Storm-7 Consulting Session – The Fourth Anti-Money Laundering Framework by Storm-7 Consulting

THE FOURTH AMLD FRAMEWORK AND THE EUROPEAN SUPERVISORY AUTHORITIES GUIDELINES

IN-HOUSE TRAINING COURSE INVESCO

OUTLINE ▪ The Fourth Anti-money Laundering Directive (4AMLD). ▪ Customer Due Diligence (CDD), Simplified CDD, Enhanced CDD.

▪ Third Party Outsourcing. ▪ High Risk Jurisdictions.

▪ Beneficial Ownership Information. ▪ The European Supervisory Authorities Guidelines. ▪ Commission Assessment. 2

Section 1: The Fourth Anti-money Laundering Directive Section 2: Customer Due Diligence Section 3: Simplified Customer Due Diligence Section 4: Enhanced Customer Due Diligence

Section 5: Third Party Outsourcing

Section 6: High Risk Jurisdictions Section 7: Beneficial Ownership Information Section 8: The European Supervisory Authorities Guidelines

Section 9: Commission Assessment

The Fourth Anti-money Laundering Directive SECTION 1 5

The Fourth Anti-money Laundering Directive The Fourth Money Laundering Directive (4AMLD) aims to prevent the use of the Union's financial system for the purposes of Money Laundering (ML) and Terrorist Financing (TF).

Mitigating Measures under 4AMLD (1) The scope of 4AMLD Obliged Entities has been extended to cover providers of gambling services, traders accepting cash payments above EUR 10,000 and occasional transactions that constitute a transfer of funds (including money remittances) exceeding EUR 1,000; (2) the Risk-Based Approach (RBA) has been strengthened; (3) registers on beneficial ownership information are put in place to facilitate the identification of beneficial owners of legal entities and some legal arrangements; 6

The Fourth Anti-money Laundering Directive (cont) Mitigating Measures under 4AMLD (cont) (4) anonymity of e-money products is reduced;

(5) the new level of sanctions is increasing the deterrent effect; (6) a new regime for cooperation between Financial Intelligence Units (FIUs) in the European Union (EU) is set.

Definition of Property Property means assets of any kind, whether corporeal or incorporeal, movable or immovable, tangible or intangible, and legal documents or instruments in any form, including electronic or digital, evidencing title to, or an interest in, such assets. 7

The Fourth Anti-money Laundering Directive (cont) Definition of Criminal Activity Any kind of criminal involvement in the commission of the following serious crimes: (1) acts as set out in Articles 1 to 4 of Framework Decision 2002/475/JHA;

(2) any of the offences stated in Article 3(1)(a) of the 1988 United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances; (3) the activities of criminal organisations (as defined in Article 1 of Council Joint Action 98/733/JHA); 8

The Fourth Anti-money Laundering Directive (cont) Definition of Criminal Activity (cont) (4) fraud affecting the Union's financial interests, where it is at least serious (as defined in Article 1(1) and Article 2(1) of the Convention on the protection of the European Communities' financial interests); (5) corruption; (6) all offences, including tax crimes relating to direct and indirect taxes , which are punishable by deprivation of liberty or a detention order for a maximum of more than one year, or as regards Member States that have a minimum threshold for offences in their legal systems, all offences punishable by deprivation of liberty or a detention order for a minimum of more than six months. 9

The Fourth Anti-money Laundering Directive (cont) Definition of Beneficial Owner Type

Description

Corporate Entities

(1) The natural person(s) who ultimately owns or controls a legal entity through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that entity, including through bearer shareholdings, or through control via other means, other than a company listed on a regulated market that is subject to disclosure requirements consistent with Union law or subject to equivalent international standards which ensure adequate transparency of ownership information; a shareholding of 25% plus one share or an ownership interest of more than 25% in the customer held by a natural person shall be an indication of direct ownership. A shareholding of 25% plus one share or an ownership interest of more than 25% in the customer held by a corporate entity, which is under the control of a natural person(s), shall be an indication of indirect ownership. This applies without prejudice to the right of Member States to decide a lower percentage may be an indication of ownership or control. Control through other means may be determined, inter alia, in accordance with the criteria in Article 22(1) to (5) of Directive 2013/34/EU of the European Parliament and of the Council;

(2) if, after having exhausted all possible means there are no grounds for suspicion, no person under Point (1) is identified, or if there is any doubt that the person(s) identified are the beneficial owner(s), the natural person(s) who hold the position of senior managing official(s), the 4AMLD Obliged Entities shall keep records of the actions taken in order to identify the beneficial ownership under Points (1) and (2).

The Fourth Anti-money Laundering Directive (cont) Definition of Beneficial Owner Type Trusts

Description In the case of trusts: (1) the settlor; (2) the trustee(s); (3) the protector (if any); (4) the beneficiaries, or where the individuals benefitting from the legal arrangement or entity have yet to be determined, the class of persons in whose main interest the legal arrangement or entity is set up or operates; (5) any other natural person exercising ultimate control over the trust by means of direct or indirect ownership, or by other means.

Legal Entities

In the case of legal entities such as foundations, and legal arrangements similar to trusts, the natural person(s) holding equivalent or similar positions to those referred to as Trusts.

The Fourth Anti-money Laundering Directive (cont) Definition of Credit Institution Credit Institution means a credit institution as defined in Point (1) of Article 4(1) of Regulation (EU) No 575/2013 of the European Parliament and of the Council, including branches thereof, as defined in Point (17) of Article 4(1) of that Regulation, located in the Union, whether its head office is situated within the Union or in a Third Country.

Definition of Financial Institution This means: (1) an undertaking (other than a CI), which Points (2) to (12), (14) and (15) of Annex I of Directive 2013/36/EU of the European Parliament and of the Council carries out one or more of the activities listed in, including the activities of currency exchange offices (bureaux de change); 12

The Fourth Anti-money Laundering Directive (cont) Definition of Financial Institution (cont) (2) an insurance undertaking insofar as it carries out life assurance activities covered by that Directive; (3) an investment firm ; (4) a Collective Investment Undertaking (CIU) marketing its units or shares; (5) an insurance intermediary where it acts with respect to life insurance and other investment-related services, with the exception of a tied insurance intermediary; (6) branches, when located in the Union, of financial institutions (as referred to in points (1) to (5)), whether their head office is situated in a Member State or in a Third Country. 13

The Fourth Anti-money Laundering Directive (cont) Definition of Group Group means a group of undertakings which consists of a parent undertaking, its subsidiaries, and the entities in which the parent undertaking or its subsidiaries hold a participation, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU.

Definition of Money Laundering No 1

Type Conversion or transfer of property.

Description The conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person's action.

The Fourth Anti-money Laundering Directive (cont) Definition of Money Laundering (cont) No 2

Type Concealment or disguise of property.

Description The concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act of participation in such an activity.

Acquisition, possession, or use of property.

The acquisition, possession, or use of property, knowing at the time of receipt, that such property was derived from criminal activity or from an act of participation in such an activity.

Participation, association, or attempts of ML Types 1 to 3.

Participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the ML Types 1 to 3.

ML occurs even when the activities which generated the property to be laundered were carried out in the territory of another Member State, or in that of a Third Country. Knowledge, intent or purpose as an element of ML or TF activities may be inferred from objective factual circumstances.

The Fourth Anti-money Laundering Directive (cont) Definition of Terrorist Financing The provision or collection of funds, by any means, directly or indirectly, with the intention that they be used, or in the knowledge that they are to be used, in full or in part, in order to carry out any of the offences within the meaning of Articles 1 to 4 of Council Framework Decision 2002/475/JHA.

4AMLD Obliged Entities Type

Description

Credit Institutions (CIs).

Financial Institutions (FIs).

The Fourth Anti-money Laundering Directive (cont) 4AMLD Obliged Entities (cont) Type 3

Description Natural or legal persons acting in the exercise of their professional activities: (a) auditors, external accountants and tax advisors; (b) notaries and other independent legal professionals, where they participate, whether by acting on behalf of and for their client in any financial or real estate transaction, or by assisting in the planning or carrying out of transactions for their client concerning the: (i) buying and selling of real property or business entities; (ii) managing of client money, securities or other assets; (iii) opening or management of bank, savings or securities accounts;

(iv) organisation of contributions necessary for the creation, operation or management of companies; (v) creation, operation or management of trusts, companies, foundations, or similar structures; (c) trust or company service providers; (d) estate agents;

(e) other persons trading in goods to the extent that payments are made or received in cash in an amount of EUR 10,000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked; (f) providers of gambling services.

The Fourth Anti-money Laundering Directive (cont) 4AMLD Obliged Entities (cont) In accordance with the risk-based approach, Member States are required to ensure that the scope of the 4AMLD is extended (in whole or in part) to professions and to categories of undertakings, other than the 4AMLD Obliged Entities, which engage in activities which are particularly likely to be used for the purposes of ML or TF. Trust and Company Service Providers (TCSPs) means any person that, by way of its business, provides any of the following services to third parties: (1) the formation of companies or other legal persons; (2) acting as, or arranging for another person to act as, a director or secretary of a company, a partner of a partnership, or a similar position in relation to other legal persons; 18

The Fourth Anti-money Laundering Directive (cont) 4AMLD Obliged Entities (cont) (3) providing a registered office, business address, correspondence or administrative address, and other related services for a company, a partnership, or any other legal person or arrangement; (4) acting as, or arranging for another person to act as, a trustee of an express trust, or a similar legal arrangement;

(5) acting as, or arranging for another person to act as, a nominee shareholder for another person other than a company listed on a regulated market that is subject to disclosure requirements in accordance with Union law, or subject to equivalent international standards. 19

The Fourth Anti-money Laundering Directive (cont) 4AMLD Exceptions: Gambling Services Following an appropriate risk assessment, Member States may at their discretion exempt (in full or in part) providers of certain gambling services from national provisions transposing the 4AMLD on the basis of the proven low risk posed by the nature, and where appropriate, the scale of operations of such services.

This exception does not apply to casinos. Member States are required to assess the degree of vulnerability of the applicable transactions, including with respect to the payment methods used in risk assessments. 20

The Fourth Anti-money Laundering Directive (cont) 4AMLD Exceptions: Gambling Services (cont) Any decision to exempt must be notified to the Commission, together with a justification based on the specific risk assessment. Such decision will be communicated to the other Member States. Gambling Services means a service which involves wagering a stake with monetary value in games of chance, including those with an element of skill such as lotteries, casino games, poker games, and betting transactions that are provided at a physical location, or by any means at a distance, by electronic means or any other technology for facilitating communication and at the individual request of a recipient of services. 21

The Fourth Anti-money Laundering Directive (cont) 4AMLD Exceptions: Little Risk of ML or TF Member States may decide that persons that engage in a financial activity on an occasional or very limited basis where there is little risk of ML or TF do not fall within the scope of the 4AMLD, provided that the Low Risk ML and TF Criteria are met. Where a Member State decides to make an exception they must state the reasons on which they are based. Member States must also establish risk-based monitoring activities or take other adequate measures to ensure that the exemption granted is not abused. 22

The Fourth Anti-money Laundering Directive (cont) 4AMLD Obliged Entities No

Description

The financial activity is limited in absolute terms.

The financial activity is limited on a transaction basis.

The financial activity is not the main activity of such persons.

The financial activity is ancillary and directly related to the main activity of such persons.

The main activity of such persons is not an activity referred to in points 3(a), 3(b), 3(c), 3(d) or 3(f) of the 4AMLD Obliged Entities.

The financial activity is provide only to the customers of the main activity of such persons and is not generally offered to the public.

This exception does not apply to persons engaged in the activity of money remittance. In assessing the risk of ML or TF Member States are required to pay particular attention to any financial activity which is considered to be particularly likely, by its nature, to be used or abused for the purposes of ML or TF.

The Fourth Anti-money Laundering Directive (cont) Commission Risk Assessment The Commission is required to conduct an assessment of the risks of ML and TF affecting the internal market and relating to cross-border activities. It was required to draw up a report identifying, analysing and evaluating those risks at Union level. The Commission is required to update its report every two years, or more frequently if appropriate. Such report is required to cover: (1) the areas of the internal market that are at greatest risk;

(2) the risks associated with each relevant sector; (3) the most widespread means used by criminals by which to launder illicit proceeds. 24

The Fourth Anti-money Laundering Directive (cont) Commission Risk Assessment (cont) In conducting the risk assessment the Commission was required to organise the work at Union level, taking account of the joint opinion on the risks of ML and TF affecting the Union's financial sector issued by the European Supervisory Authorities (ESAs). The Commission was also required to involve the Member States' experts in the area of AML/CFT, representatives from Financial Intelligence Units (FIAs) and other Union level bodies where appropriate. The Commission is required to submit a report to the European Parliament and to the Council on the findings resulting from the regular risk assessments and the action take based on those findings every two years (or more frequently if appropriate). 25

The Fourth Anti-money Laundering Directive (cont) Member State Risk Assessments Member States are required to take appropriate steps to identify, assess, understand and mitigate the risks of ML and TF affecting it, as well as any data protection concerns. Member States are required to keep that risk assessment up to date. In carrying out such risk assessments Member States are required to make use of the Commission Risk Assessment Report. 26

The Fourth Anti-money Laundering Directive (cont) Member State Risk Assessments (cont) Member States are required to use the risk assessment to:

(1) use it to improve its AML/CFT regime, in particular by identifying any areas where obliged entities are to apply enhanced measures and, where appropriate, specifying the measures to be taken; (2) identify, where appropriate, sectors or areas of lower or greater risk of ML or TF;

(3) use it to assist it in the allocation and prioritisation of resources to combat ML and TF; (4) use it to ensure that appropriate rules are drawn up for each sector or area, in accordance with the risks of ML and TF; (5) make appropriate information available promptly to 4AMLD Obliged Entities to facilitate the carrying out of their own ML and TF risk assessments. 27

The Fourth Anti-money Laundering Directive (cont) 4AMLD Obliged Entity Risk Assessments 4AMLD Obliged Entities are required to take appropriate steps to identify and assess the risks of ML and TF, taking into account risk factors including those relating to their customers, countries, or geographic areas, products, services, transactions or delivery channels. Such steps are required to be proportionate to the nature and size of the 4AMLD Obliged Entities. Such risk assessments are required to be documented, kept up-to-date and made available to the relevant National Competent Authorities (NCAs) and selfregulatory bodies concerned. Self-regulatory body means a body that represents members of a profession and has a role in regulating them, in performing certain supervisory or monitoring type functions, and in ensuring the enforcement of the rules relating to them. 28

The Fourth Anti-money Laundering Directive (cont) 4AMLD Obliged Entity Risk Assessments (cont) NCAs may decide that individual documented risk assessments are not required where the specific risks inherent in the sector are clear and understood. 4AMLD Obliged Entities are required to have in place policies, controls, and procedures (PCP) to mitigate and manage effectively the risks of ML and TF identified at the level of the Union, the Member State and the 4AMLD Obliged Entity. Such PCP are required to be proportionate to the nature and size of the 4AMLD Obliged Entities.

The Fourth Anti-money Laundering Directive (cont) 4AMLD Obliged Entity Risk Assessments (cont) They must include:

(1) the development of internal policies, controls and procedures, including model risk management practices, customer due diligence, reporting, record-keeping, internal control, compliance management including, where appropriate with regard to the size and nature of the business, the appointment of a compliance officer at management level, and employee screening; (2) where appropriate to the size and nature of the business, an independent audit function to test the internal PCP. 4AMLD Obliged Entities are required to obtain approval from their Senior Management for the PCP that they put in place and to monitor and enhance the measures taken, where appropriate. 30

The Fourth Anti-money Laundering Directive (cont) 4AMLD Obliged Entity Risk Assessments (cont) Senior Management means an officer or employee with sufficient knowledge of the institution's ML and TF risk exposure, AND with sufficient seniority to take decisions affecting its risk exposure, and need not, in all cases, be a member of the board of directors.

Third Country Policy Third Countries which have strategic deficiencies in their national AML/CFT regimes that pose significant threats to the financial system of the Union (High Risk Third Countries) (HRTCs) are required to be identified in order to protect the proper functioning of the internal market. 31

The Fourth Anti-money Laundering Directive (cont) Third Country Policy (cont) The Commission is empowered to adopt delegated acts in order to identify HRTCs, taking into account strategic deficiencies, in particular in relation to:

(1) the legal and institutional AML/CFT framework of the Third Country, in particular: (a) criminalisation of ML and TF; (b) measures relating to Customer Due Diligence; (c) requirements relating to record-keeping; (d) requirements to report suspicious transactions; (2) the powers and procedures of the Third Country's Competent Authorities for the purposes of combating ML and TF; (3) the effectiveness of the AML/CFT system in addressing ML or TF risks of the Third Country.

The Fourth Anti-money Laundering Directive (cont) The Risk Factors Guidelines: High Risk Third Countries and Other High Risk Situations When dealing with natural persons or legal persons established or residing in a HRTC identified by the Commission, and in all other high-risk situations, firms should take an informed decision about which ECDD measures are appropriate for each high-risk situation. The appropriate type of ECDD, including the extent of the additional information sought, and of the increased monitoring carried out, will depend on the reason why an occasional transaction or a business relationship was classified as high risk. Firms are not required to apply all the ECDD measures listed below in all cases. For example, in certain high-risk situations it may be appropriate to focus on enhanced ongoing monitoring during the course of the business relationship. 33

The Fourth Anti-money Laundering Directive (cont) The Risk Factors Guidelines: High Risk Third Countries and Other High Risk Situations (cont) ECDD measures firms should apply may include:

(1) increasing the quantity of information obtained for CDD purposes: (a) information about the customer’s or beneficial owner’s identity, or the customer’s ownership and control structure, to be satisfied that the risk associated with the relationship is well understood; this may include obtaining and assessing information about the customer’s or beneficial owner’s reputation and assessing any negative allegations against the customer or beneficial owner. Examples include: (i) information about family members and close business partners; (ii)information about the customer’s or beneficial owner’s past and present business activities; and (iii) adverse media searches.

The Fourth Anti-money Laundering Directive (cont) The Risk Factors Guidelines: High Risk Third Countries and Other High Risk Situations (cont) (b) information about the intended nature of the business relationship to ascertain that the nature and purpose of the business relationship is legitimate and to help firms obtain a more complete customer risk profile. This may include obtaining information on: (i) the number, size and frequency of transactions that are likely to pass through the account, to enable the firm to spot deviations that might give rise to suspicion (in some cases, requesting evidence may be appropriate); (ii) why the customer is looking for a specific product or service, in particular where it is unclear why the customerâ&#x20AC;&#x2122;s needs cannot be met better in another way, or in a different jurisdiction; (iii) the destination of funds; (iv) the nature of the customerâ&#x20AC;&#x2122;s or beneficial ownerâ&#x20AC;&#x2122;s business, to enable the firm to better understand the likely nature of the business relationship.

The Fourth Anti-money Laundering Directive (cont) The Risk Factors Guidelines: High Risk Third Countries and Other High Risk Situations (cont) (2)increasing the quality of information obtained for CDD purposes to confirm the customer’s or beneficial owner’s identity including by: (a)requiring the first payment to be carried out through an account verifiably in the customer’s name with a bank subject to CDD standards that are not less robust than those set out in Chapter II of Directive (EU) 2015/849; or

(b)establishing that the customer’s wealth and the funds that are used in the business relationship are not the proceeds of criminal activity and that the source of wealth and source of funds are consistent with the firm’s knowledge of the customer and the nature of the business relationship; in some cases, where the risk associated with the relationship is particularly high, verifying the source of wealth and the source of funds may be the only adequate risk mitigation tool;

The Fourth Anti-money Laundering Directive (cont) The Risk Factors Guidelines: High Risk Third Countries and Other High Risk Situations (cont) the source of funds or wealth can be verified, inter alia, by reference to VAT and income tax returns, copies of audited accounts, pay slips, public deeds or independent media reports. (3) increasing the frequency of reviews to be satisfied that the firm continues to be able to manage the risk associated with the individual business relationship or conclude that the relationship no longer corresponds to the firmâ&#x20AC;&#x2122;s risk appetite and to help identify any transactions that require further review, including by: (a) increasing the frequency of reviews of the business relationship to ascertain whether the customerâ&#x20AC;&#x2122;s risk profile has changed and whether the risk remains manageable; (b) obtaining the approval of Senior Management to commence or continue the business relationship to ensure that senior management are aware of the risk their firm is exposed to and can take an informed decision about the extent to which they are equipped to manage that risk;

The Fourth Anti-money Laundering Directive (cont) The Risk Factors Guidelines: High Risk Third Countries and Other High Risk Situations (cont) (c)

reviewing the business relationship on a more regular basis to ensure any changes to the customerâ&#x20AC;&#x2122;s risk profile are identified, assessed and, where necessary, acted upon; or

(d)

conducting more frequent or in-depth transaction monitoring to identify any unusual or unexpected transactions that might give rise to suspicion of ML/TF; this may include establishing the destination of funds or ascertaining the reason for certain transactions.

Title III of the Risk Factors Guidelines lists additional ECDD measures that may be of particular relevance in different sectors. 38

Customer Due Diligence SECTION 2 39

Customer Due Diligence Member States are required to prohibit CIs and FIs from keeping anonymous accounts or anonymous passbooks. Member States are also required to ensure that the owners and beneficiaries of existing anonymous accounts or anonymous passbooks be subject to Customer Due Diligence (CDD) Measures as soon as possible, and in any event before such accounts or passbooks are used in any way.

Member States are also required to take measures to prevent misuse of bearer shares and bearer share warrants. Member States are required to ensure that 4AMLD Obliged Entities apply CDD Measures in the circumstances noted in the following table. 40

Customer Due Diligence (cont) 4AMLD Obliged Entity CDD Measures Circumstances No

Circumstances

When establishing a Business Relationship. Business Relationship means a business, professional, or commercial relationship which is connected with the professional activities of a 4AMLD Obliged Entity, and which is expected, at the time when the contact is established, to have an element of duration.

When carrying out an occasional transaction that amounts to EUR 15,000 or more, whether that transaction is carried out in a single operation, or in several operations which appear to be linked.

When carrying out an occasional transaction that constitutes a Transfer of Funds exceeding EUR 1,000.

In the case of persons trading in goods, when carrying out occasional transactions in cash amounting to EUR 10,000 or more, whether the transaction is carried out in a single operation, or in several operations which appear to be linked.

For providers of gambling services, upon the collection of winnings, the wagering of a stake, or both, when carrying out transactions amounting to EUR 2,000 or more, whether the transaction is carried out in a single operation, or in several operations which appear to be linked.

When there is a suspicion of ML or TF, regardless of any derogation, exemption, or threshold.

When there are doubts about the veracity or adequacy of previously obtained Customer Identification Data (CID).

Customer Due Diligence (cont) Customer Due Diligence Measures 4AMLD Obliged Entities are required to apply the CDD Measures set out below. However, they may determine the extent of such measures on a risksensitive basis. No

Measures

Identifying the customer and verifying the customer's identity on the basis of documents, data, or information obtained from a reliable and independent source.

Identifying the beneficial owner and taking reasonable measures to verify that person's identity so that the 4AMLD Obliged Entity is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts, companies, foundations and similar legal arrangements, taking reasonable measures to understand the ownership and control structure of the customer.

Assessing and, as appropriate, obtaining information on the purpose and intended nature of the business relationship.

Conducting ongoing monitoring of the business relationship, including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the 4AMLD Obliged Entity's knowledge of the customer, the business and risk profile, including where necessary the source of funds and ensuring that the documents, data or information held are kept up-to-date.

Customer Due Diligence (cont) Customer Due Diligence Measures (cont) When undertaking an assessment of the risks of ML and TF 4AMLD Obliged Entities are required to take into account the following (non-exhaustive) ML and TF Variables. No

Variables

The purpose of the account or relationship.

The level of assets to be deposited by a customer or the size of transactions undertaken.

The regularity or duration of the business relationship.

Member States are required to ensure that 4AMLD Obliged Entities are able to demonstrate to their NCAs or self-regulatory bodies that the measures are appropriate in view of the risks of ML and TF that have been identified. 43

Variables

The purpose of the account or relationship.

The level of assets to be deposited by a customer or the size of transactions undertaken.

The regularity or duration of the business relationship.

Customer Due Diligence (cont) Customer Due Diligence Measures (cont) Member States are required to ensure that 4AMLD Obliged Entities apply the CDD Measures to all new customers AND to existing customers at appropriate times on a risk-sensitive basis, including when the relevant circumstances of a customer change. Verification of the identity of the customer and the beneficial owner is required to take place BEFORE the establishment of a business relationship or the carrying out of a transaction.

Where a 4AMLD Obliged Entity is UNABLE to comply with the 4AMLD Obliged Entity CDD Measures, it MUST NOT carry out a transaction through a bank account, establish a business relationship, or carry out a transaction, and is required to terminate the business relationship and consider making a Suspicious Transaction Report (STR) to the Financial Intelligence Unit (FIU) in relation to the customer. 45

Customer Due Diligence (cont) Customer Due Diligence Measures (cont) Member States may allow verification of the identity of the customer and the beneficial owner to be completed during the establishment of a business relationship, if it is necessary so as not to interrupt the normal conduct of business AND where there is little risk of ML or TF. In these situations, those procedures are required to be completed as soon as practicable after initial contact.

Member States may allow the opening of an account with a CI or FI, including accounts that permit transactions in transferable securities, provided that there are adequate safeguards in place to ensure that transactions are not carried out by the customer, or on its behalf, UNTIL full compliance with the CDD Measures is obtained. 46

Customer Due Diligence (cont) Electronic Money CDD Measures Exemptions Based on an appropriate risk assessment which demonstrates a low risk, a Member State may allow 4AMLD Obliged Entities NOT to apply certain CDD Measures with respect to Electronic Money , where all the Electronic Money CDD Measures Risk Mitigating Conditions are met.

No 1

Requirement The payment instrument is not reloadable, or has a maximum monthly payment transaction limit of EUR 250 which can be used only in that Member State.

The maximum amount stored electronically does not exceed EUR 250.

The payment instrument is used exclusively to purchase goods or services

The issuer carries out sufficient monitoring of the transactions or business relationship to enable the detection of unusual or suspicious transactions.

Customer Due Diligence (cont) Life or other Investment-related Insurance Business Member States are required to ensure that, in addition to CDD Measures required for the customer and beneficial owner, CIs and FIs conduct the following CDD Measures on the beneficiaries of life insurance and other investment-related insurance policies, as soon as the beneficiaries are identified or designated: (1) in the case of beneficiaries that are identified as specially named persons or legal arrangements, taking the name of the person; (2) in the case of beneficiaries that are designated by characteristics or by class or by other means, obtaining sufficient information concerning those beneficiaries to satisfy the CI or FI that it will be able to establish the identity of the beneficiary at the time of the payout. 48

Customer Due Diligence (cont) Life or other Investment-related Insurance Business (cont) The verification of the identity of the beneficiaries must take place at the time of the payout. In the case of assignment, in whole or in part, of the life or other investmentrelated insurance to a third party, CIs and FIs that are aware of the assignment must identify the beneficial owner at the time of the assignment to the natural or legal person or legal arrangement receiving for its own benefit the value of the policy assigned.

In the case of beneficiaries or trusts or of similar legal arrangements that are designated by particular characteristics or class, a 4AMDL Obliged Entity is required to obtain sufficient information concerning the beneficiary to satisfy the 4AMLD Obliged Entity that it will be able to establish the identity of the beneficiary at the time of the payout or at the time of the exercise by the beneficiary of its vested rights. 49

Simplified Customer Due Diligence SECTION 3 50

Simplified Customer Due Diligence Where a Member State or a 4AMLD Obliged Entity identifies areas of lower risk, the Member State may allow 4AMLD Obliged Entities to apply Simplified CDD Measures (SCDD Measures). Prior to applying SCDD Measures, 4AMLD Obliged Entities are required to ascertain that the business relationship or the transaction presents a lower degree of risk. Member States are required to ensure that 4AMLD Obliged Entities carry out sufficient monitoring of the transactions and business relationships to enable the detection of unusual or suspicious transactions. When assessing the risks of ML and TF relating to types of customers, geographic areas, and particular products, services, transactions or delivery channels, Member States and 4AMLD Obliged Entities are required to take into account at least the Potentially Lower Risk Situations Factors set out in the following table. 51

Simplified Customer Due Diligence (cont) Potentially Lower Risk Factors Factors

Customer Risk Factors

Product, Service, Transaction or Delivery Channel Risk Factors

Description

Public companies listed on a stock exchange and subject to disclosure requirements (either by stock exchange rules or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial ownership.

Public administrations or enterprises.

Customers that are resident in geographical areas of lower risk as set out in the Geographical Risk Factors.

Life insurance policies for which the premium is low.

Insurance policies for pension schemes if there is no early surrender option and the policy cannot be used as collateral.

A pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member's interest under the scheme.

Financial products or services that provide appropriately defined and limited services to certain types of customers, so as to increase access for financial inclusion access purposes.

Products where the risks of ML and TF are managed by other factors such as purse limits or transparency of ownership (e.g. certain types of electronic money).

Simplified Customer Due Diligence (cont) Potentially Lower Risk Factors (cont) Factors

Geographical Risk Factors

Description

Member States.

Third Countries having effective AML/CFT systems.

Third Countries identified by credible sources as having a low level of corruption or other criminal activity.

Third Countries, which, on the basis of credible sources such as mutual evaluations, detailed assessment reports or published follow-up reports, have requirements to combat ML and TF consistent with the revised Financial Action Task Force (FATF) Recommendations and effectively implement those requirements.

The Risk Factors Guidelines: SCDD Measures To the extent permitted by national legislation, firms may apply SCDD Measures in situations where the ML/TF risk associated with a business relationship has been assessed as low.

SCDD is not an exemption from any of the CDD measures, however, firms may adjust the amount, timing or type of each or all of the CDD Measures in a way that is commensurate to the low risk they have identified.

Simplified Customer Due Diligence (cont) The Risk Factors Guidelines: SCDD Measures (cont) SCDD measures firms may apply include but are not limited to: (1) adjusting the timing of CDD, for example where the product or transaction sought has features that limit its use for ML/TF purposes, for example by: (a) verifying the customer’s or beneficial owner’s identity during the establishment of the business relationship; or (b) verifying the customer's or beneficial owner’s identity once transactions exceed a defined threshold or once a reasonable time limit has lapsed. Firms must make sure that: (i) this does not result in a de facto exemption from CDD, that is, firms must ensure that the customer’s or beneficial owner’s identity will ultimately be verified; 54

Simplified Customer Due Diligence (cont) The Risk Factors Guidelines: SCDD Measures (cont) (i) this does not result in a de facto exemption from CDD, that is, firms must ensure that the customerâ&#x20AC;&#x2122;s or beneficial ownerâ&#x20AC;&#x2122;s identity will ultimately be verified; (ii) the threshold or time limit is set at a reasonably low level (although, with regard to terrorist financing, firms should note that a low threshold alone may not be enough to reduce risk); (iv) they have systems in place to detect when the threshold or time limit has been reached; and (v) they do not defer CDD or delay obtaining relevant information about the customer where applicable legislation (e.g. Regulation (EU) 2015/847 or provisions in national legislation) require that this information be obtained at the outset. 55

Simplified Customer Due Diligence (cont) The Risk Factors Guidelines: SCDD Measures (cont) (2) adjusting the quantity of information obtained for identification, verification or monitoring purposes, for example by:

(a) verifying identity on the basis of information obtained from one reliable, credible and independent document or data source only; or (b) assuming the nature and purpose of the business relationship because the product is designed for one particular use only, such as a company pension scheme or a shopping centre gift card.

Simplified Customer Due Diligence (cont) The Risk Factors Guidelines: SCDD Measures (cont) (3) adjusting the quality or source of information obtained for identification, verification or monitoring purposes, for example by: (a) accepting information obtained from the customer rather than an independent source when verifying the beneficial owner’s identity (note that this is not permitted in relation to the verification of the customer’s identity); or (b) where the risk associated with all aspects of the relationship is very low, relying on the source of funds to meet some of the CDD requirements, for example where the funds are state benefit payments or where the funds have been transferred from an account in the customer’s name at an EEA firm; 57

Simplified Customer Due Diligence (cont) The Risk Factors Guidelines: SCDD Measures (cont) (4) adjusting the frequency of CDD updates and reviews of the business relationship, for example carrying these out only when trigger events occur such as the customer looking to take out a new product or service or when a certain transaction threshold is reached; firms must make sure that this does not result in a de facto exemption from keeping CDD information up-to-date; (5) adjusting the frequency and intensity of transaction monitoring, for example by monitoring transactions above a certain threshold only. Where firms choose to do this, they must ensure that the threshold is set at a reasonable level and that they have systems in place to identify linked transactions that, together, would exceed that threshold. The information a firm obtains when applying SCDD measures must enable the firm to be reasonably satisfied that its assessment that the risk associated with the relationship is low is justified. 58

Simplified Customer Due Diligence (cont) The Risk Factors Guidelines: SCDD Measures (cont) It must also be sufficient to give the firm enough information about the nature of the business relationship to identify any unusual or suspicious transactions. SCDD does not exempt an institution from reporting suspicious transactions to the FIU. Where there are indications that the risk may not be low, for example where there are grounds to suspect that ML/TF is being attempted or where the firm has doubts about the veracity of the information obtained, SCDD MUST NOT be applied. Equally, where specific high-risk scenarios apply and there is an obligation to conduct ECDD, SCDD MUST NOT be applied. Title III of the Risk Factors Guidelines lists additional SCDD measures that may be of particular relevance in different sectors. 59

Enhanced Customer Due Diligence SECTION 4 60

Enhanced Customer Due Diligence Member States shall require 4AMLD Obliged Entities to apply Enhanced CDD Measures (ECDD Measures) to manage and mitigate risks appropriately in the following cases: (1) Cases referred to in Articles 19 to 24 4AMLD; (2) When dealing with natural persons or legal entities established in Third Countries identified by the Commission as HRTCs; (3) In other cases of higher risk that are identified by Member States or 4AMLD Obliged Entities. ECDD Measures are not required to be invoked automatically with respect to branches or majority-owned subsidiaries of 4AMLD Obliged Entities established in the Union which are located in HRTCs, WHERE those branches or majorityowned subsidiaries FULLY COMPLY with the 4AMLD Group-Wide Policies and Procedures (Article 45 4AMLD). 61

Enhanced Customer Due Diligence Member States must ensure that those cases are handled by 4AMLD Obliged Entities by using a Risk-Based Approach (RBA). Member States must require 4AMLD Obliged Entities to examine, as far as reasonably possible, the background and purpose of all complex and unusually large transactions, and all unusual patterns of transactions which have no apparent economic or lawful purpose. 4AMLD Obliged Entities are required to increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear suspicious. When assessing the risks of ML and TF, Member States and 4AMLD Obliged Entities are required to take into account at least the (nonexhaustive) Potentially Higher Risk Situations Factors set out in the following table. 62

Enhanced Customer Due Diligence (cont) Potentially Higher Risk Factors Factors

Customer Risk Factors

Product, Service, Transaction or Delivery Channel Risk Factors

Description

The business relationship is conducted in unusual circumstances.

Customers that are resident in geographical areas of higher risk as set out in the Geographical Risk Factors.

Legal persons or arrangements that are personal asset-holding vehicles.

Companies that have nominee shareholders or shares in bearer form.

Businesses that are cash-intensive.

The ownership structure of the company appears unusual or excessively complex given the nature of the company's business.

Private banking.

Products or transactions that might favour anonymity.

Non-face-to-face business relationships or transactions, without certain safeguards, such as electronic signatures.

Payment received from unknown or unassociated third parties.

New products and new business practices, including new delivery mechanism, and the use of new or developing technologies for both new and pre-existing products.

Enhanced Customer Due Diligence (cont) Potentially Higher Risk Factors (cont) Factors

Geographical Risk Factors

Description

Countries identified by credible sources, such as mutual evaluations, detailed assessment reports or published follow-up reports, as not having effective AML/CFT systems.

Countries identified by credible sources as having significant levels of corruption or other criminal activity.

Countries subject to sanctions, embargos or similar measures issued by, for example, the Union or the United Nations.

Countries providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country.

The Risk Factors Guidelines: Unusual Transactions Firms should put in place adequate policies and procedures to detect unusual transactions or patterns of transactions. 64

Enhanced Customer Due Diligence (cont) The Risk Factors Guidelines: Unusual Transactions (cont) Where a firm detects transactions that are unusual because:

(1) they are larger than what the firm would normally expect based on its knowledge of the customer, the business relationship or the category to which the customer belongs; (2) they have an unusual or unexpected pattern compared with the customerâ&#x20AC;&#x2122;s normal activity or the pattern of transactions associated with similar customers, products or services; or (3) they are very complex compared with other, similar, transactions associated with similar customer types, products or services, and the firm is not aware of an economic rationale or lawful purpose or doubts the veracity of the information it has been given, it must apply ECDD measures. 65

Enhanced Customer Due Diligence (cont) The Risk Factors Guidelines: Unusual Transactions (cont) These ECDD measures should be sufficient to help the firm determine whether these transactions give rise to suspicion and must at least include: (1) taking reasonable and adequate measures to understand the background and purpose of these transactions, for example by establishing the source and destination of the funds or finding out more about the customerâ&#x20AC;&#x2122;s business to ascertain the likelihood of the customer making such transactions; and (2) monitoring the business relationship and subsequent transactions more frequently and with greater attention to detail; A firm may decide to monitor individual transactions where this is commensurate to the risk it has identified. .

Enhanced Customer Due Diligence (cont) The Risk Factors Guidelines: ECDD ECDD measures cannot be substituted for regular CDD Measures but must be applied in addition to regular CDD Measures. Directive (EU) 2015/849 lists specific cases that must always be treated as high risk: (1) where the customer, or the customer's beneficial owner, is a PEP;

(2) where a firm enters into a Correspondent Relationship with a Respondent Institution from a non-European Economic Area (EEA) state; (3) where a firm deals with natural persons or legal entities established in HRTCs;

(4) all complex and unusually large transactions, or unusual patterns of transactions, that have no obvious economic or lawful purpose. Firms should apply additional ECDD Measures in those situations where this is commensurate to the ML/TF risk that they have identified.

Enhanced Customer Due Diligence (cont) Article 19 4AMLD: Cross-border Correspondent Relationships Correspondent Relationship means:

(1) the provision of banking services by one bank as the correspondent to another bank as the respondent, including providing a current or other liability account and related services, such as cash management, international funds transfers, cheque clearing, payable-through accounts, and foreign exchange services; (2) the relationships between and among CIs and FIs including where similar services are provided by a Correspondent Institution to a Respondent Institution, and including relationships established for securities transactions or funds transfers. With respect to cross-border correspondent relationships with a Third Country Respondent Institution, Member States are required to ensure that CIs and FIs adhere to the Cross-border Correspondent Relationships Additional Measures.

Enhanced Customer Due Diligence (cont) Article 19 4AMLD: Cross-border Correspondent Relationships (cont) No

Additional Measures

Gather sufficient information about the respondent institution to understand fully the nature of the respondent's business and to determine from publicly available information the reputation of the institution and the quality of supervision.

Assess the respondent institution's AML/CFT controls.

Obtain approval from Senior Management before establishing new correspondent relationships.

Document the respective responsibilities of each institution.

With respect to payable-through accounts, be satisfied that the respondent institution has verified the identity of, and performed ongoing due diligence on, the customers having direct access to accounts of the correspondent institution, and that it is able to provide relevant CDD data to the correspondent institution, upon request.

Enhanced Customer Due Diligence (cont) The Risk Factors Guidelines: Correspondent Relationships (cont) Firms are required to take specific ECDD measures where they have a cross-border correspondent relationship with a respondent who is based in a third country. Firms must apply all of these measures and should adjust the extent of these measures on a risk-sensitive basis.

Firms should refer to Title III for guidelines on ECDD in relation to correspondent banking relationships (Chapter 1: Sectoral Guidelines for Correspondent Banks). 70

Enhanced Customer Due Diligence (cont) Article 20 4AMLD: PEP Transactions or Business Relationships (cont) Politically Exposed Persons (PEPs) means a natural person who is, or who has been entrusted with Prominent Public Functions and includes the following: (1) Heads of State, Heads of Government, Ministers and Deputy or Assistant Ministers; (2) Members of Parliament or similar legislative bodies; (3) Members of the Governing Bodies of political parties; (4) Members of Supreme Courts, of Constitutional Courts, or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances; 71

Enhanced Customer Due Diligence (cont) Article 20 4AMLD: PEP Transactions or Business Relationships (cont) (5) Members of Courts of Auditors or of the Boards of Central Banks; (6) Ambassadors, ChargĂŠs d'affairs and high-ranking officers in the armed forces; (7) Members of the Administrative, Management, or Supervisory Bodies of State-owned enterprises ;

(8)Directors, Deputy Directors and Members of the Board or equivalent function of an International Organisation. No public functions cover middle-ranking or more junior officials. 72

Enhanced Customer Due Diligence (cont) Article 20 4AMLD: PEP Transactions or Business Relationships (cont) For transactions or business relationships with PEPs, in addition to the CDD Measures, Member States must require 4AMLD Obliged Entities to:

(1) have in place appropriate risk management systems, including risk-based procedures, to determine whether the customer or the beneficial owner of the customer is a PEP; (2) apply the following measures in case of business relationships with PEPs: (a) obtain Senior Management approval for establishing or continuing business relationships with PEPs; (b) take adequate measures to establish the source of wealth and source of funds that are involved in business relationships or transactions with such persons; (c) conduct enhanced, ongoing monitoring of those business relationships.

Enhanced Customer Due Diligence (cont) Article 20 4AMLD: PEP Transactions or Business Relationships (cont) These measures also apply to Family Members or Persons Known to be Close Associates of PEPs. Family Members means: (1) the spouse, or a person considered to be equivalent to a spouse, of a PEP; (2) the children and their spouses, or persons considered to be equivalent to a spouse, of a PEP; (3) the parents of a PEP. 74

Enhanced Customer Due Diligence (cont) Article 20 4AMLD: PEP Transactions or Business Relationships (cont) Persons Known to be Close Associates means:

(1) natural persons who are known to have joint beneficial ownership of legal entities or legal arrangements, or any other close business relations with a PEP; (2) natural persons who have sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a PEP.

Enhanced Customer Due Diligence (cont) The Risk Factor Guidelines: PEPs Firms that have identified that a customer or beneficial owner is a PEP must always: (1) take adequate measures to establish the source of wealth and the source of funds to be used in the business relationship in order to allow the firm to satisfy itself that it does not handle the proceeds from corruption or other criminal activity;

the measures firms should take to establish the PEPâ&#x20AC;&#x2122;s source of wealth and the source of funds will depend on the degree of high risk associated with the business relationship; firms should verify the source of wealth and the source of funds on the basis of reliable and independent data, documents or information where the risk associated with the PEP relationship is particularly high. 76

Enhanced Customer Due Diligence (cont) The Risk Factor Guidelines: PEPs (cont) (2) obtain senior management approval for entering into, or continuing, a business relationship with a PEP; the appropriate level of seniority for sign-off should be determined by the level of increased risk associated with the business relationship, and the senior manager approving a PEP business relationship should have sufficient seniority and oversight to take informed decisions on issues that directly impact the firmâ&#x20AC;&#x2122;s risk profile; when considering whether to approve a PEP relationship, senior management should base their decision on the level of ML/TF risk the firm would be exposed to if it entered into that business relationship and how well equipped the firm is to manage that risk effectively; 77

Enhanced Customer Due Diligence (cont) The Risk Factor Guidelines: PEPs (cont) (3) apply enhanced ongoing monitoring of both transactions and the risk associated with the business relationship; firms should identify unusual transactions and regularly review the information they hold to ensure that any new or emerging information that could affect the risk assessment is identified in a timely fashion; the frequency of ongoing monitoring should be determined by the level of high risk associated with the relationship. Firms must apply all of these measures to PEPs, their Family Members and Known Close Associates and should adjust the extent of these measures on a risk-sensitive basis. 78

Enhanced Customer Due Diligence (cont) Article 21 4AMLD: Life or other Investment-related Insurance Policies Member States are required to ensure that 4AMLD Obliged Entities take reasonable measures to determine whether the beneficiaries of a life or other investment-related insurance policy and/or, where required, the beneficial owner of the beneficiary are PEPs. Such measures are required to be taken no later than at the time of the payout, OR at the time of the assignment (in whole or in part), of the policy. Where risks are identified Member States are required to ensure that 4AMLD Obliged Entities: (1) inform Senior Management before payout of policy proceeds; (2) conduct enhanced scrutiny of the entire business relationship with the policyholder. These measures also apply to Family Members or Persons Known to be Close Associates of PEPs.

Enhanced Customer Due Diligence (cont) Article 22 4AMLD: Retired PEPs Where a PEP is no longer entrusted with a Prominent Public Function by a Member State or a Third Country, OR with a Prominent Public Function by an International Organisation, 4AMLD Obliged Entities are required, for at least 12 months, to take into account the continuing risk posed by that person and to apply appropriate risksensitive measures until such time as that person is deemed to pose no further risk specific to PEPs. 81

Enhanced Customer Due Diligence (cont) Article 24 4AMLD: Shell Banks Members States are required to prohibit CIs and FIs from entering into, or continuing, a Correspondent Relationship with a Shell Bank. Such institutions must take appropriate measures to ensure that they do not engage in, or continue, correspondent relationships with a CI or FI that is known to allow its accounts to be used by a Shell Bank. A Shell Bank means a CI or a FI, or an institution that carries out activities equivalent to those carried out by CIs and FIs, incorporated in a jurisdiction in which it has no physical presence, involving meaningful mind and management, and which is unaffiliated with a regulated financial group. 82

Third Party Outsourcing SECTION 5 83

Third Party Outsourcing Member States are permitted to allow 4AMLD Obliged Entities to rely on third parties to meet the CDD requirements, however the ultimate responsibility for meeting those requirements will remain with the 4AMLD Obliged Entity. This will not apply to outsourcing or agency relationships where, on the basis of a contractual arrangement, the outsourcing service provider or agent is to be regarded as part of the 4AMLD Obliged Entity.

Third Party Outsourcing (cont) Third Parties Third Parties means:

(1) 4AMLD Obliged Entities; (2) the member organisations or federations of those 4AMLD Obliged Entities;

(3) other institutions or persons situated in a Member State or Third Country that: (a) apply CDD requirements and record-keeping requirements that are consistent with those set out in the 4AMLD; AND (b) have their compliance with the requirements of the 4AMLD supervised in a manner consistent with Section 2 of Chapter VI 4AMLD. 85

Third Party Outsourcing (cont) Third Party Outsourcing Conditions Member States are required to prohibit 4AMLD Obliged Entities from relying on Third Parties established in HRTCs. Member States may exempt branches and majority-owned subsidiaries of 4AMLD Obliged Entities established in the Union from that prohibition WHERE those branches and majority-owned subsidiaries FULLY COMPLY with the 4AMLD Group-Wide Policies and Procedures. 4AMLD Obliged Entities are required to obtain from a Third Party all the necessary information stipulated by the CDD requirements.

4AMLD Obliged Entities are required to ensure that a Third Party provides, immediately upon request, relevant copies of identification and verification data and other relevant documentation on the identity of the customer or the beneficial owner. 86

Third Party Outsourcing (cont) Reliance on Group-Wide Policies and Procedures Member States must ensure that the Competent Authority of the home Member State (for Group-Wide Policies and Procedures), and the Competent Authority of the host Member State (for branches and subsidiaries), may consider a 4AMLD Obliged Entity to comply with the Third Party Outsourcing Conditions through its group programme, where ALL of the following conditions are met: (1) the 4AMLD Obliged Entity relies on information provided by a Third Party that is part of the same group; (2) that group applies CDD Measures, rules on record-keeping and programmes against ML and TF in accordance with the 4AMLD (or equivalent rules); (3) the effective implementation of the requirements in (2) is supervised at group level by a Competent Authority of the home Member State, or of a Third Country. 87

High Risk Jurisdictions SECTION 6 88

High Risk Jurisdictions Financial Action Task Force (FATF) High Risk Jurisdictions No

Country

Description

Democratic People's Republic of Korea (DPRK).

Call for action.

Ethiopia.

Call for action.

Iran.

Other monitored jurisdictions.

Pakistan.

Other monitored jurisdictions.

Serbia.

Other monitored jurisdictions.

Sri Lanka.

Other monitored jurisdictions.

Syria.

Other monitored jurisdictions.

Trinidad and Tobago.

Other monitored jurisdictions.

Tunisia.

Other monitored jurisdictions.

10.

Yemen.

Other monitored jurisdictions.

High Risk Jurisdictions (cont) European Union High Risk Third Country List Commission Delegated Regulation (EU) 2016/1675 of 14 July 2016 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council by identifying high-risk third countries with strategic deficiencies. No

Country

11.

Afghanistan

12.

Bosnia and Herzegovina

13.

Guyana

14.

Iraq

15.

Lao PDR

16.

Syria

17.

Uganda

18.

Vanuatu

19.

Yemen

20.

Ethiopia

Description

High-risk third countries which have provided a written high-level political commitment to address the identified deficiencies and have developed an action plan with FATF.

High Risk Jurisdictions (cont) European Union High Risk Third Country List (cont)

Country

21. Iran

22. DPRK

Description High-risk third countries which have provided a high-level political commitment to address the identified deficiencies and have decided to seek technical assistance in the implementation of the FATF Action Plan, which are identified by FATF Public Statement. High-risk third countries which present ongoing and substantial money-laundering and terrorist-financing risks, having repeatedly failed to address the identified deficiencies and which are identified by FATF Public Statement.

Beneficial Ownership Information SECTION 7 92

Beneficial Ownership Information Member States are required to ensure that corporate and other legal entities incorporated within their country are required to obtain and hold adequate, accurate, and current information on their beneficial ownership, including the details of the beneficial interests held. This information must be able to be accessed in a timely manner by NCAs and FIUs, and must be adequate, accurate, and current.

Beneficial Ownership Central Register This information must also be held in a central register in each Member State (e.g. commercial register, companies register, public register). 93

Beneficial Ownership Information (cont) Beneficial Ownership Central Register (cont) The information on beneficial ownership must be able to be accessed by: (1) NCAs and FIUs (without any restriction) (Type 1); (2) 4AMLD Obliged Entities (within the framework of CDD) (Type 2); (3) any person or organisation that can demonstrate a legitimate interest) (Type 3). Member States are required to notify the Commission of the characteristics of those national mechanisms, and the information on beneficial ownership contained in such databases may be collected in accordance with national systems. 94

Beneficial Ownership Information (cont) Beneficial Ownership Central Register (cont) Member States are required to ensure that those entities are required to also provide information on the beneficial owner to 4AMLD Obliged Entities, when the 4AMLD Obliged Entities are taking CDD Measures. Access to the information on beneficial ownership must be in accordance with data protection rules, and may be subject to online registration and to the payment of a fee. The fees charged for obtaining the information must not exceed the administrative costs. The Central Register must ensure timely and unrestricted access by NCAs and FIUs without alerting the entity concerned, and must also allow timely access by 4AMLD Obliged Entities when taking CDD Measures. NCAs and FIUs must be able to provide information to other Competent Authorities and FIUs of other Member States in a timely manner.

4AMLD Obliged Entities are not allowed to rely exclusively on the Central Register to fulfil their CDD requirements. Such requirements must be fulfilled by using a RBA.

Beneficial Ownership Information (cont) Beneficial Ownership Information Exemption Member States may provide for an exemption to the information access requirements for Type 1 and Type 2 firms, to all or part of the information on the beneficial ownership on a case-by-case basis in exceptional circumstances, where such access would expose the beneficial owner to the risk of fraud, kidnapping, blackmail, violence, or intimidation, OR where the beneficial owner is a minor or otherwise incapable. Such exemptions are not applicable to CIs and FIs, or to notaries and other independent legal professionals that are public officials.

Express Trusts Trustees of Express Trusts governed under EU laws must obtain and hold adequate, accurate and up-to-date information on beneficial ownership regarding the trust. 96

Beneficial Ownership Information (cont) Express Trusts (cont) This should include the identity of: (1) the settlor; (2) the trustee(s); (3) the protector (if any); (4) the beneficiaries or class of beneficiaries; and (5) any other natural person exercising effective control over the trust. Trustees are required to disclose their status and must provide this information to 4AMLD Obliged Entities in a timely manner, where, as a trustee, the trustee forms a business relationship or carries out an occasional transaction above relevant thresholds. This information must be a le to be accessed in a timely manner by NCAs and FIUs. This information must be held in a Central Register when the trust generates tax consequences. The Central Register is required to ensure timely and unrestricted access by NCAs and FIUs, without alerting the parties to the trust concerned. 97

Beneficial Ownership Information (cont) Express Trusts (cont) It may also allow timely access by 4AMLD Obliged Entities, within the framework of CDD. The information held in the Central Register must be adequate, accurate, and up-to-date. 4AMLD Obliged Entities must not rely exclusively on the Central Register to fulfil their CDD requirements. Such requirements must be fulfilled using the RBA.

NCAs and FIUs must be able to provide such information to other Competent Authorities and to the FIUs of other Member States in a timely manner. These measures must also apply to other types of legal arrangements having a structure or functions similar to trusts. 98

The European Supervisory Authorities Guidelines SECTION 8 99

The European Guidelines

Supervisory

Authorities

Final Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on simplified and enhanced customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (the Risk Factor Guidelines). For 4AMLD Obliged Entities CDD is central to the RBA, for both risk assessment and risk management purposes. CDD means: (1) identifying the customer and verifying the customer's identity on the basis of documents, data or information obtained from a reliable and independent source;

(2) identifying the customer's beneficial owner and taking reasonable measures to verify their identity so that the obliged entity is satisfied that it knows who the beneficial owner is; 100