KEY POINTS

  • MLD 5 prescribes mandatory EDD measures that firms must carry out when dealing with customers or transactions involving high risk third countries – Member States will impose one or more additional measures
  • In addition to the existing requirements, firms will have to refresh CDD on existing customers, when they have a legal duty to review beneficial ownership information (or where such duty arises under the Directive on Administrative Cooperation)
  • Firms will need to take account of a new list of types of PEP as published by the European Commission (which will consolidate its own list and lists from Member States)
  • Access to the corporate and trust registers will be more open – for example, firms will be able to gain conditional access to the central trust register (in the UK, an expanded PSC Register)
  • In respect of customers on the register, firms will be required to collect proof of registration or excerpt from the register – and to report any discrepancies between information on the register and information available to them
  • Beneficial owners will be subject to a direct obligation to provide corporate and other entities on the register with the information they require to fulfil their obligations

On 19 June 2018 Directive (EU) 2018/843 was published in the Official Journal. This amends the Fourth Money Laundering Directive (MLD 4) and is commonly known as the Fifth Money Laundering Directive (MLD 5).

Member States are required to transpose MLD 5 by 10 January 2020. This will be after the UK has formally left the EU (but within the transitional period currently envisaged in the draft EU Withdrawal Agreement).

In this briefing we summarise the key changes that MLD 5 will introduce. The precise details as they will affect firms will depend on how the UK chooses to implement the provisions of MLD 5 into UK law, against the larger backdrop of Brexit. For firms subject to AML/CFT obligations, one would expect the changes to be effected by way of amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. H.M. Treasury will need to consult on these changes in due course.

Broadly, for financial services firms' compliance and anti-financial crime teams, the changes will be incremental and should not involve major alterations to existing policies, practices and procedures (and certainly not to the same extent as was required for the implementation of MLD 4). However, there will be points of detail with which firms will need to grapple. Some of the changes relating to public registers could be more of a headache for those who are affected.

HEADLINES: THE CHANGES LIKELY TO BE OF MOST RELEVANCE TO FIRMS' AML/CFT POLICIES AND PROCEDURES

Assuming a "full" transposition of MLD 5 into UK law, firms will be required to review and update their AML/CFT policies and procedures to take into account:

  • a minimum set of prescribed, mandatory enhanced due diligence measures that the firm must carry out in relation to a business relationship or transaction involving high risk third countries – by the time that MLD 5 becomes effective, it is likely that the European Commission will have adopted a different methodology for listing third countries based more specifically on their financial importance to the EU and their exposure to the risks of money laundering and terrorist financing, with the possibility that the black list itself may be longer than it is now;
  • the fact that, in addition to the existing requirements, a firm must refresh CDD measures in relation to their existing customers where the firm has a legal duty to contact the customer for the purpose of reviewing relevant information relating to the customer's beneficial owner(s) or where the firm has this duty under the EU Directive on Administrative Cooperation;
  • changes to the types of person who might constitute a PEP, based on a list of prominent public functions issued by competent authorities and the European Commission – the European Commission will be required to publish a consolidated list;
  • a new express requirement, where a customer is on the beneficial ownership register, for the firm to collect proof of such registration or an excerpt of the register when entering into a new business relationship;
  • the fact that, in the event that the firm discovers a discrepancy between the information on the central register and the information that is available to the firm in relation to beneficial ownership, the firm may be required to make a report of such discrepancy to its regulator;
  • the fact that a wider range of trusts may need to be registered on the central register (in the UK, an expanded PSC Register) and the fact that obliged entities will be allowed access in order to carry out CDD (subject to an exceptional circumstances exemption).

These, and other changes, are discussed in further detail in the Annex.

TIMING AND NEXT STEPS

The application of MLD 5 is as follows:

  • MLD 5 enters into force on the twentieth day following that of its publication in the Official Journal – i.e. 9 July 2018.
  • Member States must require owners and beneficiaries of existing anonymous accounts, anonymous passbooks or anonymous safe-deposit boxes to be subject to customer due diligence (CDD) by 10 January 2019 at the latest (and in any event before such accounts, passbooks or deposit boxes are used).
  • Member States are required to notify to the Commission the categories, description of the characteristics, names, and where applicable, legal basis of trusts and similar arrangements subject to MLD 5 by 10 July 2019.
  • Member States must transpose MLD 5 into national law by 10 January 2020.

H.M. Treasury will need to consult on how it will implement MLD 5 into UK law in due course. It is currently unclear as to when this will be. The Joint ESA Guidelines on Risk Factors and the UK JMLSG Guidance Notes will also need to be updated to take account of the changes.

It should be noted that there is a separate piece of legislation which is intended to complement and reinforce MLD 5, the proposed Directive on Countering Money Laundering by Criminal Law – which some have referred to as 'MLD 6'. The text of this has been agreed between the Council and the European Parliament following trilogue negotiations and now awaits formal adoption. It will be voted on at the Parliament's plenary session scheduled for 10 September 2018. Once published in the Official Journal, Member States will have 24 months in which to transpose that Directive into national law. However, the UK has not opted into the Directive. It will also not be adopted in Ireland or Denmark. Amongst other things, the Directive will define money laundering offences, provide that such offences should be punishable by a maximum term of imprisonment of 4 years, specify aggravating circumstances and establish the basis on which legal entities can be held liable for offences committed by individuals.

ANNEX

DETAILS OF THE KEY MLD 5 CHANGES

SCOPE

OBLIGED ENTITIES – NEW AND EXPANDED

To reflect the new regulation of virtual currency exchange platforms and custodian wallet providers, the following will be obliged entities:

  • Providers engaged in exchange services between virtual currencies and fiat currencies – a virtual currency is a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency, and does not possess a legal status of currency or money, but is accepted by natural or legal persons, as a means of exchange, and which can be transferred, stored and traded electronically.
  • Custodian wallet providers (i.e. entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store and transfer virtual currencies).

Other amendments:

  • In addition to auditors, external accountants and tax advisors (who are already caught), any other person that undertakes to provide, directly or by means of other persons to which it is related, material aid, assistance or advice on tax matters as its principal business or professional activity.
  • Estate agents (who are already caught) including when they are acting as intermediaries in the letting of immovable property, but only in relation to transactions for which the monthly rent is equivalent to or exceeds €10,000.
  • Persons trading or acting as intermediaries in the trade of works of art, including when this is carried out by art galleries and auction houses, where the value of the transaction or a series of linked transactions amounts to €10,000 or more.
  • Persons storing, trading or acting as intermediaries in the trade of works of art when this is carried out by freeports (i.e. warehouses in tax-free zones, such as those in Geneva, Singapore and Luxembourg), where the value of the transaction or a series of linked transactions amounts to €10,000 or more.

BANKS AND PAYMENTS

PROHIBITION ON ANONYMOUS SAFE DEPOSIT BOXES

  • Article 10, MLD 4 currently provides that Member States must prohibit credit institutions and financial institutions from keeping anonymous accounts or anonymous passbooks – MLD 5 extends this to cover anonymous safe deposit boxes.
  • Member States shall in any event require owners and beneficiaries of existing anonymous accounts, passports or safe-deposit boxes be subject to CDD measures by no later than 10 January 2019 and in any event before they are used in any way.

PAYMENT INSTRUMENT DEROGATION – LIMIT REDUCED

  • Currently obliged entities may disapply certain CDD measures with respect to a payment instrument if it is not reloadable, or has a maximum monthly payment transactions limit of €250 and where the maximum amount stored electronically does not exceed €250 – under MLD 5, in an attempt to make it harder to use payment instruments in the context of terrorism, those limits will be reduced to €150.
  • Member States will no longer have the discretion to increase the maximum limit to €500.
  • Member States must ensure that the derogation does not apply to any redemption in cash or cash withdrawal of the monetary value where the amount exceeds €50 or, in the case of remote payment transactions, the amount exceeds €50 per transaction.

RESTRICTION ON ANONYMOUS PREPAID CARDS ISSUED IN THIRD COUNTRIES

  • To complement the previous points, Member States will be required to ensure that credit institutions and financial institutions acting as acquirers may only accept payments carried out with anonymous prepaid cards issued in third countries where such cards meet the derogation criteria set out in the previous point.
  • Member States have discretion to prohibit the acceptance of any payments made by such anonymous cards.

CUSTOMER DUE DILIGENCE (CDD)

ELECTRONIC VERIFICATION

  • MLD 5 clarifies that verifying a customer's identity on the basis of documents, data or information obtained from a reliable and independent source, can include, where available, electronic identification means, relevant trust services (as defined in Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions) or any other secure, remote or electronic identification process regulated, recognised, approved or accepted by the relevant national authorities.

CORPORATE ENTITIES/TRUSTS ON THE BENEFICIAL OWNERSHIP REGISTER

  • If the customer is a corporate, trust or other entity on the beneficial ownership register (in the UK, the PSC Register), an obliged entity will be required to collect proof of such registration or an excerpt of the register when entering into a new business relationship. See also "Requirement to report discrepancies" below.

BENEFICIAL OWNERS OF CORPORATE ENTITIES

  • MLD 4 currently provides that, provided there are no grounds for suspicion and where a firm has exhausted all possible means and has not identified a beneficial owner or where there is any doubt as to whether the person(s) that the firm has identified are in fact the beneficial owner(s), firms may instead treat the natural person(s) who hold the position of senior managing official(s) as the beneficial owner(s).
  • While this may have been implicit, MLD 5 will add an express obligation requiring the firm in these circumstances to take the necessary reasonable measures to verify the identity of such a senior managing official.

REFRESHING CDD MEASURES – LEGAL DUTY TO CONTACT CUSTOMER

  • In addition to the existing obligation to re-apply CDD measures to existing customers on a risk-sensitive basis or when the relevant circumstances of the customer change, firms will also have carry out their CDD again whenever they have a legal duty to contact the customer for the purpose of reviewing any relevant information relating to the beneficial owner(s) of the customer, or if they have had this duty under Directive 2011/16/EU (the Directive on administrative cooperation in field of taxation, often referred to as "DAC" or the "European FATCA").

HIGH-RISK THIRD COUNTRIES – ENHANCED DUE DILIGENCE

  • The black list: the European Commission's power to adopt delegated acts to identify high-risk third countries (i.e. the "black list") has been amended slightly.
  • Mandatory EDD measures: MLD 5 specifies the enhanced due diligence measures which must be carried out in relation to business relationships or transactions involving high risk third countries. These involve all of the following:

    • obtaining additional information on the customer and on the beneficial owner(s);
    • obtaining additional information on the intended nature of the business relationship;
    • obtaining information on the source of funds and source of wealth of the customer and of the beneficial owner(s);
    • obtaining information on the reasons for the intended or performed transactions;
    • obtaining the approval of senior management for establishing or continuing the business relationship;
    • conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and
    • selecting patterns of transactions that need further examination.
    In addition to the above, Member States will have the discretion to require obliged entities to ensure that the first payment is carried out through an account in the customer's name with a credit institution subject to CDD standards that are "not less robust" than those laid out in MLD 5.
  • several" additional mitigating measures to persons and legal entities from high risk third countries which shall, as specified by their Member State, consist of "one or more of the following":

    • applying additional elements of due diligence;
    • introducing enhanced relevant reporting mechanisms or systematic reporting of financial transactions;
    • limiting business relationships or financial transactions with natural persons or legal entities from the identified high risk third country.
  • Member State prohibitions, refusals and requirements: In addition to the above, Member States will be required to apply, where applicable and "in compliance with international obligations of the Union" (and taking into account, as appropriate, relevant evaluations, assessments or reports drawn up by international organisations and standard setters with competence in the AML/CTF field), one or several of the following measures with regard to high risk third countries:

    • refusing the establishment of subsidiaries or branches or representative offices of financial institutions from the country concerned (or otherwise taking into account the fact that the relevant country is from a country that does not have adequate AML/CFT regimes);
    • prohibiting obliged entities from establishing branches or representative offices in the blacklisted country (or otherwise taking account of the fact that the relevant branch or representative office would be in a country that does not have adequate AML/CFT regimes);
    • requiring credit institutions and financial institutions to review and amend, or if necessary terminate, correspondent relationships with financial institutions in the country concerned;
    • requiring increased supervising examination or increased external audit requirements for branches or subsidiaries of financial institutions based in the high risk third country;
    • requiring increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in the high risk third country.
    Member States must notify the Commission before enacting or applying the measures outlined above.

PEPS: DEFINITIONS OF PROMINENT PUBLIC FUNCTIONS

  • Member State PEPs: Each Member State will be required to issue and keep up to date its own list indicating the exact functions which, according to its national laws, regulations and administrative provisions, qualify as prominent public functions for the purposes of the definition of "politically exposed person".
  • International organisation PEPs: Similarly, a Member State will be required to request any international organisation accredited by that state to issue and keep up to date a list of prominent public functions at that organisation.
  • EU institution PEPs: the European Commission will be required to compile and keep up to date its list of the exact functions which qualify as prominent public functions at the level of EU institutions and bodies (including any function which may be entrusted to representatives of third countries and international bodies accredited at EU level).
  • Commission consolidated list: the Commission will be required to compile and make public a single, consolidated list of all the above prominent public functions.

REGISTERS OF INTERESTS

REGISTER OF "CORPORATE" BENEFICIAL OWNERSHIP

  • Obligation on beneficial owners: the beneficial owners themselves will be subject to an obligation to provide the relevant corporate or other entity with all the information the latter needs to comply with its obligations.
  • Requirement to report discrepancies (NCAs): Member States shall require that the information held in the central register of beneficial ownership is adequate, accurate and current and shall put in place mechanisms to achieve this including by imposing a positive reporting obligation on obliged entities and competent authorities to report any discrepancies they find between the information on the central register and the information that is available to them.
  • Requirement to report discrepancies (obliged entities): Member States must require the information held in the central trust register of beneficial ownership is adequate, accurate and current – obliged entities will be subject to a positive obligation to report any discrepancies they find between the information on the central register and the information that is available to them.
  • Public access: subject to the exceptional circumstances exemption (see below), any member of the general public must be able to access at least the name, the month and year of birth and the country of residence and nationality of the beneficial owner, as well as the nature and extent of the beneficial ownership held. Member States will have the discretion, depending on local law, to provide for access of additional information enabling the identification of the beneficial owner, which shall include at least the date of birth (the mandatory requirement is the year of birth) or contact details in accordance with data protection rules).
  • Exceptional circumstances exemption: this has been expanded. Member States may provide for an exemption from any access sought by an obliged entity or member of the general public if such access would expose the beneficial owner to disproportionate risk, risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation, or where the beneficial owner is a minor or otherwise incapable (the italicised words indicate what is new under MLD 5).
  • Registration fee: Member States will have the option to make the information held in their national registers available on the condition of an online registration and the payment of a fee (not to exceed the administrative costs of making the information available, including maintenance and development costs).
  • European Central Platform: Member States will be required to ensure that their central registers are interconnected via the European Central Platform (it remains to be seen to what extent the UK will comply with this following exit from the EU).
  • Breaches to be subject to effective sanctions: breaches of the requirement for corporate and other entities to obtain and hold adequate, accurate and current information on their beneficial ownership will be subject to effective, proportionate and dissuasive measures or sanctions.

TRUSTS AND BENEFICIAL OWNERSHIP INFORMATION

  • Scope: MLD 4 currently requires the trustees of an express trust to obtain and hold adequate, up-to-date and accurate information on the beneficial ownership of the trust, which must be available to competent authorities and financial intelligence units and must be disclosed to obliged entities when the trustee forms a business relationship or carries out an "above threshold" occasional transaction. Although these requirement already applies to other types of arrangements having a structure or functions similar to trusts, MLD 5 will expressly provide that this shall include arrangements such as fiducie, certain types of Treuhand or fideicomiso. Each Member State is required to identify the characteristics to determine where legal arrangements have a structure or functions similar trusts.
  • Central register: beneficial ownership on in-scope trusts must be held in a central register in the Member State where the trustee of the trust (or similar) is established or resides (the current trigger for registration ("when the trust generates tax consequences") will be removed.
  • Trusts with trustees established outside the EU or in different EU states:

    • Where the trustee (or equivalent) is established outside the EU, the beneficial ownership information should be held in the register of the EU state where the trustee (or equivalent) enters into a business relationship or acquires real estate in the name of the trust (or similar legal arrangement);
    • Where the trustees (or equivalent) are established/reside in different EU states, or where the trustee (or equivalent) enters into multiple business relationships in the name of the trust (or similar legal arrangement) in different EU states, a certificate of proof of registration, or excerpt of the beneficial ownership held in a register by one EU state, may be considered as sufficient to fulfil the registration obligation.
  • Access to the trust register: As now, information must be accessible to competent authorities (e.g. AML/CTF public authorities, tax authorities, investigators, supervisors of obliged entities, prosecuting authorities) and FIUs and to obliged entities in order to carry out CDD. Under MLD 5, information must also be available to:

    • any person or organisation that can demonstrate a legitimate interest or;
    • any person that files a written request in relation to a trust or similar legal arrangement where that trust/arrangement holds or owns a controlling interest in any corporate or other legal entity (other than one which is itself on the register).
    The information in this regard must relate at least to the name, the month and year of birth and the country of residence and nationality of the beneficial owner, and the nature and extent of the beneficial interest held. Member States have the discretion, depending on local law, to also provide for access to the date of birth (the mandatory requirement is the month and year of birth) or contact details in accordance with data protection rules. Note that Member States have the discretion to grant even wider access to the trust register in accordance with national law. Access by obliged entities, those with a legitimate interest and any person who files a written request in relation to a trust (or similar) which holds a controlling interest in a corporate entity will be subject to the exceptional circumstances exemption (see below).
  • Exceptional circumstances exemption: this has been introduced because of the wider range of people who will be able to access the trusts register (and is essentially the same as the "corporate" exceptional circumstances exemption outlined above). Broadly, Member States may provide for an exemption from access to all or part of the beneficial ownership information sought by an obliged entity, person or organisation demonstrating a legitimate interest or a person filing a written request in relation to a trust holding or owning a controlling interest in any corporate or legal entity if such access would expose the beneficial owner to disproportionate risk, risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation, or where the beneficial owner is a minor or otherwise incapable.
  • Registration fee: as with the corporate register, Member States will have the option to make the information held in their national registers available on the condition of an online registration and the payment of a fee (which must not exceed the administrative costs of making the information available, including the costs of maintenance and development of the register).
  • Discrepancies: Member States must require the information held in the central trust register of beneficial ownership is adequate, accurate and current – competent authorities will be subject to a positive obligation to report any discrepancies they find between the information on the central register and the information that is available to them.
  • European Central Platform: Member States will be required to ensure that their central registers are interconnected via the European Central Platform (it remains to be seen to what extent the UK will comply with this following exit from the EU).
  • Notification to Commission: Member States will be required to notify to the Commission the categories, description of the characteristics, names, and where applicable, legal basis of the trusts and similar arrangements by 10 July 2019. The Commission will publish a consolidated list of such trusts and similar legal arrangements in the official Journal by 10 September 2019.

BANK ACCOUNT REGISTER

  • Member States will be required to establish central registries or systems allowing the identification of any natural or legal persons holding or controlling payment accounts and safe-deposit boxes.

MISCELLANEOUS

FINANCIAL INTELLIGENCE UNIT (FIU) POWERS TO REQUEST INFORMATION FROM FIRMS

  • Each FIU (in the UK, the National Crime Agency (NCA)) will be able to request, obtain and use information from any obliged entity for the purpose of preventing, detecting and effectively combatting money laundering and terrorist financing.

ENHANCED PROTECTION FOR WHISTLEBLOWERS

  • While the existing whistleblowing provisions regarding suspicions of money laundering and terrorism will be enhanced, the changes may not make much a great deal of difference in practice.
  • Member States will need to ensure that whistleblowers are legally protected from being exposed to threats, retaliatory or hostile action, and in particular from adverse or discriminatory employment actions (amendments underlined).
  • In addition, there will be a new requirement requiring that whistleblowers are entitled to present a complaint in a safe manner to the relevant competent authorities and shall have a right to an effective remedy to safeguard their rights.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.