The Perfect Storm: EU's 6th Anti-Money Laundering Directive Raises Regulatory Risk with a Broader Definition of Money Laundering & Extended Criminal Liability
02 Mar 2021 12:00 am by Mark Dunn
The European Union's Sixth Anti-Money Laundering Directive (6AMLD) came into effect in all EU member states in December 2020, and it must be enforced by all regulated financial institutions by 3rd June 2021. Companies operating in Europe—and multinationals based in the U.S.—must ensure their due diligence and risk monitoring processes are aligned to meet the new requirements, or risk incurring legal, financial, reputational, and strategic costs.
6AMLD imposes stricter requirements on companies to tackle financial crime and identify hidden beneficial ownership, and harsher penalties for those who fail with expanded criminal liability and punishments for money laundering offences. Its key provisions include:
- Widening of the definition of money laundering offences that can be considered a criminal offence, including concealing the source of illicit gains, aiding, and abetting money laundering, and inciting and attempting the offence.
- Additional punishments for companies convicted of money laundering, including fines and “temporary or permanent exclusion from access to public funding”.
- Criminal liability extended to legal persons as well as companies. They are liable even in instances where the offences happen because of "lack of supervision or control”.
- Maximum imprisonments of at least four years for individuals convicted of money laundering offences.
The Directive is designed to encourage enforcement agencies in different EU countries to work together on anti-bribery and corruption investigations. It says: “This Directive aims to combat money laundering by means of criminal law, enabling more efficient and swifter cross-border cooperation between competent authorities.”
A global push towards tougher financial crime regulations
The Directive follows the general trend of more and stricter financial crime legislation around the world. The EU’s previous (fifth) Anti-Money Laundering Directive only came into force last year. But it isn’t just Europe where regulations are tightening. For example:
- Hong Kong’s 2018 Companies Law brought in a legal requirement for companies to maintain a register of beneficial ownership information .
- In 2020, the US Anti-Money Laundering Act emphasised the importance of using technology to comply with legislation governing financial crime and money laundering.
- Two years prior, the U.S. Financial Crimes Enforcement Network issued guidance requiring large financial institutions to identify beneficial owners and conduct ongoing monitoring to identify suspicious transactions.
- While 6AMLD does not apply to the UK government, it has brought in Unexplained Wealth Orders which allow regulators to seize assets for anyone suspected of money laundering who cannot account for their wealth.
“The pressure [on companies] has never been greater with the clear direction of travel being that AML and counter terrorism financing is at the top of the regulatory agenda," Jonathan Ritson-Candler, associate at the law firm Latham & Watkins tells Financier Worldwide.
Remote working introduces new compliance challenge
The new requirements imposed by 6AMLD come at a particularly challenging time for corporate compliance teams. For those in financial institutions, their Know-Your-Customer and client verification processes have had to be carried out entirely digitally during the pandemic. Compliance teams will often visit a potentially high-risk third party to carry out enhanced due diligence , but this is impossible in countries where travel has been restricted by the virus.
Jennifer L. Sutton, Special Counsel at Sullivan & Cromwell LLP, adds: “With government stay at-home mandates and closures, customers are increasingly availing themselves of online banking solutions, leading to greater risks associated with customer due diligence and verification.”
This challenge did not delay the introduction of 6AMLD, however, and companies should not assume regulators will allow more leeway despite the unusual circumstances. Instead, there will be an increased expectation for companies to better harness technology to support the entire risk management workflow.
What should companies do?
Companies need to understand the specific requirements of 6AMLD to ensure they are compliant. But an effective compliance process should not simply tick the boxes of regulatory requirements. It should follow general best practices, which include:
- Identify potential compliance risk by using screening tools that run checks on all third-party entities and individuals.
- Conduct due diligence on entities against a broad range of information sources, including news data, sanctions, PEPs, watchlists, blacklists, financial information, and company sources.
- Automate third-party monitoring to surface new information about a third party, and flag changes to PEPs, sanctions and watchlists as they emerge.
- Pay particular attention to the Ultimate Beneficial Ownership of third-party companies by screening them against data on company ownership, corporate hierarchies, and executive-director relationships.
- Maintain an audit trail of due diligence to meet best practices recommendations and substantiate risk mitigation efforts to regulators in case of an investigation.