Annexes to COM(2012)168 - Application of Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2012)168 - Application of Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering ... |
|---|---|
| document | COM(2012)168  |
| date | April 11, 2012 |
2.1. Applying a risk-based approach (RBA)
A risk-based approach enables a more targeted and focussed approach to assessing risks and applying resources to where they are most needed. The existing EU framework already contains elements which allow an RBA to be applied both by Member States, authorities involved in supervision, and by the institutions and persons responsible for applying AML/CFT rules (hereinafter referred to as "obliged entities").
The Directive leaves room for countries to design their own RBA and to decide on the degree of risk-based measures that may be applied by obliged entities. The Deloitte study reported that a wide diversity of national measures can complicate cross-border compliance, and that there is a lack of practical guidance available.
The new FATF standards broaden the application of the RBA. At national level, countries are obliged to identify, assess and understand ML/TF risks, and to apply resources to mitigate those risks. Countries need to ensure that higher risks are identified and mitigated, but may permit simplified measures for certain requirements when lower risk has been identified. The FATF acknowledges that AML/CFT risk assessments at a supranational level should be taken into account. The FATF also recognises that supervisors should apply a risk-based approach to supervision, based on their understanding of the ML/FT risks present in the country and within the entities they supervise. The FATF requires obliged entities to assess risks for customers, countries/geographic areas and product/services/transactions/delivery channels.
Consideration could be given to incorporating the following elements of the risk-based approach in the forthcoming revision of the Directive:
· National/supranational risk assessments: introducing obligations for Member States to conduct and update risk assessments, in line with the new FATF recommendations. A common approach between Member States might be considered in order to facilitate better coordination and more consistency, as well as the development of a supranational approach to risk assessments, where appropriate.
· RBA to supervision: the use of an RBA to supervision could be given more detailed recognition in the EU framework, including the need for supervisors to be aware of the risks faced by the entities they supervise. This might include provision of sectoral guidance. For example the AMLC[5] could be commissioned to provide guidance on issues affecting financial sector supervision.
· RBA applied by FIs and Designated Non Financial Businesses and Professions (DNFBPs): explicitly introducing a requirement that risk-based procedures designed by obliged entities are appropriate to the size and nature of the entity, and have to be documented, updated and available to competent authorities.
2.2. Criminalisation of ML/TF
The current approach towards criminalisation at EU level is based on Framework Decision 2001/500 of 26 June 2001[6], a former third pillar legal instrument. The 1990 Council of Europe Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism (updated in 2005)[7] also specifies ML and TF offences.
Article 1.1 of the Third AMLD requires Member States to ensure that ML and TF are prohibited. Criminalisation of these offences, a key requirement of the FATF standards, has largely been left to Member States to introduce via their legal systems.
Criminalisation at EU level could be envisaged. However, a revision of the Third AMLD, based on Article 114 of the Treaty, would not provide a suitable legal basis for such a criminalisation of ML/TF. Consideration could therefore be given to introducing an obligation for Member States to criminalise ML and TF in a specific instrument based on Article 83(1) TFEU, which was introduced by the Lisbon Treaty.
2.3. Scope
2.3.1. Serious crimes
The offence of money laundering (Article 1(2)) is committed when the proceeds of “criminal activity” are laundered. Article 3(5) sets out a range of “serious crimes” that are considered to be criminal activities. Beyond the listed offences, the Directive takes a general approach with respect to all other offences which carry a punishment of imprisonment based on a mixture of maximum and minimum thresholds[8].
The new FATF standards have included “tax crimes (related to direct taxes and indirect taxes)” as a predicate offence, but the FATF does not provide further guidance as to how this should apply.
Consideration could therefore be given to:
· Whether the existing "all serious crimes" approach remains sufficient to cover tax crimes;
· Whether tax crimes should be included as a specific category of "serious crimes" under Article 3(5); and/or
· Whether further definition of tax crimes is required.
2.3.2. Broadening the scope beyond the existing obliged entities
(a) The gambling sector: The Third AMLD includes “casinos” within its scope, but without providing any definition. The Directive also covers activities “performed on the Internet” (recital 14), thus also covering on-line casinos. Consultations have indicated general support in favour of a broader definition of gambling in the Directive, but with the precise scope to be determined on a risk-based basis at national level. Consideration could be given to capturing gambling activities which pose higher AML/CFT risks, while avoiding the imposition of an excessive burden on lower risk activities.
The Commission services are planning to adopt an action plan on on-line gambling in 2012 , and it will therefore be appropriate to ensure a consistent approach between any initiatives proposed to tackle money laundering in this sector and the revisions to the Third AMLD.
(b) Other types of financial agent: Over the course of consultations with Member States, some respondents suggested that the scope of the Directive be extended to all agents operating on behalf of FIs. Some suggested that there may be AML risks linked to the activities of financial agents. Consideration could be given to reflecting the role of agents either in their own right or within the obligations applied to FIs, in particular where they provide cross-border financial services (this issue is further addressed under Section 2.10 – supervision).
(c) National central banks: During consultations, it has been suggested that consideration should be given to explicitly applying the Directive to Central Banks by extending it in a way which takes into consideration the specificities of their operations, supervision, and the necessity of safeguarding their independence.
(d) Real Estate/Letting agents: Article 2(1)(3)(d) includes real estate agents in the scope of the Directive but does not define their activities. With respect to the activities of letting agents, there is evidence to suggest that this sector is also vulnerable to money laundering. The revised FATF standards are silent on this issue. During consultations with Member States, a suggestion was made to consider whether the Directive should apply explicitly to letting agents.
(e) Dealers in precious stones and metals: The general clause in Article 2(1)(3)(e) covering “any natural or legal person trading in goods, only to the extent that payments are made in cash in an amount of EUR 15 000 or more” covers dealers in precious stones and metals. There is also specific reference to them in Recital 18. The Commission has been made aware of concerns from some private sector stakeholders that criminals are taking advantage of the absence of Customer Due Diligence (CDD) in some Member States to launder the proceeds of crime in this sector.
Consideration could be given to whether measures might be needed to address the specific ML/TF risks in this sector.
(f) Exemptions: Article 2(2) of the Directive allows Member States to decide that legal and natural persons who engage in a financial activity on an occasional or very limited basis and where there is little risk of money laundering or terrorist financing occurring can be exempted from its scope. The revised FATF standards stipulate that transferring of money or value cannot benefit from such an exemption.
Consideration could be given to amending the Directive to take account of this revision.
2.4. Customer due diligence
The Third AMLD sets out requirements for customer due diligence ("CDD") on three levels: regular CDD, enhanced CDD ("EDD") and simplified CDD ("SDD"). Regular CDD imposes a duty on the obliged entity to identify and verify their customers and customers' beneficial owners, to understand the nature of the business relationship as well as to conduct ongoing monitoring. In the case of EDD, the obliged entity must take a number of prescribed further steps, albeit on a risk sensitive basis. SDD permits obliged entities to perform reduced customer due diligence measures for certain types of customer or business.
Regular CDD: the Deloitte study concluded that the main divergences in the application of the Directive concern the threshold established to require CDD measures for occasional transactions. Respondents to the Commission’s review process have requested a number of clarifications to the existing rules. Consideration could be given to:
· Reducing the €15,000 threshold in Article 7(b) in respect of occasional transactions;
· Reducing the €1,000 threshold for electronic fund transfers in Regulation 1781/2006;
· Harmonising the approach to identification and/or compiling a list of EU-wide recognised identity documents issued by Member States in order to facilitate customer identification/verification;
· Clarifying the obligations on both parties for third party reliance.
Enhanced CDD: a number of stakeholders have suggested that a more flexible approach could be applied as to when and which EDD measures need to be applied commensurate to the risks that are being addressed. For example, some Member States have asked for re-consideration of the approach whereby non face-to-face situations are automatically classed as high risk, and to ensure that the Directive appropriately takes account of new payment methods/new technologies. Consideration could be given to an approach which incorporates the FATF revisions, looking at types of factors that ought to be considered (e.g. customer risk, geographical risk and product, service or delivery channel risk factors), whilst recognising that risk is variable and the factors should not be considered in isolation.
Simplified Due Diligence: the EU framework provides that certain types of customer or product that present a lower risk of ML may be subject to an exemption from normal CDD requirements, although obliged entities are still required to conduct ongoing monitoring to detect unusual transactions. This approach has been criticised in some FATF Mutual Evaluation reports as, allegedly, constituting an absolute exemption rather than a simplified regime. A study carried out by the AMLC on SDD has found differences regarding the way it is applied in the different Member States. While some Member States grant their institutions a full exemption from CDD, others require them to demonstrate a minimum level of CDD measures.
The FATF standards permit countries to allow FIs to apply SDD measures “where the risks of money laundering or terrorist financing are lower…and provided there has been an adequate analysis of the risk by the country or by the financial institution.” The standards set out factors and examples of lower risk situations.
Consideration could be given to:
· Clarifying that SDD is not a full exemption from CDD;
· Whether the Directive should set out the risk factors that need to be taken into consideration when determining if SDD is appropriate, or whether it should provide specific examples of when SDD might apply;
· Whether further guidance on risk factors should be elaborated (for example by the AMLC in the case of the financial sector);
· Whether to specify (either in the Directive or via guidance) a minimum set of measures that have to be taken by the obliged entities in SDD situations;
· Introducing, in line with the new FATF standards, a risk-based approach with respect to whether or not to apply SDD when opening a business relationship with another FI licensed in the EU or treated as an equivalent third country.
2.5. Politically Exposed Persons (PEPs)
The Third AMLD defines “politically exposed persons” as natural persons who are or have been entrusted with prominent public functions and immediate family members, or persons known to be close associates, of such persons. Obliged entities are required to apply enhanced customer due diligence measures in respect of PEPs residing in another Member State or in a third country.
The FATF standards have introduced risk-based requirements for domestic PEPs, so that the new standards will apply different levels of obligation in respect of foreign and domestic PEPs, both as customers and beneficial owners of customers. According to FATF, PEPs are persons who have been entrusted with prominent public functions by foreign countries or domestically or by an international organisation. The requirements for foreign PEPs do not involve a residency requirement. The FATF has also introduced specific requirements to ascertain whether the beneficiary of a life insurance policy is a PEP.
Some stakeholders responding to the Deloitte survey considered that the definition of PEP is too broad. Difficulties have been reported relating in particular to the wide definition of family members and close associates. There are also issues related to the availability, cost and accuracy of information available from databases, as well as uncertainties as to how long a person needs to be in public function before he becomes a PEP, and whether the Directive's provision that a person ceases to be a PEP one year after leaving office adequately addresses the risk they potentially pose. In addition, there is some uncertainty as to whether the reference in the recital to the Directive that senior management approval includes “the immediate higher level of the hierarchy of the person seeking such approval” is sufficient, as this could entail a relatively junior member of staff.
There is also a recurrent claim from private stakeholders for supporting measures which might address the availability, reliability and cost of data available to obliged institutions on names/categories of PEPs, and the data protection considerations arising therefrom. The feasibility and appropriateness of such measures would have to be carefully assessed.
Consideration could be given to clarifying the Third AMLD and the implementing Directive[9] in order to take account of the FATF changes, e.g. by:
· Incorporating the new FATF provisions for domestic PEPs and PEPs in international organisations;
· Removing the residence criteria;
· Including provisions relating to life insurance;
· Clarifying that a risk-based approach should be applied to PEPs even beyond one year after they have left office;
· Clarifying the definition of “senior management”.
2.6. Beneficial ownership
This section takes the analysis beyond the issue of a threshold, and undertakes a broader examination of the other issues related to beneficial ownership in the Third AMLD.
2.6.1. The 25% beneficial ownership threshold
Article 43 of the Third AMLD requires the Commission to present a report to the European Parliament and the Council on the threshold percentages in Article 3(6), “paying particular attention to the possible expediency and consequences of a reduction of the percentage in points (a)(i), (b)(i) and (b)(iii) of Article 3(6) from 25% to 20%.”
Article 3(6) of the Third AMLD defines “beneficial owner” as the natural person(s) who ultimately owns or controls the customer and/or the natural person on whose behalf a transaction or activity is being conducted. Further clarification is provided on minimum requirements in case of corporate entities and in case of other legal entities and arrangements which administer and distribute funds. When the Third AMLD was agreed, a 25% threshold of ownership or voting rights or, in the case of administered funds, the beneficiary of 25% or more of the property, was deemed to be a sufficient threshold to regard a person as a “beneficial owner”, for AML/CFT purposes.
The Deloitte study concluded, on the basis of its survey of stakeholders and Member State authorities, that there were a significant number of stakeholders who would not favour lowering the threshold. It was felt that lowering the threshold would not bring significant advantages but would increase cost of compliance and administrative burden. The Commission has not received any further evidence of the need to modify the threshold.
The Commission will carefully consider whether it is appropriate to modify the 25% thresholds.
2.6.2. Beneficial ownership – implementation issues
The AMLC[10] has found that the way in which Member States determine how the threshold should be calculated differs. Certain Member States consider that the ultimate beneficial owner (“UBO”) is the person(s) who owns/controls at least 25% of the customer, whilst other Member States interpret the UBO as the person(s) that owns/controls at least 25% of the customer, or of any entity that owns at least 25% of the customer.
Other aspects of the definition give rise to uncertainties or different interpretations by Member States, in particular what “otherwise exercising control over the corporate entity” means in Article 3. These differences may pose difficulties and increase costs at group level when designing customer identification procedures and assessing customer risk. They may also affect the level playing field for FIs and DNFBPs across Member States. Effective implementation has also been hindered by uncertainty amongst private sector stakeholders as to the concept of “adequate” measures.
The revisions to the FATF standards set out an approach for identifying and verifying beneficial ownership, with measures aimed at finding a natural person with a controlling ownership interest, or (if none can be found or if there are doubts that the person with the controlling ownership interest is the beneficial owner) the natural person exercising control through other means. If the above steps result in no natural person being identified, then the identity of a natural person holding the position of senior manager should be identified. There has been broad support amongst Member States to following this approach, although there is general agreement that the final option (identification of a senior manager) should not be seen as a way of circumventing the need to understand who ultimately controls a legal person.
2.6.3. Availability of beneficial ownership information
The absence of public information about the beneficial owner is seen by some stakeholders as hindering the practical implementation of the requirements. Obliged entities, with support from civil society organisations, have made a strong plea for public support initiatives in this area. The European Commission's Internal Security Strategy has also highlighted this issue and suggested, "in the light of discussions with its international partners in the Financial Action Task Force, revising the EU Anti-Money Laundering legislation to enhance the transparency of legal persons and legal arrangements"[11].
The European Parliament’s Resolution of 15th September 2011 called for rules to “make the fight against anonymous shell companies in secrecy jurisdictions (…) a key element of the upcoming reform of the Anti-Money Laundering Directive”[12].
The new FATF standards require countries to ensure that there is a set of basic information available in business registries and/or held by the company itself. For legal arrangements, the standards recognise the role of the trustee as holder of the beneficial owner information and introduce a requirement for trustees to disclose their status when they engage with reporting parties.
2.6.4. Further considerations
Consideration could be given to introducing a number of changes into the Directive, for example:
· Clarifying the definition of the beneficial owner, in the light of the revisions agreed by the FATF and the AMLC's conclusions;
· Including, either into the AML Directive or in another existing legal instrument in the company law area, measures to promote the transparency of legal persons/legal arrangements.
2.7. Reporting obligations
Article 22(1) of the Third AMLD requires obliged entities and persons to promptly inform the FIU if there are reasonable grounds to suspect money laundering or terrorist financing. This should be done directly, or "promptly and unfiltered" via a self-regulatory body if a country has designated one in respect of certain non-financial professions. Article 35(3) of the Third AMLD requires Member States to ensure that, wherever practicable, timely feedback be given on suspicious transaction reports.
Some concern has been expressed as to the consistency of statistical data relating to suspicious transaction reports[13]. Eurostat has collected a considerable amount of information relating to key indicators from FIUs[14]. In addition, with respect to the filing of reports, a Commission Staff Working Paper[15] has clarified to which country's FIU they should be sent in cross-border situations.
Consideration could be given to introducing a number of clarifications and new provisions in the Directive:
· The new EU framework could reinforce the existing provisions requiring FIUs to provide timely generic feedback to reporting entities;
· Introducing an explicit role for self-regulatory bodies in the reporting process (e.g. establishing guidelines);
· Introducing an explicit requirement that reporting be done to the host country FIU;
· Clarification that in cases where Member States conclude that transmission of Suspicious Transaction Reports (STRs) is being filtered, they should actively consider requiring reporting to be made direct to the FIU.
· Reinforcing the requirement under Article 33 with respect to statistical data in order to ensure more comprehensive and comparable statistics.
2.8. FIUs
Article 38 of the Third AMLD establishes a role for the Commission to facilitate coordination between FIUs, but does not otherwise deal with FIU cooperation.
The current framework for FIU Cooperation is based around a Council Decision dating back to 2000[16]. Discussions at the FIU platform[17] have revealed a number of shortcomings with the existing arrangements: cooperation on terrorist financing is not foreseen in the Decision and past international events have brought to light difficulties for FIUs to cooperate on the basis of lists of designated persons, or to take action before an STR has been filed. Practical experience has demonstrated the types of problems that result from different interpretations about the legal basis granted by the Decision to undertake specific types of cooperation, such as the automatic exchange of information when links are found with another Member State. Some of the problems in exchanging information stem from the different powers that FIUs have at national level, including the possibility to access information, and this has consequences for the effectiveness of cooperation.
The Stockholm Programme for 2010-2014[18] calls on the Commission and Member States to “further develop information exchange between the Financial Intelligence Units (FIUs)” in order to tackle corruption and economic crime.
Consideration could be given to taking into account recent developments at the FATF with respect to FIUs, where some of the relevant changes include clarifying that FIUs should be able to access the information obtained by any obliged entity to comply with AML/CFT requirements, that countries should have mechanisms in place to identify in a timely manner whether natural or legal persons hold or control accounts and that a request for cooperation should trigger the same powers as for an STR filed domestically. In the specific context of the EU, consideration could be given to reinforcing EU FIU cooperation beyond the international standards, harmonising powers available to FIUs at national level and to taking on board work which is currently being developed in this respect by the EU FIU Platform. Consideration could also be given to integrating provisions concerning FIU Cooperation into the future AML Directive.
2.9. Group compliance
Article 34 of the Directive requires obliged persons and institutions to establish “adequate and appropriate” AML/CFT risk management policies and procedures.
In their 2009 Working Paper[19], the Commission services reported that FIs operating in a cross-border context have generally chosen to develop an AML policy at group level, especially within the EU. The new FATF standards introduce a requirement (which largely mirrors work carried out by the Basel Committee on Banking Supervision) that financial groups implement group-wide programmes against money laundering and terrorist financing, including policies and procedures for sharing information within the group.
Consideration could be given to incorporating new requirements into the Directive, taking into account that the current Directive already contains a number of underlying assumptions of group level compliance in Articles 31(1) and 34(2). Additional clarifications might also be considered in order to address problems identified in the Commission Staff Working Paper, as follows:
· The notion of “group” is currently only incorporated in Article 28(3), providing for exemptions to the prohibition of disclosure of the fact that an STR has been filed or that a ML/TF investigation is being carried out. A definition of “group” could be incorporated into Article 3 to allow a broader scope of application;
· Introducing an explicit possibility of allowing intra-group flows of information on potentially suspicious transactions prior to the filing of a report, while respecting data protection obligations;
· The possibility of allowing information flows to the auditors of the Head Office. Independent auditors do not fall within the definition of “group”, and therefore would not benefit from the exemption in Article 28(3).
2.10. Supervision
Article 37 of the Third AMLD obliges Member States to require competent authorities to monitor and take measures to ensure compliance with the requirements of the Directive by obliged persons and institutions.
The Commission Staff Working Paper[20], although it deals with AML supervision of and reporting by payment institutions, has wider implications with respect to home/host issues in other areas. The Commission's paper clarifies how the host state AML rules should be complied with, in particular with respect to:
· Allocation of supervisory powers between home and host authorities;
· The preventative and enforcement powers of host state authorities;
· The ability, subject to the condition of proportionality, of host state authorities to impose an obligation for a super-agent/central contact point for agents, or to have a compliance officer on their territory.
The AMLC is working on its own protocol which will give practical application to the Commission's clarifications.
Consideration could be given to introducing further clarifications into the new Directive, as well as to clarifying the articulation between the passporting provisions in the Payment Services and E-Money Directives on the one hand, and the compliance with host state AML rules on the other. Clarification could be given to how AML supervisory powers apply in cross-border situations, for example, stipulating that the host authority should have ability to impose sanctions, including termination of activity where CDD procedures are not sufficiently implemented, or through provisions which place the onus on co-operation, information sharing and delegation of responsibilities. Finally, consideration could also be given to introducing provisions in the new Directive addressing cooperation between authorities.
2.11. Self-Regulatory Bodies
Article 37(5) of the Third AMLD allows self-regulatory bodies in certain sectors (auditors, external accountants, tax advisors, notaries and other legal professionals) to monitor and ensure compliance with AML requirements, while Article 23 allows the designation of an appropriate self-regulatory body to channel suspicious reports to the Financial Intelligence Unit.
The FATF standards recognise the role of self-regulatory bodies, provided that such an organisation can ensure that its members comply with their AML/CFT obligations. The standards include the possibility that such bodies could also establish guidelines and provide feedback on how to apply national measures, in particular with respect to reporting suspicious transactions. Over the course of the Commission's consultations, some Member States have questioned the appropriateness of continuing to task self-regulatory bodies with such functions.
Consideration could be given to whether self-regulatory bodies should continue to be tasked with ensuring compliance with AML standards, or whether their role needs to be further defined, for example by explicitly tasking them to provide guidance on AML compliance and reporting, in line with the FATF standards. It has also been suggested, in the course of the Commission's consultations, that consideration might be given to the possibility of extending the Directive’s provisions to allow professional bodies in the real estate sector to also take on responsibilities for AML monitoring and ensuring compliance, provided that they meet the conditions set out in Article 37(2) of the Third AMLD.
2.12. Third Country Equivalence
The Third AMLD allows lighter CDD measures to be applied in the case of FIs situated in EU/EEA countries. These lighter measures are extended to institutions situated in third countries which impose AML requirements considered to be "equivalent" to those laid down in the Directive. Article 11(4) of the Third AMLD contains an obligation for Member States to inform each other and the Commission of cases where they consider that a third country meets EU AML/CFT standards. In order to co-ordinate their approach on equivalence, Member States have agreed on a regularly updated list of "equivalent third countries" in accordance with a Common Understanding on the Procedures and Criteria for the Recognition of Third Countries' Equivalence[21].
The Third AMLD does not mandate the European Commission to establish a binding “positive” list of equivalent third countries. The assessment of third country equivalence remains a Member State competence. The Commission plays a facilitating role in this process, and, should the system be maintained, is committed to ensuring a credible and transparent process for the establishment of the third country list. Given the move towards a risk-based approach, some Member States have queried whether it will still be appropriate, in the new Directive, to maintain the concept of equivalence.
Consideration could be given to ascertaining:
· whether an equivalence regime is needed in the new Directive, in light of the increasing move towards a risk based approach;
· whether the process of establishing equivalence "lists" is still needed, and if so, whether there is a role to be played at EU level (e.g. prescriptive approach to be set out in the Directive, maintaining the existing intergovernmental approach, mandating the AMLC with work in this area, etc.);
· whether it is still appropriate to maintain a provision in the Directive (currently Article 40(4)) on "black listing", given that this has never been used;
· whether a coordinated approach at EU level might be needed in order to coordinate measures in response to the FATF listing process.
2.13. Administrative Sanctions for Non Compliance with the Directive
Article 39(2) of the Third AMLD obliges Member States to impose appropriate administrative measures or sanctions against FIs for infringements of national provisions which stem from the Directive. The measures and sanctions must be effective, proportionate and dissuasive.
The Deloitte Study concludes that all Member States have implemented a national sanctioning regime applicable in cases of non-compliance with the provisions of the Directive, and that such sanctions are applied in practice. However, the study also remarks that “the variety in national penalty regimes is so large that it is not possible to compare penalties through all Member States”.
Consideration could be given to following an approach similar to the one set out in the Commission's Communication “Reinforcing sanctioning regimes in the financial sector”[22], which would involve a greater harmonisation of the sanctioning regime by proposing a set of minimum common rules to be applied to key aspects of the sanctioning regime.
2.14. Protection of Personal Data (DP)
Most private stakeholders believe that there is a need to ensure better interaction between AML and personal data protection obligations. A study[23] done in 2008 by the FIU-Platform sought to identify possible convergence points as well as areas where difficulties might need to be reconciled between the respective legislation. The 2009 Commission Staff Working paper[24] concluded that the interaction of AML rules with national data protection rules appeared to be a main factor impacting bank's AML policies at group level and hindering effective intra-group transfer of information.
In June 2011, the Article 29 Working Party on Data Protection issued its "Opinion 14/2011"[25]. The Opinion addresses the interaction between AML and personal data protection provisions at a much wider level than the mere transfer of information, and calls for more detailed consideration of DP issues in the AML/CFT legislation to provide for effective data protection compliance. In particular the Opinion calls for “push” data sharing schemes, privacy assessments of the model of global risk management and introduction of data protection officers by different bodies or entities involved in AML/CFT and favouring segmented risk management at local level. It also calls for the establishment of clear and precise data retention periods in the AML/CFT legislation. Some elements of the opinion are reflected in the recently published proposals to update the EU's Data Protection legislation[26].
Consideration could be given to introducing, in the revised Directive, clear and balanced rules which set out how personal data should be handled in order to enable effective AML/CFT compliance while respecting fundamental rights. In line with the aforementioned developments in the data protection field, more detailed provisions might be needed to take into account, among other things, the principles for personal data processing, to grant a legal basis both for such processing and for the proportionate restriction of the rights of the data subject when necessary to achieve the goals of the AML/CFT Directive, provided there are adequate safeguards and that there is consistency with data protection acquis. In addition, consideration could be given to fostering further interaction between AML regulators and data protection supervisory authorities to reach a balanced application of the rules.
3. Commission's assessment of the Directive's treatment of lawyers and other independent legal professionals
Article 42 of the Third AMLD requires the Commission to present a report to the European Parliament and the Council which includes a specific examination of the treatment of lawyers and other independent legal professionals.
Under the Directive, notaries and other independent legal professionals are broadly within scope, subject to an exemption which Member States may apply on the obligation to report suspicious transactions by virtue of Article 23(2), in respect of “information they receive from or obtain on one of their clients, in the course of ascertaining the legal position for their client or performing their task of defending or representing that client in, or concerning judicial proceedings.” In addition, Article 23(1) allows for the designation of “an appropriate self-regulatory body of the profession” to, in the first instance, receive STRs instead of sending them directly to the FIU. In such a case, the self-regulatory body has the responsibility of forwarding the information to the FIU “promptly and unfiltered”.
3.1. Professional secrecy
According to information available to the Commission, all Member States have opted to include the exemption of Article 23(2) of the Directive in their national legislation in relation to lawyers, but without precise description of when reporting outweighs client confidentiality. This situation creates some anxiety from legal professions, who regularly express concerns that the obligations imposed by the Directive allegedly violate the lawyer's obligation of professional secrecy and the fundamental right to a fair trial and a fair defence.
The European Court of Justice has ruled on this issue[27]. Although the judgement concerned Directive 91/308/CEE, the main findings of the Court remain valid for the Third AMLD. Based on this ruling, it can be considered that the AML obligations imposed on legal professionals do not infringe the right to a fair trial as guaranteed by Article 47 of the EU Charter of Fundamental Rights and Article 6 of the ECHR.
Indeed, the obligations in the Directive apply to legal professionals only in so far as they advise their client in the preparation or execution of certain transactions, essentially those of a financial nature or concerning real estate (Article 2(1)(3)(b)), or when they act on behalf of and for their client in any financial or real estate transaction. As a rule, the nature of these activities is such that they take place in a context with no link to judicial proceedings and, consequently, such activities fall outside the scope of the right to a fair trial.
On the other hand, as soon as a legal professional acting in connection with a real estate transaction is called upon for assistance to defend the client or to represent them before the courts, or for advice as to the manner of instituting or avoiding judicial proceedings, they are exempted, by virtue of the second paragraph of Article 9(5) and of Article 23(2) of the Directive, from the requirements under the first paragraph of Article 9(5) and from the information and cooperation obligations under Article 23(1) of the Third AMLD. This safeguards the right of the client to a fair trial.
As to the implementation of the third AMLD, the right to a fair trial should be protected in all applicable situations through sufficiently detailed and clear national rules to allow legal professionals to distinguish between the situations where the reporting obligation applies and the situations where it does not.
When preparing its revision to the Directive, the Commission will, subject to consultation of the relevant stakeholders, give consideration to this issue in its impact assessment, and in particular to the impact on fundamental rights, in line with the existing policy[28].
3.2. Suspicious transaction reports (“STR”s)
The Deloitte study found that levels of reporting of suspicious transactions by some non-financial professions (in particular lawyers) are low compared to those of FIs. The issue of under-reporting in some jurisdictions remains a concern, and consideration could be given to ways to improving levels, as set out in Section 2.7 above.
3.3. Definition of transaction
Article 2 (1) (3) (b) sets the scope of the Directive to apply to “notaries and other independent legal professionals, when they participate, whether by acting on behalf of and for their client in any financial or real estate transaction, or by assisting in the planning or execution of transactions for their client” concerning a number of listed activities (buying and selling of real estate, managing client money, etc). Lawyers' representatives have queried which “transactions” are covered, and consideration could be given to a possible clarification in this respect.
3.4. CDD measures
Lawyers’ representatives have called for the possibility of allowing the fulfilment of CDD requirements within a reasonable time frame and not always at the start of the relationship as required in Article 7. The FATF standards[29] require identification and verification to be carried out at the start of a business relationship, although countries may permit verification to take place as soon as practicable afterwards if the ML and TF risks are effectively managed and if it is essential not to interrupt the normal conduct of business. A similar provision already exists in Article 9 of the Third AMLD, and this is a matter for Member State discretion.
There have also been suggestions to remove the requirement to provide “on request” information on the identity of beneficial owners in the case of pooled accounts held by notaries and other independent legal professionals (Article 11(2)(b)). However, the new FATF standards have removed the reference to pooled accounts as examples of low risk scenarios. Consideration will need to be given on how to reflect the treatment of pooled accounts in the new EU Directive.
* * *
The above findings would appear to suggest that it may not be necessary to fundamentally revise the treatment of lawyers in the new Directive. However, it may be appropriate to give further consideration to the under-reporting of STRs.
4. Conclusion
This report sets out the various issues raised by the Commission's review of the Third AMLD, the revisions of the FATF Recommendations, and the Directive's clauses that require the Commission to report to the European Parliament and the Council. Generally, the existing framework appears to work relatively well, and no fundamental shortcomings have been identified which would require far-reaching changes to the Third AMLD.. The Directive will have to be revised in order to update it in line with the revised FATF Recommendations. In this context, one issue that will need to be considered is the level of harmonisation of the future EU framework. An important challenge for the future will be to focus efforts on improving the effectiveness of the rules. This is an area of work that the FATF is currently developing.
The Commission invites comments to the issues raised and the likely impact, including impacts on fundamental rights as guaranteed by the Charter of Fundamental Rights of the EU[30], of any possible changes to the Third AMLD by 13 June 2012. Stakeholders are invited to send their comments to the following email address: MARKT-AML@ec.europa.eu
Comments will inform the legislative proposals that will be put forward later this year to revise the Directive. The responses received will be available on the Commission website unless confidentiality is specifically requested, and the Commission will publish a summary of the results of the consultation
* * *
Annex: Cross-border Wire Transfers
Although the regulation of cross-border wire transfers falls outside the scope of the third AML Directive, it forms an important element of the FATF standards. The EU has fully implemented the existing FATF standards via a separate Regulation[31]. and, in order to respond to its obligations under the review clause in Article 19 of the Regulation, a study on the application of the regulation is under preparation. The results of this study will be taken into account in the future proposal to implement the recent changes to the FATF Recommendations. The new FATF standards in particular include a requirement to include information about the beneficiary in wire transfers, as well as an explicit obligation to take freezing action with respect to UN Resolutions.
In particular, the study will gather evidence about how the Fund Transfers Regulation (1781/2006) is working in Member States, and any problems which have arisen, and will provide recommendations as to what improvements might be made.
The Commission will ensure that the introduction of new EU rules on fund transfers are synchronised with the revision of the Third AMLD.
[1] The Directive is part of a broader set of legislative measures aimed at the prevention of money laundering and terrorist financing, including Regulation 1781/2006 (information on the payer accompanying transfers of funds), Regulation 1889/ 2005 on controls of cash entering or leaving the Community, Council Decision 2000/642 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information, as well as EU legal instruments on the freezing of assets.
[2] http://www.fatf-gafi.org/dataoecd/49/29/49684543.pdf
[3] Final Study on the Application of the Anti-Money Laundering Directive, Deloitte, December 2010, http://ec.europa.eu/internal_market/company/docs/financial-crime/20110124_study_amld_en.pdf
[4] In addition, 2 private sector stakeholder meetings were organised in 2011.
[5] The Joint Committee of the European Supervisory Authorities´ Sub Committee on Anti Money Laundering (AML Committee, AMLC) assists the European Supervisory Authorities in a supervisory capacity, to ensure a consistent implementation of the EU law.
[6] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2005:068:0049:0051:en:PDF
[7] http://conventions.coe.int/Treaty/EN/Treaties/html/198.htm
[8] Article 3(5)(f)
[9] Commission Directive 2006/70/EC
[10] Report on the legal, regulatory and supervisory implementation across EU MS in relation to Beneficial Owner Customer Due Diligence requirements under the Third Money Laundering Directive 26 September 2011.
[11] Commission Communication: "The EU Internal Security Strategy in Action: Five steps towards a more secure Europe", COM (2010)673 final.
[12] European Parliament Resolution of 15 September 2011 on the EU's efforts to combat corruption
[13] Art. 33 of the Third AMLD sets out the minimum statistical requirements that Member States are obliged to collect.
[14] See Eurostat Working Paper Money Laundering in Europe, http://epp.eurostat.ec.europa.eu/cache/ITY_OFFPUB/KS-RA-10-003/EN/KS-RA-10-003-EN.PDF
[15] Commission Staff Working Paper on Anti-money laundering supervision of and reporting by payment institutions in various cross-border situations, SEC(2011) 1178 final, 4.10.2011, http://ec.europa.eu/internal_market/company/docs/financial-crime/20111104-paper_en.pdf
[16] Council Decision 2000/642/JHA of 17 October 2000 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information.
[17] The “EU Financial Intelligence Units’ Platform” was set up in 2006 by the European Commission,. It gathers Financial Intelligence Units from the Member States. Its main purpose is to facilitate cooperation among the FIUs. .
[18] (2010/C 115/01). Official Journal of the European Union 4.5.2010
[19] Commission Staff working paper on “Compliance with the AML Directive by cross-border banking institutions at group level” SEC (2009) 939 of 30 June 2009. http://ec.europa.eu/internal_market/company/docs/financial-crime/compli_cbb_en.pdf.
[20] See footnote 15.
[21] http://ec.europa.eu/internal_market/company/docs/financial-crime/3rd-country-common-understanding_en.pdf
[22] Reinforcing sanctioning regimes in the financial services sector, COM (2010) 716 final, 8 December 2010, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0716:FIN:EN:PDF
[23] Report on Confidentiality and data protection in the activity of FIUs, http://ec.europa.eu/internal_market/company/financial-crime/index_en.htm#fiu-report-money
[24] See footnote 20.
[25] Opinion 14/2011on data protection issues related to the prevention of money laundering and terrorist financing, 01008/2011/EN, WP 186, 13 June 2011, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp186_en.pdf
[26] See the Commission's data protection proposals (COM(2012) 11 final) and (COM(2012) 10 final). http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm.
[27] ECJ C305/05, Ordre des barreaux francophones et germanophone et al. V Conseil des Ministres, Para 33, Judgement of the Court, 26 June 2007.
[28] Strategy for the effective implementation of the Charter of Fundamental Rights by the European Union (COM (2010) 573).
[29] Recommendation 11 (ex 10)
[30] Strategy for the effective implementation of the Charter of Fundamental Rights by the European Union (COM 2010, 573 final) .
[31] Regulation 1781/2006 on information on the payer accompanying transfers of funds, 15 November 2006,