[co-author: Daniela Melendez]*
On May 30, 2024, following passage by the European Parliament in late April, the European Council officially adopted a set of rules that modernizes and harmonizes money laundering and terrorist financing (“AML/CFT”) regulations across the various EU Member States. The new AML/CFT regulations consists of three (3) primary components: the EU Single Rulebook Regulation (“Single Rulebook”); the sixth iteration of the EU Anti-Money Laundering Directive (“AMLD6”); and a new Anti-Money Laundering Authority Regulation (“AMLA Regulation”).
The collective adoption of these laws represents a concerted effort by the EU as a whole to make substantial upgrades to the existing AML/CFT framework and establish more effective minimum standards governing the conduct of illicit finance oversight activities. First proposed in 2021 by the European Commission (“Commission”), the final texts of the AML/CFT regulations reflect consensus achieved by the various lawmaking institutions of the EU during an intense negotiations process that transpired in the latter portion of the 2023 calendar year.
Single Rulebook
The proverbial centerpiece of the new AML/CFT regulations is the adoption of the so-called “Single Rulebook”—a single set of harmonized rules that broadly governs the conduct of key risk mitigation and compliance-oriented activities across the entire financial sector. Among other things, the Single Rulebook officially transfers the provisions contained in the Fourth Anti-Money Laundering Directive (“AMLD4”) to a new regulation that is directly applicable to EU Member States. As adopted, the provisions constituting the Single Rulebook expand the definition of “obliged entities” to encompass crypto-asset service providers (“CASPs”) when conducting transactions that meet or exceed a €1,000 threshold. The same provisions also now apply to certain traders in luxury goods, crowdfunding service providers, and mortgage and credit intermediaries.
For CASPs in particular, the Single Rulebook establishes a number of new due diligence requirements—including, but not limited to, the obligation to undertake enhanced due diligence measures in business dealings with cross-border correspondent entities. Under these requirements, CASPs are legally required to determine if the correspondent entity is licensed or registered; gather sufficient information about the entity to fully understand the nature of its business, reputation and quality of regulatory supervision; independently assess the strength of its AML/CFT controls; and establish that the entity regularly conducts identity verification and due diligence on any customers having access to payable-through crypto-asset accounts.
At a broader level, the Single Rulebook establishes a maximum limit of €10,000 on all cash payments received in exchange for the provision of goods or services, while permitting individual Member States to retain or set their own lower limits if circumstances so warrant. This limit applies regardless of whether the payment is made in the context of a single transaction or several related transactions. Notably, the Single Rulebook also requires entities engaged in “occasional transactions”—defined as transactions that occur with customers that do not have an ongoing business relationship with the institution in question—to carry out the minimum due diligence required to properly identify any individuals initiating such transactions where the value is between €3,000 and €10,000. Additionally, gambling services providers are now required to conduct due diligence when carrying out any transactions with a customer of at least €2,000 or the national currency equivalent.
The Single Rulebook also clarifies the circumstances under which obliged entities may rely on due diligence conducted by third parties, particularly other obliged entities. In this regard, while obliged entities may accept the result of due diligence efforts conducted by other obliged entities, the new regulations make it clear that “ultimate responsibility” for meeting customer due diligence obligations remains with the primary contracting party. Moreover, when deciding whether to rely on the due diligence efforts of others, the Single Rulebook requires obliged entities to take into consideration a number of important risk factors, including geographic risk, and any other relevant information or guidance made available by the Commission that might be relevant to the underlying financial transaction.
AMLD6
AMLD6 also makes a number of important modifications to the existing EU AML/CFT framework, not the least of which is granting supervisory authorities in charge of central beneficial ownership registers the power to carry out physical inspections at the premises of any registered legal entity where doubts about the veracity of information supplied by that entity exist. Thus, AMLD6 broadly empowers supervisory authorities to conduct physical inspections “at the business premises of [any registered entity] or registered office of the trustee or person in an equivalent position.” The same provisions also require Member States to prioritize information sharing with supervisory authorities located in other EU jurisdictions to enhance the overall effectiveness of enforcement efforts.
AMLD6 also expands the role of financial intelligence units (“FIUs”) in relation to AML/CFT enforcement activities. In particular, the new directive equips FIUs with both direct and indirect access to all financial, administrative, and law enforcement information that may be required to more effectively combat crime involving illicit finance. Significantly, AMLD6 further empowers FIUs to temporarily suspend or completely withhold their consent to any transactions that raise the specter of money laundering or terrorist financing.
AMLA Regulation
The primary function of the AMLA Regulation is the creation of a new Anti-Money Laundering Authority (“AMLA”) at the EU Level that will assume the responsibilities of the European Central Bank in relation to the conduct of AML/CFT enforcement and oversight activities.
Under the new regulation, AMLA is tasked with both the direct supervision of certain high-risk financial institutions and groups operating in the EU, as well as coordination with national supervisory authorities with respect to AML/CFT issues. The regulation broadly empowers AMLA to develop and issue technical standards, guidelines and recommendations to promote the effective and consistent implementation of AML/CFT measures across the various EU Member States. AMLA is also empowered to support the work of national FIUs by providing technical assistance, facilitating information exchanges, and coordinating joint investigations into cross-border money laundering and terrorist financing cases. Finally, the regulation equips AMLA with the authority to impose fines and other administrative sanctions on financial institutions and other entities that fail to comply with the EU’s new AML/CFT requirements.
In the end, the adoption of this new package by the EU Council is a clear signal to organizations subject to AML/CFT regulation that combatting illicit finance remains a core priority of global enforcement authorities. As more sophisticated means of money laundering emerge, equally flexible regulatory schemes that broadly empower competent authorities to timely interdict the proceeds of criminal activity are required. To be effective, such regulatory schemes must include robust mechanisms for information sharing and intelligence gathering on a cross-border basis. The new AML/CFT regulations adopted by the EU clearly fit that bill.
*Associate
