Explanatory Memorandum to COM(2019)370 - Assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities

Please note

This page contains a limited version of this dossier in the EU Monitor.

EUROPEAN COMMISSION

Contents

1.

Brussels, 24.7.2019 COM(2019) 370 final


REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND

THE COUNCIL

on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities

{SWD(2019) 650 final}

1. INTRODUCTION

Article 6 of the 4th Anti-Money Laundering Directive1 mandates the Commission to conduct an assessment of money laundering and terrorist financing risks affecting the internal market and relating to cross border activities and to update it every two years (or more frequently if appropriate). This report updates the Commission’s first supranational risk assessment published in 2017.2 It assesses the implementation of the Commission’s recommendations and evaluates remaining risks, including in new products and sectors.

The report provides a systematic analysis3 of the money laundering or terrorist financing risks of specific products and services. It focuses on vulnerabilities identified at EU level, both in terms of legal framework and in terms of effective application and provides recommendations for addressing them.

This supranational risk assessment takes into account the requirements of the 4th Anti-Money Laundering Directive,4 which was due to be transposed by July 2017. Additional changes brought by the 5th Anti-Money Laundering Directive,5 due to be transposed by January 2020, have been anticipated when defining the new mitigating measures.

2. OUTCOMESOFTHESUPRANATIONAL RISKASSESSMENT

In this second supranational risk assessment, the Commission identified 47 products and services that are potentially vulnerable to money laundering/terrorist financing risks, up from 40 in 2017. These products and services fall under 11 sectors, including the 10 sectors or products identified by the 4th Anti-Money Laundering Directive6 along with 1 additional category of products and services relevant for the risk assessment.7

Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, OJ L 0849, 09.07.2018, p.1.

2.

Report from the Commission to the European Parliament and the Council on the assessment of the risks


of money laundering and terrorist financing affecting the internal market and relating to cross-border

activities, COM(2017) 340 final.

3.

For a more detailed description of the methodology, see the Staff Working Document accompanying


this Report SWD(2019) 650.

Although the 5th Anti-Money Laundering Directive has been adopted, its transposition deadline has not

yet passed. Similarly, the 2017 supranational risk assessment was drafted when the 4th Anti-Money

Laundering Directive had been adopted, but its transposition deadline had not yet passed.

4.

Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending


Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money

laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (Text with

EEA relevance); PE/72/2017/REV/1; OJ L 156, 19.6.2018, p. 43–74.

5.

Credit and financial institutions, money remitters, currency exchange offices, high value goods and


assets dealers, estate agents, trust and company service providers, auditors, external accountants and tax

advisors, notaries and other independent legal professionals, and gambling service providers.

6.

This category includes cash-intensive businesses, virtual currencies, crowdfunding and non-profit


organisations. It also covers certain informal means, such as those used by Hawala and other informal

2

3

4

5

6

2.1. Main risks in the sectors covered by the supranational risk assessment

2.1.1. Cash and cash-like assets

Law enforcement agencies’ findings show that, while cash is falling out of favor among consumers, it remains criminals’ money laundering instrument of choice as they can use cash to transfer funds rapidly from one location to another, including in air transit. Use of cash is the main trigger for the filing of suspicious transaction reports.

Criminals who accumulate cash proceeds seek to move them to locations where they can more easily be integrated into the legal economy, i.e. those characterised by predominant use of cash, lax supervision of the financial system and strong bank secrecy regulations.

Since the 2017 supranational risk assessment, the relevant legal framework has been strengthened. The 4th Anti-Money Laundering Directive covers traders of goods who make or receive cash payments of EUR 10,000 or more. Member States can adopt lower thresholds, additional general restrictions on the use of cash and stricter provisions.

The revised Cash Controls Regulation8 applicable from 3 June 2021 extends the obligation of any traveller entering or leaving the EU and carrying cash to a value of EUR 10,000 or more to declare it to the customs authorities. It also extends the definition of cash, to cover not only banknotes but also other instruments or highly liquid commodities, such as cheques, traveller's cheques, prepaid cards and gold.

Assets with similar properties to cash (e.g. gold, diamonds) or high-value ‘lifestyle’ goods (e.g. cultural artefacts, cars, jewellery, watches) are also high-risk, due to weak controls. Specific concerns have been expressed as regards the looting and trafficking of antiquities and other artefacts. In this regard, the recently adopted Regulation on import of cultural goods complements the existing EU legal framework on their trade, which until now has only included legislation covering the export of cultural goods and the return of cultural objects unlawfully removed from the territory of an EU country.9

2.1.2. Financial sector

The report on the assessment of recent alleged money laundering cases involving EU credit institutions identifies the factors that contributed to, as well as lessons learnt from, recent money laundering cases in EU banks, with a view to informing further policy actions. It assesses failures related to credit institutions’ anti-money laundering and defences and highlights challenges associated with different approaches to anti-money laundering/countering the financing of terrorism supervision at national level (see point 2.2.3).

Moreover, some other financial subsectors or products that deal with cash (e.g. foreign exchange offices, transfers of funds, and some e-money products) still pose significant money laundering risks, especially in case of unscrupulous behaviour on the part of third parties who act in their delivery channels, as agents or distributors.10

Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005, OJ L 284, 12.11.2018, p. 6–21.

Regulation (EU) 2019/880 of the European Parliament and of the Council of 17 April 2019 on the introduction and the import of cultural goods; PE/82/2018/REV/1; OJ L 151, 7.6.2019, p. 1–14.

8

9

The use of new technologies (FinTech)11that enable speedy and anonymous transactions with increasingly non-face-to-face business relationships, while bringing considerable benefits, may pose a higher risk if customer due diligence and transaction monitoring are not conducted efficiently across the delivery channel.12 While the 5th Anti-Money Laundering Directive provisions on virtual currency providers and custodian wallet providers are a first regulatory step, the increasing use of such instruments is posing higher risks and further regulatory steps may be needed.

2.1.3. Non-financial sector and products — Designated Non-Financial Businesses and Professions

Manufacturers, distributors, legal professionals and other non-financial institutions are increasingly attracting the attention of would-be money launderers. One study indicates that 20-30% of all proceeds from crime are laundered in the non-financial sector.13 The sector’s exposure to risks is therefore considered significant to very significant overall.

Failure to identify the client’s beneficial owner appears to be the main weakness affecting this sector. When entering into a business relationship, some parties do not always properly understand the concept of ‘beneficial owner’ or fail to check their identity.

In addition, Member State may designate self-regulatory bodies to supervise tax advisors, auditors, external accountants, notaries and other independent legal professionals and estate agents.14 Member States may task these bodies with receiving Suspicious Transactions Reports from obliged entities and sending them to the Financial Intelligence Units. However, some obliged entities and self-regulatory bodies do not report many suspicious transactions to the Financial Intelligence Units, especially in certain Member States. This may indicate that suspicious transactions are not correctly detected and reported. Moreover, with the inclusion of non-financial sector and products as obliged entities by the 4th Anti-Money Laundering Directive, there is a need to clarify that the principle of legal privilege is not impacted by appropriate application of the relevant

measures.15

https://eba.europa.eu/-/eba-publishes-opinion-on-the-nature-of-passport-notifications-for-agents-and-distributors-of-e-money

‘FinTech’ refers to technology-enabled and technology-supported financial services. ‘Reg Tech’ is about adopting new technologies to facilitate the delivery of regulatory requirements. These risks may be effectively mitigated and accurate remote identification and verification of data of

7.

natural and legal persons could be possible by relying on the electronic identification means as set out


in Regulation (EU) No 910/2014 and the appropriate level of assurance.

In Germany, as assessed by Bussmann, K.-D. and M. Vockrodt, ‘Geldwäsche-Compliance im Nicht-Finanzsektor: Ergebnisse aus einer Dunkelfeldstudie’, 2016, Compliance-Berater 5: p.138-143). The 4th Anti-Money Laundering Directive defines self-regulatory bodies as bodies that represent members of a profession or have a role in regulating them, performing certain supervisory or monitoring functions, and ensuring the enforcement of the rules relating to them.

The legal privilege is a recognised principle at EU level which reflects a delicate balance in light of the European Court of Justice ECJ case law on the right to a fair trial (C-305/05), itself reflecting the principles of the European Court of Human Rights as well as of the Charter (such as article 47). At the same time, there are cases where these professionals sometimes conduct activities that are covered by the legal privilege (i.e. ascertaining the legal position of their client or defending or representing their client in judicial proceedings) and at the same time activities that are not covered by the legal privilege, such as providing legal advice in the context of the creation, operation or management of companies.

11

12

3

4

5

Following consultations with experts, it seems that the real-estate sector is also increasingly exposed to significant money laundering risks. Other common means of laundering proceeds are over-invoicing in commercial trade and fictitious loans. Law enforcement authorities consider such risks significant.

2.1.4. Gambling sector

Under the 4th Anti-Money Laundering Directive, all providers of gambling services are obliged entities; however Member States may decide to grant full or partial exemptions to providers of gambling services other than casinos, on the basis of proven low risk. Certain gambling products are considered significantly exposed to money laundering risk. In the case of land-based betting and poker,16 this appears to be due to ineffective controls. For online gambling there is a high risk exposure due to very large numbers of transaction- flows and the lack of face-to-face interaction. Although casinos present inherently high-risk exposure, their inclusion in the anti-money laundering/countering the financing of terrorism framework since 2005 has had a mitigating effect.

Lotteries and gaming machines (outside casinos) present a moderate level of money laundering/terrorist financing risk. For the former, certain controls are in place, in particular to address the risks associated with high winnings. Land-based bingo is seen as presenting a low level of money laundering/terrorist financing risk due to the relatively low stakes and winnings involved.

2.1.5. Collection

and transfers of funds through non-profit organisations

This report covers the categories of non-profit organisations defined in the Recommendation of the Financial Action Task Force.17 The risk scenario is linked to non-profit organisations’ collection and transfers of funds to partners/beneficiaries both within and outside the Union.

Risk analysis from a threat perspective is complicated by the diversity of the sector. 'Expressive non-profit organisations'18 present some vulnerability because they may be infiltrated by criminal or terrorist organisations that can hide the beneficial ownership making the traceability of the collection of funds less easy.

Some types of 'Service non-profit organisations'19 are more directly vulnerable due to the intrinsic nature of their activity. This is due to the fact they may involve funding to and from conflict areas or third countries identified by the Commission as presenting strategic deficiencies in their anti-money laundering/terrorist financing regimes20. Nonprofit organisations are vitally important for providing humanitarian assistance around

17

This means betting and poker in dedicated premises, as opposed to online gambling.

‘A legal person or arrangement or organisation that primarily engages in raising or disbursing funds for purposes such as charitable, religious, cultural, educational, social or fraternal purposes, or for the carrying out of other types of “good works”,

www.fatf-gafi.org/media/fatf/documents/reports">www.fatf-gafi.org/media/fatf/documents/reports

"Expressive NPOs" are NPOs predominantly involved in expressive activities, which include programmes focused on sports and recreation, arts and culture, interest representation, and advocacy.

19 'Services NPOs' are NPOs involved in diverse activities, such as programmes focused on providing housing, social services, education, or health care.

20

18

world.21 To

the world. To safeguard the legitimate objectives of such assistance, more information about terrorist financing risks is needed within non-profit organisations to improve risk awareness. The Commission will launch still in 2019 a call for proposals for a preparatory project on capacity building, programmatic development and communication in the context of the fight against money laundering and terrorist financing.

Regulated financial service providers may be reluctant to engage with certain non-profit organisations in order to de-risk. This could lead to financial exclusion or rejected customers turning to underground banking or transfer services instead.

2.1.6. New products/sectors

This report looks at several new products or sectors that were exposed in recent publicly-reported incidents and operations of law enforcement authorities. In addition to FinTech, exchange platforms and wallet providers (see section 2.1.2), professional football, free ports, and investor citizenship and residence schemes (‘golden passports/visas’) were all identified as new sectors posing risks.

8.

2.1.6.1. Overview of new sectors


2.1.6.1.1. Professional football

Risks associated with sport have long been recognised at EU level.22 Professional football has been assessed since whilst it remains a popular sport it is also a global industry with significant economic impact. Professional football’s complex organisation and lack of transparency have created fertile ground for the use of illegal resources. Questionable sums of money with no apparent or explicable financial return or gain are being invested in the sport.

2.1.6.1.2. Free

ports

A free port is a part of the customs territory of the Union designated as such by a Member State. Free ports are lawful, but must respect EU state aid rules and the Code of Conduct on business taxation.23 Free-trade zones may pose a risk as regards counterfeiting, as they allow counterfeiters to land consignments, adapt or otherwise tamper with loads or associated paperwork, and then re-export products without customs intervention, and thus to disguise the nature and original supplier of the goods.

The misuse of free-trade zones may be related with infringing intellectual property rights, and engaging in VAT fraud, corruption and money laundering. In most EU free ports or customs warehouses (with the exception of the Luxembourg Freeport), precise information on the beneficial owners is not available. Under the 5th Anti-Money

21 In line with international policy commitments taken by the Commission with a view to promoting greater effectiveness and efficiency, EU humanitarian assistance is increasingly delivered as cash transfers. As with all EU humanitarian assistance, funds are always channelled through humanitarian partners such as the UN and international humanitarian non-governmental organisations. Such cash transfers in humanitarian aid operations are not concerned by the present assessment.

22

The July 2007 White Paper on sport stated that ‘sport is confronted with new threats and challenges, as commercial pressures, exploitation of young players, doping, corruption, racism, illegal gambling, violence, money laundering, and other activities detrimental to the sport’ (European Commission, White Paper on Sport, COM(2007) 391 final, 11.07.2007.)

Laundering Directive free port operators and other actors in the art market become obliged entities and therefore subject to customer due diligence requirements.

2.1.6.1.3. Investor

citizenship and residence schemes

Recent years have seen a growing trend in schemes by which countries attract investment by granting investors citizenship or residence rights. Concerns have been raised about inherent risks as regards security, money laundering, tax evasion and corruption.

In January 2019, the Commission published a report on national schemes granting Union citizenship to investors24. Following the publication of the report, the Commission has set up a group of experts from Member States with the task of considering risks that arise from investor citizenship and residence schemes and addressing transparency and governance issues.

The 5th Anti-Money Laundering Directive requires enhanced customer due diligence for third-country nationals who apply for residence or citizenship in Member States in exchange for capital or investment in property, government bonds or corporate entities.

2.2. Horizontal vulnerabilities common to all sectors

2.2.1. Anonymity in financial transactions

Criminals try to avoid leaving an information trail and to remain undetected. Sectors with a high level of cash transactions are considered particularly at risk, for example traders in goods and services accepting payments in cash and economic operators accepting payments in large-value denominations, such as EUR 50025 and EUR 200 banknotes.

Financial products offering similar anonymity in certain circumstances (e.g. some e-money products, virtual currencies and unregulated crowdfunding platforms) are also vulnerable to money laundering/terrorist financing. The same applies to assets like gold and diamonds that are easily tradable or can be safely stored and are easy to transfer.

2.2.2. Identification

and access to beneficial ownership information

Criminals use the financial system to feed illicit proceeds into financial markets, real estate or the legitimate economy in a more structured way than they do with cash or anonymous financial transactions. All sectors are vulnerable to infiltration, integration or ownership by organised crime organisations and terrorist groups. A common technique for criminals is to create shell companies, trusts or complex corporate structures to hide their identities. This is not limited to certain jurisdictions or types of legal entity or legal arrangements. Perpetrators use the most convenient, easiest and securest vehicle depending on their expertise, location and market practices in the jurisdiction in question.

In recent years there has been an increasing focus on the need to ensure effective beneficial owner identification both in the EU and at international level through the Financial Action Task Force and the Organisation for Economic Co-operation and Development Global Forum on tax transparency.26 The Directive on Administrative

Report from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Investor Citizenship and Residence Schemes in the European Union, COM(2019) 12 final, 23.01.2019.

24

25

Cooperation in Direct Taxes27 facilitates information exchange between tax authorities of Member States.

Most Member States have put in place a central register or database to collect beneficial ownership information, even though the 5th Anti-Money Laundering Directive postpones the deadline for setting up the registers to January 2020. The latter Directive also provides for additional transparency and wider access to beneficial ownership information.

However, major vulnerabilities remain:

Criminals might use complex corporate structures registered in third countries given that the registers foreseen in the Anti-Money Laundering Directive only cover legal entities and legal arrangements in Member States.

Criminals might wilfully use false information or documentation in order to hide their identity.

The national registers on beneficial ownership might have weak spots with regard to their technical implementation or management. Criminals might shift their business to Member States with a less effective framework.


2.2.3. Supervision

in the internal market

Anti-money laundering and countering the financing of terrorism supervisors are responsible for monitoring the correct application of obligations by the private sector. In most Member States, such supervision of credit and financial institutions is carried out by the authorities also tasked with prudential supervision. In some other Member States, Financial Intelligence Units are responsible for this task.

The report on the assessment of recent alleged money laundering cases involving EU credit institutions examines actions undertaken by supervisory authorities and presents findings in relation to their actions taken from an anti-money laundering/countering the financing of terrorism perspective, as well as from a prudential perspective. The report focuses on powers, organisation and resources of the authorities, supervision of local entities, supervision of cross-border entities and effectiveness of supervisory measures.

In non-financial sectors, Member States may allow self-regulatory bodies to supervise tax advisors, auditors, external accountants, notaries and other independent legal professionals and estate agents. Analysis indicates that, in the large majority of Member States, supervision in these sectors still suffers from weaknesses in term of controls, guidance, and the level of reporting by legal professionals, in particular to the Financial Intelligence Unit.

2.2.4. Cooperation between Financial Intelligence Units

The Financial Intelligence Unit Platform28 mapping report of December 201629 identified obstacles to accessing, exchanging and using information and to operational cooperation

9.

Council Directive 2011/16/EU of 15 February 2011 on administrative cooperation in the field of


27

between Member States’ Financial Intelligence Units. The Commission proposed

10.

mitigation measures in its 2017 supranational risk assessment report and outlined


further ways of improving cooperation between Financial Intelligence Units.31 The proposed measures are partly reflected in the 5th Anti-Money Laundering Directive. Access to information held by obliged entities or competent authorities has been improved and certain aspects relating to the tasks of the Financial Intelligence Units and to the exchange of information between Financial Intelligence Units have been clarified.

The report on cooperation between Financial Intelligence Units identifies existing gaps and assesses opportunities to further enhance the framework for cooperation.

2.2.5. Other vul nerabi lities common to all sectors

The supranational risk assessment shows that all identified sectors are exposed to some additional vulnerabilities:

infiltration by criminals – criminals can become owners of an obliged entity or find obliged entities willing to assist them in their money laundering activities.

This calls for ‘fit and proper’ tests in financial sectors covered by the Directive;

forgery – modern technology is making it easier to forge documents and all

sectors are struggling to put in place robust detection mechanisms;

insufficient infor mation -shar ing between the public and the private sectors –the

11.

need for improved mechanisms for feedback from Financial Intelligence Units to


obliged entities remains;

12.

insufficient resources, risk-awareness and know-how to implement anti-money


laundering/countering the financing of terrorism rules – while some obliged

13.

entities invest in sophisticated compliance tools, many have more limited


awareness, tools and capacities in this field; and

risks emerging from Fin Tech – the use of online services is expected to increase

14.

further in the digital economy, boosting demand for online identification. The use


and reliability of electronic identification is crucial in this respect.

3. MITIGATING MEASURES

3.1. Mitigating measures u n d e r t h e 5th Anti - M on ey Laundering Directive

The 5th Anti-Money Laundering Directive, to be transposed by January 2020, will equip the EU with tools allowing it to more effectively prevent its financial system from being used for money laund eri ng/terror ist f inanc in g , in particular through:

>* improving transparency through public beneficial ownership registers for companies, and publicly available reg isters for trusts and other legal arrangements;


limiting anonymity offered by virtual currencies, wallet providers and pre-paid cards;

The Mapping Exercise was carried out by a dedicated Team led by the Italian Financial Intelligence Units (Unità di Informazione Finanziaria per l’Italia - UIF) and members from the Financial Intelligence Units of France (Traitement du Renseignement et Action Contre les Circuits Financiers Clandestins /TRACFIN), Poland (Generalny Inspektor Informacji Finansowej / GIIF) and Romania (Oficiul Nacional de Prevenire si Combatere a Spalarii Banilor / ONPCSB)). The UK Financial Intelligence Units (National Criminal Agency) contributed to the Project in its initial phase.

Commission Staff Working Document accompanying the Report from the Commission to the European Parliament and the Council on the assessment of the risks of money laundering and terrorist financing affecting the internal market and relating to cross-border activities, SWD(2017) 241 final, pp. 196-198.

29

30


broadening the criteria for the assessment of high-risk countries and improving the safeguards for financial transactions to and from such countries;

>* requiring Member States to set up central bank account reg istries or retri eva l systems;

> im proving anti-money laundering supervisors’ cooperation and information exchange

with each other and with prudential supervisors and the European Central Bank.

These measures are expected to further contribute to lowering risk levels in the concerned sectors and products. The Commission will review compliance with the new provisions and publish an implementation report mid-2021.

3.2. EU mitigating measures already in place or in the pipeline

3.2.1. Legislative measure

Most legislative measures referred to in the 2017 supranational risk assessment have been adopted, notably the 5th Anti-Money Laundering Directive, the new Cash Control Regulation,33 the Directi ve on C ounter ing Money Laundering by Criminal Law,34 and the Regulation on the import of cultural goods.35 The Directive on access to financial and other information provides for direct access to the national centralised bank

account reg istries or data retrieval systems by competent authorities, including tax authorities, a nti - c orrupti on a uthorities a nd Asset Recovery Offices.

The revision of the European Supervisory Authorities Regulations37 strengthened the European Banking Authority's mandate for collecting, analysing and further disseminating information to ensure all relevant authorities effectively and consistently supervise the risks of money-laundering. The European Banking Authority's power to act where Union law is breached has also been clarified and enhanced. The adoption of the 5th Capital Requirements Directive38 removes the obstacles to cooperation between prudential and anti-money laundering/countering the financing of terrorism supervisors.

3.2.2. Policy

initiatives

The Commission established in December 2017 an expert group on electronic identification and remote Know-Your-Customer processes.39 The expert group will

33

15.

Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on


controls on cash entering or leaving the Union and repealing Regulation (EC) No 1889/2005,OJ L 284,

12.11.2018, p. 6–2.

16.

Directive (EU) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on


combating money laundering by criminal law, OJ L 284, 12.11.2018, p. 22–30.

17.

Regulation (EU) 2019/880 of the European Parliament and of the Council of 17 April 2019 on the


introduction and the import of cultural goods; PE/82/2018/REV/1; OJ L 151, 7.6.2019, p. 1–14.

18.

Directive (EU) 2019/1153 of the European Parliament and of the Council of 20 June 2019 laying down


rules facilitating the use of financial and other information for the prevention, detection, investigation

or prosecution of certain criminal offences, and repealing Council Decision 2000/642/JHA;

PE/64/2019/REV/1, OJ L 186, 11.7.2019, p. 122–137.

19.

Political agreement reached in March 2019; The revised Regulations are not yet published at the time of


this report.

20.

Directive 2006/48/EC of the European Parliament and of the Council of 14 June 2006 relating to the


taking up and pursuit of the business of credit institutions, OJ L 177, 30.6.2006, p. 1–200 and Directive

21.

2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of


credit institutions and the prudential supervision of credit institutions and investment firms, amending

Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC, OJ L 176, 27.6.2013, p.

34

35

36

37

38

provide expertise to the Commission as it explores issues relating to the use by financial services providers of electronic identification (e-ID) schemes and other innovative digital processes to comply with anti-money laundering rules.

In June 2018, the Commission published a report on restrictions on cash pay ments.40 The report concluded that restrictions on cash payments would not significantly address terrorism financing, although preliminary findings also indicated that prohibition of high value cash payments in cash could positively impact the fight against money laundering.

3.2.3. Further supporting measures

> Improving statistical data collection;

Training for professionals carrying out activities covered by ‘legal privilege’,


providing guidance and practical insights to help them recognise possible money laundering/terrorist financing operations and how to proceed in such cases. The Commission will assess options for improving compliance in this sector in line with relevant case law. An EU funded project for training of lawyers is foreseen to start by early 2020. In 2018, notaries received an EU funded grant covering anti-money laundering/countering the financing of terrorism training needs;

>* Raising public awareness about anti-money laundering/countering the financing of terrorism risks;

>* Further analysis of the risks posed by Hawala and informal value transfer services – the scale of the problem and possible law enforcement solutions;

>* Further monitoring of currency counterfeiting and its possible links to money laundering. The Commission presented a proposal for a Regulation establishing an exchange, assistance and training programme for the protection of the euro against counterfeiting for the period 2021-2027 (the ‘Pericles IV’ programme) and its extension42 to the non-euro area Member States , expected to be adopted in 2020;

>* Further work to enhance supervision in the EU. The report on the assessment of the recent alleged money laundering cases involving EU credit institutions points to possible additional actions to further strengthen the EU legislative anti-money laundering framework and hereby reinforce the Banking and Capital Markets Unions.

4. Recommendations

Having assessed the risks in light of the updated legal framework, the Commission considers that a series of mitigating measures should be taken at EU and Member State level, taking into account:


22.

money


laundering/terrorist financing risk levels;


the need to take action at EU level or to recommend that Member States take action (subsidiarity);

financial institutions and consumer organisations. Commission Decision of 14 December 2017, C(2017) 8405 final. The group should present opinions, recommendations or reports to the Commission by December 2019.

40 COM(2018) 483 final.

41 COM(2018) 369 final


the need for regulatory or non-regulatory measures (proportionality);

23.

and


the impact on privacy and fundamental rights.

The Commission has also taken into account the need to avoid any abuse or misinterpretation of its recommendations that would result in the exclusion of entire classes of customers and the termination of customer relationships, without taking full and proper account of the level of risk in a particular sector.

4.1. Recommendations to the European S u p e r visor y Auth or iti es

4.1.1. Follow-up to the 2017 Su pran ati o n al Risk Assessment Recomm e n dation s

In the 2017 report, the Commission recommended that the European Supervisory Authorities should:

(1) raise awareness as to money laundering/terrorist financing risks and identify the appropriate actions to further enhance the capacity of national supervisors in anti-money laundering/countering the financing of terrorism supervision;

The European Supervisory Authorities have responded in the f ollowing way by:

> issuing eight draft technical standards,43 guidelines,44 and opinions45 to support the effective implementation of the risk-based approach to anti-money

laundering/countering the financing of terrorism by credit and financial institutions and their supervisors. A ninth instrument on improving cooperation between anti-money laundering/countering the financing of terrorism supervisors is currently under consultation;

>* providing training and organising workshops on the anti-money

laundering/countering the financing of terrorism aspects of the risk-based approach, risk-based supervision; e-money risks; and money remittance risks. The workshops were attended by over 300 supervisors from all Member States; and

>* fostering the exchange of information and good practices through the European

Supervisory Authorities’ internal committees and boards of supervisors, and setting

clear expectations of supervisory practices in relation to specific issues, e.g. the Panama Papers.

These are the Joint draft Regulatory Technical Standards on a Central Contact Point to strengthen fight against financial crime (Commission Delegated Regulation (EU) 2018/1108 of 7 May 2018 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council with regulatory technical standards on the criteria for the appointment of central contact points for electronic money issuers and payment service providers and with rules on their functions, C/2018/2716, OJ L 203, 10.08.2018, p. 2–6; the Consultation Paper on the Regulatory Technical Standards on CCP to strengthen fight against financial crime (JC-2017-08); and the European Supervisory Authorities’ Joint response to the European Commission on the amendment of the draft Regulatory Technical Standards under Articles 8(5), 10(2) and 13(5) of Regulation (EU) No 1286/2014 of the European Parliament and the Council of 26 November 2014 on key information documents for package retail and insurance-based investment products, OJ L 352, 09.12.2014, p. 1–23.

The Joint Guidelines on the Characteristics of a Risk-based Approach to Anti-money Laundering and Terrorist Financing Supervision (ESAs 2016 72); the Joint Guidelines on the Joint Committee Consultation on PRIIPs with environmental or social objectives (JC 2017 05); and the Joint Guidelines on the prudential assessment of acquisitions and increases of qualifying holdings in the banking, insurance and securities sectors (JC/GL/2016/01).

43

44

In 2018, the European Banking Authority launched a multi-annual, staff-led review of competent authorities’ approaches to the anti-money laundering/countering the financing of terrorism supervision of banks, in order to identify areas for improvement in order to establish best practices and remedy weaknesses, as well as to support national authorities' anti-money laundering/countering the financing of terrorism efforts within the

framework set by Union law and the European Supervisory Authorities guidelines. The findings will inform the content of the training that the European Banking Authority has committed to providing in 2019 and updates to the risk-based supervision guidelines under Article 48(10) of the 4th Anti-Money Laundering Directive.

(2) take further initiatives to improve cooperation between supervisors;

In November 2018, the European Supervisory Authorities consulted on draft guidelines to improve cooperation among anti-money laundering/countering the financing of terrorism supervisors. The draft guidelines clarify practical aspects of supervisory cooperation and information exchange and set out rules governing new anti-money laundering/countering the financing of terrorism colleges of supervisors. It is expected that they will be finalised in 2019.

On 10 January 2019, the European Supervisory Authorities approved the content of a multilateral agreement on the practical aspects of information exchange between the European Central Bank acting in its supervisory capacity and all competent EU authorities responsible for the supervision of credit and financial institutions’ compliance with anti-money laundering/countering the financing of terrorism obligations.

(3) develop further solutions for supervising operators acting under the ‘passporting’ regime;

The European Banking Authority has set up a task force to clarify when agents and distributors that operate in a Member State other than that in which the appointing institution is authorised are ‘establishments’ for the purposes of Directives (EU) 2015/2366,46 Directive 2009/110/EC,47 and 4th Anti-Money Laundering Directive. Work is under way and expected to be concluded in 2019.

(4) provide updated guidelines on internal governance so as to further clarify expectations around the functions of compliance officers in financial institutions;

In September 2017, the European Supervisory Authorities’ Joint Sub-committee on anti-money laundering/countering the financing of terrorism decided, in light of their own and national competent authorities’ limited resources, to postpone the drafting of guidelines on the functions of compliance officers and to focus on supervisory cooperation, which was deemed a priority as risks in this area had already materialised;

(5) provide further guidance on beneficial ownership identification for investment funds providers, especially in situations presenting a higher risk of money laundering or terrorist financing;

Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC,OJ L 337, 23.12.2015, p. 35. Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the

46

47

In June 2017, the European Supervisory Authorities published ‘risk factor guidelines’48 on simplified and enhanced customer due diligence and factors credit and financial institutions should consider when assessing the money laundering/terrorist financing risk associated with individual business relationships and occasional transactions.

The guidelines contain sectoral guidance for providers of investment funds and set out, for the first time at EU level, measures that funds and fund managers should take to comply with their customer due diligence obligations (including in respect of beneficial owners) and how to adjust the extent of the measures on a risk-sensitive basis;

(6) analyse operational anti-money laundering/countering the financing of terrorism

risks linked to the business/business model in the corporate banking, private banking and institutional investment sectors on the one hand, and in money or value transfer services and e-money on the other.

The European Banking Authority took stock of the findings from competent authorities’ thematic reviews of credit institutions and investment firms. The findings are reflected in the joint opinion on the money laundering/terrorist financing risks affecting the Union’s financial system that the European Supervisory Authorities’ are obliged to issue for each suprarnational risk assessment exercise.49

4.1.2. Current

state of play

The recommendations addressed to the European Supervisory Authorities in the 2017 supranational risk assessment have been addressed, except recommendation (4) on the provision of updated guidelines on internal governance aimed at further clarifying expectations around the functions of compliance officers in financial institutions. The Commission reiterates that recommendation (4) remains to be completed.

Furthermore, the European Banking Authority is invited to complete the relevant actions under the EU Action Plan on Anti-Money Laundering annexed to the Council Conclusions of 4 December 2018.50

4.2. Recommendations to non-financial supervisors

For the non-financial sector, there are no bodies at EU-level corresponding to the European Supervisory Authorities. Under the EU’s anti-money laundering framework, Member States may allow self-regulatory bodies to perform supervisory functions for tax advisors, auditors, external accountants, notaries and other independent legal professionals and estate agents.

The Commission reiterates the recommendations of the 2017 supranational risk assessment for self-regulatory bodies, notably to carry out more thematic inspections, raise the level of reporting; and continue to organise training schemes to develop

50

Joint guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on simplified and enhanced Customer Due Diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions; https://eba.europa.eu/docu ments/1 0180/1 890686/Fi n al+ Gu id elin es+o n +Ri s k +Facto rs +%28JC+201 7 + 3

7 %29.pdf

See section 2.2.3.

24.

It must be highlighted that the three European Supervisory Authorities will see their role and powers


significantly reinforced in the context of the new legislative proposals on which political agreement was

48

49

understanding of risks and anti-money laundering/countering the financing of terrorism compliance obligations.

4.3. Recommendations to Member States51

4.3.1. Follow-up to the 2017 Supranational Risk Assessment Recommendations

Under Article 6(4) of the 4th Anti-Money Laundering Directive, if Member States decide not to apply any of the recommendations, they should notify the Commission of their decision and provide a justification for it (‘comply or explain’). To date, no Member State has made such a notification to the Commission as concerns the 2017 recommendations.

The Commission followed up on the 2017 Recommendations to Member States through checks on the transposition of the 4th Anti-Money Laundering Directive, questionnaires to Member States on the follow up of 2017 recommendations and the update of the national risk assessments.

For some Recommendations the input received is either not significant or national authorities stressed the limited time available to implement them. The Commission underlines the need to maintain or intensify current efforts. Furthermore, it is important to note that the legal obligations of the 5th Anti-Money Laundering Directive supersede, either totally or in part, some of the Recommendations in the 2017 report, in particular as regards increased transparency of beneficial ownership, reduced thresholds for customer due diligence in some sectors, or extending the list of obliged entities.

(1) Scope of national risk assessments

The 2017 report identified cash intensive business and payment in cash, the non-profit organisation sector and electronic money products as areas to which Member States should give due consideration in their national risk assessments and define appropriate mitigating measures.

Most of the national risk assessments take into account the risks posed by cash-related operations and those arising from traffic in cultural artefacts and antiques, have incorporated non-profit organisations in the scope of their national risk assessments and addressed the risks of e-money products, in line with 4th and the 5th Anti-Money Laundering Directive.

However, several Member States have not yet adopted any national risk assessment,52 while others have not addressed the risk posed by the concerned products. These Member States are encouraged to urgently act on this Recommendation.

This report maintains the 2017 Recommendation and calls on all Member States to cover in their national risk assessments the risks associated with the mentioned products and to provide the appropriate mitigating measures.

(2) Beneficial ownership

25.

The 2017 report recommended to Member States that the information on the beneficial ownership of legal entities and legal arrangements should be adequate, accurate and up to


51 For more details on the recommendations by product/service, see the accompanying Staff Working Document SWD(2019) 650.

52 At the time of the preparation of this report 13 Member States have notified to the Commission the

date. In particular, tools should be developed to ensure that the identification of beneficial ownership is done when applying customer due diligence measures and that the sectors most exposed to risks from opaque beneficial ownership schemes are effectively monitored and supervised.

The 4th Anti-Money Laundering Directive had already provided for an obligation for Member States to set up beneficial ownership registers for companies, trusts and similar legal arrangements, but the 5th Anti-Money Laundering Directive changed the context and deadline for transposition of these registers. Most Member States have notified the Commission that they have set up such registers.

This report maintains the 2017 recommendation and encourages Member States to ensure the timely implementation of the provisions set out in the 5th Anti-Money Laundering Directive related to beneficial ownership registers.53

(3) Appropriate resources for supervisors and Financial Intelligence Units

The 2017 supranational risk assessment called on Member States to allocate 'adequate' resources to their competent authorities. Most Member States confirm that they have allocated adequate resources to their competent authorities, as required under Article 48(2) of the Directive. However, the report on the assessment of recent alleged money laundering cases involving EU credit institutions shows that many supervisors were critically understaffed.

This report maintains the recommendation that Member States further intensify their efforts in this area and demonstrate that anti-money laundering/countering the financing of terrorism supervisors can fully carry out their tasks.

(4) Increased on-site inspections by supervisors

26.

Financial sector


The 2017 report recommended that Member States put in place a risk-based supervision model according to the 2016 joint guidelines on risk-based supervision of the European

Supervisory Authorities.54

Several Member States indicated that they conduct regular thematic supervisory inspections on investment firms. Others report that they carry out a general risk assessment.

The report on the assessment of recent alleged money laundering cases involving EU credit institutions shows that often supervisors did not carry out adequate on-site inspections.

Supervisors should continue to conduct on-site inspections that are commensurate, in terms of frequency and intensity, to the identified money laundering/terrorist financing risks. These must focus on specific operational money laundering/terrorist financing risks, depending on the specific vulnerabilities inherent to a product or service, in particular: institutional investment (especially through brokers); private banking, where supervisors should in particular assess compliance with beneficial ownership rules; and

53 The 5th Anti-Money Laundering Directive postpones the deadline for setting up the registers and ensuring new access rights to them. Member States have until 10 January 2020 to set up the registers for companies and 10 March 2020 to set up those for trusts.

54 See European Supervisory Authorities’ Joint Guidelines, the Risk-Based Supervision Guidelines;

07/04/2017: https://esas-joint-committee.europa.eu/Publications/Guidelines/Joint%20Guidelines%20on%20risk-

currency exchange offices and money or value transfer services, where inspections should include a review of agents’ training.

27.

Non-financial sector


The 2017 supranational risk assessment called on Member States to ensure that their competent authorities conduct sufficient unannounced spot-checks on high-value dealers, real-estate professionals and antique traders.

Member States follow different approaches when it comes to inspections in the non-financial sectors and the quality of such supervision tends to vary more.

This report maintains the recommendation to conduct a sufficient number of on-site inspections.

(5) Supervisory authorities to carry out thematic inspections

The 2017 supranational risk assessment recommended that supervisors develop a better understanding of the anti-money laundering/countering the financing of terrorism risks to which a specific segment of the business is exposed to.

According to replies from Member States, when inspecting sectors of obliged entities, most supervisors allocate supervisory resources on the basis of risk. Supervisors’ inspections usually cover compliance with beneficial owner and training requirements among others. In most replies, there is no mention of thematic inspections in the money or value transfer services sector in the last two years. Supervisors should continue to improve their understanding of the money laundering/terrorist financing risks to which a specific segment of the business is exposed. They should specifically assess compliance with beneficial ownership rules in the sectors identified in 2017.

This report maintains the recommendation that Member States further ensure that supervisors carry out thematic inspections. In addition, supervisors should better focus their resources in thematic inspections.

(6) Considerations for extending the list of obliged entities

The 2017 report pointed at some services/products which were not covered by the EU anti-money laundering/countering the financing of terrorism framework and called on Member States to extend the scope of the anti-money laundering/countering the financing of terrorism regime to professionals particularly at risk.

The 4th Anti-Money Laundering Directive extended the scope of the anti-money laundering/countering the financing of terrorism regime to those professionals. Most Member States’ replies and the transposition check show that generally this recommendation was followed. Moreover, some Member States already apply the 5th Anti-Money Laundering Directive provisions as regards new obliged entities.

This report maintains the recommendation to pay close attention to professionals particularly at risk, including new obliged entities introduced by the 5th Anti-Money Laundering Directive (estate agents, art and antiques dealers and specific traders in high-value goods if they accept cash payments above a certain threshold; virtual currencies exchange platforms and wallet providers).

(7) An appropriate level of customer due diligence for occasional transactions

28.

The 2017 report drew attention to the exemption from customer due diligence of occasional transactions below EUR 15 000 and called on Member States to define a


The threshold for occasional transactions varies across Member States. Some apply thresholds for money or value transfer services or currency exchange offices that could still be considered high. As a result, efficient monitoring of transactions is more difficult.

This report maintains the 2017 recommendation and calls on Member States to provide guidance on the definition of ‘occasional transactions’ and to set out criteria that ensure that the customer due diligence rules applicable to business relationships are not circumvented for currency exchange offices and money remittances;

(8) Appropriate level of customer due diligence for safe custody and similar services

The 2017 report recommended that appropriate safeguards are put in place to monitor safe custody services properly, in particular those provided by financial institutions and similar storage services provided by non-financial providers.

Replies from Member States show that these activities are subject to anti-money laundering/countering the financing of terrorism regulation regardless of whether developed by a credit institution or not. In some Member States only financial institutions are providing these services.

This report maintains the recommendation to ensure an appropriate level of customer due diligence for safe custody and similar services.

(9) Regular cooperation between competent authorities and obliged entities

The 2017 report recommended enhanced cooperation in order to make detecting suspicious transactions simpler, to increase the number and the quality of the Suspicious Transactions Reports, to provide guidance on risks, customer due diligence, and reporting requirements. This can be mainly achieved through feedback from Financial Intelligence Units to the obliged entities on the quality of reporting but also on typologies. Several sectors have stressed the lack of feedback as a problem in particular: gambling, tax advisors, auditors, external accountants, notaries and other independent legal professionals and money or value transfer services.

The analysis and the assessment for the purposes of the report assessing the framework for cooperation between Financial Intelligence Units showed that in many Member States feedback from Financial Intelligence Units to obliged entities is still deficient, despite the existence of internal regulations and sectoral guidelines as regards this requirement.

This report partly maintains the recommendation and calls for enhanced cooperation between competent authorities and obliged entities.

(10) Special and ongoing training for obliged entities

The 2017 report recommended that training by competent authorities should address the risk of infiltration or ownership by organised crime groups, in particular for the gambling sector, trust and company services providers, tax advisors, auditors, external accountants, notaries and other independent legal professionals, some service providers (on capital structure, industrial strategy, mergers and the purchase of undertakings), real estate and money or value transfer services.

Most Member States reported that training has been provided as recommended, as well as guidance on anti-money laundering/countering the financing of terrorism obligations for different sectors.

This report maintains the recommendation to provide further training, especially with regard to obliged entities particularly at risk, as identified in the 2017 supranational risk assessment, or for newly designated obliged entities.

(11) Annual reporting from competent authorities/self-regulatory bodies on the anti-money laundering/countering the financing of terrorism activities of the obliged entities under their responsibilities

The 2017 supranational risk assessment showed that this reporting obligation helped national authorities to conduct National Risk Assessments and allowed for more proactive action to deal with weaknesses or failures to comply with anti-money laundering/countering the financing of terrorism requirements in particular in the real estate sector and for tax advisors, auditors, external accountants, notaries and other independent legal professionals.

In some Member States, self-regulatory bodies have only recently begun their supervisory activity because certain sectors, mainly designated non-financial business and professions, have only been added through the 4th Anti-Money Laundering Directive. Therefore there are as yet detailed statistics as requested in the recommendation to designated non-financial business and professions. Some Member States disagree on the utility of annual reporting on supervisory activities.

This report maintains the recommendation and encourages self-regulatory bodies to perform a more proactive role in anti-money laundering supervision.

4.3.2. Risk analysis by product/service

specific recommendations

In addition to the above recommendations, there is a need for the following product/sector-specific action:55

(1) Cash and cash-like assets

>* In their national risk assessments, Member States should take into account risks posed by cash payments and take appropriate mitigating measures.

>* Authorities should act on amounts below the EUR 10,000 declaration threshold where they suspect criminal activity.

(2) Financial sector

>* Member States should improve the monitoring and detection systems applying to products which are more exposed to terrorist financing risks. Financial institutions usually do not have access to relevant information (often held by law enforcement authorities) that would help them identify terrorist financing risks

before they materialise. Likewise, law enforcement authorities’ efforts to disrupt

29.

terrorist activities and networks can be hampered by their inability to obtain


information on financial flows that only financial institutions can provide; >* As regards money laundering risks, it is essential that Member States develop and

30.

improve their beneficial ownership registers to assist in carrying out robust


customer due diligence processes; >* Member States should continue to conduct thematic inspections, focusing on

31.

different areas depending on the sector/product For on-site inspections in


relevant companies in a particular sector, it is more time-efficient to select risk

areas than to conduct an overall inspection; this gives supervisors a clear picture

of best practices and the most significant shortco mings; >* Provision of training and guidance on risk factors such as non-face-to-face

32.

interaction, offshore professional intermediaries/customers and c ompl e x/shell


structures: and >* Follow up on the findings of the report on the assessment of recent alleged money

laundering cases involving EU credit institutions.

(3) Non-fi nancial sector and products ---- Designated non-financial businesses and

professions

> Member States should ensure that competent a uthorities/self-re g ulatory bodies provide training and guidance on risk factors, with a specific focus on non-face-to-face business relationships, offshore professional intermediaries/customers or jurisdictions, and complex/shell structures;

> Member States should ensure that se lf- re g ulato ry bodies/competent authorities conduct thematic inspections on compliance with beneficial owner identification requirements;

> Competent a uthorities/self-re g ulatory bodies should provide Member States with

annual reports on measures carried out to verify the obliged entities’ compliance

with their customer due diligence obligations, including beneficial owner requirements, Suspicious Transaction Reports and internal controls; and >* Member States should ensure that service providers offering advice to undertakings on capital structure, industrial strategy and related questions, and advice and services relating to mergers and the purchase of undertakings comply with their beneficial owner obligations.

(4) Gambling sector

K Competent authorities should put in place programmes to raise awareness among (online) gambling operators of the emerging risk factors that may affect the vulnerability of the sector, including the use of anonymous e-money and virtual currencies and the emergence of unauthorised online gambling operators. Feedback from Financial Intelligence Units on the quality of the Suspicious Transaction Reports would improve the reporting and the use made of the information provided. Financial Intelligence Units should take account of the specificities of the gambling sector when developing standard Suspicious Transaction Report te mpl ates at EU level.

>* In addition to training sessions, Member States should ensure adequate training focusing on appropriate risk assessments of relevant products/business models for staff, compliance officers and retailers; and

> Further guidance should be given to obliged entities on the concept of ‘several operations which appear to be linked’.

(5) Collection and transfers of funds through a non-profit organisation

r Member States should ensure that non-profit organisations are more involved in

national risk assessments; >* Member States should develop information and a ware ness-ra isi ng programmes

33.

on the risk of non-profit organisations being abused and provide


awareness-raising materials for them; and >* Member States should further analyse the risks faced by non-profit organisations.

(6) New products/sectors ---- professional football, free ports, investor citizenship and

residence schemes

>* Professional football – Member States should consider which actors should be covered by the obligation to report suspicious transactions and what requirements should apply to the control and registration of the origin of the account holders and the beneficiaries of money.

>* Free ports – Member States should implement independent, regular anti-money

laundering audits of agreed free zone operators’ compliance functions and ensure

>* Investor citizenship and residence schemes Member States should consider the money laundering risks of investor citizenship and residence.

5. CONCLUSION

The Commission will continue to monitor the implementation of the recommendations of this supranational risk assessment and report again by 2021. The review will also assess how EU and national measures affect risk levels, and will examine the impact of more recent changes to the regulatory framework. The Commission will also conduct a study on the effective implementation of the 4th Anti-Money Laundering Directive by Member States.