Considerations on COM(2021)423 - Mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2021)423 - Mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of ... |
---|---|
document | COM(2021)423 |
date | May 31, 2024 |
(2) Since the entry into force of Directive (EU) 2015/849, a number of areas have been identified where amendments would be needed to ensure the necessary resilience and capacity of the Union financial system to prevent money laundering and terrorist financing.
(3) Significant variations in practices and approaches by competent authorities across the Union, as well as the lack of sufficiently effective arrangements for cross-border cooperation were identified in the implementation of Directive (EU) 2015/849. It is therefore appropriate to define clearer requirements, which should contribute to smooth cooperation across the Union whilst allowing Member States to take into account the specificities of their national systems.
(4) This new instrument is part of a comprehensive package aiming at strengthening the Union’s AML/CFT framework. Together, this instrument, Regulation [please insert reference – proposal for Anti-Money Laundering Regulation - COM/2021/420 final], Regulation [please insert reference – proposal for a recast of Regulation (EU) 2015/847 - COM/2021/422 final] and Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final] will form the legal framework governing the AML/CFT requirements to be met by obliged entities and underpinning the Union’s AML/CFT institutional framework, including the establishment of an Authority for anti-money laundering and countering the financing of terrorism (‘AMLA’).
(5) Money laundering and terrorist financing are frequently carried out in an international context. Measures adopted at Union level, without taking into account international coordination and cooperation, would have very limited effect. The measures adopted by the Union in that field should therefore be compatible with, and at least as stringent as, other actions undertaken at international level. Union action should continue to take particular account of the Financial Action Task Force (FATF) Recommendations and instruments of other international bodies active in the fight against money laundering and terrorist financing. With a view to reinforcing the efficacy of the fight against money laundering and terrorist financing, the relevant Union legal acts should, where appropriate, be aligned with the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation adopted by the FATF in February 2012 (the ‘revised FATF Recommendations’) and the subsequent amendments to those standards.
(6) Specific money laundering and terrorist financing threats, risks and vulnerabilities affecting certain economic sectors at national level diminish in distinct manners Member States ability to contribute to the integrity and soundness of the Union financial system. As such, it is appropriate to allow Member States, upon identification of such sectors and specific risks to decide to apply AML/CFT requirements to additional sectors than those covered by Regulation [please insert reference – proposal for Anti-Money Laundering Regulation]. With a view to preserving the effectiveness of the internal market and the Union AML/CFT system, the Commission should be able, with the support of AMLA, to assess whether the intended decisions of the Member States to apply AML/CFT requirements to additional sectors are justified. In cases where the best interests of the Union would be achieved at Union level as regards specific sectors, the Commission should inform that Member State that it intends to take action at Union level instead and the Member State should abstain from taking the intended national measures.
(7) In light of the specific anti-money laundering vulnerabilities that have been witnessed in the electronic money issuing, the payment services and the crypto-assets service providing industry, it should be possible for Member States to require that those providers established on their territory in forms other than a branch and the head office of which is situated in another Member State appoint a central contact point. Such a central contact point, acting on behalf of the appointing institution, should ensure the establishments' compliance with AML/CFT rules.
(8) Supervisors should ensure that, with regard to currency exchange offices, cheque cashing offices, trust or company service providers or gambling service providers, the persons who effectively manage the business of such entities and the beneficial owners of such entities act with honesty and integrity and possess knowledge and expertise necessary to carry out their functions. The criteria for determining whether or not a person complies with those requirements should, as a minimum, reflect the need to protect such entities from being misused by their managers or beneficial owners for criminal purposes.
(9) For the purposes of assessing the appropriateness of persons holding a management function in, or otherwise controlling, obliged entities, any exchange of information about criminal convictions should be carried out in accordance with Council Framework Decision 2009/315/JHA 24 and Council Decision 2009/316/JHA 25 .
(10) The Commission is well placed to review specific cross-border threats that could affect the internal market and that cannot be identified and effectively combatted by individual Member States. It should therefore be entrusted with the responsibility for coordinating the assessment of risks relating to cross-border activities. Involvement of the relevant experts, such as the Expert Group on Money Laundering and Terrorist Financing and the representatives from the FIUs, as well as, where appropriate, from other Union-level bodies, is essential for the effectiveness of the process of the assessment of risks. National risk assessments and experience are also an important source of information for that process. Such assessment of the cross-border risks by the Commission should not involve the processing of personal data. In any event, data should be fully anonymised. National and Union data protection supervisory authorities should be involved only if the assessment of the risk of money laundering and terrorist financing has an impact on the privacy and data protection of individuals.
(11) The findings of the risk assessment at Union level can assist competent authorities and obliged entities in the identification, understanding, management and mitigation of the risk of money laundering and terrorist financing, as well as of risks of non-application and evasion of targeted financial sanctions. It is therefore important that the findings of the risk assessment are made public.
(12) The Member States remain the best placed to identify, assess, understand and decide how to mitigate risks of money laundering and terrorist financing affecting them directly. Therefore, each Member State should take the appropriate steps in an effort to properly identity, assess and understand its money laundering and terrorist financing risks, as well as risks of non-implementation and evasion of targeted financial sanctions and to define a coherent national strategy to put in place actions to mitigate those risks. Such national risk assessment should be updated regularly and should include a description of the institutional structure and broad procedures of the Member State's AML/CFT regime, as well as the allocated human and financial resources to the extent that this information is available.
(13) The results of risk assessments should, where appropriate, be made available to obliged entities in a timely manner to enable them to identify, understand, manage and mitigate their own risks.
(14) In addition, to identify, understand, manage and mitigate risks at Union level to an even greater degree, Member States should make available the results of their risk assessments to each other, to the Commission and to AMLA.
(15) To be able to review the effectiveness of their systems for combating money laundering and terrorist financing, Member States should maintain, and improve the quality of, relevant statistics. With a view to enhancing the quality and consistency of the statistical data collected at Union level, the Commission and the AMLA should keep track of the Union-wide situation with respect to the fight against money laundering and terrorist financing and should publish regular overviews.
(16) The FATF has developed standards for jurisdictions to identify, and assess the risks of potential non-implementation or evasion of the proliferation financing-related targeted financial sanctions, and to take action to mitigate those risks. Those new standards introduced by the FATF do not substitute nor undermine the existing strict requirements for countries to implement targeted financial sanctions to comply with the relevant United Nations Security Council Regulations relating to the prevention, suppression and disruption of proliferation of weapons of mass destruction and its financing. Those existing obligations, as implemented at Union level by Council Decisions 2010/413/CFSP 26 and (CFSP) 2016/849 27 as well as Council Regulations (EU) 267/2012 28 and (EU) 2017/1509 29 , remain strict rule-based obligations binding on all natural and legal persons within the Union.
(17) In order to reflect the latest developments at international level, a requirement has been introduced by this Directive to identify, understand, manage and mitigate risks of potential non-implementation or evasion of proliferation financing-related targeted financial sanctions at Union level and at Member State level.
(18) Central registers of beneficial ownership information are crucial in combating the misuse of legal entities. To ensure that the registers of beneficial ownership information are easily accessible and contain high-quality data, consistent rules on the collection and storing of this information should be introduced.
(19) With a view to enhancing transparency in order to combat the misuse of legal entities, Member States should ensure that beneficial ownership information is stored in a central register located outside the company, in full compliance with Union law. Member States can, for that purpose, use a central database, which collects beneficial ownership information, or the business register, or another central register. Member States may decide that obliged entities are responsible for filling in the register. Member States should make sure that in all cases that information is made available to competent authorities and FIUs and is provided to obliged entities when they take customer due diligence measures.
(20) Beneficial ownership information of trusts and similar legal arrangements should be registered where the trustees and persons holding equivalent positions in similar legal arrangements are established or where they reside. In order to ensure the effective monitoring and registration of information on the beneficial ownership of trusts and similar legal arrangements, cooperation between Member States is also necessary. The interconnection of Member States’ registries of beneficial owners of trusts and similar legal arrangements would make this information accessible, and would also ensure that the multiple registration of the same trusts and similar legal arrangements is avoided within the Union.
(21) Timely access to information on beneficial ownership should be ensured in ways, which avoid any risk of tipping off the company concerned.
(22) The accuracy of data included in the beneficial ownership registers is fundamental for all of the relevant authorities and other persons allowed access to that data, and to make valid, lawful decisions based on that data. Therefore, where sufficient reasons arise, after careful analysis by the registrars, to doubt the accuracy of the beneficial ownership information held by the registers, legal entities and legal arrangements should be required to provide additional information on a risk-sensitive basis. In addition, it is important that Member States entrust the entity in charge of managing the registers with sufficient powers to verify beneficial ownership and the veracity of information provided to it, and to report any suspicion to their FIU. Such powers should extend to the conduct of inspections at the premises of the legal entities.
(23) Moreover, the reporting of discrepancies between beneficial ownership information held in the central registers and beneficial ownership information available to obliged entities and, where applicable, competent authorities, is an effective mechanism to verify the accuracy of the information. Any such discrepancy should be swiftly identified, reported and corrected.
(24) In view of ensuring that the mechanism of discrepancy reporting is proportionate and focused on the detection of instances of inaccurate beneficial ownership information, Member States may allow obliged entities to request the customer to rectify discrepancies of a technical nature directly with the entity in charge of the central registers. Such option only applies to low-risk customers and to those errors of a technical nature, such as minor cases of misspelt information, where it is evident that that those do not hinder the identification of the beneficial owner(s) and the accuracy of the information.
(25) Where the reporting of discrepancies by the FIUs and other competent authorities would jeopardise an on-going criminal investigation, the FIUs or other competent authorities should delay the reporting of the discrepancy until the moment at which the reasons for not reporting cease to exist. Furthermore, FIUs and competent authorities should not report any discrepancy when this would be contrary to any confidentiality provision of national law or would constitute a tipping-off offence.
(26) To ensure a level playing field in the application of the concept of beneficial owner, it is of utmost importance that, across the Union, legal entities obtain benefit from uniform reporting channels and means. To that end, the format for the submission of beneficial ownership information to the relevant national registers should be uniform and offer guarantees of transparency and legal certainty.
(27) In order to ensure a level playing field among the different types of legal forms, trustees should also be required to obtain and hold beneficial ownership information and to communicate that information to a central register or a central database.
(28) Public access to beneficial ownership information can allow greater scrutiny of information by civil society, including by the press or civil society organisations, and contributes to preserving trust in the integrity of the financial system. It can contribute to combating the misuse of corporate and other legal entities and legal arrangements for the purposes of money laundering or terrorist financing, both by helping investigations and through reputational effects, given that anyone who could enter into a business relationship is aware of the identity of the beneficial owners. It may also facilitate the timely and efficient availability of information for obliged entities as well as authorities of third countries involved in combating such offences. The access to that information would also help investigations on money laundering, associated predicate offences and terrorist financing.
(29) Confidence in financial markets from investors and the general public depends in large part on the existence of an accurate disclosure regime that provides transparency in the beneficial ownership and control structures of companies. This is particularly true for corporate governance systems that are characterised by concentrated ownership, such as the one in the Union. On the one hand, large investors with significant voting and cash-flow rights may encourage long-term growth and firm performance. On the other hand, however, controlling beneficial owners with large voting blocks may have incentives to divert corporate assets and opportunities for personal gain at the expense of minority investors. The potential increase in confidence in financial markets should be regarded as a positive side effect and not the purpose of increasing transparency, which is to create an environment less likely to be used for the purposes of money laundering and terrorist financing.
(30) Confidence in financial markets from investors and the general public depends in large part on the existence of an accurate disclosure regime that provides transparency in the beneficial ownership and control structures of corporate and other legal entities as well as certain types of trusts and similar legal arrangements. Member States should therefore allow access to beneficial ownership information in a sufficiently coherent and coordinated way, by establishing confidence rules of access by the public, so that third parties are able to ascertain, throughout the Union, who are the beneficial owners of corporate and other legal entities as well as, provided that there is a legitimate interest, of certain types of trusts and similar legal arrangements.
(31) With regard to corporate and other legal entities, a fair balance should be sought in particular between the general public interest in the prevention of money laundering and terrorist financing and the data subjects’ fundamental rights. The set of data to be made available to the public should be limited, clearly and exhaustively defined, and should be of a general nature, so as to minimise the potential prejudice to the beneficial owners. At the same time, information made accessible to the public should not significantly differ from the data currently collected. In order to limit the interference with the right to respect for their private life in general and to protection of their personal data in particular, that information should relate essentially to the status of beneficial owners of corporate and other legal entities and should strictly concern the sphere of economic activity in which the beneficial owners operate. In cases where the senior managing official has been identified as the beneficial owner only ex officio and not through ownership interest held or control exercised by other means, this should be clearly visible in the registers.
(32) In case of express trusts and similar legal arrangements, the information should be accessible to any member of the general public, provided that the legitimate interest can be demonstrated. This should include situations where natural or legal persons file a request in relation to a trust or similar legal arrangement which holds or owns a controlling interest in a legal entity incorporated or created outside the Union through direct or indirect ownership, including through bearer shareholding, or through control via other means. The interpretation of the legitimate interest by the Member States should not restrict the concept of legitimate interest to cases of pending administrative or legal proceedings, and should enable to take into account the preventive work in the field of anti-money laundering and its predicate offences and counter-terrorist financing undertaken by non-governmental organisations and investigative journalists. While trusts and other legal arrangements can be used in complex corporate structures, their primary objective remains the management of individual wealth. In order to adequately balance the legitimate aim of preventing the use of the financial system for the purposes of money laundering or terrorist financing, which public scrutiny enhances, and the protection of fundamental rights of individuals, in particular the right to privacy and protection of personal data, it is necessary to provide for the demonstration of a legitimate interest in accessing beneficial ownership information of trusts and other legal arrangements.
(33) In order to ensure that the information available to the public allows the correct identification of the beneficial owner, a minimum set of data should be accessible to the public. Such data should allow for the unequivocal identification of the beneficial owner, whilst minimising the amount of personal data publicly accessible. In the absence of information pertaining to the name, the month and year of birth and the country of residence and nationality of the beneficial owner, it would not be possible to establish unambiguously who the natural person being the beneficial owner is. Similarly, the absence of information on the beneficial interest held would make it impossible to determine why that natural person should be identified as being the beneficial owner. Therefore, in order to avoid misinterpretations of the beneficial ownership information publicly available and to ensure a proportionate disclosure of personal data consistent across the Union, it is appropriate to lay down the minimum set of data that can be accessed by the public.
(34) The enhanced public scrutiny may contribute to preventing the misuse of legal entities and legal arrangements, including tax avoidance. Therefore, it is essential that the information on beneficial ownership remains available through the national registers and through the system of interconnection of beneficial ownership registers for a minimum of five years after the grounds for registering beneficial ownership information of the trust or similar legal arrangement have ceased to exist. However, Member States should be able to provide by law for the processing of the information on beneficial ownership, including personal data for other purposes if such processing meets an objective of public interest and constitutes a necessary and proportionate measure in a democratic society to the legitimate aim pursued.
(35) Moreover, with the aim of ensuring a proportionate and balanced approach and to guarantee the rights to private life and personal data protection, it should be possible for Member States to provide for exemptions to the disclosure of the personal information on the beneficial owner through the registers of beneficial ownership information and to access to such information, in exceptional circumstances, where that information would expose the beneficial owner to a disproportionate risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation. It should also be possible for Member States to require online registration in order to identify any person who requests information from the register, as well as the payment of a fee for access to the information in the register.
(36) Directive (EU) 2018/843 achieved the interconnection of Member States’ central registers holding beneficial ownership information through the European Central Platform established by Directive (EU) 2017/1132 of the European Parliament and of the Council 30 . Continued involvement of Member States in the functioning of the whole system should be ensured by means of a regular dialogue between the Commission and the representatives of Member States on the issues concerning the operation of the system and on its future development.
(37) Through the interconnection of Member States’ beneficial ownership registers, both national and cross-border access to information on the beneficial ownership of legal arrangements contained in each Member State’s register should be granted based on the definition of legitimate interest, by virtue of a decision taken by the relevant entity of that Member State. To avoid that decisions on limiting access to beneficial ownership information which are not justified cannot be reviewed, appeal mechanisms against such decisions should be established. With a view to ensuring coherent and efficient registration and information exchange, Member States should ensure that their entity in charge of the register cooperates with its counterparts in other Member States, sharing information concerning trusts and similar legal arrangements governed by the law of one Member State and administered in another Member State.
(38) Regulation (EU) 2016/679 of the European Parliament and of the Council 31 applies to the processing of personal data for the purposes of this Directive. Natural persons whose personal data are held in national registers as beneficial owners should be informed about the applicable data protection rules. Furthermore, only personal data that is up to date and corresponds to the actual beneficial owners should be made available and the beneficiaries should be informed about their rights under the Union legal data protection framework and the procedures applicable for exercising those rights. In addition, to prevent the abuse of the information contained in the registers and to balance out the rights of beneficial owners, Member States might find it appropriate to consider making information relating to the requesting person along with the legal basis for their request available to the beneficial owner.
(39) Delayed access to information by FIUs and other competent authorities on the identity of holders of bank and payment accounts and safe-deposit boxes, especially anonymous ones, hampers the detection of transfers of funds relating to money laundering and terrorist financing. National data allowing the identification of bank and payments accounts and safe-deposit boxes belonging to one person is fragmented and therefore not accessible to FIUs and to other competent authorities in a timely manner. It is therefore essential to establish centralised automated mechanisms, such as a register or data retrieval system, in all Member States as an efficient means to get timely access to information on the identity of holders of bank and payment accounts and safe-deposit boxes, their proxy holders, and their beneficial owners. When applying the access provisions, it is appropriate for pre-existing mechanisms to be used provided that national FIUs can access the data for which they make inquiries in an immediate and unfiltered manner. Member States should consider feeding such mechanisms with other information deemed necessary and proportionate for the more effective mitigation of risks relating to money laundering and the financing of terrorism. Full confidentiality should be ensured in respect of such inquiries and requests for related information by FIUs and competent authorities other than those authorities responsible for prosecution.
(40) In order to respect privacy and protect personal data, the minimum data necessary for the carrying out of AML/CFT investigations should be held in centralised automated mechanisms for bank and payment accounts, such as registers or data retrieval systems. It should be possible for Member States to determine which data it is useful and proportionate to gather, taking into account the systems and legal traditions in place to enable the meaningful identification of the beneficial owners. When transposing the provisions relating to those mechanisms, Member States should set out retention periods equivalent to the period for retention of the documentation and information obtained within the application of customer due diligence measures. It should be possible for Member States to extend the retention period on a general basis by law, without requiring case-by-case decisions. The additional retention period should not exceed an additional five years. That period should be without prejudice to national law setting out other data retention requirements allowing case-by-case decisions to facilitate criminal or administrative proceedings. Access to those mechanisms should be on a need-to-know basis.
(41) Through the interconnection of Member States’ centralised automated mechanisms, the national FIUs would be able to obtain swiftly cross-border information on the identity of holders of bank and payment accounts and safe deposit boxes in other Member States, which would reinforce their ability to effectively carry out financial analysis and cooperate with their counterparts from other Member States. Direct cross-border access to information on bank and payment accounts and safe deposit boxes would enable the Financial Intelligence Units to produce financial analysis within a sufficiently short timeframe to detect potential money laundering and terrorist financing cases and guarantee a swift law enforcement action.
(42) In order to respect the right to the protection of personal data and the right to privacy, and to limit the impact of cross-border access to the information contained in the national centralised automated mechanisms, the scope of information accessible through the bank account registers (BAR) central access point would be restricted to the minimum necessary in accordance with the principle of data minimisation in order to allow the identification of any natural or legal persons holding or controlling payment accounts and bank accounts identified by IBAN and safe-deposit boxes. Furthermore, only FIUs should be granted immediate and unfiltered access to the central access point. Member States should ensure that the FIUs’ staff maintain high professional standards of confidentiality and data protection, that they are of high integrity and are appropriately skilled. Moreover, Member States should put in place technical and organisational measures guaranteeing the security of the data to high technological standards.
(43) The interconnection of Member States’ centralised automated mechanisms (central registries or central electronic data retrieval systems) containing information on bank and payment accounts and safe-deposit boxes through the BAR single access point necessitates the coordination of national systems having varying technical characteristics. For this purpose, technical measures and specifications taking into account the differences between the national centralised automated mechanisms should be developed.
(44) Real estate is an attractive commodity for criminals to launder the proceeds of their illicit activities, as it allows obscuring the true source of the funds and the identity of the beneficial owner. Proper and timely identification of natural or legal person owning real estate by FIUs and other competent authorities is important both for detecting money laundering schemes as well as for freezing and confiscation of assets. It is therefore important that Member States provide FIUs and competent authorities with access to information which allows the identification in a timely manner of natural or legal person owning real estate and information relevant for the identification of the risk and suspicion of the transaction.
(45) All Member States have, or should, set up operationally independent and autonomous FIUs to collect and analyse the information which they receive with the aim of establishing links between suspicious transactions and underlying criminal activity in order to prevent and combat money laundering and terrorist financing. The FIU should be the single central national unit responsible for the receipt and analysis of suspicious transaction reports, reports on cross-border physical movements of cash and on payments in cash above a certain threshold as well as other information relevant to money laundering, its predicate offences or terrorist financing submitted by obliged entities. Operational independence and autonomy of the FIU should be ensured by granting the FIU the authority and capacity to carry out its functions freely, including the ability to take autonomous decisions as regards analysis, requests and dissemination of specific information. In all cases, the FIU should have the independent right to forward or disseminate information to competent authorities. The FIU should be provided with adequate financial, human and technical resources, in a manner that secures its autonomy and independence and enables it to exercise its mandate effectively. The FIU should be able to obtain and deploy the resources needed to carry out its functions, on an individual or routine basis, free from any undue political, government or industry influence or interference, which might compromise its operational independence.
(46) FIUs play an important role in identifying the financial operations of terrorist networks, especially cross-border, and in detecting their financial backers. Financial intelligence might be of fundamental importance in uncovering the facilitation of terrorist offences and the networks and schemes of terrorist organisations. FIUs maintain significant differences as regards their functions, competences and powers. The current differences should however not affect an FIU’s activity, particularly its capacity to develop preventive analyses in support of all the authorities in charge of intelligence, investigative and judicial activities, and international cooperation. In the exercise of their tasks, it has become essential to identify the minimum set of data FIUs should have swift access to and be able to exchange without impediments with their counterparts from other Member States. In all cases of suspected money laundering, its predicate offences and in cases involving the financing of terrorism, information should flow directly and quickly without undue delays. It is therefore essential to further enhance the effectiveness and efficiency of FIUs, by clarifying the powers of and cooperation between FIUs.
(47) The powers of FIUs include the right to access directly or indirectly the ‘financial’, ‘administrative’ and ‘law enforcement’ information that they require in order to combat money laundering, its associated predicate offences and terrorist financing. The lack of definition of what types of information these general categories include has resulted in FIUs having been granted with access to considerably diversified sets of information which has an impact on FIUs’ analytical functions as well as on their capacity to cooperate effectively with their counterparts from other Member States. It is therefore necessary to define the minimum sets of ‘financial’, ‘administrative’ and ‘law enforcement’ information that should be made directly or indirectly available to every FIU across the Union. Moreover, FIUs should be able to obtain swiftly from any obliged entity all necessary information relating to their functions. An FIU should also be able to obtain such information upon request made by another FIU and to exchange that information with the requesting FIU.
(48) The vast majority of FIUs have been granted the power to take urgent action and suspend or withhold consent to a transaction in order to analyse it, confirm the suspicion and disseminate the results of the analytical activities to the competent authorities. However, there are certain variations in relation to the duration of the postponement powers across the different Member States, with an impact not only on the postponement of activities that have a cross-border nature through FIU-to-FIU cooperation, but also on individuals’ fundamental rights. Furthermore, in order to ensure that FIUs have the capacity to promptly restrain criminal funds or assets and prevent their dissipation, also for seizure purposes, FIUs should be granted the power to suspend the use of a bank or payment account in order to analyse the transactions performed through the account, confirm the suspicion and disseminate the results of the analysis to the competent authorities. Given that postponement powers have an impact on the right to property, the preservation of affected persons’ fundamental rights should be guaranteed.
(49) For the purposes of greater transparency and accountability and to increase awareness with regard to their activities, FIUs should issue activity reports on an annual basis. These reports should at least provide statistical data in relation to the suspicious transaction reports received, the number of disseminations made to national competent authorities, the number of requests submitted to and received by other FIUs as well as information on trends and typologies identified. This report should be made public except for the elements which contain sensitive and classified information. At least once annually, the FIU should provide obliged entities with feedback on the quality of suspicious transaction reports, their timeliness, the description of suspicion and any additional documents provided. Such feedback can be provided to individual obliged entities or groups of obliged entities and should aim to further improve the obliged entities’ ability to detect and identify suspicious transactions and activities and enhance the overall reporting mechanisms.
(50) The purpose of the FIU is to collect and analyse the information which they receive with the aim of establishing links between suspicious transactions and underlying criminal activity in order to prevent and combat money laundering and terrorist financing, and to disseminate the results of its analysis as well as additional information to the competent authorities where there are grounds to suspect money laundering, associated predicate offences or financing of terrorism. An FIU should not refrain from or refuse the exchange of information to another FIU, spontaneously or upon request, for reasons such as a lack of identification of an associated predicate offence, features of criminal national laws and differences between the definitions of associated predicate offences or the absence of a reference to particular associated predicate offences. Similarly, an FIU should grant its prior consent to another FIU to forward the information to other competent authorities regardless of the type of possible associated predicate offence in order to allow the dissemination function to be carried out effectively. FIUs have reported difficulties in exchanging information based on differences in national definitions of certain predicate offences, such as tax crimes, which are not harmonised by Union law. Such differences should not hamper the mutual exchange, the dissemination to other competent authorities and the use of that information. FIUs should rapidly, constructively and effectively ensure the widest range of international cooperation with third countries’ FIUs in relation to money laundering, associated predicate offences and terrorist financing in accordance with the applicable data protection rules for data transfers, FATF Recommendations and Egmont Principles for Information Exchange between Financial Intelligence Units.
(51) FIUs should use secure facilities, including protected channels of communication, to cooperate and exchange information amongst each other. In this respect, a system for the exchange of information between FIUs of the Member States (‘FIU.net’) should be set up. The system should be managed and hosted by AMLA. The FIU.net should be used by FIUs to cooperate and exchange information amongst each other and may also be used, where appropriate, to exchange information with FIUs of third countries and with other authorities and Union bodies. The functionalities of the FIU.net should be used by FIUs to their full potential. Those functionalities should allow FIUs to match their data with data of other FIUs in an anonymous way with the aim of detecting subjects of the FIU's interests in other Member States and identifying their proceeds and funds, whilst ensuring full protection of personal data.
(52) It is important that FIUs cooperate and exchange information effectively with one another. In this regard, AMLA should provide the necessary assistance, not only by means of coordinating joint analyses of cross-border suspicious transaction reports, but also by developing draft regulatory technical standards concerning the format to be used for the exchange of information between FIUs and guidelines in relation to the relevant factors to be taken into account when determining if a suspicious transaction report concerns another Member State as well as on the nature, features and objectives of operational and of strategic analysis.
(53) Time limits for exchanges of information between FIUs are necessary in order to ensure quick, effective and consistent cooperation. Time limits should be set out in order to ensure effective sharing of information within reasonable time or to meet procedural constraints. Shorter time limits should be provided in exceptional, justified and urgent cases where the requested FIU is able to access directly the databases where the requested information is held. In the cases where the requested FIU is not able to provide the information within the set time limits, it should inform its counterpart accordingly.
(54) The movement of illicit money traverses borders and may affect different Member States. The cross-border cases, involving multiple jurisdictions, are becoming more and more frequent and increasingly significant, also due to the activities carried out by obliged entities on a cross-border basis. In order to deal effectively with cases that concern several Member States, FIUs should be able to go beyond the simple exchange of information for the detection and analysis of suspicious transactions and activities and share the analytical activity itself. FIUs have reported certain important issues which limit or condition the capacity of FIUs to engage in joint analysis. Carrying out joint analysis of suspicious transactions and activities will enable FIUs to exploit potential synergies, to use information from different sources, to obtain a full picture of the anomalous activities and to enrich the analysis. FIUs should be able to conduct joint analyses of suspicious transactions and activities and to set up and participate in joint analysis teams for specific purposes and limited period with the assistance of AMLA. The participation of third parties may be instrumental for the successful outcome of joint analyses. Therefore, FIUs may invite third parties to take part in the joint analysis where such participation would fall within the respective mandates of those third parties.
(55) Effective supervision of all obliged entities is essential to protect the integrity of the Union financial system and of the internal market. To this end, Member States should deploy effective and impartial AML/CFT supervision and set forth the conditions for effective, timely and sustained cooperation between supervisors.
(56) Member States should ensure effective, impartial and risk-based supervision of all obliged entities, preferably by public authorities via a separate and independent national supervisor. National supervisors should be able to perform a comprehensive range of tasks in order to exercise effective supervision of all obliged entities.
(57) The Union has witnessed on occasions a lax approach to the supervision of the obliged entities' duties in terms of anti-money laundering and counter-terrorist financing duties. Therefore, it has become of utmost importance that competent national supervisors, as part of the integrated supervisory mechanism put in place by this Directive and Regulation [please insert reference – proposal for establishment of an Anti-Money Laundering Authority - COM/2021/421 final], obtain clarity as to their respective rights and obligations.
(58) In order to assess and monitor more effectively and regularly the risks the obliged entities are exposed to and the manner in which they implement targeted financial sanctions, it is necessary to clarify that national supervisors are both entitled and bound to conduct all the necessary off-site, on-site and thematic investigations and any other inquiries and assessments as they see necessary. This will not only help supervisors decide on those cases where the specific risks inherent in a sector are clear and understood, but also provide them with the tools required to further disseminate relevant information to obliged entities in order to inform their understanding of money laundering and terrorist financing risks.
(59) Outreach activities, including dissemination of information by the supervisors to the obliged entities under their supervision, is essential to guarantee that the private sector has an adequate understanding of the nature and level of money laundering and terrorist financing risks they face.
(60) Supervisors should adopt a risk-based approach to their work, which should enable them to focus their resources where the risks are the highest, whilst ensuring that no sector or entity is left exposed to criminal attempts to launder money or finance terrorism. AMLA should play a leading role in fostering a common understanding of risks, and should therefore be entrusted with developing the benchmarks and a methodology for assessing and classifying the inherent and residual risk profile of obliged entities, as well as the frequency at which such risk profile should be reviewed.
(61) The disclosure to FIUs of facts that could be related to money laundering or to terrorist financing by supervisors is one of the cornerstones of efficient and effective supervision of money laundering and terrorist financing risks. It is therefore necessary for Member States to put in place a system that ensures that FIUs are properly and promptly informed.
(62) Cooperation between national supervisors is essential to ensure a common supervisory approach across the Union. To be effective, this cooperation has to be leveraged to the greatest extent possible and regardless of the respective nature or status of the supervisors. In addition to traditional cooperation - such as the ability to conduct investigations on behalf of a requesting supervisory authority – it is appropriate to mandate the set-up of AML/CFT supervisory colleges with respect to obliged entities operating under the freedom to provide services or of establishment and with the respect of obliged entities which are part of a group.
(63) Where an obliged entity operates establishments in another Member State, including through a network of agents, the supervisor of the home Member State should be responsible for supervising the obliged entity's application of group-wide AML/CFT policies and procedures. This could involve on-site visits in establishments based in another Member State. The supervisor of the home Member State should cooperate closely with the supervisor of the host Member State and should inform the latter of any issues that could affect their assessment of the establishment's compliance with the host AML/CFT rules.
(64) Where an obliged entity operates establishments in another Member State, including through a network of agents, the supervisor of the host Member State retains responsibility for enforcing the establishment's compliance with AML/CFT rules, including, where appropriate, by carrying out onsite inspections and offsite monitoring and by taking appropriate and proportionate measures to address serious infringements of those requirements. The supervisor of the host Member State should cooperate closely with the supervisor of the home Member State and should inform the latter of any issues that could affect its assessment of the obliged entity's application of group AML/CFT policies and procedures. In order to remove serious infringements of AML/CFT rules that require immediate remedies, the supervisor of the host Member State should be able to apply appropriate and proportionate temporary remedial measures, applicable under similar circumstances to obliged entities under their competence, to address such serious failings, where appropriate, with the assistance of, or in cooperation with, the supervisor of the home Member State.
(65) To ensure better coordination of efforts and contribute effectively to the needs of the integrated supervisory mechanism, the respective duties of supervisors in relation to those obliged entities should be clarified, and specific, proportionate cooperation mechanisms should be provided for.
(66) Cross-border groups need to have in place far-reaching group-wide policies and procedures. To ensure that cross-border operations are matched by adequate supervision, there is a need to set out detailed supervisory rules, enabling supervisors of the home Member State and those of the host Member State cooperate with each other to the greatest extent possible, regardless of their respective nature or status, and with AMLA to assess the risks, monitor developments that could affect the various entities that form part of the group and coordinate supervisory action. Given its coordinating role, AMLA should be entrusted with the duty to developing the draft regulatory technical standards defining the detailed respective duties of the home and host supervisors of groups, and the modalities of cooperation between them. The supervision of the effective implementation of group policy on AML/CFT should be done in accordance with the principles and modalities of consolidated supervision as laid down in the relevant European sectoral legislation.
(67) Directive (EU) 2015/849 included a general requirement for supervisors of home and host Member States to cooperate. Such requirements were subsequently strengthened to prevent that the exchange of information and cooperation between supervisors were prohibited or unreasonably restricted. However, in the absence of a clear legal framework, the set-up of AML/CFT supervisory colleges has been based on non-binding guidelines. It is therefore necessary to establish clear rules for the organisation of AML/CFT colleges and to provide for a coordinated, legally sound approach, recognising the need for structured interaction between supervisors across the Union. In line with its coordinating and oversight role, AMLA should be entrusted with developing the draft regulatory technical standards defining the general conditions that enable the proper functioning of AML/CFT supervisory colleges.
(68) Exchange of information and cooperation between supervisors is essential in the context of increasingly integrated global financial systems. On the one hand, Union supervisors, including AMLA, should inform each other of instances in which the law of a third country does not permit the implementation of the policies and procedures required under Regulation [please insert reference – proposal for Anti-Money Laundering Regulation]. On the other hand, Member States should be enabled to authorise supervisors to conclude cooperation agreements providing for collaboration and exchanges of confidential information with their counterparts in third countries, in compliance with applicable rules for personal data transfers. Given its oversight role, AMLA should lend assistance as may be necessary to assess the equivalence of professional secrecy requirements applicable to the third country counterpart.
(69) Directive (EU) 2015/849 allowed Member States to entrust the supervision of some obliged entities to self-regulatory bodies. However, the quality and intensity of supervision performed by such self-regulatory bodies has been insufficient, and under no or close to no public scrutiny. Where a Member State decides to entrust supervision to a self-regulatory body, it should also designate a public authority to oversee the activities of the self-regulatory body to ensure that the performance of those activities is in line with the requirements of this Directive.
(70) The importance of combating money laundering and terrorist financing should result in Member States laying down effective, proportionate and dissuasive administrative sanctions and measures in national law for failure to respect the requirements of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation]. National supervisors should be empowered by Member States to impose such measures to obliged entities to remedy the situation in the case of breaches and, where the breach so justifies, issue pecuniary sanctions. The range of sanctions and measures should be sufficiently broad to allow Member States and competent authorities to take account of the differences between obliged entities, in particular between credit institutions and financial institutions and other obliged entities, as regards their size, characteristics and the nature of the business.
(71) Member States currently have a diverse range of administrative sanctions and measures for breaches of the key preventative provisions in place and an inconsistent approach to investigating and sanctioning violations of anti-money laundering requirements, nor is there a common understanding among supervisors as to what should constitute a 'serious' violation and thus distinguish when an administrative sanction should be imposed. That diversity is detrimental to the efforts made in combating money laundering and terrorist financing and the Union's response is fragmented. Therefore, common criteria for determining the most appropriate supervisory response to breaches should be laid down and a range of administrative measures that the supervisors could impose when the breaches are not sufficiently serious to be punished with an administrative sanction should be provided. In order to incentivise obliged entities to comply with the provisions of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation], it is necessary to strengthen the dissuasive nature of administrative sanctions. Accordingly, the minimum amount of the maximum penalty that can be imposed in case of serious breaches of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] should be raised. In transposing this Directive, Member States should ensure that the imposition of administrative sanctions and measures, and of criminal sanctions in accordance with national law, does not breach the principle of ne bis in idem.
(72) Obliged entities can benefit from the freedom to provide services and to establish across the internal market to offer their products and services across the Union. An effective supervisory system requires that supervisors are aware of the weaknesses in obliged entities’ compliance with AML/CFT rules. It is therefore important that supervisors are able to inform one another of administrative sanctions and measures imposed on obliged entities, when such information would be relevant for other supervisors too.
(73) Publication of an administrative sanction or measure for breach of Regulation [please insert reference – proposal for Anti-Money Laundering Regulation] can have a strong dissuasive effect against repetition of such breach. It also informs other entities of the money laundering and financing of terrorism risks associated with the sanctioned obliged entity before entering into a business relationship and assists supervisors in other Member States in relation to the risks associated with an obliged entity when it operates in their Member State on a cross-border basis. For those reasons, the requirement to publish decisions on sanctions against which there is no appeal should be confirmed. However, any such publication should be proportionate and, in the taking of a decision whether to publish an administrative sanction or measure, supervisors should take into account the gravity of the breach and the dissuasive effect that the publication is likely to achieve.
(74) There have been a number of cases where employees who have reported their suspicions of money laundering have been subjected to threats or hostile action. It is crucial that this issue be addressed to ensure effectiveness of the AML/CFT system. Member States should be aware of this problem and should do whatever they can to protect individuals, including employees and representatives of the obliged entity, from such threats or hostile action, and to provide, in accordance with national law, appropriate protection to such persons, particularly with regard to their right to the protection of their personal data and their rights to effective judicial protection and representation.
(75) The new fully-integrated and coherent anti-money laundering and counter-terrorist financing policy at Union level, with designated roles for both Union and national competent authorities and with a view to ensure their smooth and constant cooperation. In that regard, cooperation between all national and Union AML/CFT authorities is of the utmost importance and should be clarified and enhanced. Internally, it remains the duty of Member States to provide for the necessary rules to ensure that policy makers, the FIUs, supervisors, including AMLA, and other competent authorities involved in AML/CFT, as well as tax authorities and law enforcement authorities when acting within the scope of this Directive, have effective mechanisms to enable them to cooperate and coordinate, including through a restrictive approach to the refusal by competent authorities to cooperate and exchange information at the request of another competent authority.
(76) In order to facilitate and promote effective cooperation, and in particular the exchange of information, Member States should be required to communicate to the Commission and AMLA the list of their competent authorities and relevant contact details.
(77) The risk of money laundering and terrorist financing can be detected by all supervisors in charge of credit institutions. Information of a prudential nature relating to credit and financial institutions, such as information relating to the fitness and properness of directors and shareholders, to the internal control mechanisms, to governance or to compliance and risk management, is often indispensable for the adequate AML/CFT supervision of such institutions. Similarly, AML/CFT information is also important for the prudential supervision of such institutions. Therefore, cooperation and exchange of information with AML/CFT supervisors and FIU should be extended to all competent authorities in charge of the supervision of those obliged entities in accordance with other Union legal instruments, such as Directive (EU) 2013/36 32 , Directive (EU) 2014/49 33 , Directive (EU) 2014/59 34 , Directive (EU) 2014/92 35 and Directive (EU) 2015/2366 of the European Parliament and of the Council 36 . To ensure the effective implementation of this cooperation, Member States should inform the AMLA annually of the exchanges carried out.
(78) Cooperation with other authorities competent for supervising credit institutions under Directive (EU) 2014/92 and Directive (EU) 2015/2366 has the potential to reduce unintended consequences of AML/CFT requirements. Credit institutions may choose to terminate or restrict business relationships with customers or categories of customers in order to avoid, rather than manage, risk. Such de-risking practices may weaken the AML/CFT framework and the detection of suspicious transactions, as they push affected customers to resort to less secure or unregulated payment channels to meet their financial needs. At the same time, widespread de-risking practices in the banking sector may lead to financial exclusion for certain categories of payment entities or consumers. Financial supervisors are best placed to identify situations where a credit institution has refused to enter into a business relationship despite possibly being obliged to do so on the basis of the national law implementing Directive (EU) 2014/92 or Directive (EU) 2015/2366, and without a justification based on the documented customer due diligence. Financial supervisors should alert the authorities responsible for ensuring compliance by financial institution with Directive (EU) 2014/92 or Directive (EU) 2015/2366 when such cases arise.
(79) The cooperation between financial supervisors and the authorities responsible for crisis management of credit institutions and investment firms, such as in particular Deposit Guarantee Scheme designated authorities and resolution authorities, is necessary to reconcile the objectives to prevent money laundering under this Directive and to protect financial stability and depositors under the Directives 2014/49/EU and 2014/59/EU. Financial supervisors should oversee the performance of customer due diligence where the credit institution has been determined failing or likely to fail or when the deposits are defined as unavailable, and the reporting of any suspicious transactions to the FIU. Financial supervisors should inform the authorities responsible for crisis management of credit institutions and investment firms of any relevant outcome from the customer due diligence performed and of any account that has been suspended by the FIU.
(80) To facilitate such cooperation in relation to credit institutions, AMLA, in consultation with the European Banking Authority, should issue guidelines specifying the main elements of such cooperation including how information should be exchanged.
(81) Cooperation mechanisms should also extend to the authorities in charge of the supervision and oversight of auditors, as such cooperation can enhance the effectiveness of the Union anti-money laundering framework.
(82) The exchange of information and the provision of assistance between competent authorities of the Members States is essential for the purposes of this Directive. Consequently, Member States should not prohibit or place unreasonable or unduly restrictive conditions on this exchange of information and provision of assistance.
(83) Supervisors should be able to cooperate and exchange confidential information, regardless of their respective nature or status. To this end, they should have an adequate legal basis for exchange of confidential information and for cooperation. Exchange of information and cooperation with other authorities competent for supervising or overseeing obliged entities under other Union acts should not be hampered unintentionally by legal uncertainty which may stem from a lack of explicit provisions in this field. Clarification of the legal framework is even more important since prudential supervision has, in a number of cases, been entrusted to non-AML/CFT supervisors, such as the European Central Bank (ECB).
(84) The effectiveness of the Union AML/CFT framework relies on the cooperation between a wide array of competent authorities. To facilitate such cooperation, AMLA should be entrusted to develop guidelines in coordination with the ECB, the European Supervisory Authorities, Europol, Eurojust, and the European Public Prosecutor’s Office on cooperation between all competent authorities. Such guidelines should also describe how authorities competent for the supervision or oversight of obliged entities under other Union acts should take into account money laundering and terrorist financing concerns in the performance of their duties.
(85) Regulation (EU) 2016/679 applies to the processing of personal data for the purposes of this Directive. Regulation (EU) 2018/1725 of the European Parliament and of the Council 37 applies to the processing of personal data by the Union institutions and bodies for the purposes of this Directive. The fight against money laundering and terrorist financing is recognised as an important public interest ground by all Member States. However, competent authorities responsible for investigating or prosecuting money laundering, its predicate offences or terrorist financing, or those which have the function of tracing, seizing or freezing and confiscating criminal assets should respect the rules pertaining to the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, including Directive (EU) 2016/680 of the European Parliament and of the Council 38 .
(86) It is essential that the alignment of this Directive with the revised FATF Recommendations is carried out in full compliance with Union law, in particular as regards Union data protection law, including rules on data transfers, as well as the protection of fundamental rights as enshrined in the Charter of Fundamental Rights of the European Union (the ‘Charter’). Certain aspects of the implementation of this Directive involve the collection, analysis, storage and sharing of data within the Union and with third countries. Such processing of personal data should be permitted, while fully respecting fundamental rights, only for the purposes laid down in this Directive, and for the activities required under this Directive, such as the exchange of information among competent authorities.
(87) The rights of access to data by the data subject are applicable to the personal data processed for the purpose of this Directive. However, access by the data subject to any information related to a suspicious transaction report would seriously undermine the effectiveness of the fight against money laundering and terrorist financing. Exceptions to and restrictions of that right in accordance with Article 23 of Regulation (EU) 2016/679 and, where relevant, Article 25 of Regulation (EU) 2018/1725, may therefore be justified. The data subject has the right to request that a supervisory authority referred to in Article 51 of Regulation (EU) 2016/679 or, where applicable, the European Data Protection Supervisor, check the lawfulness of the processing and has the right to seek a judicial remedy referred to in Article 79 of that Regulation. The supervisory authority referred to in Article 51 of Regulation (EU) 2016/679 may also act on an ex-officio basis. Without prejudice to the restrictions to the right to access, the supervisory authority should be able to inform the data subject that all necessary verifications by the supervisory authority have taken place, and of the result as regards the lawfulness of the processing in question.
(88) In order to ensure continued exchange of information between FIUs during the period of set-up of AMLA, the Commission should continue to host the FIU.net on a temporary basis. To ensure full involvement of FIUs in the operation of the system, the Commission should regularly exchange with the EU Financial Intelligence Units' Platform (the ‘EU FIUs’ Platform’), an informal group composed of representatives from FIUs and active since 2006, and used to facilitate cooperation among FIUs and exchange views on cooperation-related issues.
(89) Regulatory technical standards should ensure consistent harmonisation across the Union. As the body with highly specialised expertise in the field of AML/CFT, it is appropriate to entrust AMLA with the elaboration, for submission to the Commission, of draft regulatory technical standards which do not involve policy choices.
(90) In order to ensure consistent approaches among FIUs and among supervisors, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission to supplement this Directive by adopting the regulatory technical standards setting out the criteria as regards appointment and functions of a central contact point of certain services providers, setting out benchmarks and methodology for assessing and classifying the inherent and residual risk profile of obliged entities and the frequency of risk profile reviews, laying down details of duties of the home and host supervisors, and the modalities of cooperation between them, specifying the general conditions for the functioning of the AML supervisory colleges and the operational functioning of such colleges, defining indicators to classify the level of gravity of breaches of this Directive and criteria to be taken into account when setting the level of administrative sanctions or taking administrative measures. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making. In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States' experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.
(91) In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission in order to lay down a methodology for the collection of statistics, establish the format for the submission of beneficial ownership information, define the technical conditions for the interconnection of beneficial ownership registers and of bank account registers and data retrieval mechanisms as well as to adopt implementing technical standards specifying the format to be used for the exchange of the information among FIUs of the Member States. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council 39 .
(92) This Directive respects the fundamental rights and observes the principles recognised by the Charter, in particular the right to respect for private and family life (Article 7 of the Charter), the right to the protection of personal data (Article 8 of the Charter) and the freedom to conduct a business (Article 16 of the Charter).
(93) When drawing up a report evaluating the implementation of this Directive, the Commission should give due consideration to the respect of the fundamental rights and principles recognised by the Charter.
(94) Since the objectives of this Directive, namely the establishment of a coordinated and coherent mechanism to prevent money laundering and terrorist financing, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale and the effects of the proposed action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.
(95) In accordance with the Joint Political Declaration of 28 September 2011 of Member States and the Commission on explanatory documents 40 , Member States have undertaken to accompany, in justified cases, the notification of their transposition measures with one or more documents explaining the relationship between the components of a directive and the corresponding parts of national transposition instruments. With regard to this Directive, the legislator considers the transmission of such documents to be justified.
(96) The European Data Protection Supervisor has been consulted in accordance with Article 42 of Regulation (EU) 2018/1725 [and delivered an opinion on ... 41 ].
(97) Directive (EU) 2015/849 should therefore be repealed,