Financial institutions
Professional services and the Big 4
Government
Academic
Data
Updated November 2019
The Fifth Anti-Money Laundering Directive (AML5) came into force on July 9, 2018. Rather than being an entirely new set of guidelines, it's an update to AML4, which aims to bring more transparency to ownership and business activities in the EU.
One of the key provisions of AML5 is that businesses should both report and have access to ultimate beneficial ownership (UBO) information across the EU. The deadline for EU member states to put the provisions of AML5 into national law is January 10, 2020.
In addition to extending coverage to virtual currencies and electronic transactions, the updates related to AML5 should affect how companies in the EU conduct know-your-customer (KYC) and know-your-supplier (KYS) research. Here are some key points to consider.
1) UBO information to be centralized across the EU and mandatory for AML due diligence
First, let's look at what counts as ownership. The European Commission recommends that the threshold for ultimate beneficial ownership is at least 25%. Information collected on these individuals should include at least the:
- month and year of birth
- country of residence
- nationality
- extent of beneficial ownership or interest
As part of their due diligence processes, companies in the EU will be required to consult UBO registers when taking on new business within the bloc. Yet whether UBO information will be available and centralized across the EU by the January 2020 deadline is uncertain. It's an ambitious timeline given past progress—only 3 countries met the deadlines for implementing a UBO register under AML4. And as of November 2019, 6 countries still haven't implemented a register (see table).
2) Virtual currencies will be regulated, and electronic payments limited
The latest AML requirements will target anonymous purchases and exchanges including virtual currencies such as Bitcoin. These changes classify virtual currency exchange platforms (VCEPs) and custodian wallet providers (CWPs) as “obliged entities” and are therefore subject to EU regulations that aim to increase ownership transparency.
The thresholds for prepaid cards will be lowered under AML5. The monthly transaction limit on prepaid cards was initially capped at €250—as mandated by AML4—but will now go down to €150 to combat their use in criminal transactions and terrorist financing.
3) Financial Intelligence Units (FIUs) will have enhanced powers
AML5 gives FIUs the ability to request, analyze or disseminate financial information within the EU more effectively. It does this by giving them enhanced access to centralized bank account registers and payment account registers—in addition to a centralized, ultimate beneficial ownership register.
4) New provisions for dealing with "high-risk" countries
High risk third-party countries are defined by the European Commission as "jurisdictions having strategic deficiencies in their regime on anti-money laundering and countering terrorist financing." The EU's AML directives not only aim to combat money laundering, but also identify the risk of financial crime at an international level.
AML5 extends the criteria for assessing a high-risk country. As of February 2019, the EU's list of high-risk countries included the following 23 jurisdictions:
|
|
5) Beneficial ownership information will be accessible to any member of the general public
AML4 mandated that UBO registers should be open to members of the public that could express "legitimate interest". What would be considered legitimate interest was not clearly defined, and so countries were inconsistent in how they granted access and to whom. AML5 amends this mandate to make UBO registers accessible, in most cases, to any member of the public without the need to prove legitimate interest.
As it stands now, only 15 countries have either implemented public registers or have set a date to do so (see table). Other member states limit who can access their registers, for example, to law enforcement and AML specialists only. This challenge makes the process for reporting on and investigating ownership information more complicated and less standardized between EU countries.
Are UBO registers enough for AML due diligence?
Under AML5, a company is required to use the basic information found in an EU-wide, public UBO register for their due diligence research. Yet this data will be limited to each country’s implementation of the reporting requirements established under the guidelines for AML5 and will only cover basic information on the companies and their owners.
In the UK, for example, Her Majesty's Revenue and Customs (HMRC) has recommended that businesses should look beyond public registers for due diligence: “You do not satisfy your obligation to identify and take reasonable steps to verify the identity of beneficial owners by relying only on information contained in a [persons of significant control] register... You must verify the identity through reliable, independent sources that are relevant to that type of entity.”
Here’s how other information sources are more effective:
- Standardization: Even if translated to a common language, one country's register could cover different information from another’s.
- Accuracy: The UBO registers depend on businesses to report any changes in ownership, which could lead to out-of-date or misreported data.
- Breadth: In order to comply with AML5, especially when dealing with high-risk countries, organizations will need access to information sources that cover more than just the EU, to also include company information beyond what is reported under AML4 and AML5.
UBO registers, even those that meet the requirements for AML5, may not be enough to source accurate, up-to-date and comprehensive company information. Therefore, access to other company data resources should play a key role in due diligence, onboarding and other compliance processes.
