Guest blog by David K Moore, Financial Crime Consultant
The Fourth Money Laundering Directive (4MLD) took affect on 26th June 2017. It seeks to strengthen the AML regime across the European Union by incorporating the updated/improved standards of the Financial Action Task Force which include: Risk Based Approach; Customer Due Diligence (CDD); Politically Exposed Persons (PEPs); Beneficial Owners (BOs); Reliance on Third Parties; Record Keeping. All sectors are affected by this.
Risk Based Approach
The key improvement is the introduction of Risk Assessments. These are formal, must be kept up to date, and may be requested to be viewed by the regulator. They must include AML and CTF risks and take into account the following factors: customer type, geographical area of operation, product types, services offered, transaction types and volumes, access/delivery channels utilised.
Senior management must ensure that systems and controls around this are effective and proportionate and must give formal approval. They should include: Risk Management Practices, CDD, Reporting, Record Keeping and Internal Controls.
Customer Due Diligence
Simplified Due Diligence (SDD) are still allowed and there are several factors outlined in the most recent draft version of JMLSG to help determine whether they can be applied. If SDD is to be used, the circumstances must be reviewed regularly and the customer must be re-verified if the risk rating changes.
Casinos must now carry out due diligence when a customer carries out a transaction (stake or winnings) >=EUR2000 and, for those dealing in goods, due diligence must be performed for transactions =>EUR10000.
Ongoing transaction monitoring is now essential for all firms to ensure that transactional behaviour is in line with expectations. There are several references to this in Chapter 5 of the revised JMLSG guidelines.
The definition of PEPs has been widened to include both domestic and foreign PEPs. This means that all domestic PEPs need to be assessed in addition to relatives and close associates. Peps will always be subject to Enhanced Due Diligence (EDD) measures and senior management approval is required before a business relationship is entered into.
Previous regulation stated that BOs must have >=25% controlling interest but the 4AMLD does not prescribe a level of ownership. The JMLSG retains the 25% unless there is nobody with that level of influence in which case the firm must decide for themselves.
A central register of beneficial owners is set up at Companies House entitled ‘People with Significant Control’ (PSC). Whilst this can be used as part of the identification / verification process, it cannot be used in isolation.
For trusts, the firm must identify the settlor, the trustees, the beneficiaries and any person who has control over the trust.
Reliance on Third Parties
Firms are entitled to rely on third parties to assist in the CDD process but these must not be from a high risk country. Member organisations and federations of obliged entities are now included. The responsibility for meeting to CDD requirement still remains with the firm that makes the request.
The revised JMLSG guidance notes (8.12A) state that all personal data must be deleted 5 years after the business relationship ends unless there is specific consent to retain or on a legal order.
Implications of Non Adherence
Failure to comply with Money Laundering Regulations could lead to a prison sentence of up to 2 years and/or a fine based upon the assessed value of the breach. Other measures available to the regulatory authorities include naming and shaming, banning of individuals and/or withdrawal of authority.