June 26, 2017 is already here, the full-implementation date for the EU’s Fourth Anti-Money Laundering Directive (AMLD 4) . Here are some of the changes that you need to account for in your compliance processes.
Enhanced Customer Due Diligence (CDD)
The practical issue is the cost and complexity of performing due diligence; in what cases do you need to do so, and to what extent? AMLD 4 puts an emphasis on a risk-based approach — the directive mentions risk 149 times — so tools, policies and procedures need to be in place for ongoing risk assessment. As ACAMS points out, “institutions and organizations will be required to become more risk focused in the way they manage their CDD programs. That applies not only to the question as to whether simplified or Enhanced Due Diligence (EDD) should apply, but also to which methods, sources and monitoring approaches are appropriate.”
This risk-based approach to CDD requires:
- Written, documented policies that explicitly state what risk-assessments to run under various circumstances, or scenarios. What risk factors are accounted for and at what level? Consider different customers, transaction types, countries, amounts and all other risk factors appropriate for your institution.
- Ensure risk-assessments are actually run and documented in preparation for any potential audit.
- Have compliance teams’ check and stress the procedures to safeguard against loopholes and oversights.
- Establish and maintain sufficient training for all staff that involves any step of the CDD process.
With an effective risk-based approach to due diligence, the decision to undertake enhanced due diligence (EDD) or allow simplified due diligence (SDD) is clear. While there are, of course, certain hard numbers to follow, a risk-based approach allows for customization to your institutions circumstances, as long as it’s defendable.
One factor that is not up to interpretation is domestic Politically Exposed Persons (PEPs); their status is now similar to foreign PEPs and EDD is now required.
KYC thresholds have been lowered. Of course, every institution should have their own threshold limits based upon their risk assessment criteria. There needs to be a balance between risk and convenience; it’s not practical to have an ID check for every lottery ticket purchase. The Commission though, has new hard limits wherein the institution needs to apply know your customer (KYC) standards.
The AML directives now will cover more types of organizations. Gaming and wagering services now must comply. Also, new Fintech firms such as virtual currency wallet providers and exchanges are included.
For eMoney operators, there are now lifetime limits, as opposed to annual limits. Threshold limits that were previously set at EUR 2500 are now at EUR 250. If lifetime limits are passed, the KYC threshold drops to EUR 150.
One of the main changes in AMLD 4 — mentioned 51 times — is the approach to beneficial ownership. You need to Know Your Customer (KYC), but you also need to Know Your Customers Customer (KYCC).
As the European Commission states in the Directive, “understanding the beneficial ownership of companies is at the heart of the risk mitigation of financial crime and of prevention strategies for regulated firms.”
All corporations and other legal entities need to gather, and maintain, accurate ultimate beneficial ownership (UBO) data and share that with their appropriate government agencies. One innovation, that is a radical departure from before, is the use of a central depository:
(25) Member States should therefore allow access to beneficial ownership information in a sufficiently coherent and coordinated way, through the central registers in which beneficial ownership information is set out, by establishing a clear rule of public access, so that third parties are able to ascertain, throughout the Union, who are the beneficial owners of companies.
Having a central depository will allow parties to investigate beneficial ownership relationships across Europe. This central depository should make it easier to analyze business relationships and ensure that effective CDD is possible. For example, in the UK there is Companies House where you find the appropriate ‘People with Significant Control’ (PSC).
Note though, as of June 1, only six of the 28 EU countries have implemented the legislation that actually sets up the mechanism for the central registries to work.
Electronic Identity Verification (eIDV)
A major innovation that can streamline and automate your AMLD 4 compliance is electronic identity verification (eIDV). It allows for quicker, cost-effective, and seamless identification processes, while retaining the risk reduction and compliance requirements the financial industry demands. It replaces the cumbersome paper bound procedures of outdated, manual high-touch methods with new digital data techniques and procedures.
The new rules allow you to verify customers remotely using electronic means. Actually, it not only allows eIDV, but endorses it:
“…in particular with regard to notified electronic identification schemes and means that offer high-level secure tools and provide a benchmark against which assessing the identification methods set up at a national level may be checked.” European Money Laundering Directive 4.1
eIDV is an important win for anyone concerned with the 4th AML Directive. It helps ensure compliance while providing tangible business benefits and setting businesses up for future growth opportunities.
Business Verification (KYB)Enhanced Due Diligence Procedures for High-Risk Customers
Identity VerificationProof of Address — Quickly and Accurately Verify Addresses
Business Verification (KYB)How to Verify Legitimate Businesses and Merchants