BaFin - Navigation & Service

Erscheinung:12.10.2018 | Topic Anti-money laundering Geldwäschegesetz – GwG

Money Laundering Act

Content

As last amended by Article 23 of the Act of 23 June 2017 (Federal Law Gazette 2017 I p. 1822)
Replaces Act 7613-2 of 13 August 2008 (Federal Law Gazette 2008 I p. 1690) (GwG 2008)
The Act was adopted by the Bundestag with the consent of the Bundesrat as Article 1 of the Act of 23 June 2017 (Federal Law Gazette 2017 I p. 1822). It entered into force on 26 June 2017 in accordance with Article 24 sentence 1 of that Act.

Please note:German version is binding

This translation is furnished for information purposes only. The original German text is binding in all respects.

Part 1 Definitions and obliged entities

Section 1 Definitions

(1) For the purposes of this Act, money laundering is an offence under section 261 of the Criminal Code (Strafgesetzbuch).

(2) For the purposes of this Act, terrorist financing means:

1. providing or collecting property in the knowledge that such property will or is intended to be used, entirely or in part, for the purpose of committing one or more of the following criminal offences:

a) an offence under section 129a of the Criminal Code, also in conjunction with section 129b of the Criminal Code or

b) any other offences as described in Articles 1 to 3 of Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (OJ L 164 of 22 June 2002, p. 3), last amended by Council Framework Decision 2008/919/JHA of 28 November 2008 (OJ L 330 of 9 December 2008, p. 21),

2. committing an offence under section 89c of the Criminal Code or

3. instigating or aiding and abetting an offence within the meaning of no. 1 or 2.

(3) For the purposes of this Act, identification means

1. establishing identity by collecting information and

2. verifying identity.

(4) For the purposes of this Act, business relationship means any relationship which is directly connected with the commercial or professional activities of the obliged entities and which is expected, at the time when the contact is established, to have an element of duration.

(5) For the purposes of this Act, transaction means any act or, insofar as they appear to be connected, several acts aimed at or resulting in a transfer of funds or other movement of assets or property.

(6) For the purposes of this Act, trust means a legal arrangement established as a trust if the legal institution of a trust is provided for in the law applicable to the establishment of the legal arrangement. If the law applicable to the establishment of the legal arrangement provides for a legal institution modelled on the trust, legal arrangements established using this legal institution are also deemed to be trusts.

(7) For the purposes of this Act, property means

1. any asset, whether corporeal or incorporeal, movable or immovable, tangible or intangible, and

2. legal documents and instruments in any form, including electronic and digital form, evidencing title to or other rights to assets within the meaning of no. 1.

(8) For the purposes of this Act, game of chance means any game where a player makes a payment in exchange for a chance to win, and where the occurrence of a win or loss depends wholly or predominantly on chance.

(9) For the purposes of this Act, a trader in goods means someone who sells goods commercially – no matter on whose behalf or for whose account they trade.

(10) For the purposes of this Act, valuables mean goods which,

1. on account of their quality, their market value or their intended use stand out from articles of daily use or

2. on account of their price, do not constitute everyday purchases.

They include in particular

1. precious metals such as gold, silver and platinum,

2. precious stones,

3. jewellery, watches and clocks,

4. works of art and antiques,

5. motor vehicles, ships and motor boats as well as aircraft.

(11) For the purposes of this Act, estate agent means someone who commercially acts as a broker for the purchase or sale of real estate or of rights equivalent to real property.

(12) For the purposes of this Act, politically exposed person means any person who is or who has been entrusted with a high-ranking prominent public function at international, European or national level or who is or has been entrusted with a public function of comparable political importance below national level. In particular, politically exposed persons include

1. heads of state, heads of government, ministers, members of the European Commission, deputy ministers and assistant ministers,

2. members of parliament and members of similar legislative organs,

3. members of the governing bodies of political parties,

4. members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are usually not subject to further appeal,

5. members of the boards of courts of audit,

6. members of the boards of central banks,

7. ambassadors, chargés d’affaires and defence attachés,

8. members of the administrative, management or supervisory bodies of state-owned enterprises,

9. directors, deputy directors, members of the board or other managers with a comparable function in an international or European intergovernmental organisation.

(13) For the purposes of this Act, family member means a close relative of a politically exposed person, in particular

1. the spouse or civil partner,

2. a child and the child's spouse or civil partner and

3. both parents.

(14) For the purposes of this Act, a person known to be a close associate means a natural person for whom the obliged entity has reason to assume that this person

1. is, together with a politically exposed person,

a) the beneficial owner of an association pursuant to section 20 (1) or

b) the beneficial owner of a legal arrangement pursuant to section 21,

2. has any other close business relationships with a politically exposed person or

3. is the sole beneficial owner

a) of an association pursuant to section 20 (1) or

b) of a legal arrangement pursuant to section 21

for which the obliged entity must have reason to assume that it was established for the de facto benefit of a politically exposed person.

(15) For the purposes of this Act, member of the senior management means an officer or a senior employee of an obliged entity with sufficient knowledge of the obliged entity's money laundering and terrorist financing risk exposure, and with the authority to make decisions in this respect.

(16) For the purposes of this Act, group means a group of companies which consists of

1. a parent company,

2. the subsidiaries of the parent company,

3. the entities in which the parent company or its subsidiaries hold a participation, and

4. companies linked to each other by a relationship within the meaning of Article 22(1) of Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of companies, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182 of 29 June 2013, p. 19).

(17) For the purposes of this Act, third country means a country

1. that is not a member state of the European Union and

2. that is not a signatory state to the Agreement on the European Economic Area.

(18) For the purposes of this Act, electronic money means electronic money as defined in section 1a (3) of the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz).

(19) For the purposes of this Act, supervisory authority means the competent supervisory authority as defined in section 50.

(20) For the purposes of this Act, employees are deemed to be reliable if they can be safely assumed

1. to carefully comply with the obligations set out in this Act, other obligations under anti-money laundering and counter terrorist financing law, and strategies, controls and procedures introduced at the obliged entity in order to prevent money laundering and terrorist financing,

2. to report facts as specified in section 43 (1) to their manager or to the money laundering reporting officer, if one has been appointed and

3. not to participate, either actively or passively, in dubious transactions or business relationships.

(21) For the purposes of this Act, correspondent relationship means a business relationship within which the following services are provided:

1. banking services such as providing a current account or another payment account and related services, such as cash management, carrying out international funds transfers or foreign exchange transactions and cheque clearing, by obliged entities under section 2 (1) no. 1 (correspondents) for CRR credit institutions or for companies in a third country that engage in activities equivalent to those of such credit institutions (respondents), or

2. services other than banking services insofar as obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9 (correspondents) may provide these other services under the respective legal provisions

a) for other CRR credit institutions or financial institutions within the meaning of Article 3(2) of Directive (EU) 2015/849 or

b) for companies or persons in a third country that engage in activities equivalent to those of such credit institutions or financial institutions (respondents).

(22) For the purposes of this Act, shell bank means

1. a CRR credit institution or a financial institution within the meaning of Article 3 no. 2 of Directive (EU) 2015/849 or

2. a company

a) that carries out activities equivalent to those carried out by such a credit institution or financial institution and that is registered in the commercial register or a comparable register of a country other than the one from which the company is actually managed and administered, and

b) that is not affiliated to a regulated group of credit or financial institutions.

Section 2 Obliged Entities, authorisation to issue regulations

(1) For the purposes of this Act, obliged entities means the following institutions and persons in the practice of their business or profession:

1. credit institutions as defined in section 1 (1) of the Banking Act (Kreditwesengesetz), with the exception of the institutions and companies specified in section 2 (1) nos. 3 to 8 of the Banking Act, and German branches (Zweigstellen) and branch offices (Zweigniederlassungen) of credit institutions domiciled abroad,

2. financial services institutions as defined in section 1 (1a) of the Banking Act, with the exception of the institutions and companies specified in section 2 (6), sentence 1 nos. 3 to 10 and 12 and (10) of the Banking Act and German branches and branch offices of financial services institutions domiciled abroad,

3. payment institutions and electronic money institutions as defined in section 1 (2a) of the Payment Services Supervision Act and German branches and branch offices of comparable institutions domiciled abroad,

4. agents as defined in section 1 (7) of the Payment Services Supervision Act and electronic money agents as defined in section 1a (6) of the Payment Services Supervision Act,

5. independent businesspersons who distribute or redeem the electronic money of a credit institution as defined in section 1a (1) no. 1 of the Payment Services Supervision Act,

6. financial companies as defined in section 1 (3) of the Banking Act which are not covered by no. 1 or no. 4 and whose principal activity corresponds to one of the principal activities specified in section 1 (3) sentence 1 of the Banking Act, or to one of the principal activities of a company designated by statutory order under section 1 (3) sentence 2 of the Banking Act and German branches and branch offices of such companies domiciled abroad,

7. insurance undertakings as defined in Article 13 no. 1 of Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335 of 17 December 2009, p. 1) and domestic establishments of such undertakings domiciled abroad, insofar as they

a) offer life insurance activities covered by this directive,

b) offer accident insurance with premium refund or

c) grant money loans as defined in section 1 (1) sentence 2 no. 2 of the Banking Act.

8. insurance intermediaries as defined in section 59 of the Insurance Contract Act (Versicherungsvertragsgesetz) insofar as they broker the activities, transactions, products or services covered by no. 7, with the exception of the insurance intermediaries operating under section 34d (3) or (4) of the Industrial Code (Gewerbeordnung), and German establishments of such insurance intermediaries domiciled abroad,

9. asset management companies as defined in section 17 (1) of the Investment Code (Kapitalanlagegesetzbuch), German branches of EU management companies and of foreign AIF management companies, and foreign AIF management companies for which the Federal Republic of Germany is the member state of reference and which are subject to supervision by the Federal Financial Supervisory Authority pursuant to section 57 (1) sentence 3 of the Investment Code,

10. lawyers, legal advisors who are members of a bar association, patent attorneys and notaries, insofar as they

a) are involved in planning or carrying out the following activities for their clients:

aa) buying and selling real estate or commercial companies,

bb) managing of money, securities or other assets,

cc) opening or managing bank, savings or securities accounts,

dd) organising funds for the purpose of establishing, operating or managing companies or partnerships,

ee) establishing, operating or managing Treuhand companies, companies, partnerships or similar arrangements or

b) carry out financial or real estate transactions in the name and for the account of their clients,

11. legal advisors who are not members of a bar association and persons registered under section 10 of the Legal Services Act (Rechtsdienstleistungsgesetz), insofar as they are involved in planning and carrying out transactions for their clients under no. 10 (a) or carry out financial or real estate transactions in the name and for the account of the client,

12. auditors, chartered accountants, tax advisors and authorised tax agents,

13. service providers for companies and for Treuhand assets or Treuhänder that do not belong to the professions listed under nos. 10 to 12 whenever they provide one of the following services for third parties:

a) the formation of a legal person or partnership,

b) acting as a director or secretary of a legal person or partnership, acting as a partner of a partnership or acting in a similar position,

c) providing a registered office, business address, administrative or correspondence address and other related services for a legal person, a partnership or a legal arrangement as defined in section 3 (3),

d) acting as a Treuhänder of a legal arrangement as defined in section 3 (3),

e) acting as a nominee shareholder for another person other than a company listed on an organised market as defined in section 2 (5) of the Securities Trading Act (Wertpapierhandelsgesetz) that is subject to transparency requirements with regard to voting rights consistent with Community law, or subject to equivalent international standards,

f) arranging for another person to perform the functions specified in b), d) and e) above,

14. estate agents,

15. organisers and brokers of games of chance unless they are

a) operators of gambling machines within the meaning of section 33c of the Industrial Code,

b) clubs that carry on the business of a totalisator within the meaning of section 1 of the Race Betting and Lottery Act (Rennwett- und Lotteriegesetz),

c) lotteries that are not held on the internet and for which the organisers and brokers hold a state-issued license from the respective competent authority in Germany,

d) social lotteries and

16. traders in goods.

(2) The Federal Ministry of Finance (Bundesministerium der Finanzen) may, by means of a regulation not requiring the consent of the Bundesrat, exempt from the scope of this Act obliged entities under subsection (1) nos. 1 to 9 and 16 which engage in financial activities that do not qualify as money remittance within the meaning of section 1 (2) no. 6 of the Payment Services Supervision Act only on an occasional or very limited basis and represent a low risk of money laundering and terrorist financing if

1. the financial activity is limited to individual transactions not exceeding the amount of €1,000 in absolute terms per customer and individual transaction,

2. the total turnover of the financial activity does not exceed 5 percent of the overall turnover of the obliged entity in question,

3. the financial activity is merely an ancillary activity related to the main activity pursued and

4. the financial activity is only pursued for customers of the main activity, and not for the general public.

Section 3 Beneficial owner

(1) For the purposes of this Act, beneficial owner means

1. the natural person who ultimately owns or controls the contracting party, or

2. the natural person at whose instruction a transaction is ultimately carried out or a business relationship is ultimately established.

In particular, beneficial owners include the natural persons listed in subsections (2) to (4).

(2) In cases of legal persons other than foundations with legal capacity and of other corporate entities that are not listed on an organised market as defined in section 2 (5) of the Securities Trading Act and that are not subject to transparency requirements with regard to voting rights consistent with Community laws or to equivalent international standards, beneficial owners include any natural person who, directly or indirectly,

1. holds more than 25 percent of the capital stock,

2. controls more than 25 percent of the voting rights or

3. exercises control in a comparable manner.

In particular, indirect control is deemed to exist when the corresponding percentages of shares are held by one or more associations pursuant to section 20 (1) which are controlled by a natural person. 3Control is deemed to exist in particular if the natural person is able to exercise, directly or indirectly, a dominant influence on the association pursuant to section 20 (1). 4In cases of dominant influence, section 290 (2) to (4) of the Commercial Code (Handelsgesetzbuch) applies mutatis mutandis. 5If, even after extensive investigations and in the absence of facts as specified in section 43 (1), no natural person has been identified or if there are doubts as to whether the person identified is the beneficial owner, the beneficial owner is assumed to be the legal representative, the managing partner or partner of the contracting party.

(3) In the case of foundations with legal capacity and legal arrangements used to manage or distribute assets on Treuhand or through which third parties are instructed with such management or distribution, or comparable legal constructs, beneficial owners include:

1. any natural person acting as trustor, trustee or, where applicable, as protector,

2. any natural person who is a member of the foundation’s board,

3. any natural person who has been designated as a beneficiary,

4. the group of natural persons for whose benefit the assets are to be managed or distributed if the natural person intended to become the beneficiary of the assets under management has not been designated yet, and

5. any natural person who, directly or indirectly, otherwise exercises a controlling influence on the management of the assets or on the distribution of the income.

(4) In cases of trading on instruction, the person at whose instruction the transaction is carried out is deemed to be a beneficial owner. Insofar as the contracting parties act as Treuhänder, they, too, are deemed to be trading on instruction.

Part 2 Risk management

Section 4 Risk management

(1) In order to prevent money laundering and terrorist financing, the obliged entities must have in place effective risk management systems that are appropriate for the nature and size of their business.

(2) Risk management encompasses a risk analysis under section 5 as well as internal safeguards under section 6.

(3) A member of the management is to be appointed to bear responsibility for risk management and compliance with provisions under anti-money laundering and counter terrorist financing law under this and other Acts as well as with regulations adopted on the basis of this and other Acts. Risk analysis and internal safeguards must be approved by this member of the management.

(4) Obliged entities under section 2 (1) no. 16 must have in place effective risk management systems if they make or receive cash payments of at least €10,000 in one transaction.

Section 5 Risk analysis

(1) The obliged entities are to determine and evaluate the risks of money laundering and terrorist financing associated with the business activities they engage in. They are to pay particular attention to the risk factors specified in annexes 1 and 2 and to the information that is made available on the basis of the national risk assessment. 3The extent of the risk analysis depends on the nature and size of the business of the obliged entity.

(2) The obliged entities are to

1. document the risk analysis,

2. regularly review and, as appropriate, update the risk analysis and

3. make the most recent version of their risk analysis available to the supervisory authority upon request.

(3) In cases where the obliged entity is the parent company of a group, subsections (1) and (2) apply to the whole group.

(4) The supervisory authority may, at the request of an obliged entity, release the obliged entity from the obligation to document its risk analysis if the obliged entity can demonstrate that the specific risks inherent in the respective sector are clear and understood.

Section 6 Internal Safeguards

(1) Obliged entities are to implement appropriate business- and customer-oriented internal safeguards in the form of principles, procedures and controls in order to manage and mitigate the risks of money laundering and terrorist financing.Such measures are appropriate if they correspond to the risk situation of the obliged entity and cover it sufficiently. The obliged entities are to monitor the functionality of the internal safeguards and update them where necessary.

(2) In particular, internal safeguards include:

1. the development of internal principles, procedures and controls in relation to

a) dealing with risks under subsection (1),

b) the customer due diligence requirements under sections 10 to 17

c) compliance with the reporting obligation under section 43 (1)

d) recording of information and retention of documents under section 8 and

e) compliance with other provisions under anti-money laundering and counter terrorist financing law,

2. appointing a money laundering reporting officer and a deputy under section 7,

3. in cases of obliged entities that are parent companies of a group, the establishment of group-wide procedures under section 9,

4. the development and updating of appropriate measures to prevent the abuse of new products and technologies for committing money laundering and terrorist financing or for the purpose of promoting the anonymity of business relationships or transactions,

5. the reliability screening of employees by appropriate means, in particular via systems of the obliged entity for controlling and appraising the staff,

6. initial and ongoing training of employees with regard to the typologies and current methods of money laundering and terrorist financing and on the provisions and obligations relevant in this regard, including rules for data protection, and

7. reviewing the above-mentioned principles and procedures in an independent inspection where such a review is appropriate given the nature and size of the business.

(3) If an obliged entity under section 2 (1) nos. 10 to 14 and 16 performs their professional activities as an employee of a company, the obligations under subsections (1) and (2) fall to this company.

(4) In addition to the measures set out in subsection (2), obliged entities under section 2 (1) no. 15 are to operate data processing systems that enable them to identify both business relationships and individual transactions in gambling operations and via a gambling account under section 16 that are to be regarded as suspicious or unusual given publicly available information on, or corporate experience of, the methods of money laundering and terrorist financing. They are to update these data processing systems. The supervisory authority may specify criteria on the basis of which, if met, the obliged entities under section 2 (1) no. 15 may be exempt from the obligation to use the data processing systems under sentence 1.

(5) The obliged entities are to make arrangements appropriate to their nature and size to enable their employees and persons in a comparable position to report contraventions of provisions under anti-money laundering and counter terrorist financing law to appropriate bodies while ensuring that their identity remains confidential.

(6) The obliged entities are to make arrangements to ensure they are in a position, if asked by the German Financial Intelligence Unit (Zentralstelle für Finanztransaktionsuntersuchungen) or by other competent authorities, to provide information as to whether they maintained a business relationship with certain persons during a period of five years prior to the enquiry, and what the nature of that relationship was. They are to ensure that the information is transmitted safely and confidentially to the institution making the enquiry. Obliged entities under section 2 (1) nos. 10 and 12 may refuse to provide information if the enquiry refers to information they received through a client relationship subject to professional secrecy. The obligation to provide information continues to exist if the obliged entity knows that their client has used or is using the relationship for the purpose of money laundering or terrorist financing.

(7) The obliged entities may, on the basis of contractual agreement, engage third parties to implement internal safeguards if they notify the supervisory authority of this in advance. The supervisory authority may prohibit the transfer if

1. the third party does not provide an assurance that the safeguards will be implemented properly,

2. the management capabilities of the obliged entity would be adversely affected or

3. supervision by the supervisory authority would be adversely affected.

In their notification, the obliged entities are to demonstrate that the criteria for prohibiting the transfer under sentence 2 are not fulfilled. The ultimate responsibility for implementing the safeguards continues to lie with the obliged entities.

(8) In individual cases, the supervisory authority may issue appropriate and necessary orders to an obliged entity to implement the necessary internal safeguards.

(9) The supervisory authority may order that the provisions of subsections (1) to (6) are to be applied, in a manner appropriate to the level of risk, to individual obliged entities or groups of obliged entities on account of the kind of transactions they engage in or of the size of their business, in consideration of the risks with regard to money laundering and terrorist financing.

Section 7 Money laundering reporting officer

(1) Obliged entities under section 2 (1) nos. 1 to 3, 6, 7, 9 and 15 are to appoint a money laundering reporting officer at senior management level and a deputy. The money laundering reporting officer is responsible for compliance with the provisions under anti-money laundering and counter terrorist financing law. They are directly subordinate to the top management level.

2) The supervisory authority may exempt an obliged entity from the obligation to appoint a money laundering reporting officer if it is guaranteed that

1. there is no risk of information loss or deficits on account of a separation of duties in the company structure and

2. other provisions are made, after a risk-based evaluation, to prevent business relationships and transactions related to money laundering and terrorist financing.

(3) The supervisory authority may order that obliged entities under section 2 (1) nos. 4, 5, 8, 10 to 14 and 16 are to appoint a money laundering reporting officer if it deems such an appointment appropriate. In the case of obliged entities under section 2 (1) no. 16, the order should be issued if the main activity of the obliged entity consists in trading in high-value goods.

(4) The obliged entities are to give prior notification to the supervisory authority of the appointment or dismissal of the money laundering reporting officer or their deputy. The appointment of the money laundering reporting officer or the deputy must be revoked on the instruction of the supervisory authority if the appointee does not fulfil the requirements with regard to qualification or reliability.

(5) The money laundering reporting officer must carry out their function in Germany. They must be the point of contact regarding compliance with the relevant provisions for the law enforcement agencies, for the authorities responsible for the detection, prevention and elimination of threats, for the German Financial Intelligence Unit and for the supervisory authority. The money laundering reporting officer is to be granted sufficient powers and the means necessary to carry out their function properly. In particular, they are to have or be given unrestricted access to all information, data, records and systems which could be of importance in the performance of their functions. The money laundering reporting officer is to report directly to the top management level. If the money laundering reporting officer intends to submit a report under section 43 (1) or is responding to a request for information from the German Financial Intelligence Unit under section 30 (3), they are not subject to the right of the top management level to issue instructions.

(6) The money laundering reporting officer may use data and information solely for the purpose of performing their functions.

(7) The money laundering reporting officer and the deputy must not suffer any disadvantage in their employment as a result of the performance of their functions. The termination of their employment is inadmissible unless facts exist that entitle those responsible to terminate the employment for good cause without observing a notice period. Following the end of the appointment of the money laundering reporting officer or deputy, a termination of their employment is inadmissible within a year of the appointment end date, unless those responsible are entitled to terminate the employment for good cause without observing a notice period.

Section 8 Recording and retention requirement

(1) The obliged entity is to record and retain

1. data collected and information gathered in the fulfilment of its due diligence requirements

a) on contracting parties, where applicable on the persons representing the contracting parties and on the beneficial owners,

b) on business relationships and transactions, particularly proof of transaction documents insofar as they could be necessary for the investigation of transactions,

2. sufficient information about the implementation and the results of the risk evaluation pursuant to section 10 (2), section 14 (1) and section 15 (2) and about the suitability of the measures taken on the basis of these results,

3. the results of the examination pursuant to section 15 (5) no. 1 and

4. the reasons considered and a plausible explanation of the evaluation result for a matter in respect of the reporting obligation pursuant to section 43 (1).

The records under sentence 1 no. 1 (a) include, in the case of a legal person, records about the measures taken to identify the beneficial owner within the meaning of section 3 (2) sentence 1.

(2) To comply with the obligation pursuant to subsection (1) sentence 1 no. 1 (a), the type, number and issuing authority of the document presented for verification of identity are to be recorded in the cases set forth in section 12 (1) sentence 1 no. 1. Where documents under section 12 (1) sentence 1 nos. 1 or 4 are presented for the verification of the identity of a natural person, or documentation under section 12 (2) is presented for the verification of the identity of a legal person, or where documents specified as a result of a regulation under section 12 (3) are presented or used, the obliged entities have the right and the duty to make complete copies of these documents or documentation or to optically digitise them in full. These qualify as a record within the meaning of sentence 1. If a repeat identification is omitted pursuant to section 11 (3) sentence 1, the name of the person to be identified and the fact that the person was identified on a previous occasion are to be recorded. In the cases set out in section 12 (1) sentence 1 no. 2, instead of the type, number and issuing authority of the document presented for identification, the service and card identifier is to be recorded, as well as the fact that verification was carried out by means of an electronic proof of identity.When the verification of identity is carried out by means of a qualified signature pursuant to section 12 (1) sentence 1 no. 3, the validation thereof is also to be recorded. Where data and information are gathered by consulting electronically managed registers or directories pursuant to section 12 (2), a printout qualifies as a record of the data or information contained therein.

(3) The records may also be stored digitally on a storage medium. The obliged entities must ensure that the stored data

1. are consistent with the data and information gathered,

2. are available for the duration of the retention period and

3. can be made readable within a reasonable period of time at any time.

(4) The records and other evidence pursuant to subsections (1) to (3) are to be retained for five years and destroyed without delay thereafter. Other legal provisions on record-keeping and retention requirements remain unaffected. In the case under section 10 (3) sentence 1 no. 1, the retention period begins upon conclusion of the calendar year in which the business relationship is terminated. 4In all other cases, it begins upon conclusion of the calendar year in which the respective information was gathered.

(5) Where documents to be retained are to be presented to a public agency, section 147 (5) of the Fiscal Code (Abgabenordnung) applies mutatis mutandis with regard to the readability of the documents.

Section 9 Group-wide compliance with obligations

(1) Obliged entities that are parent companies of a group are to conduct a risk analysis for all companies, branches and branch offices belonging to the group and subject to obligations under anti-money laundering and counter terrorist financing law. On the basis of this risk analysis they are to take the following measures on a group-wide basis:

1. internal safeguards in accordance with section 6 (1) and (2) that are consistent group-wide,

2. appointment of a money laundering reporting officer who is responsible for devising a group-wide strategy for the prevention of money laundering and terrorist financing and for the coordination and monitoring of its implementation,

3. procedures for the exchange of information within the group to prevent money laundering and terrorist financing and

4. precautions for the protection of personal data.

They are to ensure that the obligations and measures set out in sentences 1 and 2 are effectively implemented by their subordinated companies, branches and branch offices insofar as these are subject to obligations under anti-money laundering and counter terrorist financing law.

(2) Where group companies are located in another member state of the European Union, the parent companies are to ensure that these group companies comply with the national rules implementing Directive (EU) 2015/849 that apply in that member state.

(3) Where group companies are located in a third country with less strict requirements regarding measures for the prevention of money laundering and terrorist financing, subsection (1) applies to the extent that this is compatible with the law of the third country. Where the measures laid out in subsection (1) are not compatible with the law of the third country, the parent companies are under obligation to

1. ensure that the group companies domiciled there take additional measures to effectively counteract the risk of money laundering and terrorist financing, and

2. inform the superviso(ry authority of the measures taken.

In cases where the measures taken do not suffice, the supervisory authority orders that the parent companies ensure that the subordinated companies, branches and branch offices in this third country do not initiate or continue a business relationship or carry out any transactions. Where a business relationship exists, the parent company is to ensure that it is terminated or otherwise ended, regardless of any other statutory provisions or contractual terms.

Part 3 Customer due diligence requirements

Section 10 General due diligence requirements

(1) The general due diligence requirements are:

1. identifying the contracting party and, where applicable, the person acting on their behalf in accordance with section 11 (4) and with section 12 (1) and (2) and checking whether the person acting on behalf of the contracting party is entitled to do so;

2. clarifying whether the contracting party is acting on behalf of a beneficial owner and, if so, identifying the beneficial owner in accordance with section 11 (5); if the contracting party is not a natural person, this includes an obligation to take adequate measures to understand the ownership and control structure of the contracting party,

3. obtaining and evaluating information on the purpose and intended nature of the business relationship where this is not already clear beyond doubt from the business relationship in the individual case,

4. establishing with appropriate, risk-oriented procedures whether the contracting party or the beneficial owner is a politically exposed person, a family member or a person known to be a close associate and

5. continuously monitoring the business relationship, including the transactions carried out in the course of the business relationship, in order to ensure that they are consistent with

a) the documents and information available to the obliged entities about the contracting party and, where applicable, the beneficial owner, about their business activity and customer profile and

b) where necessary, the information available to the obliged entity about the source of wealth;

in the course of their continuous monitoring activities, obliged entities are to ensure that the relevant documents, data or information are updated at appropriate intervals, taking into account the respective risk.

(2) The specific extent of the measures pursuant to subsection (1) nos. 2 to 5 must be in accordance with the respective risk of money laundering or terrorist financing, particularly in relation to the contracting party, the business relationship or transaction. The obliged entities pay particular attention in this context to the risk factors specified in Annexes 1 and 2. In addition, in evaluating the risks the obliged entities are to take into account at least

1. the purpose of the account or the business relationship,

2. the level of assets deposited by the customer or the size of the transactions carried out and

3. the regularity or the duration of the business relationship.

Obliged entities must demonstrate to the competent authorities upon request that the extent of the measures they have adopted is adequate based on the risk of money laundering and terrorist financing.

(3) The obliged entities are to fulfil the general due diligence requirements:

1. when establishing a business relationship,

2. when transactions are carried out outside of an existing business relationship in cases of

a) transfers of funds within the meaning of Article 3 no. 9 of Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141 of 5 June 2015, p.1) when the transfer of funds involves an amount of €1000 or more,

b) other transactions being carried out with a value of €15,000 or more,

3. regardless of any derogation, exemption or threshold set forth in this or other Acts, when facts exist that indicate that

a) the property connected to a transaction or business relationship is the object of money laundering or

b) the property is associated with terrorist financing,

4. when there is doubt as to the veracity of the information collected under provisions of this Act in relation to the identity of the contracting party, to the identity of a person acting on behalf of the contracting party or to the identity of the beneficial owner.

The obliged entities must fulfil the general due diligence requirements for all new customers. In cases of existing business relationships, they must fulfil the general due diligence requirements at an appropriate time on a risk-sensitive basis, particularly at times when the relevant circumstances of a customer change.

(4) Obliged entities under section 2 (1) nos. 3 to 5 are to fulfil the general due diligence requirements pursuant to subsection (1) nos. 1 and 2 when, in providing payment services, they accept cash as set out in section 1 (2) of the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz).

(5) Obliged entities under section 2 (1) no. 15 are to fulfil the general due diligence req(uirements when a player wins or bets amounts of €2,000 or more unless the game of chance is offered or brokered online. The identification requirements may also be met by identifying the player upon entry to the casino or other physical gambling premises, provided the obliged entity also ensures that each transaction of €2,000 or more, including the purchase or exchange of gambling chips, can be attributed to the player in question.

(6) Obliged entities under section 2 (1) no. 16 are to fulfil due diligence requirements in the cases set out in subsection (3) sentence 1 no. 3, as well as for transactions involving cash payments or receipts of at least €10,000.

(7) Section 25i (1) of the Banking Act applies to obliged entities under section 2 (1) nos. 4 and 5 if they are involved in issuing electronic money, with the limitation that only the requirements under subsection (1) nos. 1 and 4 are to be fulfilled. Section 25i (2) and (4) of the Banking Act apply mutatis mutandis.

(8) Insurance intermediaries under section 2 (1) no. 8 that collect premiums on behalf of an insurance undertaking under section 2 (1) no. 7 are to notify the insurance undertaking whenever premiums are paid in cash and the amount exceeds €15,000 in one calendar year.

(9) If the obliged entity is unable to fulfil the general due diligence requirements under subsection (1) nos. 1 to 4, the business relationship must not be established or continued and no transactions may be executed. Where a business relationship already exists, the obliged entity is to terminate or otherwise end it regardless of any other statutory provisions or contractual terms. Sentences 1 and 2 above do not apply to obliged entities under section 2 (1) nos. 10 and 12 if the client is seeking legal advice or legal representation, unless the obliged entity knows that the client is seeking the legal advice deliberately for the purpose of money laundering or terrorist financing.

Section 11 Identification

(1) Obliged entities are to identify contracting parties and, if applicable, persons acting on their behalf and (beneficial owners, before establishing a business relationship or executing a transaction. The identification may also be completed while the business relationship is being established if this is necessary in order to avoid interrupting the normal course of business and there is a low risk of money laundering or terrorist financing.

(2) By way of derogation from subsection (1), an obliged entity under section 2 (1) no. 14 is to identify the parties to a contract on the object of purchase as soon as the contracting party to the brokerage contract expresses a serious interest in the execution of the real estate sales contract and the parties to the sales contract are sufficiently definitive.

(3) Identification may be omitted if the obliged entity has already identified the person to be identified on an earlier occasion in the fulfilment of its due diligence requirements and recorded the information obtained. If external circumstances leave the obliged entity no choice but to doubt that the information obtained during the earlier identification is still correct, the obliged entity is to carry out a new identification.

(4) In the identification, the obliged entity is to collect the following information:

1. in the case of a natural person:

a) their first name and surname,

b) their place of birth,

c) their date of birth,

d) their nationality and

e) a residential address or, if no fixed abode and legal residence in the European Union exists and identity is being verified in the course of concluding a basic payment account contract within the meaning of section 38 of the Payment Accounts Act (Zahlungskontengesetz), the postal address under which the contracting party and the person dealing with the obliged entity can be reached;

2. in the case of a legal person or a partnership:

a) the company, name or trading name,

b) the legal form,

c) the commercial register number if available,

d) the address of the registered office or head office and

e) the names of the members of its representative bodies or the names of its legal representatives and, if a member of its representative body or the legal representative is a legal person, the data listed under letters (a) to (d) for this legal person.

(5) By way of derogation from subsection (4), to determine the identity of a beneficial owner the obliged entity is to at least establish their name and, if appropriate in view of the risk of money laundering or terrorist financing that exists in the particular case, collect further identifying information. Details of the beneficial owner’s date and place of birth and address may be collected irrespective of ascertained risk. The obliged entity is to satisfy itself of the veracity of the information gathered for the identification by taking risk-adequate measures; in doing so, the obliged entity must not rely exclusively on the information from the transparency register.

(6) The contracting party of an obliged entity is to provide the obliged entity with the information and documents necessary for the identification. If any changes arise in the course of the business relationship, the contracting party is to notify the obliged entity of these changes without delay. The contracting party is to disclose to the obliged entity whether it intends to establish, continue or conduct the business relationship or the transaction on behalf of a beneficial owner. The disclosure to the obliged entity is also to include providing evidence of the beneficial owner’s identity.

Section 12 Identity verification, authorisation to issue regulations

(1) In the cases set out in section 10 (1) no. 1, the verification of the identity of natural persons is to be carried out on the basis of

1. a valid official identity document which includes a photograph of the holder and satisfies the passport and identification requirements in Germany, in particular a German passport, identity card or substitute of a passport or identity card, or a passport, identity card or substitute of a passport or identity card recognised or accepted under German provisions for foreign nationals,

2. an electronic proof of identity pursuant to section 18 of the Act on Identity Cards and Electronic Identification (Personalausweisgesetz) or to section 78 (5) of the Residence Act (Aufenthaltsgesetz),

3. a qualified electronic signature pursuant to Article 3 no. 12 of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257 of 28 August 2014, p. 73),

4. a notified electronic identification scheme pursuant to Article 8(2) letter c) in conjunction with Article 9 of Regulation (EU) No 910/2014 or

5. documents pursuant to section 1 (1) of the Regulation determining documents admissible for the identification of a person to be identified under the Money Laundering Act for the purpose of opening of a payment account (Verordnung über die Bestimmung von Dokumenten, die zur Überprüfung der Identität einer nach dem Geldwäschegesetz zu identifizierenden Person zum Zwecke des Abschlusses eines Zahlungskontovertrags zugelassen werden).

When identity is to be verified by means of a qualified electronic signature pursuant to sentence 1 no. 3, the obliged entity is to validate the qualified electronic signature in accordance with Article 32(1) of Regulation (EU) No 910/2014. In such a case, the obliged entity is also to ensure that a transaction is executed directly from a payment account within the meaning of section 1 (3) of the Payment Services Supervision Act which is held in the name of the contracting party, with an obliged entity under section 2 (1) sentence 1 no. 1 or no. 3 or with a credit institution domiciled in

1. another member state of the European Union,

2. a signatory state to the Agreement on the European Economic Area or

3. a third country in which the credit institution is subject to due diligence and record-keeping requirements equivalent to the due diligence and record-keeping requirements laid out in Directive (EU) 2015/849 and whose observance is supervised in a manner consistent with Chapter IV Section 2 of Directive (EU) 2015/849.

(2) In the cases set out in section 10 no. 1, verification of the identity of legal persons is to be carried out by means of

1. an extract from the commercial register or register of cooperative societies or a comparable official register or directory

2. formation documents or equivalent substantiating documents or

3. a documented inspection by the obliged entity itself of the data in the register or directory.

(3) The Federal Ministry of Finance may, in consultation with the Federal Ministry of the Interior (Bundesministerium des Innern), designate further documents as appropriate for verifying identity by means of a regulation not requiring the consent of the Bundesrat.

Section 13 Identity verification procedures, authorisation to issue regulations

(1) Obliged entities verify the identity of natural persons by one of the following procedures:

1. appropriate examination of the document presented physically or

2. another procedure suitable for verifying identity under anti-money laundering and counter terrorist financing law and having a security level equivalent to the procedure set out in no. 1.

(2) The Federal Ministry of Finance may, in consultation with the Federal Ministry of the Interior, by means of a regulation not requiring the consent of the Bundesrat

1. add more detail or further requirements to the procedure set out in subsection (1) or to the obliged entities using this procedure and

2. define procedures that are appropriate for identification under anti-money laundering and counter terrorist financing law in accordance with subsection (1) no. 2.

Section 14 Simplified due diligence requirements, authorisation to issue regulations

(1) Obliged entities that establish that, taking into account the risk factors specified in annexes 1 and 2, certain areas present only a small risk of money laundering or terrorist financing, particularly with regard to customers, transactions and services or products, are only required to fulfil simplified due diligence requirements. Before applying simplified due diligence requirements, obliged entities must ascertain that the business relationship or transaction actually entails a lower risk of money laundering or terrorist financing. For the demonstration of adequacy, section 10 (2) sentence 4 applies mutatis mutandis.

(2) Where simplified due diligence requirements may be applied, obliged entities may

1. reduce the extent of the measures to be taken to fulfil general due diligence requirements to an appropriate extent and

2. in particular, by way of derogation from sections 12 and 13, carry out the verification of identity on the basis of other documents, data or information which originate from a credible and independent source and are suitable for the purpose of verification.

In each instance, the obliged entities must ensure the scrutiny of transactions and business relationships to an extent that enables them to recognise and report unusual or suspicious transactions.

(3) In cases where the obliged entity is not in a position to fulfil the simplified due diligence requirements, section 10 (9) applies mutatis mutandis.

(4) The Federal Ministry of Finance may, by means of a regulation not requiring the consent of the Bundesrat, in consultation with the Federal Ministry of the Interior, designate types of cases which can present a lower risk of money laundering or terrorist financing, particularly with regard to customers, products, services, transactions or delivery channels, and in which the obliged entities are only required to fulfil simplified due diligence requirements in relation to customers, under the conditions laid out in subsection (1). The risk factors specified in annexes 1 and 2 are to be taken into account in such a decision.

(5) Directive (EU) 2015/847 does not apply to domestic transfers of funds to a payment account of a beneficiary to which only payments for the delivery of goods or services can be made, if

1. the beneficiary’s payment service provider is subject to the requirements of this Act,

2. the beneficiary’s payment service provider is able, using a unique transaction reference number, to trace the transfer of funds via the beneficiary back to the person who concluded an agreement with the beneficiary about the delivery of goods or services, and

3. the amount transferred does not exceed €1,000.

Section 15 Enhanced due diligence requirements, authorisation to issue regulations

(1) The enhanced due diligence requirements are to be fulfilled in addition to the general due diligence requirements.

(2) Obliged entities are to fulfil enhanced due diligence requirements if they find out, through a risk analysis or by taking into account the risk factors specified in annexes 1 and 2 in an individual case, that a higher risk of money laundering or terrorist financing may arise. The obliged entities determine the specific extent of measures to be taken in accordance with the respective higher risk of money laundering or terrorist financing. For the demonstration of adequacy, section 10 (2) sentence 4 applies mutatis mutandis.

(3) A higher risk arises in particular

1. if a contracting party of the obliged entity or a beneficial owner is

a) a politically exposed person, a family member or a person known to be a close associate or

b) a natural or legal person domiciled in a high-risk third country identified by the European Commission pursuant to Article 9 of Directive (EU) 2015/849; the foregoing does not apply to branches of obliged entities pursuant to Article 2(1) of Directive (EU) 2015/849 domiciled in the European Union, nor does it apply to subsidiaries majority-owned by these obliged entities that are located in a high-risk third country, provided they fully implement the group-wide policies and procedures pursuant to Article 45(1) of Directive (EU) 2015/849,

2. if the transaction, in relation to comparable cases,

a) is particularly complex or large,

b) follows an unusual pattern

c) has no apparent economic or lawful purpose or

3. in cases where obliged entities under section 2 (1) nos. 1 to 3 and 6 to 8 are in cross-border correspondent relationships with third-country respondents or, if the obliged entities identify a heightened risk, with respondents from a country in the European Economic Area.

(4) In the cases set out in subsections (2) and (3) no. 1, at least the following enhanced due diligence requirements are to be fulfilled:

1. establishing or continuing a business relationship requires approval from a member of senior management,

2. adequate measures are to be taken to establish the source of funds involved in the business relationship or the transaction and

3. enhanced, ongoing monitoring of the business relationship is to be conducted.

If, in the case of subsection (3) no. 1 (a), the contracting party or the beneficial owner was only initially entrusted with a prominent public function during the course of the business relationship, or if the obliged entity gained knowledge of the fact that the contracting party or the beneficial owner held a prominent public function only after establishing the business relationship, the obliged entity is to ensure that the relationship is only continued with the approval of a member of senior management.

(5) In the case set out in subsection (3) no. 2, at least the following enhanced due diligence requirements are to be fulfilled:

1. the transaction is to be examined in order that the risk associated with the respective business relationship or transactions can be monitored and assessed with regard to money laundering and terrorist financing and in order that it can be determined, if applicable, whether a reporting requirement under section 43 (1) exists, and

2. where a transaction is based on an underlying business relationship, this relationship is to be subject to enhanced, ongoing monitoring in order that the risk associated with the business relationship with regard to money laundering and terrorist financing can be assessed and, in the case of heightened risk, monitored.

(6) In the case set out in subsection (3) no. 3, obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9 are to at least fulfil the following enhanced due diligence requirements:

1. sufficient information about the respondent is to be obtained, in order that the nature of their business can be fully understood and their reputation, their controls for preventing money laundering and terrorist financing and the quality of supervision can be assessed,

2. the approval of a member of senior management is to be obtained before a business relationship with the respondent is established,

3. before such a business relationship is established, the respective responsibilities of participants with regard to the fulfilment of due diligence requirements are to be determined and documented in accordance with section 8,

4. measures are to be taken to ensure that the obliged entity does not establish or continue a business relationship with a respondent whose accounts are known to be used by a shell bank, and

5. measures are to be taken to ensure that the respondent does not permit payments through payable-through accounts.

(7) In cases of a formerly politically exposed person, the obliged entities are to take account of the specific risk associated with politically exposed persons for at least twelve months after the person has left the public function and take appropriate and risk-adequate measures until it can be assumed that the risk no longer exists.

(8) If there are facts or assessments from national or international agencies responsible for preventing or combating money laundering or terrorist financing that justify the assumption that a higher risk exists beyond the cases set out in subsection (3), the supervisory authority may order that the obliged entities enhance their monitoring of the transactions and business relationships and fulfil additional risk-adequate due diligence requirements.

(9) If the obliged entity is not in a position to fulfil the enhanced due diligence requirements, section 10 (9) applies mutatis mutandis.

(10) The Federal Ministry of Finance may, by means of a regulation not requiring the consent of the Bundesrat, designate types of cases in which a potentially higher risk of money laundering and terrorist financing exists, particularly with regard to customers, products, services, transactions or delivery channels, and in which the obliged entities are to fulfil specific enhanced due diligence requirements. The risk factors specified in annexes 1 and 2 are to be taken into account in such a decision.

Section 16 Special provisions regarding online games of chance

(1) Obliged entities under section 2 (1) no. 15 are, insofar as they offer or broker online games of chance, subject to the special provisions of subsections (2) to (8).

(2) An obliged entity may only admit a player to an online game of chance once it has set up a gambling account for the player in the name of the player.

(3) The obliged entity may not accept any deposits or other refundable monies from the player in the gambling account. The balance in the gambling account must not bear any interest. Section 2 (2) sentence 3 of the Payment Services Supervision Act applies to funds received mutatis mutandis.

(4) The obliged entity must ensure that the players' transactions to the gambling account occur only

1. through a payment transaction executed

a) by means of a direct debit as defined in section 1 (2) no. 2a of the Payment Services Supervision Act

b) by means of a credit transfer as defined in section 1 (2) no. 2b of the Payment Services Supervision Act or

c) by means of a payment card as defined in section 1 (2) no. 2c or no. 3 of the Payment Services Supervision Act in the name of the player and

2. from a payment account as defined in section 1 (3) of the Payment Services Supervision Act which was set up in the name of the player with an obliged entity under section 2 (1) no. 1 or no. 3.

The obliged entity may be exempted from fulfilling the requirements set out in sentence 1 no. 1 (c) and no. 2 if it is guaranteed that the payment for participating in the game does not exceed €25 for a single transaction or €100 for several transactions in a calendar month.

(5) The obliged entity is to inform the supervisory authority without delay whenever a payment account as defined in section 1 (3) of the Payment Services Supervision Act held in its name with an obliged entity under section 2 (1) no. 1 or no. 3 is opened or closed, into which account a player's funds are accepted to enable participation in online games of chance.

(6) When the obliged entity or another issuer issues a player with monetary value stored on an instrument as defined in section 1 (10) no. 10 of the Payment Services Supervision Act which is intended to be used for gambling account transactions, the obliged entity or issuer is to ensure that the identity of the holder of the instrument with monetary value is the same as that of the gambling account holder.

(7) The obliged entity may carry out transactions to the player only

1. through a payment transaction executed under subsection (4) and

2. to a payment account set up in the name of the player with an obliged entity under section 2 (1) no. 1 or no. 3.

The obliged entity is to specify the payment reference in the transaction in such a manner that the reason for the payment transaction is transparent to an outside observer. The competent authorities may designate standard wordings to be used by the obliged entities for the payment reference.

(8) By way of derogation from section (11), the obliged entity may carry out a provisional identification of a player for whom it sets up a gambling account. The provisional identification may be based on an electronic copy or a copy sent by post of a document under section 12 (1) sentence 1 no. 1. A full identification is to be conducted subsequently without delay. Both the provisional and the full identification may also take place on the basis of the requirements regarding identification and authentication under gambling law.

Section 17 Performance of due diligence requirements by third parties, contractual outsourcing

(1) The obliged entity may engage third parties in order to fulfil the general due diligence requirements under section 10 (1) nos. 1 to 4. Third parties must only be

1. obliged entities under section 2 (1),

2. obliged entities under Article 2(1) of Directive (EU) 2015/849 in another member state of the European Union,

3. member organisations or associations of obliged entities under no. 2 or institutions and persons domiciled in a third country if they are subject to due diligence and record-keeping requirements

a) that are equivalent to the due diligence and record-keeping requirements set out in Directive (EU) 2015/849 and

b) where compliance with these due diligence and record-keeping requirements is supervised in a manner consistent with Chapter IV(2) of Directive (EU) 2015/849.

The responsibility for fulfilling the general due diligence requirements remains with the obliged entity.

(2) Obliged entities must not engage third parties domiciled in a high-risk third country. An exemption from this applies to

1. branches of obliged entities under Article 2(1) of Directive (EU) 2015/849 domiciled in the European Union, provided the branch fully implements the group-wide policies and procedures pursuant to Article 45(1) of Directive (EU) 2015/849, and

2. subsidiaries majority-owned by an obliged entity under Article 2(1) of Directive (EU) 2015/849 domiciled in the European Union, provided the subsidiary fully implements the group-wide policies and procedures pursuant to Article 45 of Directive (EU) 2015/849.

(3) When an obliged entity engages third parties, it must ensure that the third parties

1. obtain the information necessary to fulfil the due diligence requirements pursuant to Article 10 (1) nos. 1 to 3, and

2. transmit this information directly and without delay to the obliged entity.

In addition, the obliged entity is to take appropriate steps to ensure that, at its request, the third parties, without delay, present copies of the documents relevant for establishing and verifying the identity of the contracting party and, where applicable, the beneficial owner as well as other relevant documents. The third parties have the right to make copies of and pass on identity documents for this purpose.

(4) The requirements of subsections (1) and (3) are deemed to have been fulfilled, if

1. the obliged entity engages third parties belonging to the same group as itself,

2. the due diligence requirements, record-keeping requirements, policies and procedures for preventing money laundering and terrorist financing which are adopted by the group are consistent with the provisions of Directive (EU) 2015/849 or equivalent provisions and

3. the effective implementation of these requirements at group level is supervised by an authority.

(5) An obliged entity may delegate performance of the measures necessary in order to fulfil the due diligence requirements under section 10 (1) nos. 1 to 4 to suitable persons and companies other than the third parties specified in subsection (1). Delegation requires a contractual agreement. Measures taken by the persons or the companies are deemed to be the obliged entity’s own. Subsection (3) applies mutatis mutandis.

(6) Delegation under subsection (5) must not

1. hinder the obliged entity in fulfilling its obligations under this Act,

2. interfere with the powers and ability of the obliged entity’s management to supervise and oversee the institution or person or

3. interfere with the powers and ability of the supervisory authority to supervise the obliged entity.

(7) Before delegating under subsection (5), the obliged entity is to satisfy itself of the reliability of the person or company which is to be entrusted with the measures. During the course of the cooperation, the obliged entity must satisfy itself, by means of spot checks, of the appropriateness and propriety of the measures adopted by the person or company.

(8) Where a contractual agreement as described in subsection (5) is entered into with German embassies, foreign chambers of commerce or consulates, they are deemed suitable by agreement. Subsection (7) does not apply in this case.

(9) In cases of delegation under subsection (5) the provisions concerning outsourcing of activities and processes pursuant to section 25b of the Banking Act remain unaffected.

Part 4 Transparency Register

Section 18 Estabblishment of the transparency register and the registrar entity

(1) A register (transparency register) is established to record and make available information about the beneficial owner.

(2) The transparency register is administered electronically as a sovereign function of the Federal Republic by the registrar entity. Data stored in the transparency register will be organised as a chronological collection of data.

(3) When a notification under section 20 is unclear or when it is doubtful which association under section 20 (1) the information on the beneficial owner contained in the notification is to be attributed to, the registrar entity may request that the association named in the notification transmit the information needed for an entry in the transparency register within an appropriate period. This applies mutatis mutandis to notifications from legal arrangements under section 21.

(4) The registrar entity produces, on request, printouts of data stored in the transparency register and confirmations that there are no current entries in the transparency register due to a notification under section 20 (1) or section 21. On request, the registrar entity certifies that transmitted data correspond to the contents of the transparency register. Certification does not guarantee that the information regarding the beneficial owner is accurate and complete. An application for a printout of data which are merely made accessible via the transparency register under section 22 (1) sentence 1 nos. 4 to 8 may also be transmitted to the court via the transparency register. This applies mutatis mutandis to the transmission to the operator of the company register of an application for a printout of data made accessible under section 22 (1) sentence 1 nos. 2 and 3.

(5) The registrar entity establishes an information security concept for the transparency register, from which the technical and organisational measures taken to protect data are derived.

(6) The Federal Ministry of Finance is authorised to regulate, by means of a regulation not requiring the consent of the Bundesrat, the technical details of the establishment and administration of the transparency register, including the storage of historical data sets and compliance with rules on when the data stored in the transparency register are to be deleted.

Section 19 Information on the beneficial owner

(1) With regard to associations under section 20 (1) sentence 1 and legal arrangements under section 21, the following information on the beneficial owner is, in accordance with section 23, accessible via the transparency register:

1. first name and surname,

2. date of birth,

3. place of residence and

4. nature and extent of the beneficial interest.

(2) With regard to determining the beneficial owner of associations within the meaning of section 20 (1) sentence 1 with the exception of foundations with legal capacity, section 3 (1) and (2) apply mutatis mutandis. With regard to determining the beneficial owner of legal arrangements under section 21 and foundations with legal capacity, section 3 (1) and (3) apply mutatis mutandis.

(3) The information on the nature and extent of the beneficial interest under subsection (1) no. 4 indicates the reason for the status of beneficial owner, namely

1. in the case of associations under section 20 (1) sentence 1, with the exception of foundations with legal capacity,

a) an ownership interest in the association itself, in particular the size of the share in the capital or the voting rights

b) the exercise of control by other means, particularly on the basis of agreements between a third party and a shareholder or between several shareholders or on the basis of the right granted to a third party to appoint legal representatives or other members of bodies or

c) the role of legal representative, managing partner or partner.

2. in the case of legal arrangements under section 21 and foundations with legal capacity, one of the roles specified in section 3 (3).

Section 20 Transparency obligations regarding certain associations

(1) Legal persons under private law and registered partnerships are to obtain, retain and keep up to date the information specified in section 19 (1) on the beneficial owners of these associations and notify the registrar entity of this information without delay for entry into the transparency register. The notification is to be made electronically in a format that allows it to be made electronically accessible. With regard to the information on the nature and extent of the beneficial interest as referred to in section 19 (1) no. 4, the reason for the status of beneficial owner under section 19 (3) is to be indicated, except for cases where subsection (2) sentence 2 applies.

(2) The obligation to notify the transparency register under subsection (1) sentence 1 is deemed to have been fulfilled if the information on the beneficial owner specified in section 19 (1) is already contained in the documents and entries specified in section 22 (1) that are electronically accessible from:

1. the commercial register (section 8 of the Commercial Code (Handelsgesetzbuch)),

2. the partnership register (section 5 of the Partnership Companies Act (Partnerschaftsgesellschaftsgesetz)),

3. the cooperative society register (section 10 of the Act Concerning Industrial and Trading Cooperative Societies (Genossenschaftsgesetz)),

4. the register of associations (section 55 of the Civil Code (Bürgerliches Gesetzbuch)) or

5. the company register (section 8b (2) of the Commercial Code).

The obligation to notify the transparency register is always deemed to be fulfilled for companies that are listed on an organised market under section 2 (5) of the Securities Trading Act or subject to transparency obligations equivalent to community law with regard to voting rights percentages or to comparable international standards. No separate information regarding the nature and extent of the beneficial interest under section 19 (1) sentence 4 is required if the documents and entries specified in section 22 (1) show the reason for the status of beneficial owner under section 19 (3). If the beneficial owner changes after the transparency register has received a notification under subsection 1 (1), such that the information on the beneficial owner can now be seen from the registers specified in sentence 1, the registrar entity is to be informed of this without delay under subsection (1) in order to include it in the transparency register.

(3) Shareholders that are beneficial owners or under the direct control of a beneficial owner are to notify the associations specified in subsection (1) without delay of the information required to fulfil the obligations stated in subsection (1), as well as any change to this information. If a member of an association or a cooperative society controls more than 25 percent of the voting rights, the obligation under sentence 1 applies to this member. In the case of foundations, the obligation applies to the persons specified in section 3 (3). The same applies to persons subject to a notification obligation within the meaning of sentences 2 and 3 which are under the direct control of a beneficial owner. If persons subject to a notification obligation under sentences 1 to 3 are under the indirect control of a beneficial owner, the obligation under sentence 1 applies to the beneficial owner.

4) The notification obligation under subsection (3) does not apply if the reporting obligation under subsection (1) is deemed to have been fulfilled under subsection (2) or if the shareholder(s, members and beneficial owners have communicated the required information in some other form.

(5) The German Financial Intelligence Unit and the supervisory authorities may, in the framework of their functions and powers, view the information stored under subsection (1) or have it provided to them.

Section 21 Transparency obligations regarding certain legal arrangement

(1) Administrators of trusts (trustees) resident or domiciled in Germany are to obtain, retain and keep up to date the information specified in section 19 (1) on the beneficial owners of the trust they administer and the nationalities of the beneficial owners and notify the registrar entity of this information without delay for entry into the transparency register. The notification is to be made electronically in a format that allows it to be made electronically accessible. The trust is to be unambiguously identified in the notification. With regard to the information on the nature and extent of the beneficial interest as referred to in section 19 (1) no. 4, the reason for the status of beneficial owner under section 19 (3) is to be indicated.

(2) The obligations specified in subsection (1) apply mutatis mutandis to Treuhänder domiciled or resident in Germany having the following legal arrangements:

1. foundations without legal capacity if the purpose of the foundation is, from the donor’s point of view, in their own interest and

2. legal arrangements whose structure and function is equivalent to such foundations.

(3) The German Financial Intelligence Unit and the supervisory authorities may, in the framework of their functions and powers, view the information stored by administrators of trusts under subsection (1) and by Treuhänder under subsection (2), or have it provided to them.

Section 22 Accessible documents and transmission of data to the transparency register, authorisation to issue regulations

(1) In accordance with section 23, the following information is accessible via the website of the transparency register:

1. entries in the transparency register on reports under section 20 (1) sentence 1, (2) sentence 4 and under section 21,

2. announcements concerning the existence of a shareholding under section 20 (6) of the Stock Corporation Act (Aktiengesetz),

3. voting rights notifications under sections 26 and 26a of the Securities Trading Act,

4. lists of the shareholders of limited liability companies and entrepreneurial companies under section 8 (1) no. 3 and section 40 of the Limited Liability Companies Act (Gesetz betreffend die Gesellschaften mit beschränkter Haftung) as well as articles of association under section 8 (1) no. 1 in conjunction with section 2 (1a) sentence 2 of the Limited Liability Companies Act, if they are deemed to be lists of shareholders under section 2 (1a) sentence 4 of the Limited Liability Companies Act,

5. entries in the commercial register,

6. entries in the partnership register,

7. entries in the cooperative society register,

8. entries in the register of associations.

The documents and entries specified in sentence 1 nos. 2 to 8 are accessible to the extent set out for inspection in the particular provisions of register law only if they can be retrieved electronically from the public registers specified in section 20 (2) sentence 1.

(2) In order to provide access to the original data under subsection (1) sentence 1 nos. 2 to 8 via the website of the transparency register, the (index) data needed for this are to be transmitted to the transparency register. The operator of the company register transmits the index data for the original data under subsection (1) sentence 1 nos. 2 and 3 to the transparency register. The state justice administrations (Landesjustizverwaltungen) transmit the index data for the original data under subsection (1) sentence 1 nos. 4 to 8 to the transparency register. The index data serve only to mediate access and may not be made accessible.

(3) The Federal Ministry of Finance is authorised to regulate, in agreement with the Federal Ministry of Justice and Consumer Protection (Bundesministerium der Justiz und für Verbraucherschutz), by means of a regulation requiring the consent of the Bundesrat, technical details of the data transmission between the authorities of the federal states (Länder) and the transparency register for data transmission under subsection (2) sentence 3, including provisions for the data formats to be used and for guaranteeing data protection and data security. Derogations from the procedural rules by the law of a federal state are inadmissible.

(4) The Federal Ministry of Finance is authorised to regulate, in agreement with the Federal Ministry of Justice and Consumer Protection, by means of a regulation not requiring the consent of the Bundesrat, registration procedures for those subject to a notification obligation under sections 20 and 21, as well as technical details of the data transmission under subsection (2) sentence 2 and sections 20 and 21, including provisions on which data formats and forms to use and for guaranteeing data protection and data security.

Section 23 Inspection of the transparency register, authorisation to issue regulations

(1) In the case of associations within the meaning of section 20 (1) sentence 1 and of legal arrangements under section 21, inspection is permitted for

1. the following authorities, insofar as this is necessary for the performance of their legal functions:

a) the supervisory authorities,

b) the German Financial Intelligence Unit,

c) the responsible authorities under section 13 of the Foreign Trade and Payments Act (Außenwirtschaftsgesetz),

d) the law enforcement agencies,

e) the Federal Central Tax Office and the local revenue authorities under section 6 (2) no. 5 of the Fiscal Code and

f) the authorities responsible for the recognition, prevention and elimination of threats,

2. the obliged entities, provided they demonstrate to the registrar entity that the inspection is being carried out in order to fulfil their due diligence obligations in one of the cases set out in section 10 (3), and

3. anyone who demonstrates to the registrar entity that they have a legitimate interest in the inspection.

In the case of sentence 1 no. 3, in addition to the information specified in section 19 (1) nos. 1 to 4, only the month and year of the birth of the beneficial owner and their country of residence are accessible for inspection unless all the information specified in section 19 (1) is already known from other public registers.

(2) At the request of the beneficial owner, the registrar entity restricts inspection of the transparency register wholly or partially if the beneficial owner demonstrates to it that, taking into account all circumstances of the individual case, overriding legitimate interests of the beneficial owner stand in the way of an inspection. Legitimate interests are deemed to exist if:

1. facts justify the assumption that the inspection would expose the beneficial owner to the risk of falling victim to one of the following criminal offences:

a) fraud (section 263 of the Criminal Code),

b) extortionate kidnapping (section 239a of the Criminal Code),

c) hostage taking (section 239b of the Criminal Code),

d) extortion or robbery-like extortion (sections 253, 255 of the Criminal Code),

e) a punishable act threatening life or limb (sections 211, 212, 223, 224, 226, 227 of the Criminal Code),

f) coercion (section 240 of the Criminal Code),

g) threat (section 241 of the Criminal Code) or

2. the beneficial owner is a minor or is incapacitated.

The beneficial owner is not deemed to have legitimate interests if the data are already accessible from other public registers. Restricting inspection under sentence 1 is not possible vis-à-vis the authorities specified in subsection (1) sentence 1 no. 1, vis-à-vis obliged entities under section 2 (1) nos. 1 to 3 and 7 or vis-à-vis notaries.

(3) Inspection requires prior online registration by the user and may be logged for the purpose of monitoring who has carried out an inspection.

(4) The transparency register allows associations under section 20 (1) sentence 1 and legal arrangements under section 21 to be searched for in all stored data as well as all index data.

(5) The Federal Ministry of Finance is authorised to determine, by means of a regulation not requiring the consent of the Bundesrat, specific details of the inspection, particularly for the online registration and logging, such as the data to be logged and the time limits for deleting data logged under subsection (3), for the requirements for inspection under subsection (1) sentence 1 nos. 2 and 3, and for the requirements for restricting inspections under subsection (2).

Section 24 Fees and charges, authorisation to issue regulations

(1) The registrar entity charges associations under section 20 and legal arrangements under section 21 fees for managing the register.

(2) For the inspection of the data notified to the transparency register under section 20 (1) and section 21, the registrar entity charges fees and expenses to cover the administrative costs. The same applies to the production of printouts, confirmations and certifications under section 18 (4). Section 7 nos. 2 and 3 of the Act on Fees and Expenses for Federal Services (Bundesgebührengesetz) does not apply. In the case of authorities, section 8 of the Act on Fees and Expenses for Federal Services applies.

(3) The Federal Ministry of Finance is authorised to regulate, by means of a regulation not requiring the consent of the Bundesrat, more specific details of the following:

1. situations subject to fees,

2. persons subject to fees,

3. fee rates as fixed rates or as scaled fees and

4. the reimbursement of expenses.

Section 25 Transfer of the administration of the transparency register, authorisation to issue regulations

(1) The Federal Ministry of Finance is authorised to confer, by means of a regulation not requiring the consent of the Bundesrat, the functions of the registrar entity and the powers needed to perform these functions on a legal person under private law.

(2) These functions may only be conferred on a legal person under private law if this person provides a guarantee that they will perform the functions transferred to them properly and, in particular, that they will operate the transparency register reliably and on a long-term basis. They are deemed to provide the required guarantee if

1. the natural persons who, by law or according to the articles of association or the statutes, act as managers and representatives, are fit and proper,

2. they have basic experience with making information under register law accessible, particularly commercial register data, company announcements and information under capital markets law,

3. they have the organisational systems and the technical and financial resources necessary to perform their functions and

4. they ensure compliance with the provisions regarding the protection of personal data.

(3) The period of the conferral is to be time-limited. It should not be shorter than five years. The possibility of terminating the conferral before the expiry of the period if an important reason exists is to be provided for. If the conditions for conferral have not been fulfilled or are no longer fulfilled, it should be possible to terminate the conferral at any time. It is to be ensured that, on termination of the conferral, all software programs and data needed to continue the proper administration of the transparency register be made available, without delay, to the Federal Ministry of Finance or an institution appointed by it and that the rights to these software programs and to the internet address used by the transparency register are transferred to the Federal Ministry of Finance or the institution appointed by it.

(4) The conferee is entitled to use the small Bundessiegel. It is made available by the Federal Ministry of Finance. The small Bundessiegel may only be used to certify printouts from the transparency register and to issue confirmations under section 18 (4).

(5) The conferee has the right to collect the fees under section 24. The fee revenue collected belongs to the conferee. In the regulation, the Federal Ministry of Finance may transfer the enforcement of notifications of charges to the conferee.

(6) The conferee is subject to the legal and operational supervision of the Federal Office of Administration. In order to exercise its supervisory activity, the Federal Office of Administration may inform itself about the affairs of the conferee at any time, in particular by obtaining information and reports and by demanding that records of any kind be submitted, object to unlawful measures and demand that remedial action be taken. The conferee is obliged to comply with the instructions from the Federal Office of Administration. If the conferee fails to comply with the instructions or does not comply with them within the required period, the Federal Office of Administration may, at the conferee's expense, implement the required measures itself instead or have them implemented by a third party. The employees and others working on behalf of the Federal Office of Administration have the right to enter, view and inspect the conferee's business premises, office premises and operating premises during hours of operation and business hours to the extent necessary to perform their functions. Objects or business documents may be viewed and taken into custody insofar as this is necessary.

(7) If the administration of the transparency register is not conferred on a legal person under private law, or if the conferral is terminated, the Federal Ministry of Finance may transfer the administration of the transparency register to a higher federal authority within its segment of competence or, in consultation with the competent federal ministry, to another higher federal authority within that ministry’s segment of competence.

Section 26 European system for the interconnection of registers, authorisation to issue regulations

(1) The data specified in section 22 (1) sentence 1, if they concern legal persons under private law, registered partnerships or legal arrangements under section 21 are also accessible via the European e-Justice Portal; section 23 (1) to (3) applies mutatis mutandis. To enable access via the European e-Justice Portal, the registrar entity transmits the data notified to the transparency register under section 20 (1) and section 21 as well as the index data under section 22 (2) to the central European platform within the meaning of Article 4a(1) of Directive 2009/101/EC of the European Parliament and of the Council of 16 September 2009 on coordination of safeguards which, for the protection of the interests of members and third parties, are required by Member States of companies within the meaning of the second paragraph of Article 48 of the Treaty, with a view to making such safeguards equivalent (OJ L 258 of 1 October 2009, p.11), last amended by Directive 2013/24/EU (OJ L 158 of 10 June 2013, p. 365) to the extent that the transmission of such data is necessary in order to provide access to the original data via the search function on the website of the European e-Justice Portal.

(2) The Federal Ministry of Finance is authorised, in agreement with the Federal Ministry of Justice and Consumer Protection, by means of a regulation requiring the consent of the Bundesrat, to issue the necessary rules on the details of electronic data traffic and its handling pursuant to subsection (1), including specifications for data formats and terms of payment provided that no regulations are contained in the implementing acts adopted by the European Commission under Article 4c of Directive 2009/101/EC.

Part 5 Financial Intelligence Unit (Zentralstelle für Finanztransaktionsuntersuchungen)

Section 27 German Financial Intelligence Unit

(1) The Zentralstelle für Finanztransaktionsuntersuchungen is the German Financial Intelligence Unit for prevention, detection and support in the combating of money laundering and terrorist financing under Article 32(1) of Directive (EU) 2015/849.

(2) The German Financial Intelligence Unit is organisationally autonomous and operates with functional independence in the framework of its functions and powers.

Section 28 Functions, supervision and cooperation

(1) The German Financial Intelligence Unit has the function of collecting and analysing information related to money laundering or terrorist financing and passing this information on to the competent domestic public authorities for the purpose of the investigation, prevention or prosecution of such offences. It is responsible in this context for:

1. receiving and collecting reports under this Act,

2. conducting operational analyses, including the assessment of reports and other information,

3. exchanging information and coordinating with domestic supervisory authorities,

4. cooperating and exchanging information with Financial Intelligence Units of other countries,

5. prohibiting transactions and ordering other urgent action,

6. transmitting to the competent domestic public authorities the results of the operational analyses within the meaning of no. 2 which are relevant to them and additional relevant information,

7. providing feedback to an obliged entity which has filed a report under section 43 (1),

8. conducting strategic analyses and producing reports on the basis of these analyses,

9. engaging in dialogue with the obliged entities and with the domestic supervisory authorities and competent domestic public authorities for the investigation, prevention or prosecution of money laundering and terrorist financing, in particular about relevant typologies and methods,

10. compiling statistics on the numbers and information specified in Article 44(2) of Directive (EU) 2015/849

11. publishing an annual report on the operational analyses conducted,

12. attending meetings of national and international working groups, and

13. performing functions which have additionally been assigned to it by other provisions.

(2) The German Financial Intelligence Unit is subject to the supervision of the Federal Ministry of Finance, which supervision is limited to legal supervision in the cases set out in subsection (1) nos. 1, 2, 5 and 6.

(3) The German Financial Intelligence Unit and the other competent domestic public authorities for the investigation, prevention and prosecution of money laundering, terrorist financing and other criminal offences and averting threats and the domestic supervisory authorities work together to implement this Act and provide mutual support.

(4) The German Financial Intelligence Unit, where necessary, informs the competent authorities for the taxation procedure or the protection of the social security systems of matters which come to its knowledge in the performance of its functions and which it has not transmitted to another competent government agency.

Section 29 Data processing and further use

(1) The German Financial Intelligence Unit may process personal data insofar as this is necessary for the performance of its functions.

(2) The German Financial Intelligence Unit may compare personal data that it has stored for the performance of its functions with other data, if this is permissible under this Act or another Act.

(3) The German Financial Intelligence Unit may, for training or statistical purposes, process personal data held by it insofar as the processing of anonymised data for these purposes is not possible.

Section 30 Receipt and analysis of reports

(1) The German Financial Intelligence Unit is to receive and process the following reports and information for the performance of its functions:

1. reports by obliged entities under section 43 and reports by supervisory authorities under section 44,

2. notifications by revenue authorities under section 31b of the Fiscal Code,

3. information transmitted to it

a) under Article 5(1) of Regulation (EC) No 1889/2005 of the European Parliament and of the Council of 26 October 2005 on controls of cash entering or leaving the Community (OJ L 309, 25 November 2005, p. 9), and

b) under section 12a of the Customs Administration Act (Zollverwaltungsgesetz), and

4. other information from public and non-public sources within the framework of its functions.

(2) The German Financial Intelligence Unit analyses the reports filed under sections 43 and 44 and the notifications made under section 31b of the Fiscal Code in order to verify whether the reported matter is related to money laundering, terrorist financing or another criminal offence.

(3) The German Financial Intelligence Unit may, irrespective of the existence of a report, obtain information from obliged entities insofar as this is necessary for the performance of its functions. It sets an adequate time limit for the obliged entity to respond to its demand for information. Obliged entities under section 2 (1) nos. 10 and 12 may refuse to provide information insofar as the demand relates to information they obtained in the context of the provision of legal advice or the legal representation of the contracting party. However, the obligation to provide information continues to exist if the obliged entity knows that the contracting party has used or is using its legal advice for the purpose of money laundering or terrorist financing.

Section 31 Right to obtain information from domestic public authorities, right of access to data

(1) The German Financial Intelligence Unit may, insofar as this is necessary for the performance of its functions, collect data from domestic public authorities. The domestic public authorities provide information to the German Financial Intelligence Unit at its request for the performance of its functions insofar as no transmission restrictions preclude the provision of information.

(2) The enquiries are to be answered by the domestic public authority without delay. Data related to the enquiry are to be made available.

(3) The German Financial Intelligence Unit should establish an automated process for the transmission, by means of retrieval, of personal data which are stored by other domestic public authorities and which the German Financial Intelligence Unit is entitled by law to receive, unless otherwise stipulated by law and insofar as this form of data transmission is appropriate, with due regard for the legitimate interests of the data subjects, because of the large number of transmissions or because of its particular urgency. For the purpose of monitoring the permissibility of the automated retrieval process, the German Financial Intelligence Unit is to state in writing:

1. the reason for and purpose of the comparison or retrieval process,

2. the third parties to whom information is transmitted,

3. the type of data to be transmitted, and

4. the technical and organisational measures to ensure data protection.

(4) The German Financial Intelligence Unit is entitled, insofar as this is necessary for the performance of its functions under section 28 (1) sentence 2 no. 2, to compare, by automated means, the personal data stored in its information system with the personal data contained in the police information system under section 13 in conjunction with section 29 (1) and (2) of the Act on the Bundeskriminalamt (Bundeskriminalamtgesetz). If the comparison under sentence 1 results in a match between transmitted data and data stored in the police information system, the German Financial Intelligence Unit receives, by automated means, the information that a match exists and is entitled to retrieve, by automated means, the data which exist on this in the police information system. If the participants in the police information system have categorised data as being especially sensitive and have for this reason prevented data retrieval by the German Financial Intelligence Unit under sentence 2, the participant in the police information system holding the data receives, by automated means, the information that a match exists. In this case, it is the responsibility of the individual participant in the police information system holding the data to contact the German Financial Intelligence Unit without delay and transmit the data to it, insofar as no transmission restrictions preclude this. The provisions set out in sentences 1 to 4 take precedence over the provision set out in section 29 (8) of the Act on the Bundeskriminalamt. The establishment of a more far-reaching automated retrieval process for the German Financial Intelligence Unit is permissible with the consent of the Federal Ministry of the Interior, the Federal Ministry of Finance and the interior ministries and senate departments for the interior of the federal states (Länder), insofar as this form of data transmission is appropriate, with due regard for the legitimate interests of the data subjects, because of the large number of transmissions or because of its particular urgency.

(5) Revenue authorities provide information to the German Financial Intelligence Unit in accordance with section 31b (1) no. 5 of the Fiscal Code and, under section 31b (2) of the Fiscal Code, notify it of the information specified in that subsection. As preparation for requesting information from tax offices, the German Financial Intelligence Unit may, by providing the first name, surname and the address or date of birth of a natural person, retrieve, by automated means, the details of the relevant tax office and tax number for this natural person from the database under section 139b of the Fiscal Code. Automated retrieval by the German Financial Intelligence Unit of other data which are stored by the revenue authorities and subject to the tax secrecy requirement under section 30 of the Fiscal Code is only possible insofar as this is permitted by the Fiscal Code or the tax laws. By way of derogation from sentence 3, subsection (3) applies to the automated retrieval of data which are stored by the revenue authorities of the Customs Administration and which the German Financial Intelligence Unit is legally entitled to receive.

(6) The German Financial Intelligence Unit may, for the performance of its functions, retrieve data, by automated means, from the files which the credit institutions under section 2 (1) no. 1 and the institutions under section 2 (1) no. 3 are required to maintain under section 24c (1) of the Banking Act. 2Section 24c (4) to (8) of the Banking Act applies to the data transmission mutatis mutandis.

(7) Insofar as is necessary to verify the particulars of the person concerned, the German Financial Intelligence Unit may retrieve the following data, using the automated retrieval procedure under section 38 of the Federal Act on Registration (Bundesmeldegesetz), in addition to the data specified in section 38 (1) of the Federal Act on Registration:

1. current nationalities,

2. previous addresses, indicating primary and secondary residences, and

3. issuing authority, date of issue, duration of validity, serial number of the identity card, provisional identity card or replacement identity card, the recognised and valid passport, or the passport substitute.

Section 32 Obligation to transmit data to domestic public authorities

(1) Reports under section 43 (1) and section 44 are to be transmitted by the German Financial Intelligence Unit without delay to the Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz) insofar as there are factual indications that the transmission of this information is necessary for the Federal Office for the Protection of the Constitution to perform its functions.

(2) If the German Financial Intelligence Unit finds in the operational analysis that property is related to money laundering, terrorist financing or another criminal offence, it transmits the result of its analysis and all relevant information to the competent law enforcement agencies without delay. The information specified in sentence 1 is also to be transmitted to the Federal Intelligence Service (Bundesnachrichtendienst) insofar as there are factual indications that this transmission is necessary for the Federal Intelligence Service to perform its functions. In the case set out in subsection (1), the German Financial Intelligence Unit also transmits the result of its operational analysis and all relevant information relating to the previously transmitted report to the Federal Office for the Protection of the Constitution.

(3) The German Financial Intelligence Unit transmits personal data, upon request, to the law enforcement agencies, the Federal Office for the Protection of the Constitution, the Federal Intelligence Service or the military counterintelligence office of the Federal Ministry of Defence (Militärischer Abschirmdienst des Bundesministeriums für Verteidigung) insofar as this is necessary for

1. the investigation of money laundering and terrorist financing or the conduct of criminal proceedings related to these, or

2. the investigation of other threats and the conduct of other criminal proceedings not covered by no. 1.

The German Financial Intelligence Unit transmits personal data, ex officio or upon request, to competent domestic public authorities other than those specified in sentence 1 insofar as this is necessary for

1. taxation procedures,

2. procedures to protect the social security systems, or

3. the performance of functions by the supervisory authorities.

(4) In the cases set out in subsection (3), sentence 1, nos. 1 and 2, the law enforcement agencies and the Federal Office for the Protection of the Constitution are entitled to retrieve, by automated means, the data for the performance of their functions from the German Financial Intelligence Unit, insofar as no transmission restrictions preclude this. For the purpose of monitoring the permissibility of the automated retrieval process, the respective law enforcement agencies and the Federal Office for the Protection of the Constitution are to state in writing:

1. the reason for and purpose of the retrieval process,

2. the third parties to whom information is transmitted,

3. the type of data to be transmitted, and

4. the technical and organisational measures to ensure data protection.

(5) Personal data must not be transmitted under subsection (3)

1. if the provision of the data could have a negative impact on the success of an ongoing investigation by the competent domestic public authorities, or

2. if the disclosure of the data would be disproportionate.

If a retrieval under subsection (4) relates to data which, in principle, may not be retrieved by automated means because of transmission restrictions, the German Financial Intelligence Unit is notified of the query by automated means via the transmission of all query data. In this case, it is responsible for contacting the authority which performed the query without delay, in order to clarify in the individual case whether information under subsection (3) may be transmitted.

(6) If the law enforcement agency has initiated criminal proceedings on the basis of a matter transmitted under subsection (2), it notifies the competent revenue authority of the matter together with the underlying facts if a transaction is identified which could be of relevance for the revenue authority for the initiation or conduct of taxation procedures or criminal tax proceedings. If the law enforcement agency uses records under section 11 (1) in the criminal proceedings, these records may also be transmitted to the revenue authority. The notifications and records may be used for taxation procedures and for criminal proceedings in relation to tax crimes.

(7) The recipient may only use the personal data transmitted for the purpose for which they were transmitted. Their use for other purposes is permissible to the extent that it would also have been permissible for the data to be transmitted for those purposes.

Section 33 Exchange of data with member states of the European Union

(1) The exchange of data with the Financial Intelligence Units of other member states of the European Union responsible for the prevention, detection and combating of money laundering and terrorist financing is to be ensured irrespective of the type of predicate offence for money laundering and also if the type of predicate offence has not been established. In particular, a differing definition in an individual case of the tax crimes which, under national law, can qualify as a predicate offence for money laundering does not preclude an exchange of information with Financial Intelligence Units of other member states of the European Union. If the German Financial Intelligence Unit receives a report under section 43 (1) which concerns the area of competence of another member state, it forwards the report to the Financial Intelligence Unit of that member state promptly.

(2) The provisions on international data transmission under section 35 (2) to (6) apply, mutatis mutandis, to the transmission of the data. The German Financial Intelligence Unit is responsible for the permissibility of the data transmission.

(3) If additional information is required about an obliged entity which is active in Germany and which is entered in a public register in another member state of the European Union, the German Financial Intelligence Unit sends its request to the Financial Intelligence Unit of that member state of the European Union.

(4) The German Financial Intelligence Unit may only reject a request for the transmission of information which it has been sent by a Financial Intelligence Unit of a member state of the European Union in the context of the performance of its functions if

1. the transmission of information could jeopardise the internal or external security or other essential interests of the Federal Republic of Germany,

2. in the individual case, even with due regard for the public interest in the transmission of the data, the legitimate interests of the data subject are overriding because of essential fundamental principles of German law,

3. the transmission of information could hinder or jeopardise criminal investigations or the conduct of judicial proceedings, or

4. the transmission is precluded by conditions under the law on mutual legal assistance imposed by foreign authorities with which the competent authorities are to comply.

The German Financial Intelligence Unit sets out appropriately in writing to the requesting Financial Intelligence Unit the reasons for rejecting the request for information, except if the operational analysis is not yet complete or insofar as this could jeopardise the investigations.

(5) If the German Financial Intelligence Unit transmits information to a Financial Intelligence Unit of a member state of the European Union at that unit’s request, it should normally express its consent promptly for this information to be disclosed to other authorities of that member state. It may refuse to give consent if the matter set out in the request would not constitute the criminal offence of money laundering or terrorist financing under German law. The German Financial Intelligence Unit sets out appropriately the reasons for its refusal to give consent. Use of the information for other purposes requires the prior consent of the German Financial Intelligence Unit.

Section 34 Information requests in the framework of international cooperation

(1) The German Financial Intelligence Unit may request that the Financial Intelligence Units of other countries which deal with the prevention, detection and combating of money laundering, predicate offences for money laundering and terrorist financing provide information, including personal data or the transmission of documents, if this information and these documents are necessary for the performance of its functions.

(2) The German Financial Intelligence Unit may, for a request, transmit personal data insofar as this is necessary to substantiate a legitimate interest in the information sought and if overriding legitimate interests of the person concerned do not preclude this.

(3) In the request, the German Financial Intelligence Unit must reveal the purpose of the data collection and provide notification of its intention to disclose the data to other domestic public authorities. The German Financial Intelligence Unit may only use the data transmitted by the Financial Intelligence Unit of another country

1. for the purposes for which the data were requested, and

2. in compliance with the conditions under which the data were made available.

If the data transmitted are subsequently to be disclosed to another public authority or used for a purpose beyond the original purposes, the prior consent of the transmitting Financial Intelligence Unit is to be obtained.

Section 35 Data transmission in the framework of international cooperation

(1) If the German Financial Intelligence Unit receives a report under section 43 (1) which concerns the area of competence of another country, it may forward this report promptly to the Financial Intelligence Unit of that country. It notifies the Financial Intelligence Unit of the country concerned that the personal data may only be used for the purpose for which they have been transmitted.

(2) The German Financial Intelligence Unit may transmit personal data to the Financial Intelligence Unit of another country at its request

1. for an operational analysis to be conducted by the Financial Intelligence Unit of the other country,

2. in the framework of a planned urgent measure under section 40, insofar as facts indicate that the property

a) is located in Germany, and

b) is connected with a matter which is before the Financial Intelligence Unit of the other country, or

3. for the performance of the functions of another foreign public authority which serves to prevent, detect and combat money laundering or predicate offences for money laundering or terrorist financing.

It may use information held by it to respond to the request. If this information also includes data collected or transmitted by other domestic or foreign authorities, the disclosure of these data is only permissible with the consent of these authorities, unless the information comes from publicly accessible sources. In responding to the request, the German Financial Intelligence Unit may request information from other domestic public authorities in accordance with sections 28, 30 and 31 or demand information from obliged entities. Requests for information and demands for information are to be answered in a timely manner.

(3) The transmission of personal data to a Financial Intelligence Unit of another country is only permissible if the request contains at least the following information:

1. the name, address and other contact details of the requesting authority,

2. the reasons for the request and designation of the purpose for which the data are to be used under subsection (2),

3. necessary details about the identity of the person concerned insofar as the request relates to a known person,

4. a description of the matter on which the request is based, and the authority to which the data are to be disclosed, where applicable, and

5. an indication of the extent to which the matter concerns money laundering or terrorist financing and an indication of the predicate offence which has allegedly been committed.

(4) The German Financial Intelligence Unit may also transmit personal data to a Financial Intelligence Unit of another country without a request if facts indicate that natural or legal persons in the territory of that country have committed money laundering or terrorist financing offences.

(5) The German Financial Intelligence Unit is responsible for the permissibility of the data transmission. When transmitting data to a foreign Financial Intelligence Unit, it may impose restrictions and conditions on the use of the data transmitted.

(6) The recipient of personal data is to be notified that the personal data may only be used for the purpose for which they have been transmitted. If the data are to be disclosed by the requesting foreign Financial Intelligence Unit to another authority in that country, the prior consent of the German Financial Intelligence Unit is required, with due regard for the purpose and the legitimate interests of the data subject regarding the data. If the information is to be used as evidence in criminal proceedings, the rules of cross-border cooperation in criminal matters apply.

(7) Personal data must not be transmitted to a foreign Financial Intelligence Unit if

1. the transmission could harm the internal or external security or other essential interests of the Federal Republic of Germany,

2. special transmission provisions in federal law preclude transmission, or

3. in the individual case, even with due regard for the special public interest in the transmission of the data, the legitimate interests of the data subject are overriding.

The legitimate interests of the data subject also include the existence of an appropriate level of data protection in the receiving country. The legitimate interests of the data subject may also be safeguarded by appropriate protection of the data transmitted being guaranteed in the individual case by the receiving country or the receiving international or supranational authority.

(8) Personal data should not be transmitted if

1. the transmission could hinder or jeopardise criminal investigations or the conduct of judicial proceedings, or

2. it is not ensured that the requesting foreign Financial Intelligence Unit would respond to a German request of the same kind.

(9) The reasons for rejecting a request for information should be set out appropriately to the requesting Financial Intelligence Unit.

(10) The German Financial Intelligence Unit is to record the date, the data transmitted and the receiving Financial Intelligence Unit. If data are not transmitted, this is to be recorded, mutatis mutandis. It is to retain these data for three years and then delete them.

Section 36 Automated data comparison in a European network

The German Financial Intelligence Unit may, in a network with Financial Intelligence Units of other member states of the European Union, establish and operate a system for the encrypted, automated comparison of suitable data collected by the national Financial Intelligence Units in the performance of their functions. The purpose of this system is to gain knowledge of whether Financial Intelligence Units of other member states of the European Union have already conducted an analysis under section 30 in relation to a data subject or have other information relating to this person.

Section 37 Rectification, restriction of processing and deletion of personal data in the case of automated processing and in the case of storage in automated files

(1) The German Financial Intelligence Unit rectifies stored personal data which are inaccurate and which it processes by automated means.

(2) The German Financial Intelligence Unit deletes stored personal data if the storage of these data is impermissible or knowledge of these data is no longer necessary for the performance of its functions.

(3) Instead of the data being deleted, the processing of the stored personal data is restricted if

1. there are indications that deletion would adversely affect legitimate interests of a data subject,

2. the data are required for ongoing research work, or

3. deletion is only possible with disproportionate effort because of the special nature of the storage.

Data which are subject to a restriction of processing may only be processed for the purpose which prevented their deletion. They may also be processed if this is essential for the conduct of ongoing criminal proceedings or the data subject consents to the processing.

(4) The German Financial Intelligence Unit reviews, when dealing with individual cases and within defined time limits, whether stored personal data are to be rectified or deleted or if their processing is to be restricted.

(5) The time limits begin on the day when the German Financial Intelligence Unit completes the operational analysis under section 30.

(6) The German Financial Intelligence Unit takes reasonable steps to ensure that personal data which are inaccurate, incomplete or subject to restriction of processing are not transmitted. For this purpose it verifies, where feasible, the quality of the data prior to transmission. As far as possible, in all transmissions of personal data, it adds information enabling the recipient to assess the accuracy, completeness and reliability of the personal data.

(7) If the German Financial Intelligence Unit determines that it has transmitted personal data which are inaccurate, to be deleted or to be subject to restriction of processing, it notifies the data recipient of the rectification, deletion or restriction of processing if notification is necessary to protect legitimate interests of the data subject.

Section 38 Rectification, restriction of processing and destruction of personal data which are neither processed by automated means nor stored in an automated file

(1) The German Financial Intelligence Unit records, in a suitable manner, if

1. it determines that personal data which are neither processed by automated means nor stored in an automated file are inaccurate, or

2. the accuracy of personal data which are neither processed by automated means nor stored in an automated file is contested by the data subject.

(2) The German Financial Intelligence Unit restricts the processing of personal data which are neither processed by automated means nor stored in an automated file if it determines in an individual case that

1. without the restriction of processing, legitimate interests of the data subject would be adversely affected, and

2. the data are no longer necessary for the performance of functions.

The processing of the personal data is also to be restricted if an obligation to delete them exists under section 37 (2).

(3) The German Financial Intelligence Unit destroys the documents containing personal data in accordance with the provisions on the retention of files if these documents as a whole are no longer necessary for the German Financial Intelligence Unit to perform its functions.

(4) Destruction does not take place if

1. there are indications that legitimate interests of the data subject would otherwise be adversely affected, or

2. the data are needed for ongoing research work.

In these cases, the German Financial Intelligence Unit restricts the processing of the data and attaches a note of the restriction to the documents. Section 37 (3) sentences 2 and 3 apply to the restriction mutatis mutandis.

(5) Instead of being destroyed under subsection (3), the documents are to be delivered to the competent archives, provided that these documents have a lasting value under section 3 of the Federal Archives Act (Bundesarchivgesetz) in the version promulgated on 6 January 1988 (Federal Law Gazette I, p. 62), most recently amended by the Act of 13 March 1992 (Federal Law Gazette I, p. 506), in the respective applicable version.

(6) In the case that data have been transmitted which are inaccurate, to be deleted or to be subject to restriction of processing, section 37 (7) applies mutatis mutandis.

Section 39 Order opening a file

(1) The German Financial Intelligence Unit issues, for every automated file containing personal data it maintains for the performance of its functions, an order opening the file. The opening order requires the consent of the Federal Ministry of Finance. Prior to an opening order being issued, the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit) are to be heard.

(2) The order opening the file are to set out:

1. the name of the file,

2. the legal basis and the processing purpose,

3. the group of persons about whom data are stored,

4. the type of personal data to be stored,

5. the types of personal data serving to render the file accessible,

6. the supply or input of the data to be stored,

7. the conditions under which personal data stored in the file may be transmitted, the recipients to whom they may be transmitted and the procedure to be followed,

8. the time limits for review of the stored data and the period for which they are stored,

9. the logging system.

The time limits for the review of the stored data may not exceed five years. They are based on the purpose of the storage and the type and importance of the matter; distinctions are to be made based on the purpose of the storage and the type and importance of the matter.

(3) If, in view of the urgency with which the German Financial Intelligence Unit must perform its functions, it is not possible for the authorities specified in subsection (1) to be consulted, the Central Customs Authority (Generalzolldirektion) may issue an urgent order. At the same time, the Central Customs Authority notifies the Federal Ministry of Finance and submits the urgent order to it. The procedure under subsection (1) is subsequently to take place without delay.

(4) The necessity of further maintaining or amending the order opening the file is to be reviewed at suitable intervals.

Section 40 Urgent measures

(1) If the German Financial Intelligence Unit has indications that a transaction is related to money laundering or terrorist financing, it may prohibit the execution of the transaction in order to investigate the indications and analyse the transaction. It may also, subject to the conditions set out in sentence 1,

1. prohibit an obliged entity under section 2 (1) nos. 1 to 3 from

a) executing dispositions in relation to an account or securities account held with it, and

b) executing other financial transactions,

2. instruct an obliged entity under section 2 (1) no. 1 to deny access to a safety deposit box to the contracting party and all other persons with a right of disposal, or

3. issue other orders to an obliged entity in relation to a transaction.

(2) Measures under subsection (1) may be taken by the German Financial Intelligence Unit on the basis of a request from a Financial Intelligence Unit of another country. A request is to contain the information specified in section 35 (3). The German Financial Intelligence Unit should set out appropriately the reasons for rejecting a request.

(3) Measures under subsection (1) are rescinded by the German Financial Intelligence Unit as soon as or insofar as the conditions for the measures are no longer met.

(4) Measures under subsection (1) end

1. no later than one month following the ordering of the measures by the German Financial Intelligence Unit,

2. at the end of the fifth working day after the matter was passed on to the competent law enforcement agency; Saturday is not to be treated as a working day, or

3. at an earlier date if such a date has been determined by the German Financial Intelligence Unit.

(5) The German Financial Intelligence Unit may release property which is subject to a measure under subsection (1), sentence 2, at the request of the person concerned or an association without legal capacity, insofar as this property serves one of the following purposes:

1. the covering of the basic needs of the person or the person’s family members,

2. the payment of pensions or maintenance, or

3. comparable purposes.

(6) The obliged entity or another adversely affected party may lodge an objection to measures under subsection (1). The objection has no suspensory effect.

Section 41 Feedback to reporting obliged entities

(1) The German Financial Intelligence Unit confirms without delay to the obliged entity which has filed a report under section 43 (1) by means of electronic data transmission that its report has been received.

(2) The German Financial Intelligence Unit sends the obliged entity feedback on the relevance of its report within an appropriate period. The obliged entity may only use personal data obtained in this way to improve its risk management, its fulfilment of its due diligence requirements and its reporting behaviour. It is to delete these data when they are no longer required for the purpose in question, and after one year at the latest.

Section 42 Notification by domestic public authorities to the German Financial Intelligence Unit

(1) In criminal proceedings in which the German Financial Intelligence Unit has disclosed information, the competent public prosecution office notifies the German Financial Intelligence Unit of the commencement of public prosecution and the outcome of the proceedings, including all decisions to terminate proceedings. The notification is effected by sending a copy of the indictment, the reasoned decision to terminate proceedings, or the verdict.

(2) If the German Financial Intelligence Unit discloses information to other domestic public authorities, the receiving authority notifies the German Financial Intelligence Unit of the final use made of the information provided and of the outcome of the measures taken on the basis of the information provided, insofar as other legal provisions do not preclude notification.

Part 6 Obligations concerning the reporting of matters

Section 43 Reporting obligation of obliged entities

(1) If facts exist which indicate that

1. property related to a business relationship, brokerage or transaction is derived from a criminal offence which could constitute a predicate offence for money laundering,

2. a business transaction, a transaction or property is related to terrorist financing, or

3. the contracting party has not fulfilled its obligation under section 11 (6), sentence 3 to disclose to the obliged entity whether it intends to establish, continue or conduct the business relationship or transaction on behalf of a beneficial owner,
the obliged entity is to report this matter, irrespective of the value of the property in question or the amount of the transaction involved, to the German Financial Intelligence Unit without delay.

(2) By way of derogation from subsection (1), obliged entities under section 2 (1) nos. 10 and 12 are exempt from the reporting obligation if the reportable matter relates to information they received in the context of a client relationship subject to professional secrecy. However, the reporting obligation continues to exist if the obliged entity knows that the contracting party has used or is using the relationship for the purpose of money laundering or terrorist financing or another criminal offence.

(3) A member of the senior management of an obliged entity is to file a report under subsection (1) with the German Financial Intelligence Unit if

1. the obliged entity operates an establishment in Germany, and

2. the reportable matter is related to an activity of the German establishment.

(4) The reporting obligation under subsection (1) does not preclude the report from being voluntary under section 261 (9) of the Criminal Code.

(5) The German Financial Intelligence Unit may, in agreement with the supervisory authorities, define types of transactions which are always to be reported under subsection (1).

Section 44 Reporting obligation of supervisory authorities

(1) If facts exist which indicate that property is related to money laundering or terrorist financing, the supervisory authority reports these facts to the German Financial Intelligence Unit without delay.

(2) Subsection (1) applies mutatis mutandis to authorities responsible for supervision of the stock, foreign exchange and financial derivatives markets.

Section 45 Form of reporting, authorisation to issue regulations

(1) The report under section 43 (1) or section 44 is to be filed electronically. If electronic data transmission is disrupted, transmission by post is permissible. Due to the special need for a uniform data transmission procedure, reports under section 44 are also obligatory for the supervisory authorities of the federal states (Länder).

(2) To avoid undue hardship, the German Financial Intelligence Unit may, upon request, waive the requirement for the electronic transmission of a report by an obliged entity and authorise transmission by post. The exemption may be granted for a limited period.

(3) The official form is to be used for transmission by post.

(4) The Federal Ministry of Finance may, by means of a regulation not requiring the consent of the Bundesrat, enact more detailed provisions concerning the form of reporting under section 43 (1) or section 44. No derogations from subsection (1) or the provisions of any regulation under sentence 1 by means of the law of the federal states (Länder) are permissible.

Section 46 Execution of transactions

(1) A transaction about which a report has been filed under section 43 (1) may be executed at the earliest when

1. the German Financial Intelligence Unit or the public prosecution office has informed the obliged entity that it consents to the execution, or

2. the third working day has elapsed after the day on which the report was sent without the execution of the transaction having been prohibited by the German Financial Intelligence Unit or the public prosecution office.

Saturday is not to be treated as a working day in the calculation of the time limit.

(2) If it is impossible to postpone the transaction where facts exist which indicate a matter under section 43 (1), or if postponement could frustrate proceedings in relation to a suspected criminal offence, the execution of the transaction is permitted. The report under section 43 (1) is to be filed subsequently by the obliged entity without delay.

Section 47 Prohibition of disclosure, authorisation to issue regulations

(1) An obliged entity must not inform the contracting party, the instructing party of the transaction or other third parties of

1. the intended filing or filing of a report under section 43 (1),

2. an investigation launched on the basis of a report under section 43 (1), or

3. a demand for information under section 30 (3), sentence 1.

(2) The prohibition does not apply to disclosure

1. to government agencies,

2. between obliged entities which are part of the same group,

3. between obliged entities under section 2 (1) nos. 1 to 3 and 6 to 8 and their subordinated group companies in third countries, provided that the group is subject to a group programme under section 9,

4. between obliged entities under section 2 (1) nos. 10 to 12 from member states of the European Union or from third countries which impose requirements regarding a system to prevent money laundering and terrorist financing equivalent to those laid down in Directive (EU) 2015/849, provided that the persons concerned perform their professional activities

a) by means of self-employment,

b) as employees within the same legal person, or

c) as employees within a structure which shares common ownership, management or compliance monitoring in relation to requirements to prevent money laundering or terrorist financing,

5. between obliged entities under section 2 (1) nos. 1 to 3, 6, 7, 9, 10 and 12 in cases which relate to the same contracting party and the same transaction involving two or more obliged entities, if

a) the obliged entities are domiciled in a member state of the European Union or in a third country which imposes requirements regarding a system to prevent money laundering and terrorist financing equivalent to those laid down in Directive (EU) 2015/849,

b) the obliged entities are from the same professional category, and

c) the obliged entities are subject to comparable obligations as regards professional secrecy and personal data protection.

Information disclosed under sentence 1, nos. 2 to 5, may be used solely for the purpose of preventing money laundering or terrorist financing.

(3) Unless otherwise regulated in this Act or other laws, government agencies other than the German Financial Intelligence Unit which have gained knowledge of a report filed under section 43 (1) must not disclose this information to

1. the contracting party of the obliged entity,

2. the instructing party of the transaction,

3. the beneficial owner,

4. a person used as a representative or messenger by one of the persons specified in nos. 1 to 3, or

5. the legal advisor engaged by one of the persons specified in nos. 1 to 4 above.

Disclosure of this information to these persons is only permissible with the prior consent of the German Financial Intelligence Unit.

(4) If obliged entities under section 2 (1) nos. 10 to 12 seek to dissuade a client from engaging in illegal activity, this does not constitute disclosure.

(5) Obliged entities under section 2 (1) nos. 1 to 9 may provide each other with information other than that specified in subsection (1) about specific matters which involve abnormalities or unusual circumstances indicating money laundering, one of its predicate offences or terrorist financing, if they can assume that other obliged entities require this information for

1. the risk assessment of a corresponding or similar transaction or business relationship, or

2. the assessment of whether a report under section 43 (1) or a criminal complaint under section 158 of the Code of Criminal Procedure (Strafprozessordnung) should be filed.

The information may also be provided using databases, irrespective of whether these databases are operated by the obliged entities under section 2 (1) nos. 1 to 9 themselves or by third parties. The information provided may be used solely for the purpose of preventing money laundering, its predicate offences or terrorist financing and only subject to the conditions imposed by the obliged entity providing the information.

(6) The Federal Ministry of Finance may, in consultation with the Federal Ministry of the Interior, the Federal Ministry of Justice and Consumer Protection and the Federal Ministry for Economic Affairs and Energy, by means of a regulation not requiring the consent of the Bundesrat, enact further provisions prohibiting the disclosure of information with regard to obliged entities from high-risk third countries under Article 9 of Directive (EU) 2015/849.

Section 48 Exemption from liability

(1) Whosoever files a report under section 43 (1) or a criminal complaint under section 158 of the Code of Criminal Procedure must not be held liable for this report or criminal complaint unless a false report or criminal complaint has been filed with wilful intent or gross negligence.

(2) Subsection (1) above also applies if

1. an employee reports a matter under section 43 (1) to their superior or to an in house body responsible for the receipt of such a report, and

2. an obliged entity or one of its employees complies with a demand for information from the German Financial Intelligence Unit under section 30 (3), sentence 1.

Section 49 Access to information and protection of reporting employees

(1) If the analysis of a matter reported under section 43 is not yet complete, the German Financial Intelligence Unit may, upon request, provide the person concerned with details of the available information concerning them if this will not interfere with the purpose of the analysis. If it provides details to the person concerned, it redacts the personal data of the individual who filed the report under section 43 (1).

(2) If the analysis of a matter reported under section 43 is complete but has not been transmitted to the law enforcement agency, the German Financial Intelligence Unit may, at the request of the person concerned, provide details of the available information concerning them. It refuses to provide such details if this information becoming known would have negative effects on

1. international relations,

2. matters concerning the internal or external security of the Federal Republic of Germany,

3. the conduct of another criminal investigation, or

4. the conduct of ongoing judicial proceedings.

When providing details, it redacts the personal data of the individual who has filed a report under section 43 (1) or complied with a demand for information from the German Financial Intelligence Unit. At the request of the person concerned, it may permit exceptions to sentence 3, if legitimate interests of the person concerned are overriding.

(3) The German Financial Intelligence Unit is no longer authorised to provide details to the person concerned once it has passed the matter in question on to the law enforcement agency. Once proceedings by the public prosecution office or the court have been completed, the German Financial Intelligence Unit is again authorised to provide details to the person concerned. In this case, subsection (2) applies mutatis mutandis.

(4) If the person who has filed a report under section 43 (1) or reported such a matter internally to the obliged entity is employed by the obliged entity, this person may not suffer any discrimination in their employment relationship as a result of the report.

Part 7 Supervision, cooperation, administrative fine provisions, data protection Obligations concerning the reporting of matters

Section 50 Competent supervisory authority

The competent supervisory authority for the enforcement of this Act is:

1. the Federal Financial Supervisory Authority for:

a) credit institutions with the exception of the Deutsche Bundesbank,

b) financial services institutions as well as payment institutions and electronic money institutions within the meaning of section 1 (2a) of the Payment Services Supervision Act,

c) domestic branches and branch offices of credit institutions domiciled abroad, financial services institutions domiciled abroad and payment institutions domiciled abroad,

d) asset management companies within the meaning of section 17 (1) of the Investment Code,

e) domestic branch offices of EU management companies within the meaning of section 1 (17) of the Investment Code and of foreign AIF management companies as defined in section 1 (18) of the Investment Code,

f) foreign AIF management companies for which the Federal Republic of Germany is the member state of reference and which are subject to supervision by the Federal Financial Supervisory Authority under section 57 (1) sentence 3 of the Investment Code,

g) agents and electronic money agents within the meaning of section 2 (1) no. 4,

h) companies and persons under section 2 (1) no. 5 and

i) the KfW Banking Group (Kreditanstalt für Wiederaufbau),

2. for insurance undertakings under section 2 (1) no. 7, the respective competent supervisory authority for the insurance sector,

3. for lawyers and solicitors under section 2 (1) no. 10, the competent local chamber of lawyers (sections 60 and 61 of the Federal Lawyers’ Act (Bundesrechtsanwaltsordnung)),

4. for patent attorneys under section 2 (1) no. 10, the Chamber of Patent Attorneys (section 53 of the Patent Attorneys Act (Patentanwaltsordnung)),

5. for notaries under section 2 (1) no. 10, the respective President of the Regional Court in whose jurisdiction the notary is domiciled (section 92 no. 1 of the Federal Notaries’ Act (Bundesnotarordnung)),

6. for auditors and chartered accountants under section 2 (1) no. 12, the Chamber of Public Accountants (section 57 (2) no. 17 of the Public Accountants Act (Wirtschaftsprüferordnung))

7. for tax advisors and authorised tax agents under section 2 (1) no. 12, the competent local chamber of tax advisors (section 76 of the Tax Advisory Act (Steuerberatungsgesetz)),

8. for organisers and brokers of games of chance under section 2 (1) no. 15, the authority responsible for granting the gambling license, unless provided otherwise under the law of the federal state and

9. for all others, the authority responsible under federal or state law.

Section 51 Supervision

(1) The supervisory authorities exercise supervision over the obliged entities.

(2) The supervisory authorities may, as part of the functions assigned to them by law, take the appropriate and necessary measures and issue orders to ensure compliance with the requirements stipulated under this Act and under regulations adopted on the basis of this Act. To this end, they may also exercise the powers granted to them for other supervisory functions. Objections to and actions for annulment of these measures have no suspensory effect.

(3) The supervisory authority under section 50 no. 1, if its supervisory activity concerns the obliged entities specified in section 50 no. 1 (g) and (h), and the supervisory authorities under section 50 nos. 3 to 9 may conduct inspections at the obliged entities to review compliance with the requirements laid down in this Act. The inspections may be conducted without a specific reason. The supervisory authorities may delegate the conduct of the inspections to other persons and institutions by contract. 4The frequency and intensity of the inspections are to be based on the risk profile of the obliged entities with regard to money laundering and terrorist financing; this risk profile is to be re-evaluated at regular intervals and when important events or developments occur in relation to the obliged entity’s senior management and business activity.

(4) The supervisory authority under section 50 nos. 8 and 9 may charge costs for the measures and orders pursuant to this provision in order to cover the administrative expenses.

(5) The supervisory authority under section 50 no. 1, if its supervisory activity concerns the obliged entities specified in section 50 no. 1 (g) and (h), and the supervisory authorities under section 50 nos. 3 to 9 may temporarily prohibit an obliged entity whose activity requires a licence, which has been granted by the supervisory authority, from conducting the business or practising the profession, or revoke the licence if the obliged entity, wilfully or negligently,

1. has contravened the provisions of this Act, regulations adopted to implement this Act or orders issued by the competent supervisory authority,

2. continues such conduct despite a caution from the competent supervisory authority and

3. the contravention is sustained.

Where a member of senior management or another employee of an obliged entity has, wilfully or negligently, committed a contravention under sentence 1, the supervisory authority under section 50 no. 1, if its supervisory activity concerns the obliged entities specified in section 50 no. 1 (g) and (h), and the supervisory authorities under section 50 nos. 3 to 9 may impose on the contravener a temporary prohibition on occupying a senior management position with obliged entities under section 2 (1). In the event that the supervisory authority is not the authority that issued the obliged entity with a licence for conducting its activity, the authority that issued the licence performs the procedure in accordance with sentence 1 or 2 at the request of the supervisory authority that has established that a contravention under sentence 1 has been committed.

(6) In addition, the competent supervisory authority under section 50 no. 9 exercises the supervision delegated to it under Article 55(1) of Commission Regulation (EU) No 1031/2010 of 12 November 2010 on the timing, administration and other aspects of auctioning of greenhouse gas emission allowances pursuant to Directive 2003/87/EC of the European Parliament and of the Council establishing a scheme for greenhouse gas emission allowances trading within the Community (OJ L 302 of 18 November 2010, p.1).

(7) The competent supervisory authority for obliged entities under section 2 (1) no. 15 under section 50 nos. 8 and 9 may, for the performance of its functions, request information in individual cases from an obliged entity under section 2 (1) no. 1 or no. 3 on payment accounts as defined in section 1 (3) of the Payment Services Supervision Act and on payment transactions

1. of organisers and brokers of online games of chance, irrespective of whether they are in possession of a gambling licence and

2. of a player

executed through such accounts.

(8) The supervisory authority regularly provides the obliged entity with up-to-date interpretation and application guidance on implementing the due diligence requirements and the internal safeguards in accordance with the legal provisions for preventing money laundering and terrorist financing. It may also fulfil this obligation by approving such guidance compiled by associations of obliged entities.

(9) To document their supervisory activity, the supervisory authorities are to retain the following data in the form of statistics:

1. data on the supervisory activity per calendar year, in particular:

a) the number, measured in full-time equivalents, of persons employed in the supervisory authority who are entrusted with supervising the obliged entities under section 2 (1);

b) the number of on-site inspections and other inspection measures taken, broken down according to the obliged entities under section 2 (1) that they concerned;

c) the number of measures under letter (b) in which the supervisory authority found a breach of duties under this Act or to a regulation adopted on the basis of this Act, as well as the number of cases in which the supervisory authority gained knowledge of such a breach by other means, and

d) the nature and extent of legally binding measures taken by the supervisory authority in response; this includes the number

aa) of cautions issued,

bb) of fines imposed, including the respective amount, broken down according to whether, and to what extent, a publication under section 57 was made,

cc) of orders for the removal of money laundering reporting officer or members of senior management,

dd) of withdrawals of licences ordered,

ee) of other measures taken;

e) the nature and extent of measures taken to inform the obliged entities under section 2 (1) of the due diligence requirements and internal safeguards that they are required to comply with;

2. the number of suspicious transaction reports pursuant to section 44 filed by the supervisory authority per calendar year, broken down according to the obliged entities under section 2 (1) that they concerned.
The supervisory authorities are to transmit the data specified in sentence 1 to the Federal Ministry of Finance in electronic form, giving the state of affairs on 31 December of the year in question, by 31 March of the following year. The Federal Ministry of Finance may provide a form for this purpose.

Section 52 Cooperation obligations

(1) An obliged entity, the members of its governing bodies and its employees are to provide the supervisory authority responsible under section 50 no. 1, if its supervisory activity concerns the obliged entities specified in section 50 no. 1 letters (g) and (h); the supervisory authority responsible under section 50 nos. 3 to 9; and the persons and institutions used by these supervisory authorities in the performance of their functions, upon request and free of charge, with

1. information about all business affairs and transactions and

2. documents

which are relevant to compliance with the provisions laid down in this Act.

(2) In inspections under section 51 (3), officials of the supervisory authority and other persons used by the competent supervisory authority in conducting its inspections may enter and inspect the premises of the obliged entity during usual hours of operation and business hours.

(3) Those concerned are to tolerate the measures described in subsection (2).

(4) The person required to provide information may refuse to do so in response to any questions the answering of which would make them or one of their relatives as specified in section 383 (1) nos. 1 to 3 of the Code of Civil Procedure (Zivilprozessordnung) liable to criminal prosecution or proceedings under the Act on Administrative Offences (Gesetz über Ordnungswidrigkeiten).

(5) Obliged entities under section 2 (1) nos. 10 and 12 may also refuse to answer questions if these questions relate to information they obtained in the context of providing legal advice to, or legal representation for, the contracting party. The obligation to provide information continues to exist if the obliged entity knows that their client has used or is using its legal advice for the purpose of money laundering or terrorist financing.

Section 53 Reports of contraventions

(1) The supervisory authorities are to establish a system for receiving reports of potential or actual contraventions of this Act, regulations adopted on the basis of this Act and other provisions intended to prevent money laundering and terrorist financing which the supervisory authority has the function of ensuring compliance with or punishing contraventions of. The reports may be filed anonymously.

(2) The supervisory authorities are entitled to process personal data for this purpose, to the extent necessary to perform their functions.

(3) The supervisory authorities only disclose the identity of a person who has filed a report if they have previously obtained the explicit approval of the person. They do not reveal the identity of a person who is the subject of a report. Sentences 1 and 2 do not apply if

1. the disclosure of information is necessary in the context of further investigations or of subsequent administrative or judicial proceedings on the basis of an Act or

2. it is ordered by a court decision or in judicial proceedings that the information be revealed.

(4) The Freedom of Information Act (Informationsfreiheitsgesetz) does not apply to cases under this provision.

(5) Staff employed by companies or persons that are subject to the supervision of the competent supervisory authorities under subsection (1) or by other companies or persons to which activities have been outsourced by supervised companies or persons and who file a report under subsection (1) must not be held liable, either by provisions of labour law or by provisions of criminal law, nor must they be held liable for damages. Sentence 1 does not apply if a false report has been filed with wilful intent or gross negligence.

(6) The right to file reports under subsection (1) must not be contractually restricted for staff who are employed by

1. companies or persons who are subject to supervision by the supervisory authorities under subsection (1) or

2. other companies or persons to whom activities of supervised companies or persons have been outsourced.

Agreements conflicting with the above are invalid.

(7) Establishing and maintaining the system for receiving reports of contraventions does not affect the rights of a person who is the subject of a report, in particular the rights specified in

1. subsections (28) and (29) of the Administrative Procedure Act (Verwaltungsverfahrensgesetz),

2. subsections (68) to (71) of the Rules of the Administrative Courts (Verwaltungsgerichtsordnung) and

3. subsections (137), (140), (141) and (147) of the Code of Criminal Procedure.

Section 54 Duty of confidentiality

(1) Insofar as persons employed by the supervisory authorities or working for the supervisory authorities perform functions under section 51 (1), they must not, without authorisation, reveal or utilise facts that have come to their knowledge in the course of their activity if keeping these facts, in particular business and trade secrets, confidential is in the interest of an obliged entity or a third party subject to their supervision. Sentence 1 also applies when they are no longer on duty or when their employment has ended. The legal provisions concerning data protection to be observed by the obliged entities subject to supervision remain unaffected.

(2) Subsection (1) also applies to other persons who, through reporting in an official capacity, gain knowledge of the facts specified in subsection (1) sentence 1.

(3) In particular, disclosing facts to one of the following institutions is not deemed to be revealing or utilising the facts without authorisation provided that these institutions need the information to perform their functions and no other legal provisions preclude this:

1. to law enforcement agencies, authorities under section 56 (5) or to courts responsible for criminal cases and matters involving fines,

2. to other institutions which, by law or in the public interest, are entrusted with investigating and preventing money laundering or terrorist financing as well as to persons acting on the instruction of these institutions,

3. to the German Financial Intelligence Unit,

4. to other institutions which, by law or in the public interest, are entrusted with supervising the general risk management or compliance of obliged entities as well as to persons acting on the instruction of these institutions.

(4) The facts may only be disclosed to an institution domiciled in another country or to a supranational institution if the persons employed by this institution or acting on its instruction are subject to a duty of confidentiality that to a large extent corresponds to the duty of confidentiality laid out in subsections (1) to (3). The foreign or supranational institution is to be informed that it may only use the information for the purpose for which it has been transmitted. Information originating from another country may be disclosed

1. only with the explicit approval of the competent institutions that provided the information and

2. only for purposes approved by the competent institutions.

Section 55 Cooperation with other authorities

(1) To prevent and combat money laundering and terrorist financing, the supervisory authorities, in performing their functions under section 51, cooperate fully with each other and with the institutions specified in section 54 (3). In the context of this cooperation, the supervisory authorities are obliged to transmit to each other, ex officio and on request, information, including personal data and the results of inspections insofar as knowledge thereof is necessary for fulfilling the functions of the supervisory authorities under section 51.

(2) The authorities responsible under section 155 (2) of the Industrial Code in conjunction with the respective federal state law under section 14 (1) of the Industrial Code transmit the data of the business registration under annexes 1 to 3 of the Regulation on Business Registration (Gewerbeanzeigenverordnung) regarding obliged entities under section 2 (1) to the competent supervisory authorities under section 50 no. 9 free of charge on request, insofar as knowledge of these data is necessary for the performance of the supervisory authorities’ functions under section 51.

(3) The register authority specified in section 11a (1) of the Industrial Code transmits the data specified in section 6 of the Regulation on Financial Mediation (Finanzanlagevermittlungsverordnung) and in section 5 of the Regulation on Insurance Mediation (Versicherungsvermittlungsverordnung) to the competent supervisory authorities under section 50 no. 9 free of charge on request, insofar as knowledge of these data is necessary for the performance of the supervisory authorities’ functions under section 51.

(4) Further-reaching powers of the supervisory authorities regarding the processing of personal data under other legal provisions remain unaffected.

(5) In cross-border cases, the cooperating supervisory authorities and the institutions specified in section 54 (3) coordinate their measures.

(6) Insofar as supervisory authorities supervise the obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9, they provide the following authorities, upon request, with all information necessary for the performance of their functions on the basis of Directive (EU) 2015/849 and Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC, Directive (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC and Directive (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC:

1. the European Banking Authority,

2. the European Insurance and Occupational Pensions Authority,

3. the European Securities and Markets Authority.

The information is to be made available in accordance with Article 35 of Directive (EU) No 1093/2010, Article 35 of Directive (EU) No 1094/2010 and Article 35 of Directive (EU) No 1095/2010.

Section 56 Administrative fine provisions

(1) An administrative offence is deemed to be committed by anyone who wilfully or negligently,

1. in violation of section 4 (3) sentence 1, fails to appoint a member of the management,

2. in violation of section 5 (1) sentence 1, fails to determine or evaluate risks,

3. in violation of section 5 (2), fails to document or regularly review and, as appropriate, update the risk analysis,

4. in violation of section 6 (1), fails to implement appropriate business- and customer-oriented internal safeguards or, in violation of section 6 (1) sentence 3, fails to monitor the functionality of the safeguards or fails to update the business- and customer-oriented internal safeguards regularly or where necessary,

5. in violation of section 6 (4), fails to operate data processing systems or fails to update them,

6. fails to comply with an enforceable order under section 6 (9),

7. in violation of section 7 (1), fails to appoint a money laundering reporting officer or a deputy,

8. fails to comply with an enforceable order under section 7 (3) or fails to do so in due time,

9. in violation of section 8 (1) and (2), fails to record or retain data, information, the results of the examination, the reasons considered or a plausible explanation of the evaluation result or fails to do so correctly or completely,

10. in violation of section 8 (4) sentence 1, fails to retain for five years a record or other evidence,

11. in violation of section 9 (1) sentence 2, fails to devise consistent group-wide precautions, procedures and measures,

12. in violation of section 9 (1) sentence 3, fails to ensure that the consistent group-wide obligations and measures are effectively implemented,

13. in violation of section 9 (2), fails to ensure that group companies comply with the applicable legal provisions,

14. in violation of section 9 (3) sentence 2, fails to ensure that group companies domiciled in a third country take additional measures to effectively counteract the risk of money laundering and terrorist financing,

15. contravenes an enforceable order under section 9 (3) sentence 3,

16. in violation of section 10 (1) no. 1, fails to identify the contracting party or a person acting on their behalf correctly, completely or in the prescribed manner,

17. in violation of section 10 (1) no. 2, fails to check whether the contracting party is acting on behalf of a beneficial owner,

18. in violation of section 10 (1) no. 2, fails to identify the beneficial owner,

19. in violation of section 10 (1) no. 3, fails to obtain information on the purpose and intended nature of the business relationship or fails to evaluate this information,

20. in violation of section 10 (1) no. 4, fails to establish whether the contracting party or the beneficial owner is a politically exposed person, a family member or a person known to be a close associate, or fails to do so correctly,

21. in violation of section 10 (1) no. 5, fails to continuously monitor the business relationship, including the transactions carried out in the course of the business relationship, or fails to do so correctly,

22. in violation of section 10 (2) sentence 1, fails to determine the specific extent of the due diligence measures in accordance with the respective risk of money laundering or terrorist financing,

23. in violation of section 10 (2) sentence 4 or in violation of section 14 (1) sentence 2, fails to demonstrate that the extent of the measures they have adopted is to be considered adequate based on the risk of money laundering and terrorist financing,

24. in violation of section 10 (6), fails to comply with due diligence requirements,

25. in violation of section 10 (8), fails to make a notification,

26. in violation of section 10 (9), section 14 (3) or section 15 (9), establishes, continues or fails to terminate or otherwise end the business relationship or executes the transaction,

27. in violation of section 11 (1), fails to identify the contracting parties, persons acting on their behalf or beneficial owners in due time,

28. in violation of section 11 (2), fails to identify the parties to the contract in due time,

29. in violation of section 11 (3) sentence 2, fails to carry out a new identification,

30. in violation of section 11 (4) nos. 1 and 2, fails to collect the information or collects it incompletely,

31. in violation of section 11 (5) sentence 1, fails to establish the name of the beneficial owner in order to determine their identity,

32. in violation of section 14 (2) sentence 2, fails to ensure the scrutiny of transactions and business relationships to an extent that enables them to recognise and report unusual or suspicious transactions,

33. in violation of section 15 (2), fails to fulfil enhanced due diligence requirements,

34. in violation of section 15 (4) sentence 1 no. 1 in conjunction with subsection (2) or (3) no. 1, fails to obtain the approval of a member of senior management before establishing or continuing a business relationship,

35. in violation of section 15 (4) sentence 1 no. 2 in conjunction with subsection (2) or (3) no. 1, fails to take measures,

36. in violation of section 15 (4) sentence 1 no. 3 in conjunction with subsection (2) or (3) no. 1, fails to conduct enhanced, ongoing monitoring,

37. in violation of section 15 (5) no. 1 in conjunction with subsection (3) no. 2, fails to examine the transaction,

38. in violation of section 15 (5) no. 2 in conjunction with subsection (3) no. 3, fails to conduct enhanced, ongoing monitoring of the underlying business relationship,

39. in violation of section 15 (6) no. 1 in conjunction with subsection (3) no. 3, fails to gather sufficient information,

40. in violation of section 15 (6) no. 2 in conjunction with subsection (3) no. 3, fails to obtain the approval of a member of senior management,

41. in violation of section 15 (6) no. 3 in conjunction with subsection (3) no. 3, fails to determine or document the responsibilities,

42. in violation of section 15 (6) no. 4 or no. 5 in conjunction with subsection (3) no. 3, fails to take measures,

43. in violation of section 15 (8), contravenes an enforceable order of the supervisory authority,

44. in violation of section 16 (2), admits a player to an online game of chance,

45. in violation of section 16 (3), accepts deposits or other refundable monies,

46. in violation of section 16 (4), permits transactions of the player to the obliged entity through channels other than those specified in section 16 (4) nos. 1 and 2,

47. in violation of section 16 (5), fails to fulfil their notification obligations,

48. in violation of section 16 (7) sentence 1 no. 2, carries out transactions to a payment account,

49. in violation of section 16 (7) sentence 2, fails to sufficiently specify the payment reference despite a request from the supervisory authority,

50. in violation of section 16 (8) sentence 3, fails to carry out the full identification or fails to do so in due time,

51. in violation of section 17 (2), delegates the fulfilment of the due diligence requirements to a third party domiciled in a high-risk third country,

52. in violation of section 18 (3), fails to provide information or fails to do so in due time,

53. in violation of section 20 (1),

a) fails to obtain,

b) fails to retain, or fails to correctly or completely retain,

c) fails to keep up to date or

d) fails to notify the registrar entity, or fails to notify it correctly, completely or in due time of

information on the beneficial owner.

54. in violation of section 20 (3), fails to fulfil their notification obligation or fails to fulfil it correctly, completely or in due time,

55. in violation of section 21 (1) or (2)

a) fails to obtain,

b) fails to retain, or fails to correctly or completely retain,

c) fails to keep up to date or

d) fails to notify the registrar entity, or fails to notify it correctly, completely or in due time of

information on the beneficial owner.

56. gains permission to inspect the transparency register under section 23 (1) sentence 1 no. 2 or no. 3 under false pretences or unlawfully gains access to the transparency register in some other manner,

57. in violation of section 30 (3), fails to respond to a demand for information or fails to do so correctly, completely or in due time,

58. in violation of section 40 (1) sentence 1 or 2, fails to respond to an order or an instruction or fails to do so in due time or completely,

59. in violation of section 43 (1), fails to submit a report or fails to do so correctly, completely or in due time,

60. in violation of section 47 (1) in conjunction with subsection (2), informs the contracting party, the instructing party or a third party,

61. disregards a prohibition under section 51 (5),

62. fails to submit information under section 51 (7) or fails to do so correctly, completely or in due time,

63. in violation of section 52 (1), fails to provide information or fails to do so correctly, completely or in due time,

64. in violation of section 52 (3), fails to tolerate an inspection.

(2) The administrative offence may be punished by a

1. fine of up to €1m or

2. a fine up to up to twice the economic benefit derived from the contravention,

if the contravention is serious, repeated or systematic. The economic benefit comprises profits gained and losses avoided and may be estimated. A fine higher than that stated in sentence 1 may be imposed on obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9 that are legal persons or associations. In these cases, the fine must not exceed the higher of the following amounts:

1. €5m

2. 10 percent of the total turnover recorded by the legal person or association in the fiscal year prior to the authority’s decision.

A fine higher than that stated in sentence 1 of up to €5m may be imposed on obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9 that are natural persons.

(3) In all other cases, the offence may be punished by a fine of up to €100,000.

(4) Total turnover within the meaning of subsection (2) sentence 4 no. 2 is

1. in the case of credit institutions, payment institutions and financial services institutions within the meaning of section 340 of the Commercial Code, the total amount resulting from the national law applicable to the institution in accordance with Article 27 nos. 1, 3, 4, 6 and 7 or Article 28 Part B nos. 1 to 4 and 7 of Council Directive 86/635/EEC of 8 December 1986 on the annual accounts and consolidated accounts of banks and other financial institutions (OJ L 372 of 31 December 1986, p.1), net of turnover tax and other taxes levied directly on this income,

2. in the case of insurance undertakings, the total amount resulting from the national law applicable to the insurance undertaking in accordance with Article 63 of Council Directive 91/674/EEC of 19 December 1991 on the annual accounts and consolidated accounts of insurance undertakings (OJ L 374 of 31 December 1991, p. 7) net of turnover tax and other taxes levied directly on this income,

3. in all other cases the amount of net turnover according to national law applicable to the company in accordance with Article 2 no. 5 of Directive 2013/34/EU.

In cases where the legal person or the association is a parent company or a subsidiary, the respective total amount in the consolidated financial statements of the parent company for the largest number of companies is to be used rather than the total amount for the legal person or the association. If the consolidated financial statements for the largest number of companies are not prepared in accordance with the provisions set out in sentence 1, the total turnover is to be calculated on the basis of the items of the consolidated financial statements that are comparable to the items set out in sentence 1 nos. 1 to 3. If an annual financial statement or consolidated financial statements for the fiscal year in question are not available, the annual financial statement or consolidated financial statements of the most recent fiscal year are to be used. If the annual financial statement or consolidated financial statements of the most recent fiscal year are not available either, the total turnover may be estimated.

(5) The supervisory authority under section 50 no. 1 is also the administrative authority under section 36 (1) no. 1 of the Act on Administrative Offences. For administrative offences under subsection (1) nos. 52 to 56, the Federal Office of Administration is the administrative authority under section 36 (1) no. 1 of the Act on Administrative Offences. For tax consultants and tax agents, the tax office is the administrative authority under section 36 (1) no. 1 of the Act on Administrative Offences. The competent supervisory authority under section 50 nos. 8 and 9 is also the administrative authority under section 36 (1) no. 1 of the Act on Administrative Offences.

(6) If, under subsection (5) sentence 3, the tax office is the administrative authority, section 387 (2), section 410 (1) nos. 1, 2, 6 to 11, (2) and section 412 of the Fiscal Code apply mutatis mutandis.

(7) The supervisory authorities check in the Federal Central Criminal Register (Bundeszentralregister) whether the person concerned has relevant convictions.

(8) The competent supervisory authorities under section 50 nos. 1, 2 and 9 inform the respective competent European supervisory authority with regard to the obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9 about

1. the fines imposed on these obliged entities,

2. other measures taken because of contraventions of provisions of this Act or of other acts intended to prevent money laundering and terrorist financing and

3. relevant appeal procedures and their outcomes.

Section 57 Publication of final and conclusive measures and of unappealable administrative fine decisions

(1) The supervisory authorities are to publish final and conclusive measures and unappealable administrative fine decisions imposed because of a contravention of this Act or of provisions adopted on the basis of this Act on their websites once the addressee of the measure or fine decision has been informed. The type and nature of the contravention as well as the natural persons or legal persons or associations responsible for the contravention are to be stated in the publication.

(2) The publication under subsection (1) is to be delayed if publication

1. would impinge on the personality rights of natural persons or a publication of personal data would be disproportionate for other reasons,

2. would jeopardise the stability of the financial markets of the Federal Republic of Germany or of one or more signatories to the Agreement on the European Economic Area or

3. would jeopardise an ongoing investigation.

Instead of delaying publication, the information may be published on an anonymised basis if this guarantees an effective protection under sentence 1 no. 1. 2In cases where there are grounds for assuming that the reasons for an anonymised publication will no longer apply within the foreseeable future, the publication of the information may be delayed accordingly under sentence 1 no. 1. Publication takes place once the reasons for delay no longer apply.

(3) A publication must not occur if the measures under subsection (2) are not sufficient to eliminate a threat to the stability of the financial markets or to ensure the proportionality of the publication.

(4) A publication must remain published on the website of the supervisory authority for five years. By way of derogation from sentence 1, personal data are to be deleted as soon as the publication is no longer necessary.

Section 58 Data protection

Obliged entities may only use personal data on the basis of this Act for the prevention of money laundering and terrorist financing.

Section 59 Transitional provisions

1) Notifications under section 20 (1) and section 21 are to be transmitted to the transparency register for the first time by 1 October 2017.

(2) 1Access to the entries in the register of associations as provided for in section 22 (1) sentence 1 no. 8 is provided as of 26 June 2018. 2The technical requirements to transmit the index data under section 22 (2) which are needed to access to the original data under section 22 (1) sentence 1 no. 8 will be put in place by 25 June 2018. 3For the transitional period from 26 June 2017 to 25 June 2018, the transparency register instead contains a link to the common register portal of the federal states (Länder).

(3) Section 23 (1) to (3) enters into force on 27 December 2017.

(4) Exemptions granted by the supervisory authorities under section 50 no. 8 to obliged entities under section 2 (1) no. 15, to the extent that they operate or broker online games of chance, remain in force until 30 June 2018, by way of derogation from section 16.

(5) If judicial proceedings concerning the prevention, detection, investigation or prosecution of suspected money laundering or terrorist financing were pending on 25 June 2015 or if an obliged entity possesses information or documents in connection with these pending proceedings, the obliged entity may retain this information or these documents until 25 June 2020.

Annex 1 (to sections 5, 10, 14 and 15) Factors of potentially lower risk

The following is a non-exhaustive list of factors and types of evidence of potentially lower risk under section 14:

1. Customer risk factors:

a) public companies listed on a stock exchange and subject to disclosure requirements (either by stock exchange rules or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial ownership,

b) public administrations or companies,

c) customers that are resident in geographical areas of lower risk as set out in no. 3.

2. Product, service, transaction or delivery channel risk factors:

a) life insurance policies for which the premium is low,

b) insurance policies for pensions schemes if there is no early surrender option and the policy cannot be used as collateral,

c) a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member’s interest under the scheme,

d) financial products or services that provide appropriately defined and limited services to certain types of customers, so as to increase access for financial inclusion purposes,

e) products where the risk of money laundering and terrorist financing are managed by other factors such as purse limits or transparency of ownership (e.g. certain types of electronic money).

3. Geographical risk factors:

a) Member States,

b) third countries having effective systems for the prevention, detection and combating of money laundering and terrorist financing,

c) third countries identified by credible sources as having a low level of corruption or other criminal activity,

d) third countries which, on the basis of credible sources such as mutual evaluations, detailed assessment reports or published follow-up reports, have requirements to prevent, detect and combat money laundering and terrorist financing consistent with the revised FATF (Financial Action Task Force) Recommendations and effectively implement those requirements.

Annex 2 (to sections 5, 10, 14 and 15) Factors of potentially higher risk

The following is a non-exhaustive list of factors and types of evidence of potentially higher risk under section 15:

1. Customer risk factors:

a) the business relationship is conducted in unusual circumstances,

b) customers that are resident in geographical areas of higher risk as set out in no. 3,

c) legal persons or arrangements that are personal asset-holding vehicles,

d) companies that have nominee shareholders or shares in bearer form,

e) businesses that are cash-intensive,

f) the ownership structure of the company appears unusual or excessively complex given the nature of the company's business;

2. Product, service, transaction or delivery channel risk:

a) private banking,

b) products or transactions that might favour anonymity,

c) non-face-to-face business relationships or transactions, without certain safeguards, such as electronic signatures,

d) payment received from unknown or unassociated third parties,

e) new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products;

3. Geographical risk factors:

a) without prejudice to Article 9 of Directive (EU) 2015/849, countries identified by credible sources (such as mutual evaluations, detailed assessment reports or published follow-up reports), as not having effective systems for the prevention, detection and combating of money laundering and terrorist financing,

b) countries identified by credible sources as having significant levels of corruption or other criminal activity,

c) countries subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations,

d) countries providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country.

Did you find this article helpful?

We appreciate your feedback

Your feedback helps us to continuously improve the website and to keep it up to date. If you have any questions and would like us to contact you, please use our contact form. Please send any disclosures about actual or suspected violations of supervisory provisions to our contact point for whistleblowers.

We appreciate your feedback

* Mandatory field