What is the Fifth Money Laundering Directive?

Anti-money laundering (AML) laws and regulations are designed to detect and prevent proceeds of crime from financing all sorts of illegal activity globally. Laundered money is often used to fund a range of crimes, including terrorist attacks.

Following the release of the Panama Papers and a range of terror attacks in Europe, European leaders are aspiring to align with the Financial Action Task Force (FATF) AML recommendations for strengthening the 4th Anti-Money Laundering Directive (4AMLD).

In April 2018, the European Parliament announced its intention to adopt the 5th Anti-Money Laundering Directive (5AMLD) which will come into effect from 10th January 2020.

Key Changes

The main purpose of the Fifth Directive is to make amendments and enhancements to the structure of the Fourth Directive which came into force on 26th June 2017 and ensure that AML regulations are effective and up to date. These include additional provisions not originally included in the text of 4AMLD and a focus on enhanced due diligence, improved access to information and increased transparency.

Some of the key changes are summarised below:

Beneficial Ownership

The beneficial ownership registers for legal entities, such as companies and trusts, will need to be public. This will enable member states to maintain interconnected Ultimate Beneficiary Ownership (UBO) registries. UBO registers of company ownership will be publicly accessible.

The wider access to beneficial ownership information is aimed at increasing transparency and preventing financial criminals from misusing complex, corporate structures for money laundering and terrorist financing purposes.

Cryptocurrency Exchanges

The Fifth Directive includes a legal definition of cryptocurrency and assets, defined as “a digital representation of value that can be digitally transferred, stored or traded and is accepted as a medium of exchange.” Cryptocurrency exchanges and wallets will, therefore, be classed as an obliged entity and these will have to perform the same checks as any obliged entity in the Fourth Money Laundering Directive, including customer due diligence, monitoring ongoing behaviour and reporting suspicious activity.

The main aim of regulating virtual currencies is to prevent cryptocurrencies such as Bitcoin from funding crimes and terrorist activity.

Prepaid Cards

Electronic money and prepaid cards will be subject to enhanced due diligence checks. The Fifth Directive lowers the threshold requirement on prepaid card transactions from €250 to €150. The threshold for online transactions with a prepaid card is €50. Anonymous prepaid cards issued outside the EU will only be accepted if their issuance meets requirements equivalent to the EU AML regime.

The enhanced checks are aimed at reducing the risks of anonymous prepaid instruments, such as gift cards and travel cards, from being misused for money laundering and terrorist financing.

Politically Exposed Persons

5AMLD widens the definition of a Politically Exposed Person (PEP) on a national level to include people who hold “prominent public functions,” for example a politician, and their immediate family members and close associates. Member State will have to issue a list setting out which functions qualify as “prominent public functions”.

The lists will enable smaller organisations to manage ongoing risks, by identifying, monitoring, and screening PEPs and individuals with jobs and roles that may make them vulnerable to corruption.

High-Risk Countries

The Fifth Directive will require enhanced due diligence (EDD) checks and improving safeguards on financial transactions to and from high-risk countries. The countries are deemed high risk due to a lack of AML regulation and due diligence requirements within these nations. As of February 2019, the EU has produced a list of high-risk countries which includes Afghanistan, American Samoa, The Bahamas, Botswana, Democratic People’s Republic of Korea, Ethiopia, Ghana, Guam, Iran, Iraq, Libya, Nigeria, Pakistan, Panama, Puerto Rico, Samoa, Saudi Arabia, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, US Virgin Islands, and Yemen.

Provisions under Brexit

The draft withdrawal agreement between the UK and the EU commission contains provisions that would oblige the UK to continue to apply EU laws during a transition period, with a jointly agreed (non-binding) political declaration, paragraph 84 which makes clear that the EU and the UK would continue to work together on AML compliance after Brexit.

Are Your Employees Aware?

With key amendments due in 2020, it’s a good time to evaluate if your current approach to financial crime risk management is adequate and for staff to refresh their knowledge of anti-money laundering laws and regulations. Our Anti-Money Laundering (AML) training courses focus on raising awareness around key legislation and laws to ensure compliance. Find out how DeltaNet International can support your business through our AML eLearning courses.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.