Blog

AMLD5 – Regulations catching up with Technology

James Efron
October 15, 2019
7 minutes read
6421

In this era of technology, it is a common saying that “Innovation leads and regulation follows.” This couldn’t be any truer with the adoption of the Fifth Anti-Money Laundering Directive (AMLD5) by the European Union. AMLD5 is basically an extension of the previous iteration – AML4. Both of these directives are to tackle and control the on-growing power and risks associated with the use of technology by criminals.

Moving into the fourth industrial revolution, businesses are completely under the limelight of technology. Of course, the criminal world is also taking advantage of technology to carry out their operations more effectively and anonymously. This drives the attention of government and regulatory agencies to come up with stricter directive for businesses to curb criminal activities.

The aim behind the introduction of AMLD5 is to prevent money laundering, terrorist funding and illicit transfer of money throughout the financial industries of the EU. The same was the goal statement of AMLD4 but in some ways, AMLD5 is more advanced and covers some further aspects. It includes a better definition of the virtual currencies, the changes and the information-sharing policies that are required to combat crimes related to prepaid cards and financial institutes.

From AMLD4 to AMLD5

Previously AMLD4 tackled the risks by making it mandatory for “obliged entities”- banks and financial institutions – to meet KYC and due diligence requirements. Also, the companies operating within the EU were obliged to maintain central registers of their ownerships. According to the European central bank, AMLD4 didn’t go far enough to curb the risks posed by criminal transactions and money laundering.

The main reason was the recent terrorist attacks throughout Europe. Moreover, the Panama papers scandal in 2016 followed Paradise Papers publications in 2017 made it a top agenda for the regulators to come up with a more efficient directive. These papers provided insight to the government into the ways politicians and wealthy-beings can exploit tight-lipped offshore tax regimes. These incidents created a huge fuss around the world questioning the credibility of country regulations.

Taking into account these issues, the updated framework of the 4th Anti-Money Laundering Directive – AMLD5 came into force in July 2018 which is to be implemented from January 2020. It doesn’t contain any new sets of rules, instead, they are just an extension of the previous ones. The fifth AML directive intends to bring boundless transparency in business activities and company ownership within the EU.

Multiple amendments posed by AMLD5 in the fourth directive. These extensions are to strengthen the policies to deter money laundering due to new technology advancements. AMLD5 not only proposes the public registry for beneficial owners of obliged entities, but it also addresses the significant risks associated with virtual and cryptocurrencies.

The Obliged Entities and Requirements

The fifth AML directive covers various entities that include:

Financial Institutions – MiFID firms, insurance companies, collective investment schemes.
Estate Agents
Credit Institutes
Providers of virtual currencies
Prepaid cards
Legal Professionals, Auditors, Tax Advisors, and external accountants
Trust, or company service providers
Person trading in goods (involving cash payments in amounts of €10,000 or more)

The most important requirement of AMLD5 is requiring the obliged entities to implement the beneficial ownership registry. It is essential for state members to collect and maintain accurate and current information about the legal entities – as described in AMLD4. In order to meet this requirement, the obliged entities that are operating in the EU must have Know your Customer (KYC) information, in addition to beneficial ownership information, readily available with all the planned procedures.

Enhanced Due Diligence:

Undoubtedly, the beneficial ownership registry is the primary level of customer due diligence. However, with the implementation of AMLD5, the obliged entities will have to adopt Enhanced Due Diligence (EDD) requirements. The EU-based banks are compelled to perform EDD every time they enter into transactions from high-risked third countries as defined by the European Commission. This requirement is to diminish the potential of doing business with criminal organizations.

The process of enhanced due diligence involves the collection of additional information about the customer, the screening and the completion of risk assessment. The risk rating strategies must involve the risk factors that may be responsible for updating the KYC policies and Procedures. For example, technology is the major risk factor and the manual KYC process is needed to be digital.

After the completion of the risk rating process, the entities must ensure the automatic delivering of data to national authorities and providing them access to information. Enforcement of AMLD5’s EDD requirement on EU-based entities doesn’t mean that their clients must also follow them. But if a bank in Europe adopts stringent EDD requirements, then the associated entities are required to ensure that they are complying with AMLD5 requirements along with their regional regulations.

The Significant Changes in the Regulation:

Though AMLD5 is an extension of AMLD4 regulations but there are some key changes that are highlighted in this directive, it includes:

1. Virtual Currencies

The virtual currencies like Bitcoin possess the transparency feature, i.e. the individuals involved with them tend to stay anonymous. It is both the weakness and strength of the organizations as well. The weakness because of the involvement of money launderers and cybercriminals. AMLD5 clearly states that virtual currency exchange platforms must have to apply Customer Due Diligence(CDD) just like traditional financial institutes.

It includes all the KYC and customer verification requirements. Moreover, customers have to get registered. All these requirements are to combat money laundering and criminal funding that takes place through these platforms.

2. Letterbox Companies

Under the new AMLD5 regulations, anyone will be able to access information about the real owners of “Letterbox” Companies that are operating in the EU. These companies are considered the hub of corruption, money laundering and transnational organized crime. This change in the directive can reveal the corruption and tax evasion that may be taking place in the companies.

Moreover, with the central beneficial owner registry will be available for individuals with a ‘legitimate interest’, for example, an investigative finding out the owners of trusts and companies.

3. Prepaid Cards

AMLD5 has called for a reduction in the threshold of anonymous prepaid cards – from €250 to €150. This new arrangement is to combat the criminal activities that might be taking place through these cards. While prepaid cards generally have legitimate uses, the anonymous cards are readily used in money laundering and terrorist funding.

The banks and other financial institutions are obliged to conduct CDD against the prepaid cardholder if the payments exceed a defined threshold. Moreover, as per AMLD5 regulations, the use of prepaid cards – that are issued outside EU territory – will be prohibited unless they follow AMLD5 regimes

Notable Challenges for Businesses in adopting new Standards

Until now, though the businesses used to comply with AML regulations but didn’t have to take that much notice of AML directives as they will have to do now. Previously, financial institutions and tax advisors were the major entities meeting AML compliance. However, with the introduction of AMLD5, now the virtual currency exchange platforms, prepaid cards, and custodian wallets will also have to obliged to new standards and regulations.

The obliged entities have to comply with Customer due diligence, monitoring the virtual currencies transactions and keeping a tight rein on customer activities that they might find suspicious. The major challenge for businesses is that from onboarding customers to ongoing documentation, they have to keep the data up-to-date and share customer information with anti-money laundering authorities.

Moreover, businesses will need to make sure that all the staff members have proper knowledge of the AML directives and follow the standards accordingly. It will cost businesses in training their employees. As the date of implementation of AMLD5 is approaching near, the time to incorporate all these new standards and rules is shortening – another challenge for the businesses.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
HKMA Issues Guide for Regtech Adoption in Customer Monitoring
From AMLD4 to AMLD5
The second guide published by the HKMA will allow banks to test their internal measures and infrastructure capabilities for the adoption of Regtech solutions.

As part of a two-year roadmap, the Hong Kong Monetary Authority (HKMA) has published its second issue, the Regtech Adoption Practice Guide, to promote the adoption of regtech solutions in the banking sector. The new issue follows the first guide, which focused on the adoption of cloud-based regtech solutions.

In January, the HKMA published case studies that highlighted the benefits of adopting regtech solutions, particularly for meeting Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) compliance targets.

The new guide adds to the previous publication and focuses more on the benefits of adopting regtech solutions in the area of customer monitoring – a task that is necessary for banks to perform to stay AML/CFT compliant.

The guide states that these solutions are of the essence, as manual processes are becoming a thing of the past. Additionally, regtech solutions can enable banks to stay up-to-date and collect necessary information related to customers and their transactions.

“This information is essential to understanding whether the purpose and intended nature of the customer’s activities are commensurate with its risk profile and the nature of the business relationship”, the guide states.

The HKMA adds that while the adoption of advanced technologies such as machine learning and cognitive solutions is still in its emergent stage, they are the prime areas of growth.

HKMA Issues Guide for Regtech Adoption in Customer Monitoring – Regulation Asia: HKMA Issues Guide for Regtech Adoption in Customer Monitoring Regulation Asia https://t.co/GdiOxrrPNY pic.twitter.com/I6UF1tJGRc

— Financely (@financelygroup) July 27, 2021

The Guide also highlights the major bottlenecks and pain points that banks face during customer monitoring, which regtech solutions can easily address. Key developments in the industry and possible regtech applications are also outlined.

The Guide consists of practical guidelines that banks can follow to automate ongoing monitoring of customers.

The Regtech Adoption Practice Guide can be viewed here.

Suggested Read: RegTech facilitates effortless AML Compliance

AMLD5 – Regulations catching up with Technology

From AMLD4 to AMLD5

The Obliged Entities and Requirements

The fifth AML directive covers various entities that include:

Enhanced Due Diligence:

The Significant Changes in the Regulation:

1. Virtual Currencies

2. Letterbox Companies

3. Prepaid Cards

Notable Challenges for Businesses in adopting new Standards

Why is the Indonesian PDP Law Important?

Who Does it Apply to?

Key Takeaways of the PDP Law

1- Personal Data Definition and Categories

2- Rights of Personal Data Owners

3- Identification of Key Roles

4- Appointment of a Data Protection Officer

5- Transfer of Personal Data

6- Administrative and Criminal Sanctions

How To Maintain Compliance with the Personal Data Protection Bill

Summing it up

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.

AMLD5 – Regulations catching up with Technology

From AMLD4 to AMLD5

The Obliged Entities and Requirements

The fifth AML directive covers various entities that include:

Enhanced Due Diligence:

The Significant Changes in the Regulation:

1. Virtual Currencies

2. Letterbox Companies

3. Prepaid Cards

Notable Challenges for Businesses in adopting new Standards

What is Personal Data Privacy?

Why is the Indonesian PDP Law Important?

Who Does it Apply to?

Key Takeaways of the PDP Law

1- Personal Data Definition and Categories

2- Rights of Personal Data Owners

3- Identification of Key Roles

4- Appointment of a Data Protection Officer

5- Transfer of Personal Data

6- Administrative and Criminal Sanctions

How To Maintain Compliance with the Personal Data Protection Bill

Summing it up

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.