Explanatory Memorandum to COM(2021)421 - Authority for Anti-Money Laundering and Countering the Financing of Terrorism

Please note

This page contains a limited version of this dossier in the EU Monitor.



1. CONTEXT OF THE PROPOSAL

Reasons for and objectives of the proposal

Money laundering and terrorism financing (ML/TF) pose a serious threat to the integrity of the EU economy and financial system and the security of its citizens. Europol has estimated that around 1% of the EU’s annual Gross Domestic Product is ‘detected as being involved in suspect financial activity’ 1 . In July 2019, following a number of prominent cases of alleged money laundering taking place at EU credit institutions, the Commission adopted a set of document 2 analysing the effectiveness and efficiency of the EU Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) regime as it stood at that time, and concluding that reforms were necessary, including in the areas of supervision and of cooperation between Financial Intelligence Units (FIUs). In this context, the EU’s Security Union Strategy for 2020-2025 3 highlighted the importance of enhancing the EU’s framework for anti-money laundering and countering terrorist financing in order to protect Europeans from terrorism and organised crime.

On 7 May 2020, the Commission presented an Action Plan for a comprehensive Union policy on preventing money laundering and terrorism financing 4 . In that Action Plan, the Commission committed to take measures in order to strengthen the EU’s rules on combating money laundering and terrorism financing and defined six priorities or pillars:

1. Ensuring effective implementation of the existing EU AML/CFT framework;

2. Establishing an EU single rulebook on AML /CFT;

3. Bringing about EU-level AML/CFT supervision;

4. Establishing a support and cooperation mechanism for Financial Intelligence Units;

1.

5. Enforcing EU-level criminal law provisions and improving information exchange; and


6. Strengthening the international dimension of the EU AML/CFT framework.

This legislative proposal aims to implement actions 3 and 4 of that Action Plan, while two accompanying legislative proposals aim to implement action 2, and contribute to action 6. Actions 1 and 5 do not require legislative action.

The creation of an EU-level AML/CFT supervision and a support and coordination mechanism for Financial Intelligence Units has received support from the European Parliament and the Council:

The European Parliament in its resolution of 10 July 2020 on a comprehensive Union policy on preventing money laundering and terrorist financing 5 welcomed the Commission’s Action Plan and its intention to present an EU-level AML/CTF supervisor and an EU coordination and support mechanism for FIUs. The European Parliament further called upon the Commission to consider creating the EU coordination and support mechanism in the form of an EU FIU, to ensure that the responsibilities of the AML/CTF supervisor cover financial and non-financial obliged entities with direct supervision powers over certain obliged entities depending on their size or the risk they present, as well as supervision of the application of EU rules by national supervisors, a clear division of the respective powers of the EU and national supervisors and for the EU-level AML/CTF supervisor and EU FIU to be given budgetary and functional independence. In this context, the European Parliament observed that the proposed budgetary and human resources are not sufficient to provide full support to AML-related investigations and the existing coordination mechanisms and concluded that more human and financial resources should be allocated to the fight against money laundering.

The Council is equally supportive of the Commission’s Action Plan in its Conclusions on anti-money laundering and countering the financing of terrorism of 5 November 2020 6 . Among others, the Council invited the Commission to prioritise the establishment of EU level AML/CFT supervision and the coordination and support mechanism for FIUs. The EU AML/CFT supervisor should be equipped with competencies triggered on a purely risk-sensitive basis 7 . The authority should be enabled to support national authorities and to promote supervisory convergence, also in the non-financial sector. To fulfil its task of direct supervision, the authority should establish joint supervisory teams, undertake general inspections and impose supervisory measures and administrative sanctions, while respecting the specificities of national systems and enforcement set-ups. The new supervisor should have an independent and autonomous governance structure and cooperate with other relevant EU and national authorities. For the establishment of a FIU coordination and support mechanism, the Council suggests giving the new authority a central role in strengthening and facilitating joint analysis between FIUs, supporting the FIUs’ analyses and promoting exchanges and capacity building among FIUs and also with other competent authorities. The governance of the coordination and support mechanism should be based on a governance that fully involves FIUs and respects FIUs’ core roles and responsibilities in operational independence and autonomy as well as security and confidentiality of financial intelligence.

This proposal establishes the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (‘AMLA’ or ‘the Authority’). This new European authority is essential to address the current shortcomings in AML/CFT supervision in the Union: AML/CFT supervision within the EU is currently Member State-based. Its quality and effectiveness are uneven, due to significant variations in resources and practices across Member States. 8 As recent cases of alleged money laundering involving EU credit institutions show, the approach to cross-border situations is not consistent. The report of the European Banking Authority (EBA) on approaches of competent authorities to AML/CFT supervision 9 confirmed that despite progress, not all competent authorities are able to cooperate effectively with domestic and international stakeholders. The methods to identify risks and to apply the risk-based approach to supervision also diverge. While some risks remain national in nature, others are of horizontal nature or may impact the entire Union financial system. Member States stressed the need for a common, consistent methodology to assess and identify risks in reply to the targeted questionnaire circulated by the Commission as part of the public consultation launched when adopting the Action Plan on 7 May 2020 10 . In addition to the divergences in supervisory powers already described, the EBA also noted that national AML/CFT supervisors might not always be willing to use the full set of powers available. This leads not only to inadequate supervision at national level, but also to insufficient supervision of professionals providing services across borders, which create risks for the whole single market. These findings were also broadly reaffirmed by the latest report of the European Court of Auditors. 11

In order to address those shortcomings, the Authority will become a centrepiece of an integrated AML/CFT supervisory system, consisting of the Authority itself and the national authorities with an AML/CFT supervisory mandate (hereinafter ‘the supervisor authorities’). By directly supervising and taking decisions towards some of the riskiest cross-border financial sector obliged entities, the Authority will contribute directly to preventing money laundering and terrorism financing in the Union. During the last years, several incidents of a lack of proper implementation by firms and/or of adequate countermeasures taken by supervisors have been for discussion in the public domain. The establishment of direct European supervision of those entities that bear a high ML/FT risk will close these loopholes in particular for cross-border supervision. At the same time, it will coordinate national supervisory authorities and assist them to increase their effectiveness in enforcing the single rulebook and ensuring homogenous and high quality supervisory standards, approaches and risk assessment methodologies

All recent major money laundering cases reported in the EU had a cross-border dimension. The detection of these financial movements is however left to the national FIUs and to cooperation among them. While this reflects the operational independence and autonomy of FIUs, the absence of a common structure to underpin this cooperation leads to situations where joint analyses are not performed for lack of common tools or resources. These divergences hamper cross-border cooperation, and thereby reduce the capacity to detect money laundering and terrorism financing early and effectively. This results in a fragmented approach that is exposed to misuse for money laundering and terrorist financing and that cannot timely identify trends and typologies at Union level. 12

The new Authority should also play a vital role in improving the exchange of information and cooperation between FIUs. The Authority will serve as a support and coordination hub assisting their work on, inter alia, joint analyses of Suspicious Transaction Reports and Suspicious Activity Reports with significant cross-border footprint, and providing stable hosting of the FIU.net platform. Moreover, the Authority will enable a development of common reporting templates and standards to be used by EU FIUs.

Last but not least, the Authority will have powers to draft regulatory and implementing technical standards, guidelines and recommendations within the scope of its tasks, as well as to provide advice and input to the Commission and co-legislators on many aspects of AML/CFT policy, including on risks linked to jurisdictions outside the Union.

• Consistency with existing policy provisions in the policy area

The current legal framework for AML/CFT in the Union consists of the AML/CFT Directive 13 and the Funds Transfer Regulation 14 . This proposal is accompanied by three other proposals to amend the applicable EU law on AML/CFT:

i. A new Regulation establishing a single rulebook for AML/CFT;

2.

ii. A new AML/CFT Directive, complementing the Regulation; and


iii. A recast of Regulation 2015/847 on information accompanying transfers of funds.

This package of four legislative proposals is considered as one coherent whole, in implementation of the Commission Action Plan on AML/CFT of 7 May 2020, creating a new and more stringent enforcement framework for AML/CFT rules in the Union.

Having directly applicable AML/CFT rules in a regulation, with more detail than in the existing AML/CFT Directive, will not only promote convergence of supervisory and enforcement practices in Member States, but also provide rules for the Authority to apply itself as a direct supervisor of certain selected obliged entities. In the area of indirect supervision, and of coordination and support of FIUs, the proposals accompanying this proposal contain provisions empowering the Authority to draft various regulatory and implementing technical standards and to adopt guidelines and recommendations, thus laying down a defined role and function of the Authority. Support by the Authority on risk assessments and analyses to supervisory authorities and FIUs will also be a key function in the new AML/CFT enforcement architecture. The Authority will also support the Union’s policy on third countries as regards ML/TF threats from outside the Union. The Authority will cooperate in this respect with relevant Commission services, the European External Action Service (EEAS), EU bodies and agencies.

• Consistency with other Union policies

While the competence of the Authority will be limited to the scope of EU legislation on AML/CFT, that legislation itself interacts and is coherent with other legislation in the financial services and criminal law areas. This includes EU legislation on payments and transfers of funds (e.g. the Payment Services Directive, Payment Accounts Directive, and Electronic Money Directive 15 ). Regarding FIUs, the Directive facilitating the use of financial information for the prevention, detection, investigation or prosecution of certain criminal offences 16 has also been taken into account. The competences of the Authority in the area of virtual assets are coherent with the Digital Finance Package published by the Commission on 24 September 2020.

Good cooperation between the Authority and other relevant EU decentralised agencies and other EU and national bodies is provided for by provisions in the draft Regulation to this effect; these include the European Union Agency for Law Enforcement Cooperation (Europol), the European Anti-Fraud Office (OLAF), the European Public Prosecutor's Office (EPPO), the Single Supervisory Mechanism (SSM) at Union level and various national authorities, including prudential supervisors of financial institutions. To improve supervision and law enforcement across sectors, the Authority should enable effective information exchange between aforementioned authorities and create synergergies with these authorities where this could improve successful combatting of money laundering and terrorism financing.

2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

• Legal basis

The proposal is based on Article 114 TFEU, the same legal basis as the current AML/CFT legal framework. Article 114 has been found appropriate for AML/CFT legislation considering, on the one hand, that a divergent development of national laws could disrupt the orderly functioning of the internal market; on the other hand, that money laundering and terrorism financing activities could try to take advantage of the free movement of capital and of the freedom to provide financial services, thereby causing economic losses, disruption of functioning of the single market, and reputational damage at the level of the Union.

It is settled law that the EU legislature, acting under Article 114 TFEU, may deem it necessary to provide for the establishment of an EU body responsible for contributing to the implementation of a process of harmonisation 17 .

• Subsidiarity (for non-exclusive competence)

The 2019 Commission AML/CFT package 18 , composed of a Communication and four reports highlighted how criminals exploited the differences in the national implementation of the European AML/CFT regime across Member States. The cross-border nature of money laundering and terrorism financing makes good cooperation between national supervisors and FIUs essential to prevent these crimes. Many entities subject to AML/CFT obligations have cross-border activities, and different approaches by supervisory authorities and FIUs hinder the relevant entities in applying optimal AML/CFT practices at group level. Greater coordination at Union level, including a component of direct EU supervision of some of the riskiest entities, is needed to deal with these cross-border issues and to maximise the EU’s financial system capacity to both prevent and detect ML/TF.

• Proportionality

The cross-border nature of ML/TF requires enhanced action at Union level in order to bring about greater cooperation between supervisors and FIUs. However, as described in the Impact Assessment accompanying the present proposal, the options of subjecting all large or cross-border financial institutions to EU-level AML/CFT supervision, and of creating an FIU at EU level, have been rejected as disproportionate.

• Choice of the instrument

A Regulation of the European Parliament and of the Council is the required instrument for the creation of a new EU agency.

3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

• Ex-post evaluations/fitness checks of existing legislation

A full ex-post evaluation of the current EU AML/CFT regime, and of the exercise by the European Banking Authority of the AML/CFT competences which it assumed at the beginning of 2020 19 , has not yet taken place, against the background of a number of recent legislative developments. The fourth AML Directive was adopted on 20 May 2015, with a transposition deadline for Member States of 26 June 2017. The fifth AML Directive 20 was adopted on 30 May 2018, with a transposition deadline of 10 January 2020. Transposition control is still ongoing. However, the Commission Communication of July 2019 and accompanying reports referred to above serve as an evaluation of the effectiveness of the EU AML/CFT regime as it stood at that point in time.

• Stakeholder consultations

The consultation strategy on the Commission AML/CFT Action Plan was composed of a number of components:

- A consultation on the roadmap announcing the Commission’s Action Plan. The consultation, on the Commission’s Have Your Say portal, ran between 11 February and 12 March 2020, and received 42 contributions from a range of stakeholders;

- A public consultation on the actions put forward in the Action Plan, open to the general public and all stakeholder groups, launched on 7 May 2020, and open until 26 August. The consultation received 202 official contributions;

- A targeted consultation of Member States and competent AML/CFT authorities. Member States had the opportunity to give their views in various meetings of the Expert Group on Money Laundering and Terrorist Financing, and EU FIUs made input in meetings of the FIU Platform and via written papers;

- A request for advice from the European Banking Authority, made in March 2020; the EBA provided its opinion on 10 September 2020;

- On 23 July 2020, the European Data Protection Supervisor issued an opinion on the Commission’s Action Plan;

- On 30 September 2020, the Commission organised a high-level conference, bringing together representatives from national and EU authorities, MEPs, private sector and civil society representatives and academia.

Stakeholder feedback on the Action Plan was broadly very positive, with majority support for an EU supervisor with competence for all obliged entities, financial and non-financial, and with direct supervisory powers over at least certain financial sector obliged entities.

• Collection and use of expertise

In preparing this proposal, the Commission relied on qualitative and quantitative evidence collected from recognised sources, including technical advice from the European Banking Authority. Information on enforcement of AML rules was also obtained from Member States via questionnaires and in the Expert Group on Money Laundering and Terrorist Financing.

• Impact assessment

This proposal is accompanied by an impact assessment 21 , which was submitted to the Regulatory Scrutiny Board (RSB) on 6 November 2020 and approved on 4 December 2020. The same impact assessment also accompanies the two other legislative proposals which are presented together with the present proposal, a draft Regulation on AML/CFT, and a recast of Directive 2015/849 on AML/CFT. The RSB proposed various presentational improvements to the impact assessment in its positive opinion; these have been made.

In the impact assessment the Commission considered separately the policy options regarding improving the effectiveness and consistency of anti-money laundering supervision, and increasing the level of cooperation and exchange of information among FIUs.

Regarding supervision, the options considered are:

Anti-money laundering supervision would continue to be performed at national level, with the European Banking Authority in charge of overseeing this supervision in the financial sector (baseline scenario);

Establish indirect oversight over all obliged entities:

Direct supervisory powers over selected risky obliged entities in the financial sector subject to AML/CFT requirements and indirect oversight over all other entities;

Direct EU-level anti-money laundering supervision of all obliged entities.

Based on the outcome of the impact assessment, the preferred option is option 3, a combination of direct and indirect supervisory powers in an EU-level supervisory body in the form of a decentralised agency.

Regarding cooperation and exchange of information among FIUs, the options considered are:

Financial intelligence units would continue to cooperate in the context of the EU FIUs’ Platform, which would be classed as a network (baseline scenario);

Transform the EU FIUs’ Platform into a comitology committee leaving it to the Commission to adopt implementing acts defining standards for FIUs;

The EU FIUs’ Platform would become an EU mechanism with power to issue guidelines and technical standards and to organise joint analyses and training, carry out trends and risks analysis;

The EU FIUs’ Platform would become an EU-level FIU, replacing national FIUs.

Option 3, an EU-level coordination and support mechanism for FIUs, as part of an EU body, is the preferred option.

The bundling of all these tasks in a new authority is an essential step to ensure the proper functioning of the new body as it shall cooperate with various stakeholders from the financial and the non-financial sector and coordinate the distinct functions of supervision and financial intelligence. After careful analysis 22 , the option to assign the new tasks to existing bodies (for example the European Banking Authority) was dismissed for several reasons: Difficulties have been encountered with regard to exercising some of EBA’s current powers, especially those related to enforcement, due to specificities of the EBA governance model: EBA would need to have a dual decision-making model – one for existing functions other than AML, and another for AML tasks only Moreover, the synergy effects would be very limited as EBA has no experience with direct supervision of entities and would have to build up the relevant expertise, not only for the financial but also for the non-financial sector. This is also in line with the findings of the public consultation revealing low support for the European Banking Authority becoming the future EU AML/CFT supervisor. While one third of respondents did not express any opinion, only 19% of those who did supported the EBA.

In addition, due to the novel nature of the tasks of the FIU support and coordination mechanism and the fact that no existing Union body has an appropriate legal mandate to carry out such tasks, a new specific agency for FIU support and coordination mechanism would likely be required. 23 Combining both functions (supervision and FIU coordination) in a new authority should produce cost savings compared with two agencies and synergies can be anticipated. Having one AML Authority at Union level bringing under the same institutional umbrella different stages and elements for countering effectively money laundering and terrorist financing seems the only policy response that can account for the call for a comprehensive EU AML/CFT policy.

• Regulatory fitness and simplification

This proposal is an initiative to create a new EU agency, and does not repeal or simplify any existing legislation. It was examined whether existing EU agencies would be able to take up the full range of tasks proposed for the new AML Authority, and it was concluded that for legal and other reasons, this was not the case. Regarding simplification, it may be noted that those high-risk cross-border financial entities which will be directly supervised by the EU AML Authority will no longer have to deal with multiple AML supervisors in different Member States, which will simplify AML supervision for them. Also, the creation of an FIU coordination mechanism will simplify and facilitate cooperation between FIUs.

• Fundamental rights

The EU is committed to ensuring high standards of protection of fundamental rights. As an EU body, the Authority will be subject to the relevant data protection regulation 24 in so far as it may handle any personal data.

4. BUDGETARY IMPLICATIONS

The Authority will be a newly-created decentralised agency of the Union, funded partly from the EU budget and partly from fees levied from obliged entities that will be directly or indirectly supervised by the Authority. The methodology for selection of the entities subject to fees, and for the determination of the fees themselves, will be laid down in a Commission Delegated Act.

The necessary human and budgetary resources of the Authority are determined by its tasks. Apart from central administration and management tasks, these fall into three main categories:

i. direct supervision of certain selected financial sector obliged entities;

3.

ii. indirect supervision of both financial sector and non-financial sector obliged entities through oversight of supervisors or self-regulatory bodies; and


iii. a Coordination and Support Mechanism for Financial Intelligence Units of the EU.

When staffed at full operational level, it is envisaged that the staff level of the Authority, all categories of staff combined, will be 250.

The Authority will also take over the management of two existing infrastructures: i. the AML/CFT database, currently managed by the European Banking Authority 25 and ii. the secure communication network for FIUs, FIU.net. 26 These two infrastructures are already financed by the EU budget. Their overall incidence on the EU budget should thus only change to the extent that additional functionalities and other improvements are developed.

The total annual expenditure of the Authority when fully operational has been calculated as EUR 45.6 million, of which approximately three quarters are expected to be financed from fees from obliged entities. The Authority will be established at the beginning of 2023, direct supervision will begin early 2026, and the Authority will therefore reach full resourcing at the end of 2025; 2026 will be the first year in which the Authority is fully resourced for a complete calendar year.

The financial and budgetary impacts of this proposal are explained in detail in the legislative financial statement annexed to this proposal.

5. OTHER ELEMENTS

• Implementation plans and monitoring, evaluation and reporting arrangements

The Authority will be a newly-created decentralised agency of the Union, funded partly from the EU budget and partly from fees levied from obliged entities that will be directly or indirectly supervised by the Authority. The methodology for selection of the entities subject to fees, and for the determination of the fees themselves, will be laid down in a Commission Delegated Act.

The necessary human and budgetary resources of the Authority are determined by its tasks. Apart from central administration and management tasks, these fall into three main categories:

direct supervision of certain selected financial sector obliged entities;

4.

indirect supervision of both financial sector and non-financial sector obliged entities through oversight of supervisors or self-regulatory bodies; and


a Coordination and Support Mechanism for Financial Intelligence Units of the EU.

When staffed at full operational level, it is envisaged that the staff level of the Authority, all categories of staff combined, will be 250.

The Authority will also take over the management of two existing infrastructures: i. the AML/CFT database, currently managed by the European Banking Authority 27 and ii. the secure communication network for FIUs, FIU.net. 28 These two infrastructures are already financed by the EU budget. Their overall incidence on the EU budget should thus only change to the extent that additional functionalities and other improvements are developed.

The total annual expenditure of the Authority when fully operational has been calculated as EUR 45.6 million, of which approximately three quarters are expected to be financed from fees from obliged entities. The Authority will be established at the beginning of 2023, direct supervision will begin early 2026, and the Authority will therefore reach full resourcing at the end of 2025; 2026 will be the first year in which the Authority is fully resourced for a complete calendar year.

The financial and budgetary impacts of this proposal are explained in detail in the legislative financial statement annexed to this proposal.

• Detailed explanation of the specific provisions of the proposal

The Authority will be a body with legal personality, in the form of an EU decentralised agency. It will act within the scope of EU legislation on AML/CFT, including a new AML/CFT Regulation which the Commission is proposing alongside the present proposal, amendments to the existing Directive (EU) 2015/849 and amendments to Regulation (EU) 2015/847. Its objective is the prevention of money laundering and terrorism financing in the Union, by contributing to enhanced supervision and improved cooperation between FIUs and supervisory authorities. The decision on the seat of the Authority should be taken in accordance with the relevant provisions of the Common Approach of the European Parliament, the Council of the EU and the European Commission on decentralised agencies 29 .

• Tasks and powers of the Authority (Articles 5 to Articles 44)

The tasks of the Authority can be divided in five areas:

i. With respect to selected obliged entities, the Authority shall ensure group-wide compliance with the requirements laid down in AMLD/R and any other legally binding Union acts that impose AML/CFT-related obligations on financial institutions. It shall carry out supervisory reviews and assessments at individual entity and group-wide basis, participate in group-wide supervision, and develop and maintain up-to-date a system to assess the risks and vulnerabilities of the selected obliged entities.

ii. With respect to financial supervisors, the Authority shall carry out periodic reviews to ensure that all financial supervisors have adequate resources and powers necessary for the performance of their tasks. It shall facilitate the functioning of the colleges and contribute to convergence of supervisory practices and promotion of high supervisory standards. It shall coordinate staff and information exchanges among financial supervisors in the Union and provide assistance to supervisors.

iii. With respect to non-financial supervisors, including Self-Regulatory Bodies where appropriate, the Authority shall coordinate peer reviews of supervisory standards and practices and request non-financial supervisors to investigate possible breaches of requirements applicable to obliged entities and to consider imposing sanctions or remedial actions in respect of such breaches. It shall carry out periodic reviews and provide assistance to supervisors. Where supervision of specific sectors is delegated at the national level to self-regulatory bodies, the Authority shall exercise the tasks set out in the first subparagraph in relation to public bodies overseeing the activity of such self-regulatory bodies.

iv. With respect to FIUs in the Member States, the Authority shall play a significant role in the conduct of joint analyses by FIUs, i.e. in the identification of relevant cases and the development of appropriate methods for the joint analyses of cross-border cases. Further, it shall make available to FIUs IT and artificial intelligence services and tools for secure information sharing, including through hosting of FIU.net. It shall promote expert knowledge on detection, analysis, and dissemination methods of suspicious transactions, provide specialised training and assistance to FIUs and prepare and coordinate threat assessments.

v. The general powers of the Authority which relate to all aforementioned tasks will include the power to adopt regulatory technical standards and implementing technical standards where this is provided for in the applicable AML/CFT legislation, and a broad power to adopt guidelines or recommendations addressed to obliged entities, AML/CFT supervisors or FIUs. In the context of direct supervision, the Authority shall have the powers to adopt binding decisions, administrative measures, and pecuniary sanctions towards directly supervised obliged entities. In the context of indirect supervision, with respect to financial and non-financial supervisory authorities, the Authority shall have the powers to, inter alia, issue requests to act and instructions relating to the exercise of their own supervisory powers.

• Direct supervision of selected financial sector obliged entities (Articles 12 to 27)

The Authority will be the supervisor of a limited number of the riskiest cross-border financial sector obliged entities (‘selected obliged entities’). In addition, there is a procedure for it to take over from a national supervisory authorities supervision of any financial sector obliged entity in emergency circumstances if there are indications of breaches of AML/CFT legislation which are not being efficiently and adequately dealt with by a supervisory authority. A periodic selection of entities for direct supervision will take place every three years, on the basis of objective criteria. For the selection, entities must have activities in a minimum number of Member States, and in at least a certain number of these Member States, they must be categorised in the highest risk category by the supervisory authority, based on a harmonised risk assessment methodology.

The Authority may take over supervision of an individual financial sector obliged entity where there have been problems related to compliance with applicable requirements at the level of the entity, and the relevant supervisory authority has not taken adequate measures to address non-compliance in a timely manner. The takeover can take place only following a procedure ending with a Commission Decision confirming the takeover. Before this, the Authority would enjoin the supervisory authority to take a specific action to remedy identified failings at the level of the obliged entity, the national authority would have failed to take such action within a provided timeframe, and the Authority would have brought the matter before the Commission, requesting a decision transferring supervisory competence. Supervision of directly supervised selected obliged entities will be undertaken by Joint Supervisory Teams led by the Authority but including staff of national supervisory authorities. On-site visits will be a part of supervision. The Authority will have the power to address binding decisions to such selected obliged entities and to impose administrative sanctions on legal entities up to a maximum of 10% of turnover or €10 million, whichever is higher.

• Indirect supervision of non-selected obliged entities (Articles 25 to 27) and non- financial obliged entities (Articles 28 to 29)

The indirect supervisory role of the Authority will be one of coordination and oversight of national AML/CFT supervisors, including self-regulatory bodies (SRBs) in certain Member States for certain non-financial Obliged Entities. Peer reviews and thematic reviews will be important tools to identify good and less good practices and ensure the high supervisory standards across the Union. The Authority will have the power to address guidelines opinions and recommendations to national supervisors and SRBs.

• Coordination and Support Mechanism for Financial Intelligence Units (Articles 33-37)

The Authority will have the power to adopt, via Implementing Technical Standards, binding templates and models for reporting of suspicious transactions and suspicious activity from obliged entities to FIUs, thus facilitating speedier and more efficient cooperation and information exchange between FIUs. It will promote and participate in organising joint analyses of certain cross-border suspicious transactions and activities. It will carry out reviews of the conduct, methods, and procedures for carrying out such joint analyses with an objective of constantly improving their effectiveness. Finally, it will host and manage FIU.net, a secure communication network between FIUs.

• Organisation and governance of the Authority (Articles 45 to 63)

The Authority will comprise of two collegial governing bodies, namely an Executive Board of five independent full time members and the Chair of the Authority and of a General Board composed of representatives of Member States. In order to deal with various tasks granted to the Authority, the General Board will have two alternative compositions – a supervisory composition with heads of public authorities responsibile for AML supervision, and FIU composition, with heads of FIUs in the Member States. Both compositions of the General Board shall be chaired by the Chair of the Authority.

The General Board will, in appropriate composition depending on the subject-matter, adopt all regulatory instruments, draft Regulatory and Technical Implementing Standards, Guidelines and Recommendations. The General Board in supervisory composition may also provide its opinion on any decision vis-à-vis directly supervised selected obliged entities prepared by the Joint Supervisory team before the adoption of the final decision by the Executive Board.

The Executive Board will be the governing body of the Authority. It will take all decisions towards individual obliged entities or individual supervisory authorities where the Authority is acting as a direct supervisor of selected obliged entities or as an indirect supervisor of non-selected obliged entities or non-financial obliged entities, having specific oversight powers towards their supervisory authorities. The Executive Board will also take the decisions regarding the draft budget and other matters relating to the administration, operations and functioning of the Authority. With respect to these particular decisions, a representative of the Commission shall have a right to vote.

The Authority will have a Chair and an Executive Director. The Chair will shall represent the Authority and shall be responsible for preparing the work of the General Board and the Executive Board. The Executive Director will be in charge of the day-to-day management of the Authority and be administratively responsible as regards budget implementation, resources, staff and procurement in the Authority. The Chair of the Authority and the Executive Director will be selected following their individual selection procedures.

There will be an Administrative Board of Review to deal with appeals against binding decisions of the Authority addressed to obliged entities under its direct supervision; decisions of the Administrative Board of Review will be appealable to the Court of Justice of the European Union. The Administrative Board of Review will be composed of individuals of high repute who will be tasked with hearing the administrative appeals of the selected obliged entities with regard to the binding decisions addressed to them by the Authority. The Administrative Board of Review Board may propose to alter or substitute the original decision by the Executive Board that is subject to an administrative appeal. The Executive Board shall take into account the opinion of the Administrative Board of Review Board, but shall not be bound by it.

• Financial provisions (Articles 64 to 72)

The Authority will draw up an annual budget, which must be balanced, for adoption by the Budgetary Authority. It will adopt an internal Financial Regulation and anti-fraud measures. The Court of Auditors will comment on the draft budget and be competent to audit the Authority. The European Parliament will grant budgetary discharge, as for other decentralised agencies.

The Authority’s revenues will come both from the EU budget and from fees levied on certain financial sector selected and non-selected obliged entities. The fees levied from selected and non-selected obliged entities will correspond to the costs incurred by the Authority for direct and indirect supervision of the financial sector obliged entities. A Commission delegated act will specify the sub-set of obliged entities subject to fees and will lay down the methodology for calculation of fees per obliged entity.

• Staff regulation (Articles 73 to 76) and cooperation (Articles 77 to 81)

The Authority will apply Staff Regulations (SR) and the Conditions of Employment of Other Servants (CEOS), including on professional secrecy and privleges and immunities. The rules on data protection and access to documents will set up an obligation to work closely with the European Data Protection Supervisor and Board.

The Authority is required to cooperate in good faith with relevant external bodies, including EU bodies (Europol, European Supervisory Authorities, Single Supervisory Mechanism and the European Public Prosecutors’ Office), other relevant national competent authorities, such as prudential, resolution and DGS authorities, and third country authorities as appropriate.

• Final provisions (Articles 82 to 93)

The competences of the European Banking Authority in the area of AML/CFT are removed and transferred to the Authority.

The Authority will be established at the beginning of 2023 and the activity of direct supervision will commence at the beginning of 2026. An evaluation will take explace by December 2029.