The AML Forum Frankfurt kicked off on 12 September, with a keynote on the Fifth and Sixth Anti-Money-Laundering (AML) Directives. How can financial institutions adopt the new rules into their control mechanisms successfully, and what are the key points to be aware of?
Dr. Barbara Roth, LL.M., the Chief Compliance Officer at UniCredit Bank AG, set out how financial institutions are increasingly expected to detect ‘laundromats’, where banks are being misused by customers to process illicit funds. Such expectations demand “efficient technology, good processes in place, and a lot of manpower to investigate”, she said of this critical meeting point between policy and technology.
Acknowledging that many delegates from the financial services profession are probably still finalising the implementation of the Fourth AML Directive, Dr. Roth reminded them that the Fifth is in play and the Sixth needs to be implemented by December 2020.
The Fifth Directive gives public access to ultimate beneficial owner (UBO) registers, lowers the thresholds for prepaid cards, and focuses on additional service providers, such as electronic auditing services, virtual currency exchange service providers, and art dealers. The UBO elements are particularly useful, Barbara said, but the onus will remain on Know Your Customer (KYC) departments internally to know who the ultimate beneficial owner is.
The Directive also mandates enhanced due diligence on customers – and bank branches – in high-risk third countries. Here the EU’s definitions deviate from those of the Financial Action Task Force (FATF). One example is Serbia, Dr. Roth said: customers from that country would be regarded as high risk under FATF rules, but not under EU regulations. “I’m not sure where this different opinion comes from, but just be aware of it,” she joked.
Either way, implementing these rules requires senior management approval. “I would strongly recommend you keep your first line of defence on that one. Whenever you are onboarding high-risk customers from these countries, seek approval from your business line, because the first line of defence has to be accountable for such risks and has to make sure that the customer is duly taken care of.”
The Sixth AML Directive harmonises the list of AML offences across the EU and is likely to offer no grace period, Dr. Roth warned. It not only relates to traditional ML activities, but also cybercrime, environmental offences, and not to forget market manipulation, and insider trading which are criminal offences at least since MAR. Increased fines and up to four years’ imprisonment for money laundering can be combined with additional sanctions.
In addition to the regulatory changes, there have been impacts on the market from recent cases, she continued, referring to ‘laundromats’ involving the Baltic branches of European banks, where she now sees an increased focus by the regulators on supervisors.
These operations are purported to have laundered $200 billion via shell companies to Europe, she said. “And probably most of the financial institutions present here may also have received some of these cashflows – although unknowingly,” she added.
“The scheme is quite simple. These laundromats are using non-operating companies – shell companies – situated mostly in harmless countries, like UK, Cyprus, New Zealand, Latvia, and Moldova.”
So what are these companies and what are the red flags associated with them? A non-operating company is one that does not conduct any commercial or manufacturing business, or any other form of commercial operation, in the country where it is registered.
Such firms typically open accounts in jurisdictions where they are not located themselves (offshore), and so lack any obvious connection to that territory. So a UK company opening an account in Estonia would be a red flag, she suggested.
Typical features of non-operating companies are that they do not have offices of their own, mainly use ‘care of’ addresses, or are domiciled with a lawyer or notary, and have no local employees. No meaningful company purpose will be apparent.
Key points for ongoing monitoring via the first line of defence – in addition to the AML department – include being sure about activities in your accounts, and seeing whether companies make payments to tax authorities or pay salaries to employees. Are your relationship managers able to explain what is going on in an account, and whether it relates to the purpose of the company as it is registered?
Of course, not all non-operating companies are bad, she acknowledged. Many have a legitimate purpose, such as managing an asset via a special vehicle, or ring-fencing high-risk ventures and corporate liability. That said, such companies would have a very clear and traceable purpose, she said.
In all cases, apply common sense and properly document all of your assessments.