Over the past three decades, the European Union has steadily improved its framework to fight money laundering and terrorist financing (AML/CFT). So far, the EU’s action has focused on the prevention, investigation and prosecution of these harmful practices. This article elaborates on the potential effects of the EU’s legislative proposals on industry players, and suggests that the EBA’s draft guidelines could serve as a first stepping stone to future legally binding measures.
In July 2021, the European Commission (EC) presented a package of legislative proposals constituting an ambitious set of measures to modernise the AML/CFT regime over the coming years. They are divided into six pillars (see Figure 1), of which three require legislative actions and the other three are already being implemented.
There are two key focal points for these legislative actions. The first is a proposal to turn parts of the existing AML Directive (AMLD) into a regulation which will therefore become directly applicable in the member states. The second is to implement EU-level supervision with an EU-wide AML authority, which will develop regulatory technical standards to improve harmonisation. The poster on the left summarises the key components of the legislative proposals and the surrounding context.
Key changes of the legislative proposals
Single EU rulebook introduces AML Regulation for sake of harmonisation
Pillar 2, establishing a single EU rulebook on AML/CFT, is reflected in legislative proposals 1, 2 and 3 (see Figure 2), also referred to as ‘the single EU rulebook’. The EU single rulebook on AML/CFT is changed by introducing an AML Regulation alongside the existing directive. This means there will now be a harmonised set of rules applying to all private parties in all EU member states, whereas the directive contains provisions (e.g., on national supervisors and FIUs) that subsequently need to be transposed into national law.
This change fits with the overall trend of harmonising rules to establish an EU digital single market and to minimise fragmentation that hinders ML/TF being tackled effectively. It is no surprise, therefore, that its content is aligned with the eIDAS Regulation and with the directive on combating money laundering through criminal law (implemented in June 2021).
Additionally, with legislative proposal 3 (see Figure 2) the Regulation on Transfer of Funds has been revised to include crypto assets and crypto-asset service providers (CASPs). This is in line with the activities covered in the proposed Regulation on Markets in Crypto Assets (MiCa).
Support and cooperation mechanism & supervision
Bringing about EU-level AML/CFT supervision and establishing a support and cooperation mechanism (legislative proposal 4, see figure 2) for FIUs is embodied in the new EU AML/CFT authority called AMLA. This new authority will be fully effective in 2026 and will:
- harmonise and ease implementation of the regulation by developing regulatory technical standards (RTS) that provide, among other things, for standard datasets required for identification, simplified CDD measures and criteria for suspicious transactions and PEPs
- supervise selected high-risk entities directly, replacing national supervisors
- enhance cooperation of FIUs.
The full rulebook, including the technical standards developed by AMLA, is expected to be in place and apply by the end of 2025.
EBA Guidelines on Remote Customer Onboarding
In the meantime, the EBA Guidelines on Remote Customer Onboarding (2022) seem to serve as a first steppingstone to the future legally binding Regulatory Technical Standards on CDD measures. The draft EBA guidelines were published in December 2021 and were open for consultation until 10 March 2021. When exactly the guidelines will enter into force depends on the feedback, iteration and translation process, but a rough estimate is late 2022/early 2023. Although the guidelines will not be legally binding, every competent authority and financial institution must make every effort to comply.
The guidelines set common EU standards on:
- the steps that financial operators should take to comply with AMLD obligations when performing the initial customer due diligence to onboard new customers using remote channels
- policies, controls and procedures that financial sector operators should put in place in relation to CDD when the CDD measures are performed remotely
- the steps financial sector operators should take when relying on third parties.
More specific details can be seen in Figure 3.
Impact on the industry: save time and money and be more effective
Financial institutions currently face differences in local implementations, as the AMLD has no direct applicability in the member states. This leads to confusion on the requirements, resulting in costly cross-border compliance processes, and making oversight complex for competent authorities.
Although it might require changes to current processes and solutions, this harmonised package of legislative proposals and guidelines will give industry players more clarity, ultimately making life easier and (cross-border) compliance less costly for them. Equally importantly, it will make the fight against money laundering and terrorist financing more effective.