AML Compliance in EU Member States and Risks of Businesses

AML Compliance in EU Member States and Risks of Businesses

Learn more

Making regulations is just the first step, the true game starts when it comes to implementation, the European Supervisory Authorities report gave this clear message. 

European Union regulatory authorities are always in a wake to improve Anti Money Laundering (AML) and Counter Financial Terrorism (CFT) regulations. Currently, the fourth AML directive is in action in the member states of the EU. Europen Union Supervisory Authorities (ESAs) recently gave a joint opinion based on the AML and CFT data collected from the member countries and expressed their concerns regarding the CFT and AML compliance in the reporting entities. 

The member countries are required to give this joint opinion on money laundering and terrorist financing risks in the EU financial sector every two years based on Article 6(5) of (EU) 2015/849 (the 4th AML directive). The ESAs (EBA, EIOPA, ESMA) report showed concerns regarding monitoring transactions and suspicious transaction reporting, cryptocurrencies, Brexit, and the risks associated with operations of businesses that handle a large number of financial transactions. 

Major Concerns of ESAs

The ESAs expressed some major concerns regarding the risks lurking in the financial infrastructure of EU countries. The detailed report contained the data proof of how credit institutions are exposed to more risk as compared to previous years. 

Inconsistent implementation of 4th AML directive


The uniform implementation of the 4th AML directive is a challenge as the legislations in a country are influenced by several stakeholders. The report of Joint Supervisory Authorities (JSA) highlighted that political and regulatory entities in the countries influence the implementation of the EU AML and CFT regulations. The countries often don’t understand the regulations properly and there is a lack of uniformity in the regulations across the EU so it leaves a loophole for the companies that plan to do illegal business. For example, if one country is rigid in AML and CFT compliance then the businesses or the criminals move to other countries with relatively lenient regulatory compliance requirements. So, it affects the effectiveness of AML and CFT regulations. 



The United Kingdom is all set to leave the European Union in some time. The report of the ESAs identified that the firms working in the EU will be affected by this change in the EU landscape. The firms listed in the UK will have to update their operations as per the new UK regulations. Also, the firms outside the UK will have to get themselves registered with the UK as per the new regulations. 

This huge change in the infrastructure will affect the regulatory landscape of the EU. Most probably it will make loopholes for financial criminals. The UK was used by the shell companies in the past, and now this sudden shift in regulations will definitely take some time, so, the criminals are most likely to gain over this delay. 

Nicola Gratteri a public prosecutor in Calabria predicted that Brexit might aid the Italian mafia in pooling in their illegal money to the UK. Shell companies will be the safe haven of criminals to legitimize their cash proceeds from drug dealing, human trafficking, etc. 

Regtech and Fintech


Technology is a freeware that is used equally for fraud and fraud prevention. The advent of Fintech and Regtech definitely improved the operations in the financial sector but it also increased the risk. Lack of regulations and minor regulatory compliance in this sector is the source of risk. Fintech and Regtech are widely adopted by people and are very dear to legitimate users due to the ease created due to these solutions. 

Lack of legal and regulatory understanding among the Fintech and Regtech businesses is a point of concern. The businesses that don’t practice are more likely to fall prey to identity thieves and criminals. The in-depth understanding of regulations and regulatory compliance by Regtech solutions is vital to deliver quality risk prevention, so the businesses should be careful while choosing one such solution. 



Cryptocurrencies are major concerns of the JSAs. Although the AMLD5 and AMLD6 are drafted to address this risk. Lack of regulatory awareness and commitment in the cryptocurrency ecosystem are some major concerns expressed in the report. The EU is also planning to increase the scope of “virtual currencies” to “virtual assets” as per the FATF regulations. This is because there is a lack of awareness among the businesses offering the cryptocurrency services. 

Internal control


The internal controls of businesses are found to be lacking in their internal controls. Some major issues were found are Customer Due Diligence (CDD), lack or suspicious transaction reporting, lack of transaction monitoring, etc. 

Lack of effective compliance 


The businesses in the EU countries are found to be lacking in AML and CFT compliance, the report stated that sanctions screening is not enough. The businesses have to keep an eye on the transactions of their customers as well. Complete reliance on CDD is the loophole in the internal controls of firms. 

Also, businesses are required to practice compliance in a smart manner. In case they completely disown the customers based on the high risk associated with them, it will increase the chances of money laundering in the EU. 

Credit Institutions


The report highlighted that some credit institutions are exposed to major risks due to their business operations. Financial transactions as the key part of their operation so the risk of being exploited by money launderer sand terrorist financiers is high. The businesses are required to practice proactive fraud prevention and CDD. 

To wrap up, the businesses in the EU and outside the EU will be affected by the increased pressure on AML and CFT compliance among the member countries. The businesses from non-member countries will also be affected by this. The EU has also recommended the reporting entities to practice the EU regulations outside the region (Non-EEA states). The Brexit is also expected to happen in the near future so it will also affect the operations, regulatory compliance of the global businesses. Proactive fraud prevention, thorough regulatory compliance, and timely decisions will help businesses in achieving high returns in the future.

AMLD5 Amendments in Prepaid Cards Transaction Threshold

AMLD5 Amendments in Prepaid Cards Transaction Threshold

Learn more

In July 2018, the European Commission came into effect the 5th Anti-Money Laundering Directive (AMLD5). In the past couple of years, a series of money laundering cases and tremendous terrorist financing attacks were noticed. Not only this, a string of involvement of Politically Exposed Persons (PEPs) and high-profile individuals induce pressure on the Commission for policy reforms. 5th latest money laundering directive focuses primarily on centralized agencies and beneficial owners, legitimate online businesses connected directly or indirectly with the local regime. 

Typically, money laundering involves unauthorized shell companies that have no evidence instead of a piece of paper, which is used to transform the embezzle funds into ostensibly legal ones. The directive ensures the credibility of papers that are misappropriated and hidden from public scrutiny. The data on these papers should be examined and verified keeping AMLD in place. According to the Head of Compliance Christopher Baines: 

“The directive is definitely a step in the right decision, it reduces the number of options of criminals.”

Major Amendments in EU’s Fifth Anti-Money Laundering Directive:

In the Official Journal of the European Union, Fifth AML Directive depicts the guidelines to reduce the ventures of money laundering activities. It is in the response of terrorist financing and offshores leaks in Panama Papers that are imposing stringent checks and compliance adoption. In the recent AML regime, below are the 4 key amendments:

  • It is mandatory for the member states to make sure that registers of beneficial owners of legal companies and entities are accessible to the public. These registers do not include the owners of trust as it needs an extra illustration of legitimate interests. The lists should be up-to-date indicating the comprehensive functions for identification purposes of natural or legal persons
  • AML Directive (AMLD5) is extended to electronic wallet providers, art dealers, virtual currency exchanges, etc. Also, further specifications are demonstrated for tax advisors and real estate agents
  • The threshold for prepaid cards holders is lowered to €150
  • Member States are supposed to implement serious measures that fulfill the demand for enhanced due diligence to monitor the high-risk suspicious transactions. Electronic identification should be done to regulate and recognize the entities efficiently

After the Fifth AML Directive on 9 July 2018, EU Member States got the deadline of 10 January 2020 (about 18 months) to make sure its implementation into national law. 

Lowered Threshold of Prepaid Credit Cards & E-money

The purpose of the Fifth AML Directive is to reduce the transactions from anonymous prepaid cards. The threshold for identifying prepaid cardholders is reduced to EUR 150 from EUR 250. This requirement neither applies to the redemption or withdrawal of cash nor applies to remote payment transactions where the amount exceeds €50 per transaction. The prepaid cards that are issued in third countries will be acceptable only if the insurance requirements meet the guidelines of the EU AML regime.

AMLD5 Amendments in Prepaid Cards Transaction Threshold

This new directive focuses on digital currencies and prepaid cards. The maximum amount that can be placed in prepaid cards has drastically reduced. The banks and financial institutions are supposed to conduct an investigation against the prepaid cardholder if a value of over EUR 150 is placed. Also, the amount of EUR 150 is for both the amount to keep in prepaid card and the transaction amount on a monthly basis. Electronic identification needs to be performed to verify the prepaid card credit. Prepaid cards that are issued outside the territory of the EU will be prohibited unless it lies under the regimes equivalent to AMLD5.

Similarly, cryptocurrencies and digital wallets are under the hood of the AML regime that ensures standards contributing to curb money laundering, the money trail, and terrorist financing. AMLD5 is going to deploy at the start of 2020, enforcing legal beneficial owners to take identification measures for authentication of prepaid cards threshold to make sure that any cardholder identity does not place credit more than the amount specified by the directive.

Customer Due Diligence Checklist – Is Your Business Compliant?

Customer Due Diligence Checklist – Is Your Business Compliant?

Learn more

Compliance regulations can be a challenging task for the financial services sector and fulfilling them can be a long and tedious process. But no matter how onerous the process may be, the costs of non-compliance can be detrimental. Thus the financial services sector must exercise a comprehensive CDD or Customer Due Diligence Checklist. Under the global compliance regulations, every company providing financial services is obliged to perform identity business verification of its clients during the onboarding process.

The customer due diligence process can vary depending on the nature of the account and the client. To simplify the procedure, therefore, companies should adopt a risk-based approach. This allows them to verify their customers based on the levels of risk they pose to the company. For example, a person opening a simple low deposit account may need some basic document verification at the time of onboarding. On the other hand, a beneficial owner of an offshore entity or a person having a high-risk business needs to be subjected to an enhanced due diligence process.

Customer Due Diligence Checklist – Steps towards a Better Compliance Structure

The real question then is that what steps should be taken to establish an efficient due diligence checklist. A simple customer due diligence checklist that banks and financial services can go through to make sure their CDD procedures screen through every sort of risk can include;


  • Build a Basic Screening Process to Weed Out any Obvious Levels of Risk


Building a basic verification procedure can ensure that there is no obvious fraud involved. This process may involve asking for a person’s ID information including full name, date of birth, address, along with some essential identity documents like an ID card, passport or a driver’s licence. It is also advisable to perform an address verification check by asking for the client’s recent utility bills. These Know Your Customer or KYC checks can help the company weed out any kind of identity fraud and determine if the person is trying to impersonate someone.

Additionally, at this point, it is also advisable to check for any beneficial owners (BO). In case there are any, make sure to get their details as well and the relationship between the BO and the customer. Moreover, perform an AML check to make sure that the customer is not exposed politically.


  • Vet Your Third Parties to Enhance the Process


Performing the entire CDD process on your own is impossible. To verify a customer you have to rely on third-party databases, banks, lawyers and auditors. It is important to choose outsourced service providers after proper research and due diligence.


  • Assess the need for Enhanced Due Diligence


For high-risk clients, the process of enhanced due diligence is very important. EDD involves collecting more information using customer risk assessments. Due diligence EDD can be an ongoing process and can be implemented for the entire period of time the client stays with your firm. It is performed by setting up some warning signals in your system to become aware of any threats or risks to your system immediately. Some alert signs that can help you through may include; the type of risk associated with the client’s transactions; their occupation; their address; and the type and value of their transactions.

All these red flags can enable you to assess whether your client is getting involved in money laundering or any other financial crimes. They will help you to timely assess any risks to your firm and take the appropriate action accordingly.


  • Make Sure you Comply with Data Protection Regulations


Performing customer due diligence is only a part of your responsibility. You must also make sure that every shred of data you collect from your clients is protected and secured. Moreover, GDPR also demands that any entity collecting customer data is also liable to protect it as well.


  • Keep Your Data Saved Digitally


Make sure all customer data you have is saved digitally and can be produced for proof if or when needed. Securing all CDD and EDD data is not only smart but a necessary regulation from any global regulator. Since any government can ask for client data in case of suspicion of money laundering or corruption, every firm is liable to be able to provide documented proof of their clients’ transactions.

A Customer Due Diligence Checklist can allow banks to implement a comprehensive compliance process. Due diligence CDD is a part of your AML compliance checklist. Shufti Pro is a leading data verification service that provides customer identification as well as business verification service. It provides KYC/AML for security compliance for companies looking to verify their clients through identity checks and AML screening.