The Directive and the Regulation were published in the Official Journal of the European Union on 5 June and will enter into force on 25 June 2015.

The Member States now have two years' time to transpose the new aspects of the Directive into national law. The Funds Transfers Regulation will not take effect until then either.

Stricter Rules and Standardisation

The EU is tightening its reigns on the fight against money laundering with its adoption of the Fourth Money Laundering Directive and of the revised Funds Transfers Regulation. Comprehensive risk analysis and additional requirements will mean more work for obliged entities as well as for the respective government authorities. Stricter sanctioning provisions also reflect the European legislature's determination to step up its fight against money laundering and terrorist financing.

The EU also seeks greater alignment of national laws. The Fourth Money Laundering Directive provides the framework for minimum harmonisation. In other words, Member States may implement stricter rules. However, in some respects, e.g. sanctions, its requirements are actually much more concrete than those of its predecessor. Furthermore, it tasks the three European Supervisory Authorities (ESAs) with establishing binding rules throughout Europe by way of guidelines and regulatory technical standards.

Alignment with the 2012 FATF Recommendations

The main reason for the revision was that European anti-money laundering and anti-terrorist financing legislation needed to be aligned with the revised recommendations of the Financial Action Task Force (FATF) from the year 2012. However, the European legislature also took advantage of the opportunity to leave its mark. For example, a number of new rules set forth by the Fourth Money Laundering Directive extend beyond the FATF Recommendations or address typically European phenomena, such as the relationship between a Member State of origin and a host Member State when services are provided across borders within the EU.

This article is intended to provide an initial summary of those changes that are most relevant to the German financial sector, but it is not exhaustive.

An Intensified Risk-Based Approach

Possibly the most extensive change relates to the risk-based approach: While the Third Money Laundering Directive included a list of predefined situations and their corresponding degree of money-laundering risk, the revision requires obliged entities to rate each individual business relationship and transaction as to its respective money-laundering risk. Circumstances that the Third Money Laundering Directive automatically categorised as low risk – e.g., when a customer was another institution, a listed company or a national authority – will in future simply be considered single "risk factors". Only a comprehensive evaluation of all relevant risk factors can serve as the basis for a final rating as to whether an individual situation must be considered higher or lower risk.

The goal is to prevent automatisms when conducting risk analysis. This approach, however, is overridden when specific high-risk situations are being evaluated. Politically exposed persons (PEPs), correspondent relationships and customers from specific high-risk countries will automatically be categorised as high-risk situations. The EU Commission will publish a negative list of "high-risk third countries“; the existing approach of a positive list with equivalent third countries will be discontinued.

The Directive also contains new requirements for complying with the risk-based approach at state level. In future, every Member State must compile and maintain a national risk analysis. Furthermore, the ESAs will draft a joint opinion on the risks of money laundering and ¬terrorist financing to the financial sector of the European Union. The opinion will be incorporated into a supranational risk report to be drafted by the EU Commission. The Directive also explicitly calls on national supervisory authorities to begin exercising a risk-based supervisory approach.

New Exemptions for E-Money Products

According to Article 12 of the Fourth Money Laundering Directive, Member States may allow obliged entities not to apply certain customer due diligence measures with respect to e-money, provided certain risk-mitigating requirements have been met. This refers primarily to product features like e-money cards that are non-rechargeable and have a monthly transaction limit or a storage amount limit of €250.

The rule is similar to the provisions of section 25n of the German Banking Act (Kreditwesengesetz), according to which e-money products can be exempt from certain obligations. First and foremost, the new European provisions are intended to ensure that the conditions for exemption of e-money products are consistent across the EU; until now there have been some considerable differences in this area.

Register of Beneficial Owners

Article 30 of the Directive constitutes a new obligation for customers to cooperate. According to it, all legal entities will be required in future to obtain and store accurate and current information on their beneficial owners as well as on the nature and extent of the beneficial ownership. This information is to be stored in a central register in each Member State.

The register is not accessible to the public. Access will be granted only to supervisory authorities, financial intelligence units, obliged entities within the scope of fulfilling customer due diligence and – when permissible by national data protection laws – other individuals or organisations that can demonstrate a legitimate interest. The location of Germany's register has not yet been decided. The competent register administrator does not have to verify the data. This will remain the duty of the obliged entities.

The Relationship between Home and Host Supervisory Authorities

Whereas the Third Money Laundering Directive did not explicitly cover anti-money laundering supervision where cross-border cases were concerned, the fourth version provides clear provisions on it. Accordingly, branches located in a host country must comply with local money laundering legislation. The host country's supervisory authority has jurisdiction over these branches for anti-money laundering supervision.

If a payment or e-money institution operates multiple branches or agents in one host country, the host country can now demand that the institution designate a central contact point. This central contact point is responsible for ensuring that the institution complies with anti-money laundering and terrorist financing laws. Furthermore, it must aid the competent authority's task of supervision by providing any documents or data upon request or any other support.

Duties of the European Supervisory Authorities

The Fourth Money Laundering Directive is the first to give the ESAs binding duties with respect to combating money laundering: In addition to the joint opinion for the EU Commission's risk report mentioned above, they must also draft guidelines and/or regulatory technical standards on aspects that are not specified in full detail by the Directive. These include prerequisites and tasks for central contact points, risk-based supervision by the competent authority and risk factors and measures to be considered in low or high-risk cases.

The Joint Committee of the ESAs and its Anti-Money Laundering Committee (AMLC), which currently has four working groups drafting the respective documents, are responsible for this. It is highly likely that the ESAs will publish the first drafts for consultation in the second half of 2015.

Sanctions

More concretely than its predecessor version, the Fourth Money Laundering Directive dictates how Member States are to impose sanctions for breaches of legislation on money laundering. For example, it defines the maximum administrative fine for credit and financial institutions as €5 million or 10 percent of their total annual revenue. This is a sharp increase for German institutions, as the maximum administrative fine in Germany has typically been €100,000.

In addition, the natural or legal person concerned and the nature of the breach shall be made public, provided no exceptions in accordance with Article 60 of the Fourth Money Laundering Directive apply. Furthermore, national supervisory authorities must report all administrative sanctions and measures to the ESAs; they, in turn, are required to provide links on their websites to the supervisory authorities' publications.

The New Funds Transfers Regulation

The most notable change to the new Funds Transfers Regulation is that payment service providers subject to the Regulation must no longer supply information on just the payer, but on the payee as well, and include it with the transfer. In addition, intermediary payment service providers must also have effective procedures in place enabling them to recognise when information is missing or incomplete as well as risk-based procedures for (follow-up) action.

Payment service providers need not verify information unless a transfer exceeds €1,000, provided there is no reason to believe it is linked to other transfers, no anonymous (e-)money has been received and there is no suspicion of money laundering or terrorist financing. Verification is deemed to have taken place when a payer's identity has been verified in accordance with the Fourth Money Laundering Directive and the information obtained has been stored.

Due to the low risk of money laundering and terrorist financing, the Regulation does not apply to payment cards, e-money instruments or mobile phones that are used for the sole purpose of purchasing goods and services. Member States may opt, under certain conditions, to exempt transfers to domestic payment accounts provided they do not exceed €1,000 and are solely for the purpose of shipping goods or services.

The new Regulation makes it clear that a "transfer of funds" also means any transaction that is at least partially carried out by electronic means or where the payment service provider of the payer and that of the payee are one and the same. Similar sanction rules are applicable for the new Funds Transfers Regulation as for the Fourth Money Laundering Directive.

The ESAs will also publish guidelines on the application of the Regulation in a timely manner. Their work will commence in the current year.

Key Terms

Obliged entity

An obliged entity is a person or company subject to the Fourth Money Laundering Directive. Pursuant to Article 2(1), in addition to credit and financial institutions, this includes specific service providers in the non-financial sector, e.g. notaries, lawyers and gambling service providers. Member States are also required to extend the obligations of the Directive to other professions or business categories where there is a particularly high likelihood that the operations are used for money laundering or terrorist¬ financing.

Politically exposed persons (PEPs)

PEPs are natural persons who are or have been entrusted with a prominent public function, e.g., heads of State and government, ministers and high-ranking military personnel. Politically exposed persons are categorised as high-risk money-laundering customers, because it is assumed that there is a heightened threat of corruption and embezzlement associated with them.

Correspondent relationships

Correspondent relationships refer to an arrangement under which one bank (correspondent bank) provides services to another (respondent bank). This includes, among other things, operation of a current account or other liability account as well as related services such as cash management, international funds transfers and check clearing. Pursuant to the new Directive, the term also refers to relationships between and among credit and financial institutions. A bank therefore must not necessarily be one of the parties.

Electronic money (e-money)

E-money refers to a monetary value stored electronically or magnetically for the purpose of making payments, as represented by a claim on the issuer and issued upon receipt of funds and which is accepted by natural or legal persons other than the e-money issuer. This broad and somewhat technical definition includes various online payment services as well as certain prepaid credit cards.

Beneficial owner

A beneficial owner is any natural person who owns or controls a customer and/or the natural person on whose behalf a transaction or activity is being conducted. Establishing a beneficial owner is intended to make it more difficult for a natural person, in particular, to use a legal entity (letter-box companies) as a cover.